DETAILED ACTION
The present application is being examined under the first inventor to file provisions of the AIA .  In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response Applicant communication filed on 11/11/2021.  

Claims
Claims 2, 9, 10, 12, 14, 16, and 19 have been amended. 
Claim 1 has been cancelled.
Claims 2-21 are currently pending in the application. 


Response to Arguments
103
Applicant’s arguments with respect to Claim 2 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.    
112
The previous 112 rejections are withdrawn due to the claim amendments. 


Rejections under 35 § U.S.C. 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all 
obviousness rejections set forth in this Office action:


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 2-10, 13, and 19-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 20020174062 A1 (“Sines”) and US 20110022837 A1 (“Stevens”) and 20080046738 A1 (“Galloway”) and US 9830587 B1 (“Bell”).

Per claims 2 and 19, Sines discloses a method comprising:
detecting, prior to a transmission of information related to a payment portion of a purchase transaction to a payment provider… an event associated with a merchant virtual storefront transaction request that was initiated by the user device (The customer accesses the merchant website and via the internet.  The customer initiates communications with the merchant using a first communications link.  The customer then builds the order file but does not include customer account information sufficient to authorize goods, services or for receiving payment) (Section [0202]-[0203], [0314]);  
	
after determining that the merchant virtual storefront is authentic (e.g. The bank also performs an authentication analysis by verifying that the merchant computer is an authorized merchant computer using the bank’s merchant account computer identification verification , authorizing the merchant virtual storefront transaction request (e.g. the bank determines that the transaction is valid) (Section [0319]-[0320]).   
Further, Sines discloses “detecting a presence or absence of fraudulent data within identifying information associated with the merchant virtual storefront” of claim 19 similarly to that above.  

Although Sines discloses detecting a transaction and authenticating an online merchant, Sines does not specifically disclose that a payment authorization device comprising one or more hardware processors configured to execute instructions; causing a transmission of user payment account information to the user device.  However Stevens, in analogous art of performing secure transactions, teaches:
a payment authorization device (e.g. authentication device) comprising on or more hardware processors (e.g. processing unit) configured to execute instructions (Section [0049]); 
causing a transmission of user payment account information (e.g. message 7) to the user device (e.g. personal computer) (Section [0049]-[0052]).
It would have been obvious to one of ordinary skill in the art to include in the transaction verification system of Sines the concept of using a dedicated authorization device to authenticate and send transaction data to the user device as taught by Stevens since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  As disclosed by Stevens in section [0012]-[0013], one of ordinary skill in the art would use a dedicated authentication device to authenticate a transaction and send the transaction data to a user device in order to 

Although Sines/Stevens discloses detecting a transaction, authenticating an online merchant, and transmitting user payment account information to the user device, Sines/Stevens does not specifically disclose that the transaction is detected by actively detecting, via a communication with a web browser plug-in that executes a background event detection application on a user device while the user device displays a merchant virtual storefront and based on a user communication with the user device; in response to the actively detecting, automatically initiating an authentication of the merchant virtual storefront associated with the merchant virtual storefront transaction request; matching identifying information associated with the merchant virtual storefront, the identifying information received from the user device including the web browser plug-in that executes the background event detection application, with baseline identifying information stored in a database, wherein the baseline identifying information identifies known authentic websites; determining, based on the matching, that the merchant virtual storefront is authentic.  However Galloway, in analogous art of web browser transactions, teaches:
actively detecting, via a communication with a web browser plug-in (e.g. browser plug-in) that executes a background event detection application on a user device (e.g. client device) while the user device displays a merchant virtual storefront (e.g. web page) and based on a user communication with the user device (Section [0045] and [0047]); 
in response to the actively detecting, automatically initiating an authentication of the merchant virtual storefront associated with the merchant virtual storefront transaction request ; 
matching identifying information associated with the merchant virtual storefront, the identifying information received from the user device including the web browser plug-in that executes the background event detection application, with baseline identifying information stored in a database, wherein the baseline identifying information identifies known authentic websites (e.g. Also, if the web page loaded by the browser is on a "blacklist" of sites already identified as phishing sites, phishing detection application 272 may provide an indication that the web page is counterfeit without performing any image recognition. Also, if the domain name of the web page loaded by the browser is one of the authenticated domain names, phishing detection application 272 may determine that the web page is authentic without performing image recognition) (Section [0015] and [0046]-[0048]);
 determining, based on the matching, that the merchant virtual storefront is authentic (e.g. determine that the web page is authentic) (Section [0015] and [0046]-[0048]). 
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the payment authorization process of Sines/Stevens to include the use of a browser plug-in to actively detect and verify online websites, as taught by Galloway, in order to combat against phishing scams and sustain the necessary user trust that is required for continual growth in the ecommerce sector of our economy (See Galloway Section [0004]).

