DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-14, 19 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loh, U.S. 2014/0164251 A1 in view of Gaddam et al., U.S. 2015/0010780 A1, and further in view of Falconer et al., CN 102685202 B.

1. 	A system for electronically authorizing a transaction, the system comprising: a user computing device including an Authorization Token generator application, (see Loh, ¶ 7) operating within the user computing device configured to: 
authenticate access of a user to the Authorization Token generator application, (see Loh, ¶ 7, 62-63); 
receive at least one identifier to authorize the transaction, (see Loh, ¶ 8)(identifier UID); 
receive at least one user-selected constraint for limiting use of the at least one identifier, (see Loh, ¶ 33, 49)(disclosing the terms of limit such as expiration date or number of transactions); 
create a unique token based on the at least one user-selected constraint to create a unique token, (see Loh, ¶ 8, 49, 136)(disclosing that expiration (or any other user-selected constraint) may or may not be declared by the owner in the manifesto during creation); and
without requiring prior recording of any information regarding the creation of the Authorization Token external to the user computing device, (see Loh, ¶ 33).
Loh fails to disclose the following features taught by Gaddam:
provide the Authorization Token and the identifier for validation to a transaction processor computer system, (see Gaddam, ¶ 53, 57, and 60).
Loh and Gaddam fail to disclose: 
encrypt the unique token using a stored private key associated with the at least one identifier to generate an Authorization Token wherein the user computing device is not required to be connected to a separate server-based system containing any information regarding the generation of the authorization token, (see Falconer)(disclosing that “the OS can provide an authentication token when the application request, wherein the token is locally generated (e.g., generated on the user device)…if the user agrees to access the identity token, for example, the application may then send the identity token to the server, the server can then make token, verifying the identity of the user and then returning the related data…In one embodiment, such as generating an authentication token or as the application request by the OS after the ID of the cloud-based service to obtain an authentication token. For example, although the OS can be stored when OS authenticating the user generated authorization token, but alternatively, may only request the user authentication application creating the token. In addition, it can only provide authentication token in the condition ID of the cloud-based application supporting the user.”)
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine Loh and Gaddam.  The motivation would have been to combine prior art elements according to known methods to yield predictable results. All the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination yielded nothing more than predictable results to one of ordinary skill in the art.
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine Falconer with Loh and Gaddam.  The motivation would have been to combine prior art elements according to known methods to yield predictable results. All the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination yielded nothing more than predictable results to one of ordinary skill in the art.
This motivation is applied to all claims below by reference.

2. 	The system of claim 1, further comprising a validator computer system to validate the transaction, wherein the validator computer system is configured to: 
receive, from the transaction processor computer system, the Authorization Token; test a validity of the Authorization Token; and responsive to a confirmation of the validity of the Authorization Token, generate and transmit to the transaction processor computer system a message indicating the validity of the Authorization Token to permit execution of the transaction, (see Gaddam, ¶ 59-60).

3. The system of claim 2, wherein the validator computer system is configured to: 
compare at least one hashed identifier to a plurality of hashed identifiers stored in a database which stores matched hashed identifier and public key pairs, identify a public key which corresponds to the at least one hashed identifier, (see Gaddam, ¶ 97); 
decrypt the Authorization Token based on the identified public key, (see Gaddam, ¶ 48, 59 and 60); 
separate the at least one hashed identifier from the at least one user-selected constraints in the decrypted Authorization Token, (see Gaddam, ¶ 97); 
determine whether the at least one user-selected constraint are satisfied, (see Gaddam, ¶ 48, 59 and 60); and 
responsive to a satisfaction of the at least one user-selected constraints, generate and transmit to the transaction processor computer system a message indicating the validity of the Authorization Token to permit execution of the transaction using the at least one identifier, (see Gaddam, ¶ 48, 59 and 60).

