DETAILED ACTION
Acknowledgements
This Office Action is in reply to Applicant’s original application filed 25 August 2020.  
Claims 1–14 are currently pending and have been examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The Information Disclosure Statements filed 25 August 2020, 13 October 2021, and 03 March 2022 have been considered. Initialed copies of the Form 1449 are enclosed herewith.
Claim Rejections - 35 U.S.C. § 103
The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 and 3–14 are rejected under 35 U.S.C. § 103 as being unpatentable over Girish et al. (US 2019/0020478 A1) (“Girish”), in view of Daetz (US 2018/0197174 A1).
As per claim 1, Girish discloses a computer implemented method for providing authentication for secure transactions in a multi-server system (fig. 1), the method comprising:
receiving, at an authentication server from a requestor server, a first request for a cryptogram, the first request being associated with a transaction and including a requestor identifier ([0124] [0043] [0093]);
in response to receiving the first request, generating the cryptogram ([0124] [0093]–[0094] [0114]);
sending, from the authentication server, the cryptogram to the requestor server ([0124]);
receiving, at the authentication server from a merchant server, the cryptogram, a payment token, [and] a unique merchant identifier ([0134]–[0136] [0044])
validating, by the authentication server, the cryptogram ([0115] [0044]–[0045]);
comparing, by the authentication server, the unique merchant identifier 
authorizing, by the authentication server, the transaction when there is a match ([0115] [0044]–[0045] [0055] [0138]).
As indicated by strike-throughs above, Girish does not expressly disclose receiving a merchant secret and comparing the merchant secret to a merchant secret stored in the database.
Daetz teaches receiving a unique merchant identifier and a merchant secret in an authorization request ([0025]), similar to the receiving of the cryptogram, a payment token, [and] a unique merchant identifier of Girish.
Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself – that is in the substitution of the unique merchant identifier and merchant secret pair of Daetz for the unique merchant identifier of Girish. Thus, the simple substitution of one known element for another, producing predictable results, renders the claim obvious.
Furthermore, when combining Girish and Daetz, as proposed above, one of ordinary skill in this art would understand the combination to teach a comparison of the substituted pair of values, since Girish teaches a comparison of the single ID, and the pair (ID/secret) is being substituted for the single ID.
As per claim 3, Girish and Daetz teach the computer implemented method of claim 1, wherein the method further comprises receiving, at the authentication server from the requestor server, an amount (Girish, [0054]); and wherein the cryptogram validation includes a validation of the amount received from the requestor server (Girish, [0115]).
As per claim 4, Girish and Daetz teach the computer implemented method of claim 1, further comprising: receiving, at the merchant server from the requestor server, the cryptogram, the payment token, and the unique merchant identifier; and sending, from the merchant server to the authentication server, the cryptogram, the payment token, the unique merchant identifier, and the merchant secret (Girish, [0134]–[0136] [0044] [0091]).
As per claim 5, Girish and Daetz teach the computer implemented method of claim 1, further comprising: receiving, at the requestor server from the authentication server, the cryptogram; and sending, from the requestor server to the merchant server, the cryptogram, the payment token, and the unique merchant identifier (Girish, [0134]–[0136] [0044] [0091]).
As per claim 6, Girish and Daetz teach the computer implemented method of claim 1, wherein the cryptogram is a dynamic cryptogram (Girish, [0044]).
As per claim 7, Girish and Daetz teach the computer implemented method of claim 1, wherein the unique merchant identifier is a 4 character code (Daetz, [0023]).
As per claim 8, Girish and Daetz teach the computer implemented method of claim 1, wherein the unique merchant identifier is received in a payment token expiry field of a message (Daetz, [0023]).
As per claim 9, Girish and Daetz teach the computer implemented method of claim 1, wherein the merchant secret is a 3 character code (Daetz, [0023]).
As per claim 10, Girish and Daetz teach the computer implemented method of claim 1, wherein the merchant secret is received in a CVV/CVC2 field of a message (Daetz, [0023]).
As per claim 11, Girish and Daetz teach the computer implemented method of claim 1, wherein the requestor identifier is a Token Requestor Identifier (Girish, [0047]).
As per claim 12, Girish and Daetz teach the computer implemented method of claim 2, wherein the second request is an enrollment request (Girish, [0091]; Daetz, [0023]–[0025]).
Claims 13–14 contain language similar to claim 1 as discussed in the preceding paragraphs, and for reasons similar to those discussed above, claims 13–14 are also rejected under 35 U.S.C. § 103 as being unpatentable over the cited references.
Claims 2 is rejected under 35 U.S.C. § 103 as being unpatentable over Girish and Daetz, in view of Official Notice.
As per claim 2, Girish and Daetz teach the computer implemented method of claim 1, further comprising: generating, by the authentication server, the merchant secret and the unique merchant identifier, in response to receiving a second request from the requestor server prior to receiving the first request from the requestor server; storing the merchant secret and the unique merchant identifier in the database in association with one another; sending, from the authentication server to the requestor server, the unique merchant identifier; and sending, from the authentication server to the merchant server 
Although Girish/Daetz does not teach the “via a secure channel,” the Examiner takes Official Notice that transmission via a secure channel is old and well-known in this art to prevent loss of sensitive data during transmission.
Therefore, it would have been obvious to a person having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Girish/Daetz to use a secure channel for communicating the merchant secret. One would have been motivated to do so in order to protect the secret from loss.
Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB C. COPPOLA whose telephone number is (571)270-3922. The examiner can normally be reached Monday-Friday 8:00-6:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685