Although Sines/Stevens/Galloway discloses a system/method for actively detecting a transaction with a merchant and verifying the merchant website before transmitting the user payment account information to the user device, Sines/Stevens/Galloway does not specifically wherein the transmission of the user payment account information automatically populates payment information fields within the merchant virtual storefront that enables a completion of at least the payment portion of the purchase transaction via the merchant virtual storefront.  However Bell, in analogous art of online transactions, teaches:
wherein the transmission of the user payment account information automatically populates payment information fields within the merchant virtual storefront that enables a completion of at least the payment portion of the purchase transaction via the merchant virtual storefront (e.g. the user selects the payment type, and at step 560, the electronic wallet application retrieves the payment information associated with the payment type from the electronic wallet server.  At step 562, the browser plug-in 119 automatically populates the merchant-specific payment form with user information and payment information) (Column 11, Ln 62 – Column 12, Ln 19).  Note: the limitation “wherein the transmission of the user payment account information automatically populates payment information fields within the merchant virtual storefront that enables a completion of at least a payment portion of a purchase transaction via the merchant virtual storefront” does not distinguish over the prior art because it is describing the intended use of the user payment account information by the user device which is outside the scope of the claims that are directed to a payment authorization device.  Further the description of the purpose of the user payment account information does not affect the transmission of the data in a manipulative sense.  
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the modify the transmission of the payment account information of Sines/Stevens/Galloway to auto populate the transaction fields of the website, as 

Per claim 3, Sines/Stevens/Galloway/Bell teaches all of the limitations of claim 2 above.  Sines further teaches wherein the actively detecting the event and the automatically initiating the authentication of the merchant virtual storefront are performed by the payment authorization device without explicit instructions from the user device (e.g. the bank then establishes a communications link with the merchant via the internet) (Section [0318]-[0319]).  Note: the bank in Sines receives information indicating the merchant being used in the purchase transaction and the transaction control number but the bank of Sines does not receive explicit instructions from the user device and therefore reads on this limitation. 


Per claim 4, Sines/Stevens/Galloway/Bell teaches all of the limitations of claim 2 above.  Sines further teaches wherein the event associated with the merchant virtual storefront transaction request includes one of browsing a merchant virtual storefront (e.g. contacts the merchant via the internet), adding an item to a virtual cart (e.g. order file), proceeding to a checkout portion of the merchant virtual storefront, or attempting to pay for an item (e.g. the customer then places the order with the merchant via the internet) (Section [0325]).  

Per claim 5, Sines/Stevens/Galloway/Bell teaches all of the limitations of claim 2 above.  Sines further teaches wherein the identifying information and the baseline identifying information includes one of a hypertext markup language (HTML), metadata, secure sockets layer (SSL) data, an IP address, a website URL, DNS data, and TCP/IP data (e.g. computer  (Section [0183]-[0191]).  

Per claims 6 and 20, Sines/Stevens/Galloway/Bell teaches all of the limitations of claims 2 and 19 above.  Sines further teaches retrieving the baseline identifying information (e.g. merchant account verification information) from a local database or remote database (e.g. merchant account verification information kept by the bank) (Section [0188]).

Per claim 7, Sines/Stevens/Galloway/Bell teaches all of the limitations of claim 2 above.  Stevens further teaches wherein the payment authorization device (e.g. authentication device) is separate from, but co-located with, the user device (e.g. personal computer) (Section [0022] and Fig. 1).