4. 	The system of claim 1, wherein the at least one user-selected constraint include at least one of: (i) an upper threshold constraint indicative of a maximum dollar value for which authorization is permitted; 10 (ii) a duration of authorization constraint indicative of a time limit during which authorization is permitted; (ill) a number of transactions constraint indicative of a number of transactions for which authorization is permitted; (iv) a geographic area constraint indicative of a geographic area of a 15 merchant or service provider in which authorization is permitted; (v) an industry constraint indicative of an industry for which authorization is permitted; (vi) a company constraint indicative of a company or entity for which authorization is permitted; 20 (vil) a type of transaction constraint indicative of a type of transaction for which authorization is permitted; (viil) a specific transaction constraint indicative of a specific transaction for which authorization is permitted; (ix) a physical device constraint identifying a physical device for which 25 authorization is permitted; (x) a third-party identity constraint identifying a third-party for whom authorization is permitted; (xi) one or more pre-selected default constraints; (xii) a type of data constraint indicative of at least one type of data for which authorization is permitted; and (xiii) a type of access constraint indicative of a type of access for which authorization is permitted, (see Loh, ¶ 33, 49)(disclosing the terms of limit such as expiration date or number of transactions).

5. 	The system of claim 1, wherein the Authorization Token generator application is configured to create the unique token including at least one of (i) the at least one identifier and (ii) a derivative of the at least one identifier and (iii) the at least one user-selected constraint in a field of the unique token, (see Gaddam, ¶ 55).

6. 	The system of claim 5, wherein the Authorization Token generator application is configured to create the unique token by applying a reversible mathematical transformation function to at least one of (i) the at least one identifier and (ii) the derivative of the at least one identifier and (iii) the at least one user-selected constraints, (see Gaddam, ¶ 33, 55).

7. 	The system of claim 6, wherein the reversible mathematical transformation function comprises one of a summation function or an exclusive-or function or an n-variable vectorial Boolean or a Fourier transform function, (see Gaddam, ¶ 33, 55).

8. 	The system of claim 1, wherein the Authorization Token generator application is to provide the Authorization Token by displaying one of a character string representative of the Authorization Token, a bar code representative of the Authorization Token, or a QR code representative of the Authorization Token, (see Loh, ¶ 52, 65 and 66).

9.	A method for generating an Authorization Token on a user computing device for authorizing a transaction, the method comprising:
receiving, by the Authorization Token generator application, user-selected constraints for limiting use of the at least one identifier, (see Loh, ¶ 33, 49)(disclosing the terms of limit such as expiration date or number of transactions); 
creating a unique token, by the Authorization Token generator application, based on the at least one user-selected constraints, (see Loh, ¶ 8, 49, 136)(disclosing that expiration (or any other user-selected constraint) may or may not be declared by the owner in the manifesto during creation); 
encrypting, by the Authorization Token generator application, the unique token using a stored private key associated with the at least one identifier to locally generate the Authorization Token, (see Loh, ¶ 136); and
providing, by the Authorization Token generator application, the Authorization Token and the identifier to the user computing device, wherein the Authorization Token is configured to authorize the execution of the transaction, (see Gaddam, ¶ 53, 57, and 60).
receiving, by an Authorization Token generator application operating within the user computing device, at least one identifier to authorize for the transaction, wherein the user computing device is not required to be connected to a separate server-based system containing any information regarding the generation of the authorization token, (see Falconer)(disclosing that “the OS can provide an authentication token when the application request, wherein the token is locally generated (e.g., generated on the user device)…if the user agrees to access the identity token, for example, the application may then send the identity token to the server, the server can then make token, verifying the identity of the user and then returning the related data…In one embodiment, such as generating an authentication token or as the application request by the OS after the ID of the cloud-based service to obtain an authentication token. For example, although the OS can be stored when OS authenticating the user generated authorization token, but alternatively, may only request the user authentication application creating the token. In addition, it can only provide authentication token in the condition ID of the cloud-based application supporting the user.”);

10. 	The method of claim 9, wherein the user computing device is a mobile device 5 and the step of creating a unique token comprises creating the unique token including at least one of (i) the at least one identifier, and (ii) a derivative of the at least one identifier, and (iii) the user-selected constraints in a field of the unique token, (see Gaddam, ¶ 55).

