Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  Claims 1-20 are pending.

Claim Rejections - 35 USC § 103
2.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

 	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Sims et al. (U.S. Patent Application Publication No. 2018/0211249, hereinafter Sims) in view of Howard et al. (U.S. Patent Application Publication No. 2020/0294045, hereinafter Howard).
 	With respect to claim 1, Sims discloses a computer-implemented authentication method, comprising:
receiving, by an authentication server from a data processing device performing authentication of a user, a credential request message comprising a first authentication credential; validating, by the authentication server, the first authentication credential; wherein, in the event the validating is successful (e.g. Sims, paragraph 0002, “…receive a request for access to a function or feature by a user of the mobile device; receive first user authentication credentials from the user…compare the first user authentication credentials with the owner identity information, confirm the first user authentication match the owner identity information information…”), the method further comprises: generating, by the authentication server, a second authentication credential; linking, by the authentication server, the second authentication credential to the first authentication credential; transmitting, by the authentication server, the second authentication credential to the data processing device (e.g. Sims, paragraph 0003, “the module is further configured to determine that additional user authentication is required for access to the requested function or feature; receive second user authentication credentials; validate the second user authentication credentials…”).  
 	Sims does not explicitly mention de-authorizing, by the authentication server, the first authentication credential.  However, Howard discloses the similar feature (e.g. Howard, paragraph 0121, “The interaction management computer may delete the interaction credential or deactivate the interaction credential.”)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Howard’s teaching of de-activated credential after authentication with Sims’ authentication with at least one credentials to ensure single transaction credential from being compromised. 	With respect to claim 2, Sims and Howard disclose the computer-implemented method of claim 1, further comprising, before the receiving: receiving, by the authentication server as part of a first authentication attempt by the user, a first authentication request message comprising the first authentication credential; and validating, by the authentication server, the first authentication credential (e.g. Sims, paragraphs 0002 and 0003).  	With respect to claim 3, Sims and Howard disclose the computer-implemented method of claim 2, further comprising: receiving, by the authentication server as part of a subsequent authentication attempt by the user, a subsequent authentication request message comprising the second authentication credential; and validating, by the authentication server, the second authentication credential (e.g. Sims, paragraphs 0002 and 0003).  	With respect to claim 4, Sims and Howard does not explicitly mention the computer-implemented method of claim 3, wherein the subsequent authentication request message further comprises a flag indicating that the authentication attempt is a subsequent authentication attempt. 
However, Sims discloses if additional user authentication is required, receive second user authentication credentials (e.g. Sims, paragraph 0003).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to derive the claimed feature in order to receive the credential. 	With respect to claim 5, Sims and Howard disclose the computer-implemented method of claim 3 wherein, in the event the validating of the second authentication credential is successful, the method further comprises: 
e.g. Sims paragraphs 0002-0003, “…if additional credential credentials require…”; Howard, paragraph 0121).  	With respect to claim 6, Sims and Howard disclose the computer-implemented method of claim 4 wherein, in the event the validating of the second authentication credential is successful, the method further comprises: 
generating, by the authentication server, a third authentication credential; linking, by the authentication server, the third authentication credential to the second authentication credential; transmitting, by the authentication server, the third authentication credential to the data processing device; and after the transmitting, de-authorizing, by the authentication server, the second authentication credential (e.g. Sims, paragraphs 0002-0003; Howard, paragraph 0121) 	With respect to claim 7, Sims and Howard disclose the computer-implemented method of claim 1, wherein linking, by the authentication server, the second authentication credential to the first authentication credential comprises:
e.g. Sims paragraphs 0002, 0003 and 0034).  	With respect to claim 8, Sims and Howard disclose the computer-implemented method of claim 5, wherein linking, by the authentication server, the second authentication credential to the first authentication credential comprises: 
creating, by the authentication server, an electronic record comprising: a first unique identifier associated with the first authentication credential; a second unique identifier associated with the second authentication credential; the first authentication credential; the second authentication credential; the linking further comprising storing the first unique identifier in association with the first authentication credential in the electronic record and storing the second unique identifier in association with the second authentication credential in the electronic record (e.g. Sims paragraphs 0002, 0003, 0028 and 0034).  	With respect to claim 9, Sims and Howard disclose the computer-implemented 