Per claim 8, Sines/Stevens/Galloway/Bell teaches all of the limitations of claim 2 above.  Stevens further teaches displaying, through a graphical user interface (e.g. display), an authentication message (e.g. visual indicator) that indicates an authenticity of the merchant virtual storefront (Section [0047]-[0048]); based on the authentication message, receiving a user confirmation (e.g. may choose to accept or decline the transaction) prior to the authorizing the merchant virtual storefront transaction request (Section [0048]).

Per claim 9, Sines/Stevens/Galloway/Bell teaches all of the limitations of claim 2 above.  Sines further teaches wherein the authorizing the merchant virtual storefront transaction request includes completing, by the payment authorization device, a payment portion of a purchase transaction (e.g. payment assessment of an internet order is performed to determine whether the customer has adequately arranged for or provided payment for the ordered items) (Section [0016]).  

Per claim 10, Sines/Stevens/Galloway/Bell teaches all of the limitations of claim 2 above.  Stevens further teaches in response to the authorizing the merchant virtual storefront transaction request, retrieving user payment account information (e.g. transaction token) (Section [0050]-[0051]);  transmitting the user payment account information (e.g. transaction token) to a payment provider (e.g. financial institution) (Section [0050]-[0053]);
Sines further teaches wherein the user payment account information is configured to allow the payment provider to transfer funds to a merchant account associated with the merchant virtual storefront (e.g. the bank debits the customer account at or near the time the authorization is given.  The bank also credits the merchant's account such as at nearly the same time) (Section [0312]).

Per claims 13 and 21, Sines/Stevens/Galloway/Bell teaches all of the limitations of claims 2 and 19 above.  Sines further teaches prior to the authorizing the merchant virtual storefront transaction request, transmitting an approval request over the network to a third-party approver (e.g. it is also possible to use one or more of the above verification techniques in combination with an additional third party authentication process.  This is preferably performed such as by comparison to a credit report which includes the customer's address information and telephone number) (e.g. the bank performs any desired merchant identification inquiry, such as receiving a decision to the approval request from the third-party approver (e.g. it is also possible to use one or more of the above verification techniques in combination with an additional third party authentication process.  This is preferably performed such as by comparison to a credit report which includes the customer's address information and telephone number) (e.g. the bank performs any desired merchant identification inquiry, such as done with the customer) (Section [0127] and [0308]).

Claims 14-16 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 20020174062 A1 (“Sines”) and US 20110022837 A1 (“Stevens”) and 20080046738 A1 (“Galloway”) and US 9830587 B1 (“Bell”).

Per claim 14, Sines discloses a method comprising:
detecting, prior to a transmission of information related to a payment portion of a purchase transaction to a payment provider… an event associated with a merchant virtual storefront transaction request that was initiated by the user device (The customer accesses the merchant website and via the internet.  The customer initiates communications with the merchant using a first communications link.  The customer then builds the order file but does not include customer account information sufficient to authorize goods, services or for receiving payment) (Section [0202]-[0203], [0314]);  
after determining that the merchant virtual storefront is authentic (e.g. The bank also performs an authentication analysis by verifying that the merchant computer is an authorized merchant computer using the bank’s merchant account computer identification verification , authorizing the merchant virtual storefront transaction request (e.g. the bank determines that the transaction is valid) (Section [0319]-[0320]).   

Although Sines discloses detecting a transaction and authenticating an online merchant, Sines does not specifically disclose a dedicated authorization device; causing a transmission of user payment account information to the user device.  However Stevens, in analogous art of performing secure transactions, teaches:
an authorization device (e.g. authentication device) (Section [0049]); 
transmitting, by the payment authorization device (e.g. authentication device), user payment account information (e.g. message 7) to the user device (e.g. personal computer) (Section [0049]-[0052]).
It would have been obvious to one of ordinary skill in the art to include in the transaction verification system of Sines the concept of using a dedicated authorization device to authenticate and send transaction data to the user device as taught by Stevens since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  As disclosed by Stevens in section [0012]-[0013], one of ordinary skill in the art would use a dedicated authentication device to authenticate a transaction and send the transaction data to a user device in order to provide the user with a  secure means for interacting with the specifics of the transaction being undertaken with a degree of trust.  