11. 	The method of claim 10, wherein the creating the unique token comprises applying a reversible mathematical transformation function, at least one of (i) the at least one identifier and (ii) the derivative of the at least one identifier and (iii) the user-selected constraints, (see Gaddam, ¶ 33, 55).

12. 	The method of claim 11, wherein the reversible mathematical transformation function comprises one of a summation function and an exclusive-or 15 function and an n-variable vectorial Boolean and a Fourier transform function, (see Gaddam, ¶ 33, 55).

13.	The method of claim 10, further comprising authenticating and validating by a validator computer system, the at least one identifier and the derivative of the at least one identifier and the Authorization Token, wherein the authenticating and validating comprises: receiving, by the validator computer system from a transaction processor  computer system, the at least one identifier and the Authorization Token transmitted to the transaction processor computer system to authorize the transaction; testing, by the validator computer system, a validity of the Authorization Token; responsive to a passing of the validity test of the Authorization Token, and generating and transmitting, by the validator computer system to the transaction processor computer system, a message indicating the validity of the Authorization Token to permit execution of the transaction, (see Gaddam, ¶ 59-60).

14. 	The method of claim 9, wherein the user-selected constraints include at least one of: (i) an upper threshold constraint indicative of a maximum currency value for which authorization is permitted; (ii) a duration of authorization constraint indicative of a time limit during which authorization is permitted; (iii) a number of transactions constraint indicative of a number of transactions for which authorization is permitted; (iv) a geographic area constraint indicative of a geographic area in which authorization is permitted; (v) an industry constraint indicative of an industry for which authorization is permitted; (vi) a company constraint indicative of a company or entity for which authorization is permitted; (vii) a type of transaction constraint indicative of a type of transaction for which authorization is permitted; (viii) a specific transaction constraint indicative of a specific transaction for which authorization is permitted; (ix) a physical device constraint identifying a physical device for which authorization is permitted; (x) a third-party identity constraint identifying a third-party for whom authorization is permitted; (xi) one or more pre-selected default constraints; (xii) a type of data constraint indicative of at least one type of data for which authorization is permitted; and (xiii) a type of access constraint indicative of a type of access for which authorization is permitted, (see Loh, ¶ 33, 49).

19. 	The system of claim 18, wherein the user-selected constraints include at least one of: (i) an upper threshold constraint indicative of a maximum dollar value for which authorization is permitted; (ii) a duration of authorization constraint indicative of a time limit during which authorization is permitted; (ill) a number of transactions constraint indicative of a number of transactions for which authorization is permitted; (iv) a geographic area constraint indicative of a geographic area of a merchant or service provider in which authorization is permitted; (v) an industry constraint indicative of an industry for which authorization is permitted; (vi) a company constraint indicative of a company or entity for which authorization is permitted; (vii) a type of transaction constraint indicative of a type of transaction for which authorization is permitted; (viii) a specific transaction constraint indicative of a specific transaction for which authorization is permitted; (ix) a physical device constraint identifying a physical device for which authorization is permitted; (x) a third-party identity constraint identifying a third-party for whom authorization is permitted; (xi) one or more pre-selected default constraints; (xii) a type of data constraint indicative of at least one type of data for which authorization is permitted; and (xiil) a type of access constraint indicative of a type of access for which authorization is permitted, (see Loh, ¶ 33, 49).