creating, by the authentication server, an electronic record comprising: a first unique identifier associated with the first authentication credential; a second unique identifier associated with the second authentication credential; the first authentication credential; the second authentication credential; the linking further comprising storing the first unique identifier in association with the first authentication credential in the electronic record and storing the second unique identifier in association with the second authentication credential in the electronic record  (e.g. Sims paragraphs 0002, 0003, 0028 and 0034).  	With respect to claim 10, Sims and Howard disclose the computer-implemented method of claim 5, wherein linking, by the authentication server, the second authentication credential to the first authentication credential comprises:
creating, by the authentication server, an electronic record comprising: a first unique identifier associated with the first authentication credential; a second unique identifier associated with the second authentication credential; the first authentication credential; the second authentication credential; the linking further comprising storing the first unique identifier in association with the first authentication credential in the electronic record and storing the second unique identifier in association with the second authentication credential in the electronic record; and wherein linking, by the authentication server, the third authentication credential to the second authentication e.g. Sims paragraphs 0002, 0003, 0028 and 0034).  	With respect to claim 11, Sims and Howard disclose the computer-implemented method of claim 7, wherein each entry in the electronic record further comprises one or more of: a timestamp indicating a time at which the respective authentication credential was stored in the electronic record; and a unique identifier associated with the user (e.g. Sims, paragraph 0028).  	With respect to claim 12, Sims and Howard disclose the computer-implemented method of claim 10, wherein each entry in the electronic record further comprises one or more of: 
a timestamp indicating a time at which the respective authentication credential was stored in the electronic record; and a unique identifier associated with the user (e.g. Sims, paragraph 0028).  	With respect to claim 13, Sims and disclose the computer-implemented method of claim 1, wherein the authentication server is a component of a payment network, the user is a merchant, the data processing device is a merchant server, and wherein the e.g.  Sims, paragraphs 0045; Howard, paragraph 0071).  	With respect to claim 14, Sims and Howard discloses the computer-implemented method of claim 13, wherein the first authentication credential is a first cryptogram and the second authentication credential is a second cryptogram (e.g. Sims, paragraph 0012).  	With respect to claim 15, Sims and Howard discloses the computer-implemented method of claim 5, wherein the authentication server is a component of a payment network, the user is a merchant, the data processing device is a merchant server, and wherein the authentication method is performed as part of a recurring or incremental series of transaction effected via the payment network (e.g.  Sims, paragraphs 0045; Howard, paragraph 0071).  	With respect to claim 16, Sims and Howard disclose the computer-implemented method of claim 6, wherein the authentication server is a component of a payment network, the user is a merchant, the data processing device is a merchant server, and wherein the authentication method is performed as part of a recurring or incremental series of transaction effected via the payment network  (e.g.  Sims, paragraphs 0045; Howard, paragraph 0071). 
 	With respect to claim 17, Sims and Howard disclose the computer-implemented method of claim 7, wherein the authentication server is a component of a payment network, the user is a merchant, the data processing device is a merchant server, and wherein the authentication method is performed as part of a recurring or incremental series of transaction effected via the payment network  (e.g.  Sims, paragraphs 0045; Howard, paragraph 0071). 
 	With respect to claim 19, Sims and Howard disclose the computer-implemented authentication method of claim 18 wherein, in the event the user is successfully authenticated on the basis of the second authentication credential, the method further comprises: 
transmitting, by the data processing device to the authentication server, a subsequent credential request message comprising the second authentication credential; receiving, by the data processing device and responsive to the subsequent credential request message, a third authentication credential from the authentication server; and transmitting, by the data processing device and to the authentication server, a subsequent authentication request message to authenticate the user, the subsequent authentication request message comprising the third authentication credential (e.g. Sims, paragraphs 0002, 0003, 0028 and 0034).


Conclusion
3.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONGOC TRAN whose telephone number is (571)272-3843. The examiner can normally be reached 9-5 Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic 

/TONGOC TRAN/Primary Examiner, Art Unit 2434