DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1-20 have been rejected. 	
	
Claim Rejections – 35 USC §101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instance case, claims 1-8 are directed to a method, claims 9-19 are directed to a system. Therefore, these claims fall within the four statutory categories of invention. Claim 20 is directed to a computer program product comprising a computer-readable medium. As further described in the separate rejection below, claim 20 does not fall within the four statutory categories of invention because the claim is interpreted as a transitory signal. However, the remainder of the analysis below is also applied to claim 20 because it would be applicable if claim 20 was amended to fall within the four statutory categories of invention.
The claims are direct to payment transaction processing, which is an abstract idea. Specifically, the claims recite “receiving, from a [payment instrument]…a transaction request at least including a transaction reference or transaction details, wherein the transaction request relates to a transaction with a merchant which a consumer intends to conduct using the [payment instrument]… and wherein the consumer is authenticated by the issuer…” “obtaining a [payment information] based on the transaction reference or transaction details , and information stored in association with the consumer” and “providing the [payment information] to the merchant for use in processing the transaction”, which is grouped within the “Certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because the steps recited in the claims describe commercial or legal interactions of payment transaction processing.  Accordingly, the claim recites an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claim such as the use of a communication device, a secure communication channel and a cryptogram merely use a computer as a tool to perform an abstract idea and/or generally link the user of a judicial exception to a particular technological environment. With respect to “…receiving, from a communication device via a secure communication channel, a transaction request…” and “…the consumer is authenticated by the issuer over the secure communication channel…”  it does not improve the functioning of a computer nor does it improve a technology or technical field.
Specifically, these additional elements perform the steps or functions of  “receiving…a transaction request at least including a transaction reference or transaction details, wherein the transaction request relates to a transaction with a merchant which a consumer intends to conduct…and wherein the consumer is authenticated by the issuer…” “obtaining a [payment information] based on the transaction reference or transaction details , and information stored in association with the consumer” and “providing the [payment information] to the merchant for use in processing the transaction.”  The use of a processor/computer as a tool to implement the abstract idea and/or generally link the use of the abstract idea to a particular technological environment  does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional elements of using a communication device, a secure communication channel, a cryptogram to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of payment transaction processing. As discussed above, taking the claim elements separately, these additional elements perform(s) the steps or functions that correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of payment transaction processing. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05 (f) & (h)). Therefore, the claim is not patent eligible.
Claims 9 and 20 recite the additional elements of a system including a server computer comprising a processor and a memory, a transaction request receiving component, a cryptogram obtaining component, cryptogram providing component, and a computer program product comprising a computer-readable medium having stored computer-readable program code. However, these additional elements do no more than serve as tools to perform the abstract idea and/or generally link the use of a judicial exception to a particular technological environment and do no more than use a computer or processor to automate and/or implement the abstract idea. Claims 9 and 20 are therefore also patent ineligible.
Dependent claims 2-8, 10-19 further describe the abstract idea of payment transaction processing. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea.  For example, the additional elements, “establishing the secure communication channel with the communication device…” as recited in claims 2 and 10, “…generating the cryptogram…” as recited in claim 3, “…wherein a software application executes on the consumer mobile device, wherein establishing the secure communication channel includes establishing the secure communication channel with the software application, and wherein the software application is provided by the issuer” as recited in claims 4 and 11, “…authenticating the consumer includes authenticating the software application, including verifying that the software application is registered with the issuer” as recited in claims 5 and 12, “a three-domain secure (3DS) messaging protocol compatible cryptogram” being recited in claims 6 and 17, and “a consumer mobile device configured to prompt…” being recited in claims 8 and 19, do not improve the functioning of a computer nor does it improve a technology or technical field. The limitations, “receiving an authorization request from the merchant, the authorization request including payment card details and the [payment information]; validating the [payment information]; and if the [payment information] is valid, transmitting an authorization response to the merchant” as recited in claims 7 and 18, and “transmitting an approval request to a consumer…for approval of the transaction, the approval request at least including a subset of the transaction details; and, receiving an approval confirmation…confirming consumer approval of the transaction” being recited in claims 8 and 19, further recite the abstract idea of payment transaction processing. The additional elements do no more than serve as tools to perform the abstract idea and/or generally link the use of a judicial exception to a particular technological environment and do no more than use a computer or processor to automate and/or implement the abstract idea. Therefore, these dependent claims are also not patent eligible.
Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim does not fall within at least one of the four categories of patent eligible subject matter because the claim is directed to a transitory signal (i.e. “computer readable medium”).
Claim 20 is directed to a transitory signal (i.e. computer readable medium) as it recites “computer-readable medium” rather than a "non-transitory computer readable medium…”  Paragraphs [0126] and [0130] of the specification (PGPub US 2021/0073813A1) recites: 

[0126] … A computer program product may be provided by a non-transient computer-readable medium, or may be provided via a signal or other transient means via the communications interface (630). 

[0130] …The computer program code may be stored as a series of instructions, or commands on a non-transitory computer readable medium, such as a random access memory (RAM),
a read-only memory (ROM), a magnetic medium such as a hard-drive, or an optical medium such as a CD-ROM. Any such computer-readable medium may also reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.

The specification uses open language (i.e. “may be,” “such as”) describing characteristics of a computer-readable medium. Therefore, giving claim 20 its broadest reasonable interpretation, the claim can be a signal. Transitory signals are defined according to the "Microsoft Press Dictionary Definition" or "IEEE Definition". According to MPEP § 2106, however, there are four categories of invention: process, machine, article of manufacture or composition of matter. Therefore, as "transitory signals" are neither a category of invention nor a subset of one of the categories it does not represent patent eligible subject matter. In re Nuijten, Docket no. 2006-1371 (Fed. Cir. Sept. 20, 2007)(slip. op. at 18).

Claim Rejections – 35 USC §112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 9-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Unclear Scope
Claim 11 recites “…wherein a software application executes on the consumer mobile device” and claim 14 recites “…wherein the transaction request is signed by the software application…” and claim 15 recites “…wherein the consumer digital certificate is generated by the software application using a private key securely stored therein, the private key having been generated by the software application and being known only to the software application…” Claim 9, which claims 11, 14 and 15 depend on respectively, is directed to a system including a server computer associated with an issuer comprising a processor and a memory configured to provide computer program instructions to the processor to execute functions of components. Claim 1 is silent on the software application executing on the consumer mobile device being part of the claimed system. Therefore, the claim is unclear because it is not clear whether the claimed system comprises a processor and a memory or in combination with the software application executing on the consumer mobile device. An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed (See In re Zletz, 893 F.2d 319,321 (Fed. Cir. 1989)). 
Means Plus Function
Claim 9 recites:
“a transaction request receiving component for receiving…”
“…a cryptogram obtaining component for obtaining…”
“…a cryptogram providing component for providing…”
Claim 10 recites: 
“The system as claimed in claim 9, including a secure communication component for establishing …”
Claim 12 recites: 
“…the secure communication component is configured to verify…”
Claim 13 recites: 
“…the secure communication component is configured to receive…”
Claim 16 recites: 
“…the secure communication component is configured to identify…”
Claim 18 recites: 
“…an authorization request receiving component for receiving…”
“…a validating component for validating…”
“…an authorization response transmitting component for…transmitting….”
Claim 19 recites: 
“…an approval request transmitting component for transmitting…”
“…an approval confirmation receiving component for receiving…”
The claim limitations above do not use the word “means” but are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitations use generic placeholders, “a transaction request receiving component,” “a cryptogram obtaining component,” “a cryptogram providing component,” “a secure communication component,” “an authorization request receiving component,” “a validating component,” “an authorization response transmitting component,” “an approval request transmitting component” and “an approval confirmation receiving component” that are coupled with functional languages without reciting sufficient structures to perform the recited functions and the generic placeholders are not preceded by structural modifiers.
These claim limitations invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claims 10-19 are also rejected as each depends on claim 9.
Lack of Antecedent Basis
Claim 13 recites “The system as claimed in claim 10, wherein the secure communication component is configured to receive a digital identifier uniquely associated with the software application…” There is insufficient antecedent basis for this limitation (underlined) in the claim.