actively detecting, by a payment authorization device in a communication with a web browser plug-in that executes a background event detection application on a user device while the user device displays a merchant virtual storefront and based on a user communication with the user device; in response to the actively detecting, automatically initiating, by the payment authorization device, an authentication of the merchant virtual storefront associated with the merchant virtual storefront transaction request; comparing, by the payment authorization device, identifying information associated with the merchant virtual storefront, the identifying information received from the user device including the web browser plug-in that executes the background event detection application, with baseline identifying information stored in a database, the baseline identifying information including a whitelist that identifies authentic websites and a blacklist that identifies fraudulent websites; determining, based on the comparing and by the payment authorization device, that the merchant virtual storefront is authentic.  However Galloway, in analogous art of web browser transactions, teaches:
actively detecting, by a payment authorization device (e.g. PDS) in a communication with a web browser plug-in (e.g. browser plug-in) that executes a background event detection application on a user device (e.g. client device) while the user device displays a merchant virtual storefront (e.g. web page) and based on a user communication with the user device (Section [0045]-[0047]); 
in response to the actively detecting, automatically initiating, by the payment authorization device, an authentication of the merchant virtual storefront associated with the merchant virtual storefront transaction request (e.g. determination as to whether a web page loaded by browser is legitimate) (Section [0045]-[0048]; 
comparing, by the payment authorization device, identifying information associated with the merchant virtual storefront, the identifying information received from the user device including the web browser plug-in that executes the background event detection application, with baseline identifying information stored in a database, the baseline identifying information including a whitelist that identifies authentic websites and a blacklist that identifies fraudulent websites (e.g. Also, if the web page loaded by the browser is on a "blacklist" of sites already identified as phishing sites, phishing detection application 272 may provide an indication that the web page is counterfeit without performing any image recognition. Also, if the domain name of the web page loaded by the browser is one of the authenticated domain names, phishing detection application 272 may determine that the web page is authentic without performing image recognition) (Section [0015] and [0046]-[0048]);
determining, based on the comparing and by the payment authorization device, that the merchant virtual storefront is authentic (e.g. determine that the web page is authentic) (Section [0015] and [0046]-[0048]). 
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the payment authorization process of Sines/Stevens to include the use of a browser plug-in to actively detect and verify online websites, as taught by Galloway, in order to combat against phishing scams and sustain the necessary user trust that is required for continual growth in the ecommerce sector of our economy (See Galloway Section [0004]).

wherein the transmitting the user payment account information automatically populates payment information fields within the merchant virtual storefront that enables a completion of at least the payment portion of the purchase transaction via the merchant virtual storefront.  However Bell, in analogous art of online transactions, teaches:
wherein the transmitting the user payment account information automatically populates payment information fields within the merchant virtual storefront that enables a completion of at least the payment portion of the purchase transaction via the merchant virtual storefront (e.g. the user selects the payment type, and at step 560, the electronic wallet application retrieves the payment information associated with the payment type from the electronic wallet server.  At step 562, the browser plug-in 119 automatically populates the merchant-specific payment form with user information and payment information) (Column 11, Ln 62 – Column 12, Ln 19).  Note: the limitation “wherein the transmitting the user payment account information automatically populates payment information fields within the merchant virtual storefront that enables a completion of at least a payment portion of a purchase transaction via the merchant virtual storefront” does not distinguish over the prior art because it is describing the intended use of the user payment account information by the user device which is outside the scope of the claims that are directed to a payment authorization device.  Further the description of the purpose of the user payment account information does not affect the transmission of the data in a manipulative sense.  


Per claim 15, Sines/Stevens/Galloway/Bell teaches all of the limitations of claim 14 above.  Sines further teaches retrieving the baseline identifying information (e.g. merchant account verification information) from a local database or remote database (e.g. merchant account verification information kept by the bank) (Section [0188]).

Per claim 16, Sines/Stevens/Galloway/Bell teaches all of the limitations of claim 14 above.  Stevens further teaches in response to the authorizing the merchant virtual storefront transaction request, retrieving user payment account information (e.g. transaction token) (Section [0050]-[0051]);  transmitting the user payment account information (e.g. transaction token) to a payment provider (e.g. financial institution) (Section [0050]-[0053]);
Sines further teaches wherein the user payment account information is configured to allow the payment provider to transfer funds to a merchant account associated with the merchant virtual storefront (e.g. the bank debits the customer account at or near the time the authorization is given.  The bank also credits the merchant's account such as at nearly the same time) (Section [0312]).

