DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgment
Applicant’s application filed on November 25, 2019 is acknowledged. Accordingly claims 1-20 remain pending and have been examined.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20, is/are rejected under 35 U.S.C. 103 as being unpatentable over Murdoch U.S. Patent Application Publication No. 2017/0195316 A1 in view of Prakash et al (hereinafter “Prakash”) U.S. Patent Application Publication No. 2017/0270528 A1 and/or Hammad U.S. Patent Application Publication No. 2011/0225094 A1

As per claim 1, Murdoch discloses an intermediary server system for providing data for use in authenticating a transaction between the mobile device and a gateway, the server system comprising:
an input configured to receive, from the mobile device, transaction data comprising a plurality of transaction data items associated with the transaction and a dynamic transaction cryptogram uniquely identifying the interaction (0013, which discloses that “ In some embodiments the dynamic variable may be based on transaction data that may be provided to the strong authentication token (e.g. by the user entering the transaction data using a user input interface of the strong authentication token). In some embodiments the dynamic variable may comprise any combination of the above described types of dynamic variables.”; 0014; 0214);
a processor configured with instructions that when executed cause the processor to:
generate a request for reference data to be associated with the dynamic transaction cryptogram, the request comprising at least one of the plurality of transaction data items and the dynamic transaction cryptogram (0214, which discloses that “receiving, by an authentication server, the dynamic authentication credential; obtaining, by the authentication server, a dynamic variable server value; obtaining, by the authentication server, a cryptographic credential generation key server value; obtaining, by the authentication server, a passcode verifier data element server value; calculating, by the authentication server, a credential reference value as an irreversible server function of the obtained dynamic variable server value, the obtained cryptographic credential generation key server value and the obtained passcode verifier data element server value”);
transmit, to a remote authentication server, the generated request (0228, which discloses that “In some embodiments the apparatus may be adapted to send the generated dynamic authentication credential directly or indirectly to the authentication server.”); 
receive, from the remote authentication server, the dynamic reference data (0231, which discloses that “calculate a credential reference value as an irreversible server function of the obtained dynamic variable server value,”); and
alter the received transaction data by replacing at least one of the plurality of transaction data items with the dynamic reference data (see claim 32, which discloses that “updating the value of the state variable with a new value that is calculated as a second irreversible function of the value of the state variable that is comprised in the set of user or authentication client specific data; and replacing the value of the state variable that is comprised in the set of user or authentication client specific data with this calculated new value.”); and 
an output configured to transmit, to the gateway, the altered transaction data (see claim 32, which discloses that “updating the value of the state variable with a new value that is calculated as a second irreversible function of the value of the state variable that is comprised in the set of user or authentication client specific data; and replacing the value of the state variable that is comprised in the set of user or authentication client specific data with this calculated new value.”).
Alternatively Prakash and /or Hammad discloses the intermediary server comprising:
alter the received transaction data by replacing at least one of the plurality of transaction data items with the dynamic reference data (Prakash: 0078, which discloses that “The mobile device may provide location information associated with its current position in relation to the request for the dynamic data (or replacement dynamic data).”; 0077; 0081; Hammad: 0097, which discloses that “Furthermore, replacing the CVV2 field and/or the expiration date with fake values makes it harder for the fraudsters to accurately determine how such fake values are obtained and if they are actually used in a payment transaction.”); and 
an output configured to transmit, to the gateway, the altered transaction data (0097, which discloses that “Furthermore, replacing the CVV2 field and/or the expiration date with fake values makes it harder for the fraudsters to accurately determine how such fake values are obtained and if they are actually used in a payment transaction.”).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the intermediary server system of Murdoch and incorporate an intermediary server system further comprising: performing, by the one or more processor, a transaction based on one or more input of the second shopper, the transaction using content of the first shopper information stored in a secure computing environment and wherein method includes transmitting a first message to the first shopper in response to a security information message obtained from the second shopper, wherein the first message to the first shopper includes content of the security information message obtained from the second shopper  in view of the teachings of Geffon in order to facilitate transaction

As per claim 2, Murdoch further discloses the intermediary server system, wherein the processor is configured to transmit to the remote authentication server, an indication that dynamic validation data should be provided by the remote authentication server, and to receive the dynamic validation data from the remote authentication server (0214; 0231; 0239).

As per claim 3, Murdoch and Hammad further discloses the intermediary server system, wherein the processor is configured to alter the received transaction data by replacing at least one of the plurality of transaction data items with the dynamic validation data (see claim 32; Hammad 0097).

As per claim 4, Murdoch further discloses the intermediary server system, wherein the dynamic reference data is randomly-generated (see claim 57; 0222).

As per claim 5, Murdoch further discloses the intermediary server system, wherein the dynamic reference data is randomly-generated (see claim 57; 0222).

As per claim 6, Murdoch further discloses the intermediary server system, wherein the dynamic reference data is randomly-generated (see claim 57; 0222).

As per claim 7, Murdoch further discloses the intermediary server system, wherein the transaction comprises an online payment transaction and the gateway corresponds to an online payment gateway associated with a merchant (0241). 

As per claim 8, Murdoch further discloses the intermediary server system, wherein: the processor is configured to 
transmit to the remote authentication server, an indication that dynamic validation data should be provided by the remote authentication server, and to receive the dynamic validation data from the remote authentication server (0241); and 
the transaction comprises an online payment transaction and the gateway corresponds to an online payment gateway associated with a merchant (0241).