Claim 14 recites “The system as claimed in claim 10, wherein the transaction request is signed by the software application and, wherein authenticating the software application includes validating the signed transaction request…” There is insufficient antecedent basis for this limitation (underlined) in the claim. 
Claim 15 recites “The system as claimed in claim 11, wherein the consumer digital certificate is generated by the software application…” There is insufficient antecedent basis for this limitation (underlined) in the claim. 
An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed.  See MPEP 2173.05(e).

Claim Rejections – 35 USC §103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-7, 9-11, 17-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hammad et al. (US 10,290,003B1 (“Hammad”)) in view of Radu et al. (US 10,902,423B2 (“Radu”)).
Regarding claims 1, 9 and 20, Hammad teaches a computer-implemented method conducted at a server computer associated with an issuer (Hammad: Fig. 1, 'Issuer 170') comprising:
receiving, from a communication device via a secure communication channel, a transaction request at least including a transaction reference or transaction details (Hammad: Fig. 2, step 205; 4:44-50, 4:58-61; claim 1), wherein the transaction request relates to a transaction with a merchant which a consumer intends to conduct using the communication device  (Hammad: Fig. 1; 4:3-8), and wherein the consumer is authenticated by the issuer over the secure communication channel (Hammad: Fig. 2, step 210; 4:58-5:4, 5:22-24);
obtaining a [transaction session identifier] based on the transaction reference or transaction details, and information stored in association with the consumer (Hammad: Fig. 2, step 215; 5:34-56 (i.e. “…cryptogram (“a transaction session identifier”), 6:1-4; claim 1); and,
providing the [transaction session identifier] to the merchant for use in processing the transaction. (Hammad: Fig. 2, step 215; 6:1-4; claim 1) 
Additionally, for claim 9, Hammad teaches a system including a server computer associated with an issuer comprising:
a processor and a memory configured to provide computer program instructions to the processor to execute functions of components; (Hammad: Fig. 1, 'Issuer 170'; 1:42-57, 8:6-57, 9:9-10, 9:23-34)
Additionally, for claim 20, Hammad teaches a computer program product comprising a computer-readable medium having stored computer-readable program code for, at a server computer associated with an issuer, performing the steps of (Hammad: Fig. 1, 'Issuer 170'; 8:6-57) …
Hammad teaches the server obtaining and providing a transactions session identifier (Hammad: 5:34-56, 6:1-4; claim 1) but not cryptogram. Also, Hammad teaches an issuer server comprising various components for processing (Hammad: 9-9-10) but does not explicitly teach a transaction request receiving component, a cryptogram obtaining component and a cryptogram providing component.
However, in the same field of endeavor, Radu teaches:
obtaining a cryptogram based on the transaction reference or transaction details, and information stored in association with the consumer (Radu: Fig. 5, step 516; 12:24-41) 
providing the cryptogram to the merchant for use in processing the transaction. (Radu: Fig. 5, step 518; 12:66-67, 17:46-48)
For claim 9, Radu teaches:
a transaction request receiving component (Radu: Fig. 3, 'transaction handling 316')
a cryptogram obtaining component (Radu: Fig. 3 'Wallet Maintenance 312')
a cryptogram providing component (Radu: Fig. 3 'EMV Server 314')
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system of Hammad to incorporate the support of use of a cryptogram, a transaction request receiving component, a cryptogram obtaining component and a cryptogram providing component of a server, as disclosed in Radu, to streamline user access to wallet services (Radu: 3:39-40).
Regarding claims 2 and 10, Hammad in view of Radu teaches the method of claim 1 and the system of claim 9, as claim 2 being dependent of claim 1 and claim 10 being dependent of claim 9. Furthermore,
Hammad teaches 
establishing the secure communication channel with the communication device including authenticating the consumer (Hammad: Fig. 2, step 210; 3:62-67, 4:44-50, 5:22-31), wherein authenticating the consumer includes evaluating one or more credentials received from the communication device. (Hammad: Fig. 2, step 210; 4:44-50, 5:22-31)
Additionally, for claim 10, Radu teaches:
including a secure communication component (Radu: Fig. 3 'Communication Device 301'; 6:11-21) 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hammad in view of Radu to incorporate the support of a secure communication component of the server, as disclosed in Radu, to streamline user access to wallet services (Radu: 3:39-40).