Per claim 18, Sines/Stevens/Galloway/Bell teaches all of the limitations of claim 14 above.  Sines further teaches prior to the authorizing the merchant virtual storefront transaction request, transmitting an approval request over the network to a third-party approver (e.g. it is also possible to use one or more of the above verification techniques in combination with an additional third party authentication process.  This is preferably performed such as by comparison to a credit report which includes the customer's address information and telephone number) (e.g. the bank performs any desired merchant identification inquiry, such as done with the customer) (Section [0127] and [0308]);  receiving a decision to the approval request from the third-party approver (e.g. it is also possible to use one or more of the above verification techniques in combination with an additional third party authentication process.  This is preferably performed such as by comparison to a credit report which includes the customer's address information and telephone number) (e.g. the bank performs any desired merchant identification inquiry, such as done with the customer) (Section [0127] and [0308]).

Claims 11 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over Sines/Stevens/Galloway/Bell, as applied to claim 2 above, in further view of US 20130246272 A1 (“Kirsch").

Per claim 11, Sines/Stevens/Galloway/Bell fail to disclose in response to determining that the merchant virtual storefront is authentic, automatically authorizing, based on one or more user preferences stored in the database, the merchant virtual storefront transaction request, wherein the transmission is in response to the automatically authorizing. 
in response to determining that the merchant virtual storefront is authentic, automatically authorizing, based on one or more user preferences stored in the database, the merchant virtual storefront transaction request, wherein the transmission is in response to the automatically authorizing (e.g. the identity repository may include user preferences stored thereon that direct the identity repository to automatically approve certain transaction types without requiring explicit authorization from the user device.  The identity repository may also automatically provide information responsive to the information request according to user preferences) (Section [0083]-[0086]);
It would have been obvious to one of ordinary skill in the art to include in the authentication system of Sines/Stevens/Galloway/Bell the use of user preferences as taught by Kirsch since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  Further, by adding the use of user preferences to the authentication system of Sines/Stevens/Galloway/Bell, it will give the user customization to the authentication system to tailor it exactly to suit their needs which provides a convenience to the user. 

Per claim 12, Sines/Stevens/Galloway/Bell/Kirsch disclose all the limitations of claim 11 above.  Kirsch further discloses wherein the one or more user preferences include a list of user-authorized merchant websites, a list of user-approved categories, an amount of a purchase transaction (e.g. transaction value limits), or a type of transaction (Section [0051]).
.  

Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sines/Stevens/Galloway/Bell, as applied to claim14 above, in further view of US 20130246272 A1 (“Kirsch").

Per claim 17, Sines/Stevens/Galloway/Bell fail to disclose in response to determining that the merchant virtual storefront is authentic, automatically authorizing, based on one or more user preferences stored in the database, the merchant virtual storefront transaction request, wherein the transmission is in response to the automatically authorizing. 
However Kirsch, in analogous art of secure mobile transactions, teaches in response to determining that the merchant virtual storefront is authentic, automatically authorizing, based on one or more user preferences stored in the database, the merchant virtual storefront transaction request, wherein the transmission is in response to the automatically authorizing (e.g. the identity repository may include user preferences stored thereon that direct the identity repository to automatically approve certain transaction types without requiring explicit authorization from the user device.  The identity repository may also automatically provide information responsive to the information request according to user preferences) (Section [0083]-[0086]);
It would have been obvious to one of ordinary skill in the art to include in the authentication system of Sines/Stevens/Galloway/Bell the use of user preferences as taught by Kirsch since the claimed invention is merely a combination of old elements, and in the 

Conclusion
The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
 	US Publication Number 2003/0028458 to Gaillard teaches a system and method to accomplish a transaction.  US Publication Number 2008/0270301 to Jones teaches a mobile payment system.  US Publication Number 2011/0251892 to Laracey teaches mobile phone payment.  US Publication Number 2012/0179558 to Fischer teaches enhancing electronic transactions.  US Publication Number 2013/0103538 to Scholl teaches facilitating online transactions.    
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TIMOTHY P SAX whose telephone number is (571)272-0821.  The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TS/
Examiner, Art Unit 3685

/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685