As per claim 9, Murdoch further discloses the intermediary server system, wherein: 
the processor is configured to transmit to the remote authentication server, an indication that dynamic validation data should be provided by the remote authentication server, and to receive the dynamic validation data from the remote authentication server (0241);
 the processor is configured to alter the received transaction data by replacing at least one of the plurality of interaction data items with the dynamic validation data; and the transaction comprises an online payment transaction (see claim 57) and 
the gateway corresponds to an online payment gateway associated with a merchant (0241) 

As per claim 10, Murdoch further discloses the intermediary server system, wherein: 
the dynamic reference data is randomly-generated (see claim 57; 0222); 
the processor is configured to transmit to the remote authentication server, an indication that dynamic validation data should be provided by the remote authentication server, and to receive the dynamic validation data from the remote authentication server (see claim 57; 0222); 
the processor is configured to alter the received interaction data by replacing at least one of the plurality of transaction data items with the dynamic validation data (see claim 57; 0222); and 
the transaction comprises an online payment transaction and the gateway corresponds to an online payment gateway associated with a merchant (see claim 57; 0222)

As per claims 11, 12, 13, and 14, Murdoch and Hammad further discloses the intermediary server system, wherein the at least one of the plurality of transaction data items replaced with the dynamic reference data corresponds to an expiry date of a payment card used in the online payment transaction (Murdoch claim 57; Hammad 0097).

As per claim 15, Murdoch discloses a server for generating data for authentication of an interaction carried out between a mobile device and a gateway, the server comprising:
a processor configured with instructions that when executed cause the processor to: 
receive, from an intermediary server system associated with the mobile device and gateway, a request for dynamic reference data, the request comprising a plurality of transaction data items associated with the transaction and a dynamic transaction cryptogram uniquely identifying the transaction  (0231, which discloses that “calculate a credential reference value as an irreversible server function of the obtained dynamic variable server value,””); 
generate, in response to the request, dynamic reference data associated with the dynamic transaction cryptogram, store, at a storage location, the generated dynamic reference data together with the received dynamic transaction cryptogram (0231, which discloses that “calculate a credential reference value as an irreversible server function of the obtained dynamic variable server value,”); and 
transmit, to the intermediary server system, the dynamic reference data (0231, which discloses that “calculate a credential reference value as an irreversible server function of the obtained dynamic variable server value,”).

As per claim 16, Murdoch further discloses the server, wherein the processor is configured to associate a maximum storage validity period with the dynamic transaction cryptogram (0162; 0180; 0240).

As per claim 17, Murdoch discloses an authentication server for authenticating a transaction carried out between a mobile device and a gateway, the authentication server comprising”
a processor configured with instructions that when executed cause the processor to: 
receive, from the gateway, altered transaction data comprising a plurality of transaction data items associated with the transaction, and dynamic reference data associated with a dynamic transaction cryptogram uniquely identifying the transaction (0231, which discloses that “calculate a credential reference value as an irreversible server function of the obtained dynamic variable server value,””);
retrieve, from a storage location, the dynamic transaction cryptogram corresponding to the received dynamic reference data (0185, which discloses that “In some embodiments the method for generating a dynamic credential comprises the following steps: obtaining (310) from a user a passcode value, retrieving (320) a stored value of a passcode-blinding data element, calculating (330) a passcode verifier by cryptographically combining the obtained passcode value and the retrieved value of the passcode-blinding data element, calculating (340) a dynamic credential by cryptographically combining the calculated passcode verifier with a stored secret key and a dynamic variable.”); and 
verify the validity of the dynamic transaction cryptogram wherein the processor determines whether the dynamic transaction cryptogram is associated with the transaction (0021, which discloses that “only on the verification or authentication token, for future use e.g., for the verification of a dynamic authentication credential generated by the authentication token.”); and 
based upon a determination that the dynamic transaction cryptogram is associated with the transaction, authenticate the transaction (0214, which discloses that “comparing, by the authentication server, the received dynamic authentication credential with the calculated credential reference value to verify whether the received dynamic authentication credential matches the calculated credential reference value. In some embodiments the method may further comprise the step of generating, by the authentication server, a signal indicating whether the received dynamic authentication credential matches the calculated credential reference value. In some embodiments the method may further comprise the step of the computer-based application performing a first action if the received dynamic authentication credential matches the calculated credential reference value and a second action if the received dynamic authentication credential doesn't match the calculated credential reference value.”).

As per claim 18, Murdoch further discloses the authentication server, wherein the processor is further configured to determine whether a maximum storage validity period of the dynamic transaction cryptogram has been exceeded when verifying the validity of the dynamic transaction cryptogram (0162; 0180; 0240).

As per claim 19, Murdoch further discloses the method, wherein the received altered interaction data further comprises dynamic validation data, and wherein the processor is further configured to retrieve one or more stored data items associated with the transaction, and compare the dynamic validation data with a corresponding one of the stored data items (0115; 0214; 0231).

As per claim 20, Murdoch further discloses the method, wherein the received altered transaction data further comprises dynamic validation data, and wherein the processor is further configured to retrieve one or more stored data items associated with the interaction, and compare the dynamic validation data with a corresponding one of the stored data items (0115; 0214; 0231)


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Charles C. Agwumezie whose number is (571) 272-6838. The examiner can normally be reached on Monday – Friday 8:00 am – 5:00 pm.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Hayes can be reached on (571) 272 – 6708.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHINEDU C AGWUMEZIE/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        June 12, 2022