Regarding claim 3, Hammad in view of Radu teaches the method of claim 1. Furthermore,
Radu teaches wherein obtaining the cryptogram (Radu: 12:34-41) includes
generating the cryptogram, wherein generating the cryptogram includes using information specific to the consumer and the transaction. (Radu: 12:24-41)
Regarding claims 4 and 11, Hammad in view of Radu teaches the method of claim 1 and the system of claim 9, as claim 4 being dependent of claim 2 and claim 11 being dependent of claim 10. Furthermore,
Hammad teaches 
wherein the communication device is a consumer mobile device associated with the consumer (Hammad: Fig. 2, step 205; 3:62-67, 4:44-50), wherein a software application executes on the consumer mobile device (Hammad: Fig. 2, step 205; 3:62-67, 4:44-50), wherein establishing the secure communication channel includes establishing the secure communication channel with the software application (Hammad: 4:58-5:2), and wherein the software application is provided by the issuer (Hammad: 4:1-2).
Regarding claims 6 and 17, Hammad in view of Radu teaches the method of claim 1 and the system of claim 9, as claim 6 being dependent of claim 1 and claim 17 being dependent of claim 9. Furthermore,
Radu teaches: 
wherein the cryptogram is a three-domain secure (3DS) messaging protocol compatible cryptogram. (Radu: 5:5-14)
Regarding claims 7 and 18, Hammad in view of Radu teaches the method of claim 1 and the system of claim 9, as claim 7 being dependent of claim 1 and claim 18 being dependent of claim 9. Furthermore,
Hammad teaches 
receiving an authorization request from the merchant, the authorization request including payment card details and the [transaction session identifier]; (Hammad: Fig. 2, steps 225/230; 6:24-26, 6:49-52)
validating the [transaction session identifier]; and, (Hammad: Fig. 2, steps 235/240; 6:53-58)
if the [transaction session identifier]is valid, transmitting an authorization response to the merchant. (Hammad: Fig. 2, steps 235/240; 6:53-58)
Hammad teaches the server validating the transaction session identifier but not (Hammad: 5:34-56, 6:1-4; claim 1) but not cryptogram. Radu teaches cryptogram (Radu: 17:46-51).
Additionally, Radu teaches an authorization request receiving component (Radu: Fig. 3 ‘Transaction Handling 316’), a validating component (Radu” Fig. 3 ‘EMV Server 314’) and an authorization response transmitting component (Radu: Fig. 3 ‘Transaction Handling 316’).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hammad in view of Radu to incorporate the support of use of a cryptogram, as disclosed in Radu, to streamline user access to wallet services (Radu: 3:39-40).
Claims 5, 12-16 are rejected under 35 U.S.C. 103 as being unpatentable over Hammad in view of Radu as applied to claims 1 and 9 further in view of Bryan et al. (US 9,838,379B1 (“Bryan”)) and Khalil et al. (US 9,537,661B23 (“Khalil”)).
Regarding claims 5 and 12, Hammad in view of Radu teaches the method of claim 1 and the system of claim 9, as claim 5 being dependent of claim 4 and claim 12 being dependent of claim 11, and authenticating the consumer and the secure communication component. 
However, Hammad in view of Radu does not explicitly teaches the following limitation, however, Bryan teaches: 
authenticating the software application (Bryan: 4:41-53, 6:66-7:2), including verifying that the software application is registered with the issuer (Bryan: 4:41-53, 8:16-28).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hammad in view of Radu to incorporate the support of authenticating the software application via a mobile application framework, as disclosed in Bryan, to provide access to varying levels of sensitive information (Bryan: 4:4-5).
Regarding claim 13, Hammad in view of Radu teaches the system of claim 9, as claim 13 being dependent of claim 10.
