DETAILED ACTION
The following FINAL Office action is in response to Amendment filed on April 6, 2022 for 15499709. 
	
Acknowledgements

Claims 1-20 are pending.
Claims 1-20 have been examined.


Notice of Pre-AIA  or AIA  Status

The present application, filed on or after December 13, 2013, is being examined under the first inventor to file provisions of the AIA .




Response to Arguments



In view of Applicant’s amendments to the claims and in view of the arguments, the rejection under 35 USC § 101 has been withdrawn.
In response to Applicant’s arguments under 35 U.S.C. 103, Applicant argues that the token request message recited in claim 1 is sent prior to completion of interaction or prior to provision of protected data object to the third party. Applicant further argues that Yu and Bu does not disclose does not describe or suggest transmitting, prior to accessing a protected data object, a token request message to a user computing device, wherein the token request message causes a user application on the user computing device to activate, wherein the activated user application displays an interaction identifier and prompts the user to select one of one or more user accounts, wherein account data for the one or more user accounts is stored on the user computing device. 
Examiner respectfully disagrees as the pending claim recites “transmit, prior to accessing the protected data object, the token request message” The specification only discloses that once the token request message is transmitted to the user computing device and if the user chooses to respond to the token request message, the user provides, within the expiration time window, a selection of a user account that will be used to complete the computer interaction by generating a response token or access token (See PGPUB ¶0027, ¶0028). The underlined language is not supported by the Applicant’s originally filed Specification as it does not disclose a protected data object was accessed instead a look-up was conducted using the selected user account for a protected data object. Also as a result, Examiner believes paragraph [0110] of Bu describes electronic wallet server generates payment related information and transmits the payment related information to the user terminal. Paragraph [0111] of Bu describes that once the user terminal receives the payment related information, the user terminal selects the payment means and requests the electronic wallet server to make the payment. Paragraphs [0111], [0117] and [0118] of Bu describes receiving a response from the user that selected the account, and performing a lookup of the user’s payment means  which is our (protected data object as claimed).


Claim Rejections - 35 USC § 112


The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of
the invention, and of the manner and process of making and using it, in such
full, clear, concise, and exact terms as to enable any person skilled in the
art to which it pertains, or with which it is most nearly connected, to make
and use the same, and shall set forth the best mode contemplated by the
inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of
the manner and process of making and using it, in such full, clear, concise,
and exact terms as to enable any person skilled in the art to which it
pertains, or with which it is most nearly connected, to make and use the
same, and shall set forth the best mode contemplated by the inventor of
carrying out his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-
AIA ), first paragraph, as failing to comply with the written description requirement. The
claims contains subject matter which was not described in the specification in such a
way as to reasonably convey to one skilled in the relevant art that the inventor or a joint
inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had
possession of the claimed invention.
Claims 1, 8 and 14 recites “complete the computer interaction by transmitting the protected data object to a third-party computing device different from the user computing device and the business entity computing device…”. The specification only discloses that the EDP computing device is configured to communicate with the business entity computing device so that a third party can complete a computer interaction in progress with the user computing device and a user is prompted to provide a protected data object to the business entity computing device (see PGPUB Specification ¶0017). This language is not supported by the Applicant’s originally filed Specification as it does not disclose that the third party is different than the business entity computing device.
Claims 1, 8 and 14 recite “transmit, prior to accessing the protected data object, the token request message” The specification only discloses that once the token request message is transmitted to the user computing device and if the user chooses to respond to the token request message, the user provides, within the expiration time window, a selection of a user account that will be used to complete the computer interaction by generating a response token or access token (See PGPUB ¶0027, ¶0028). The underlined language is not supported by the Applicant’s originally filed Specification as it does not disclose a protected data object was accessed instead a look-up was conducted using the selected user account for a protected data object. 
Claims 2-7, 9-13 and 15-20 are also rejected as they depend from Claim 1, Claim 8 or Claim 16.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being unclear for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention. 
Lack of Antecedent Basis
Claims 1, 8 and 14 recite the limitation " the activated user application".  There is insufficient antecedent basis for this limitation in the claims.
Unclear Scope
Claims 1,8 and 14 recite “transmit…wherein the token request message causes a user application on the user computing device to activate”. It is unclear as to what is being activated. Therefore, the scope of the claim is unclear (In re Zletz, 13 USPQ2d 1320 (Fed. Cir. 1989)).
Claims 2-7, 9-13 and 15-20 are also rejected as they depend from Claim 1, Claim 8 or Claim 16.
 