20. 	The system of claim 18, wherein the transaction for which the Authorization Token is generated comprises one of: 20 (i) withdrawing funds from an account at a financial institution, wherein the at least one identifier comprises an account identifier for the account; (ii) providing a tax authority with authorization to use a tax identifier to process a tax return, wherein the at least one identifier comprises the tax identifier; (iii) providing a medical provider with authorization to file an insurance claim, wherein the at least one identifier comprises one of an insurance account number or a social security number; (iv) providing a stock broker with authorization to execute a trade, wherein the at least one identifier comprises an account identifier for a trading account; (v) a purchase transaction for a good or service, wherein the at least one identifier comprises one of a credit card number or a debit card number used for payment, (vi) authorizing a limited sharing of information held by an institution with a trusted third-party, wherein the at least one identifier comprises an account number for the account: (vil) debiting an account balance to permit a transaction, wherein the at least one identifier comprises a debit account number not maintained by a financial institution; and (viii) authorizing one of use and access to one of a physical asset and a virtual asset and an account, (see Loh, ¶ 9, 37 and 46).

Claims 17 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Falconer et al., CN 102685202 B. in view of Gaddam et al., U.S. 2015/0010780 A1.
17.	A validator computer system for electronically authorizing a transaction that is configured to: receive, from a transaction processor computer system, an Authorization Token that is generated by an authorization generator application without requiring access to a separate server-based system containing any information regarding the generation of the Authorization Token, (see Falconer)(disclosing that “the OS can provide an authentication token when the application request, wherein the token is locally generated (e.g., generated on the user device)…if the user agrees to access the identity token, for example, the application may then send the identity token to the server, the server can then make token, verifying the identity of the user and then returning the related data…In one embodiment, such as generating an authentication token or as the application request by the OS after the ID of the cloud-based service to obtain an authentication token. For example, although the OS can be stored when OS authenticating the user generated authorization token, but alternatively, may only request the user authentication application creating the token. In addition, it can only provide authentication token in the condition ID of the cloud-based application supporting the user.”); 
test a validity of the Authorization Token; and responsive to a confirmation of the validity of the Authorization Token, generate and transmit to the transaction processor computer system a message indicating the validity of the Authorization Token to permit execution of the transaction, (see Gaddam, ¶ 59-60). 

18. 	The system of claim 17, wherein the validator computer system is configured to: compare at least one hashed identifier to a plurality of hashed identifiers stored in a database which stores matched hashed identifier and public key pairs, and identify a public key which corresponds to the at least one hashed identifier; decrypt the Authorization Token based on the identified public key; separate at least one identifier from user-selected constraints in the decrypted Authorization Token; determine whether the user-selected constraints are satisfied; and responsive to a satisfaction of the user-selected constraints, generate and transmit to the transaction processor computer system a message indicating the validity of the Authorization Token to permit execution of the transaction using the at least one identifier, (see Gaddam, ¶ 48, 59, 60, and 97).


Claims 15 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loh, U.S. 2014/0164251 A1 in view of Gaddam et al., U.S. 2015/0269566 A1, and further in view of Kane et al., U.S. 2005/0010780.

15. 	The method of claim 9, wherein the user-selected constraints include a third- party identity constraint identifying a third-party for whom authorization is permitted; wherein the transaction comprises providing access; and wherein validation of the Authorization Token provides the third-party with the access, (see Kane, claims 1, 2, 15 and 16, figures 1-3, and ¶ 28).
	It would have been obvious to one of ordinary skill in the art at the time of the invention to include Kane with the combination of Loh and Gaddam.  The motivation would have been to combine prior art elements according to known methods to yield predictable results. All the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination yielded nothing more than predictable results to one of ordinary skill in the art.
This motivation is applied to all claims below by reference.
16. 	The method of claim 9, wherein the user-selected constraints include an identifier of a third-party for whom authorization is permitted; wherein the third-party identifier is transmitted as Companion Transmitted Information with the Authorization Token; wherein the transaction comprises providing access; and wherein validation of the Authorization Token provides the third-party with the access, (see Kane, claims 1, 2, 15 and 16, figures 1-3, and ¶ 28).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RUSSELL S GLASS whose telephone number is (571)272-7285. The examiner can normally be reached weekdays between 10 and 6PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Florian Zeender can be reached on 571-272-6790. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RUSSELL S GLASS/Primary Examiner, Art Unit 3627