However, Hammad in view of Radu does not explicitly teaches the following limitation, however, Bryan teaches: 
wherein the secure communication component is configured to receive a digital identifier uniquely associated with the software application (Bryan: Fig. 1, items 102/130/116, Fig. 2, step 204; ; 4:41-53, 7:28-53, 11:31-38), wherein the digital identifier is a consumer digital certificate (Bryan: 4:41-53), and, wherein the secure communication component is configured to validate the received consumer digital certificate. (Bryan: Fig. 2, step 206; 4:41-53, 11:31-38)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hammad in view of Radu to incorporate the support of authenticating the software application via a mobile application framework, as disclosed in Bryan, to provide access to varying levels of sensitive information (Bryan: 4:4-5).
Regarding claim 14, Hammad in view of Radu and Bryan teaches the system of claim 9, as claim 14 being dependent of claim 10, and authenticating the software application.
However, Hammad in view of Radu does not explicitly teaches the following limitation, however, Khalil teaches: 
wherein the transaction request is signed by the software application  (Khalil: 7:32-41, 12:58-63)
validating the signed transaction request  (Khalil: 7:32-41, 12:58-63); and wherein validating the signed transaction request includes validating the accuracy thereof. (Khalil: 7:32-41)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hammad in view of Radu and Bryan to incorporate the support of validation of the transaction request signed by the software application, as disclosed in Khalil, to reduce user reliance on passwords by providing a mechanism to authenticate a user via a mobile device (Khalil: 1:60-61).
Regarding claim 15, Hammad in view of Radu teaches the system of claim 9, as claim 15 being dependent of claim 11.
However, Hammad in view of Radu does not explicitly teaches the following limitation, however, Khalil teaches: 
Khalil teaches: 
wherein the consumer digital certificate is generated by the software application using a private key securely stored therein, the private key having been generated by the software application and being known only to the software application. (Khalil: 7:14-20, 7:32-37; claim 17)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hammad in view of Radu to incorporate the support of generation of the consumer digital certificate by the software application with a private key, as disclosed in Khalil, to reduce user reliance on passwords by providing a mechanism to authenticate a user via a mobile device (Khalil: ¶13).
Regarding claim 16, Hammad in view of Radu and Bryan teaches the system of claim 9, as claim 16 being dependent of claim 13. Furthermore,
Bryan teaches 
wherein the secure communication component is configured to identify a consumer record associated with the digital identifier. (Bryan: 8:16-27)
Claims 8 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Hammad in view of Radu as applied to claims 1 and 9 further in view of Glendenning et al. (US 2020/0143370A1 (“Glendenning”)).
Regarding claims 8 and 19, Hammad in view of Radu teaches the method of claim 1 and the system of claim 9, as claim 8 being dependent of claim 1 and claim 19 being dependent of claim 9.
However, Hammad in view of Radu does not explicitly teaches the following limitation, however, Glendenning teaches: 
transmitting an approval request to a consumer mobile device configured to prompt the consumer for approval of the transaction, the approval request at least including a subset of the transaction details; and, (Glendenning: Fig. 1, 'Card Issuer 110' 'message 124' 'Mobile Computing Device 114' 'item 118, Pay with eCard'; ¶¶48, 49)
receiving an approval confirmation from the consumer mobile device confirming consumer approval of the transaction. (Glendenning: Fig. 1, 'Card Issuer 110' 'Mobile Computing Device 114' 'payment authorization message 128' ; ¶50)
for claim 19, an approval request transmitting component and an approval confirmation receiving component (Glendenning: Fig. 2, ‘Program Manager 228’; )
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hammad in view of Radu to incorporate the support of transaction approval request and confirmation from a consumer mobile device, as disclosed in Glendenning, for facilitating secure authorization for electronic transactions (Glendenning: ¶1).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Prabhu (US 10,755,264B2) teaches secure online payment.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENYUH KUO whose telephone number is (571)272-5616.  The examiner can normally be reached on Monday-Friday 8-4 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W. Hayes can be reached on (571)272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/C.K./Examiner, Art Unit 3685  

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685