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all 
obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 5-6, 8, 12-14 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Bu et al. (US 2015/0088736A1) in view of Yu (US 2017/0352034 A1) 
Regarding Claims 1, 8 and 14, Bu discloses: An electronic data protection (EDP) computing device for protecting a protected data object of a user during a computer interaction between a user computing device associated with the user and a business entity computing device associated with a business entity, wherein transmission of the protected data object to a third party is required to complete the computer interaction, the EDP computing device in communication with the user computing device and the business entity computing device, the EDP computing device comprising at least one processor communicatively coupled to a memory device comprising a non-transitory computer readable medium including computer-executable instructions, wherein when executed by the at least one processor, the computer-executable instructions cause the at least one processor to: 
receive interaction data for the computer interaction from the business entity computing device, the interaction data including an interaction identifier, a business entity identifier, and a user identifier, the user identifier associated with the user, the user identifier corresponding to an unprotected data object including non-sensitive sharable information associated with the user (Fig. 7 (706); ¶0109, ¶0110)
generate, using at least in part the user identifier, a token request message including [the interaction identifier], the business entity identifier, and a [request token] (Fig. 7 (712); ¶0110)
transmit, prior to accessing the protected data object, the token request message to the user computing device, wherein the token request message causes a user application on the user computing device to activate, wherein the activated user application displays the interaction identifier and prompts the user to select one of one or more user accounts (Fig. 7 (714); ¶0110, ¶0111)
receive, from the user application executing on the user computing device, a token response message confirming that the user initiated, and wishes to complete, the computer interaction identified by the interaction identifier, the token response message including a response token generated by the user application, the response token identifying the selected user account without including the protected data object (¶0111, ¶0117, ¶0118, ¶0119)
in response to receiving the token response message, perform a lookup in the memory device, using the selected user account, for a protected data object; associated with the first user account, the protected data object including sensitive information associated with the user and the first user account (¶0111, ¶0118, ¶0119)
complete the computer interaction by transmitting the protected data object to a third-party computing device different from the user computing device and the business entity computing device, without transmitting the protected data object to the business entity computing device, the third-party computing device associated with the third party (¶0112, ¶0113)
Bu does not disclose a token request message including the interaction identifier,…, and a request token.
Yu however discloses a token request message including the interaction identifier,…, and a request token (¶0021, ¶0028, ¶0031, ¶0032)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system/method/medium of Bu to include a token request message including the interaction identifier, …, and a request token, as disclosed in Yu, in order to provide a method for to verify a client - side transaction record identifying a transaction involving a user of the client device (see Yu abstract).
Claims 1, 8 and 14 recite “transmit…to activate” However, this limitation merely describes the intended use as the activation does not occur and according to the MPEP (2103 I C, 2114 IV) such language does not have patentable weight.”

Regarding Claims 5, 12 and 18, Yu discloses wherein the computer interaction is associated with an electronic payment transaction (¶0019-¶0021).
Regarding Claims 6, 13 and 19, Yu discloses wherein the other computing device includes at least one bank computing device, and wherein the computer- executable instructions further cause the at least one processor to: in response to transmitting the protected data object, receive an authorization response from the at least one bank computing device (¶0015-¶0018).
Claims 3, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Bu  in view of Yu in further view of Hippeläinen (US 6,516,996 B1)
Regarding Claims 3, 10 and 16, while Yu discloses the interaction identifier.
The combination of Bu  in view of Yu does not disclose the interaction identifier is generated by the business entity computing device in response to the user transmitting the user identifier to the business entity computing device.
Hippeläinen however discloses the interaction identifier is generated by the business entity computing device in response to the user transmitting the user identifier to the business entity computing device (Col. 3 lines 29-52, Col. 7 lines 40-51, Col. 9 lines 28-43).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system/method/medium of Bu  in view of Yu to include the interaction identifier is generated by the business entity computing device in response to the user transmitting the user identifier to the business entity computing device, as disclosed in Hippeläinen, in order to provide an electronic payment System can provide undeniably certified receipts of transactions and transfer them to further processing, with maintaining the level of certification (see Hippeläinen Col. 2 lines 55-59).
Claims 4, 11 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Bu  in view of Yu in further view of LI et al. (US 2015/0142658 A1)
Regarding Claims 4, 11 and 17, the combination of Bu  in view of Yu does not disclose wherein the token request message includes an expiration time window, wherein the expiration time window represents an amount of time that the EDP computing device monitors to receive the token response message, and wherein the user application on the user computing device prompts a third message to the user, the third message requesting the user to provide the token response message within the expiration time window.
LI however discloses wherein the token request message includes an expiration time window, wherein the expiration time window represents an amount of time that the EDP computing device monitors to receive the token response message, and wherein the user application on the user computing device prompts a third message to the user, the third message requesting the user to provide the token response message within the expiration time window (¶0046).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system/method/medium of Bu  in view of Yu to include wherein the token request message includes an expiration time window, wherein the expiration time window represents an amount of time that the EDP computing device monitors to receive the token response message, and wherein the user application on the user computing device prompts a third message to the user, the third message requesting the user to provide the token response message within the expiration time window, as disclosed in LI, in order to provide a method for managing multiple payment-bound terminals at a computer server (see LI ¶0005).
Claims 7 and 20  are rejected under 35 U.S.C. 103 as being unpatentable over Bu  in view of Yu in further view of Walker et al. (6,163,771)
Regarding Claims 7 and 20, while Yu discloses encrypting the unique key identifier (¶0021).
The combination of Bu in view of Yu however does not disclose generate a unique key identifier using at least one of: i) a random number, ii) the interaction identifier, and iii) the business entity identifier.
Walker however discloses generate the unique key identifier using at least one of: i) a random number, ii) the interaction identifier, and iii) the business entity identifier (Col. 6 lines 60-66, Col. 7 lines 55-59, Col. 8-14).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system/method/medium of Lu and Bu to include generate a unique key identifier using at least one of: i) a random number, ii) the interaction identifier, and iii) the business entity identifier, as disclosed in Walker, in order to facilitate secure electronic commerce, secure remote credit card purchases, and secure conventional credit card purchases (see Walker Col 3. lines 59-63).


Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZEHRA RAZA whose telephone number is (571)272-8128. The examiner can normally be reached 10AM-6:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ZEHRA RAZA/Examiner, Art Unit 3685     

/MAMON OBEID/Primary Examiner, Art Unit 3685