DETAILED ACTION

The following NON-FINAL Office action is in response to application
           16456261 filed on June 28, 2019.
	
Acknowledgements

Claims 1-7 are pending.
Claims 1-7 have been examined.


Notice of Pre-AIA  or AIA  Status

The present application, filed on or after December 13, 2013, is being examined under the first inventor to file provisions of the AIA .









Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1-7 is rejected under 35 U.S.C. 112(b) second paragraph, as being unclear for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention. 
Claim 1 is directed to a computer-implemented system comprising: … a first computer, however claim 1 appears to recite 5 different computer readable mediums “a first instruction embodied in a computer readable medium, “a second instruction embodied in a computer readable medium…a third instruction embodied in a computer readable medium…a fourth instruction embodied in a computer readable medium… a fifth instruction embodied in a computer readable medium”.  It’s not clear whether these are five different computer readable mediums, or the same computer readable medium. Therefore, the scope of the claim is unclear (In re Zletz, 13 USPQ2d 1320 (Fed. Cir. 1989)).
Claims 2-7 are also rejected as they depend from Claim 1.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all 
obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Flitcroft et al. (US 2003/0028481A1) in view of Gifford (6,049,785)
Regarding Claim 1, Flitcroft discloses a computer-implemented system for a user to authorize a service client's access to a secured resource associated without transmitting or otherwise providing the secured resource's common identifier to the service client, the computer-implemented system comprising: 
- at least one interface adapted to receive and transmit data in communication with a user's application, a service client's application, and/or a token service provider application; a first computer application having: (¶0115, ¶0230)
- a first instruction embodied in a computer readable medium, the first instruction operable to receive a request from a user through at least one interface for a token associated with the secured resource's common identifier (¶0230-¶0231)
- a second instruction embodied in a computer readable medium, the second instruction operable to: generate a request to a token service provider through at least one interface to provide a token associated with, but not the same as, the secured resource's common identifier (¶0231-¶0232)
-receive the token from the token service provider through at least one interface (¶0232)
- assign a descriptive string to the token and associating the token with the secured resource wherein the descriptive string is not the common identifier (¶0214, ¶0215)
- a third instruction embodied in a computer readable medium, the third instruction operable to: generate a request to a token service provider through at least one interface to provide a dummy token associated with a secured resource's bank identification number (¶0134, ¶0234)
- receive the dummy token from the token service provider through at least one interface; and transmit the dummy token to the user through the at least one interface (¶0134, ¶0234)
- the fourth instruction operable to receive an authorization request message to authorize access to the secured resource by the service client, the authorization request message having been received through the at least one interface from the user's application and comprising: a first service client identifier; a transaction specific information; and the user identifier (¶0202-¶0207)
	Flitcroft does not disclose a fifth instruction embodied in a computer readable medium, the fifth instruction operable to: generate a challenge message having a predetermined answer; associating the challenge message with the first service client identifier; receive an access request message from the token service provider, the access request message comprising: a second service client identifier; a user generated answer to the challenge message; and a dummy token; and validate the access request message by determining if: the first service client identifier matches the second service client identifier; and the predetermined answer matches the user generated answer to the challenge message; if valid, transmitting an approval message to the token service provider, the approval message comprising the token.
	Gifford however discloses: a fifth instruction embodied in a computer readable medium, the fifth instruction operable to: generate a challenge message having a predetermined answer; associating the challenge message with the first service client identifier; receive an access request message from the token service provider, the access request message comprising: a second service client identifier; a user generated answer to the challenge message; and a dummy token; and validate the access request message by determining if: the first service client identifier matches the second service client identifier; and the predetermined answer matches the user generated answer to the challenge message; if valid, transmitting an approval message to the token service provider, the approval message comprising the token (Fig. 4; Col. 5 lines 32-46, Col. 10 line 23-Col. 11 line 46).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Flitcroft to include a fifth instruction embodied in a computer readable medium, the fifth instruction operable to: generate a challenge message having a predetermined answer; associating the challenge message with the first service client identifier; receive an access request message from the token service provider, the access request message comprising: a second service client identifier; a user generated answer to the challenge message; and a dummy token; and validate the access request message by determining if: the first service client identifier matches the second service client identifier; and the predetermined answer matches the user generated answer to the challenge message; if valid, transmitting an approval message to the token service provider, the approval message comprising the token, as disclosed in Gifford, in order to provide a system to authorize a payment order before purchasing of goods or information over a computer network (see Gifford Abstract).
Regarding Claim 2, Flitcroft discloses: a second computer application having: a first instruction embodied in a computer readable medium, the first instruction operable to: 
- receive a request from a service provider through at least one interface to generate the token associated with the secured resource's common identifier (¶0115, ¶0230)
 - generate the token associated with the secured resource's common identifier; and transmit the token to the service provider through at least one interface (¶0231-¶0232) 
- a second instruction embodied in a computer readable medium, the second instruction operable to: receive a request from a service provider through at least one interface to generate the dummy token associated with the secured resource's common identifier (¶0231-¶0232)
- generate the dummy token associated with the secured resource's common identifier; and transmit the dummy token to the service provider through at least one interface (¶0231-¶0232)
Flitcroft does not disclose:
- a third instruction embodied in a computer readable medium, the third instruction operable to: receive the access request message from the service client, the access request message comprising: a second service client identifier; a user generated answer to the challenge message; and a dummy token; and validate the access request message by determining if the dummy token is valid, and if valid, transmitting the access request message to the service provider through at least one interface; a fourth instruction embodied in a computer readable medium, the fourth instruction operable to: receive the approval message from the service provider through the at least one interface; authorizing the use of the common identifier of the secured resource.
Gifford however discloses: 
- a third instruction embodied in a computer readable medium, the third instruction operable to: receive the access request message from the service client, the access request message comprising: a second service client identifier; a user generated answer to the challenge message; and a dummy token; and validate the access request message by determining if the dummy token is valid, and if valid, transmitting the access request message to the service provider through at least one interface; a fourth instruction embodied in a computer readable medium, the fourth instruction operable to: receive the approval message from the service provider through the at least one interface; authorizing the use of the common identifier of the secured resource (Fig. 4; Col. 5 lines 32-46, Col. 10 line 23-Col. 11 line 46).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system of Flitcroft to include a third instruction embodied in a computer readable medium, the third instruction operable to: receive the access request message from the service client, the access request message comprising: a second service client identifier; a user generated answer to the challenge message; and a dummy token; and validate the access request message by determining if the dummy token is valid, and if valid, transmitting the access request message to the service provider through at least one interface; a fourth instruction embodied in a computer readable medium, the fourth instruction operable to: receive the approval message from the service provider through the at least one interface; authorizing the use of the common identifier of the secured resource, as disclosed in Gifford, in order to provide a system to authorize a payment order before purchasing of goods or information over a computer network (see Gifford Abstract).
Regarding Claim 3, Flitcroft discloses wherein the first application does not store the secured resource's common identifier (¶0115).
Regarding Claim 4, Flitcroft discloses wherein the validation step of claim 1 must take place within a given time period (¶0202).
Regarding Claim 5, Flitcroft discloses wherein the validation step of claim 1 must take place within a given time period (¶0202).
Regarding Claim 6, Flitcroft discloses wherein the dummy token has the same number of digits and format as the secured resource's common identifier (¶0136).
Regarding Claim 7, Flitcroft discloses wherein the dummy token is not the same as the token or the secured resource's common identifier (¶0234).

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZEHRA RAZA whose telephone number is (571)272-8128. The examiner can normally be reached 10AM-6:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ZEHRA RAZA/Examiner, Art Unit 3685 

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685