DETAILED ACTION
Acknowledgements
This action is in response to Applicant’s filing on May 14, 2021, and is made Non-Final. This action is being examined by James H. Miller, who is located in Dallas, Texas, in the central time zone (CST), and who can be reached by email at James.Miller1@uspto.gov or by telephone at (469) 295-9082. 
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. Examiner is available for interviews, generally: M–F, 10 a.m.–4:00 p.m., CST.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
Four (4) information disclosure statements (IDSs) submitted on Aug. 2, 2021; Oct. 21, 2021, Apr. 13, 2022; and Jul. 6, 2022, were filed before the mailing of a first office action on the merits and therefore, are in compliance with the provisions of 37 CFR 1.97(b)(3). Accordingly, the four (4) IDSs have been considered.


Claim Status
The status of claims is as follows:
Claims 1–20 are pending and examined with Claims 1 and 11 in independent form. This is a first action on the merits.

Examiner’s Statement of Eligibility Under 35 USC § 101 (Abstract Idea Exception)
	The pending claims are directed to a statutory category, recite an abstract idea exception, but integrate the abstract idea exception into a practical application in some other meaningful way. MPEP 2106.05(e).
Examiner finds USPTO Example 35, Claim 3, instructive. In USPTO Example 35, Claim 3, the claimed process was determined eligible under § 101. In that example, verification of an ATM transaction was performed using generic computer components in a non-conventional and non-generic way. Specifically, a generic mobile device (instead of the ATM keypad) and an image (instead of a PIN) was used to verify a user’s identity with the ATM machine. The example reasoned this combination of non-conventional steps to verify a user’s identity with an ATM machine was an improvement in ATM technology even though generic computer components were used. Example 35 concluded Claim 3 was eligible under § 101, citing BASCOM.1 
Here, like in Example 35, Claim 3, the claimed process executes a payment transaction using well-known computer components in a non-conventional and non-generic way by authenticating a user using “purchased data stored in the web browser” that “corresponds to past purchases of the user account with the [particular] merchant website.” The combination of authenticating an online payment in this way operates in a non-conventional and non-generic way to improve online payment security and ensure the user’s identity is verified in a secure manner that is more than the conventional verification process employed by an electronic payment transactions alone. Accordingly, the pending claims here, like the USPTO Example 35 claims there, are eligible under § 101 for analogous reasoning. MPEP 2105.05(e); See Diamond v. Diehr, 450 U.S. 175, 188, 209 USPQ2d 1, 9 (1981) ("a new combination of steps in a process may be patentable even though all the constituents of the combination were well known and in common use before the combination was made"); BASCOM Global Internet Servs. V. AT&T Mobility LLC, 827 F.3d 1341, 1349, 119 USPQ2d 1236, 1242 (Fed. Cir. 2016). The limitations that confer eligibility under § 101 and recited by Independent Claims are:
accessing, through the processor, authentication data by the expedited payment extension from the web browser, wherein the authentication data includes items purchased data stored in the web browser and accessed by the expedited payment extension;

communicating, through the processor, the authentication data to an authentication authority over a payment processing network;

receiving, at the processor from the authentication authority via the payment processing network, the user account for the merchant website based on the items purchased data stored in the web browser, wherein the items purchased data corresponds to past purchases of the user account with the merchant website and the items purchased data is analyzed for fraud;

receiving, at the processor, an authentication approval from the authentication authority over the payment processing network;

Specification
The disclosure is objected to because of the following informalities. Appropriate correction is required.
¶ [0022]: It is believed that “extension area 204” is “extension area 205” as indicated in Fig. 2a.
¶ [0052]: It is believed that “payment device data 209” is “payment device 
¶ [0052]: It is believed that “payment devices 213” is “payment devices 209” as indicated in Fig. 3c.

Claim Objections
Claim 2 is objected to because of the following informalities. Appropriate correction is required.
Claim 2: It is believed that “wherein the execute action includes a mouse click and the extension area includes extension area includes a visual indication …” is “wherein the execute action includes a mouse click and the extension area includes 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1–20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 4, 8, and 9 of U.S. Patent No. 11,120,433. Although the claims at issue are not identical, they are not patentably distinct from each other as indicated below. Both the current application and U.S. Pat. No. 11,120,433 name the same inventive entities and are commonly assigned.
Claim #
Pending Application
Claim #
11,120,433
1
A processor-implemented method of enabling an expedited payment extension in a web browser to execute a purchase transaction on a user account with a merchant website, the method comprising:
1
A processor method of enabling an expedited payment
extension in a web browser to execute a purchase transaction
on a user account with a merchant website, the method
comprising:
1
receiving, at a processor, an execute action to an extension area of the web browser to start the expedited payment extension;
1
receiving, at a first processor, an execute action to an
extension area of the web browser to start the expedited
payment extension;
1
executing, through the processor, the expedited payment extension in the web browser, wherein the processor executes both the web browser and the expedited payment extension;
1
executing, through the first processor, the expedited payment extension in the web browser, wherein the first processor executes both the web browser and the
expedited payment extension;
1
accessing, through the processor, authentication data by the expedited payment extension from the web browser, wherein the authentication data includes items purchased data stored in the web browser and accessed by the expedited payment extension;
1
accessing, through the first processor, authentication data
by the expedited payment extension from the web
browser, wherein the authentication data comprises
items purchased data stored in the web browser and
accessed by the expedited payment extension;
1
communicating, through the processor, the authentication data to an authentication authority over a payment processing network;
1
communicating, through the first processor, the authentication data to an authentication authority over a payment processing network, the authentication authority
including a second processor;
1
receiving, at the processor from the authentication authority via the payment processing network, the user account for the merchant website based on the items purchased data stored in the web browser, wherein the items purchased data corresponds to past purchases of the user account with the merchant website and the items purchased data is analyzed for fraud;
1
determining, at the second processor, the user account for
the merchant website based on the items purchased data
stored in the web browser, wherein the items purchased
data corresponds to past purchases of the user account
with the merchant website and the items purchased data
is analyzed for fraud;
1
receiving, at the processor, an authentication approval from the authentication authority over the payment processing network;
1
receiving, at the first processor, an authentication approval from the authentication authority over the payment processing network;
1
receiving, at the processor, payment data including a payment token in the web browser from the authentication authority, wherein the payment token is a one-time use code that is unique to the merchant website; and
1
receiving, at the first processor, payment data including a payment token in the web browser from the authentication
authority, wherein the payment token is a onetime use code that is unique to the merchant website; and
1
executing, at the processor, the transaction in the web browser executing the expedited payment extension, the transaction being executed in response to the authentication approval and based on the payment data.
1
executing, at the first processor, the transaction in the web
browser executing the expedited payment extension, the transaction being executed in response to the
authentication approval and based on the payment data.
5
The method of claim 1, further comprising receiving a selection at the processor of one payment device from a plurality of payment devices and the authentication data includes an amount available to spend on the selected payment device.
8
The method of claim 1, further comprising receiving a selection at the first processor of one payment device from
a plurality of payment devices.
8
The method of claim 1, wherein the extension area comprises at least one of a sidebar, a miniature area, and a miniature entry graphical user interface.
4
The method of claim 1, wherein the extension area comprises at least one of a sidebar, a miniature area and a miniature entry graphical user interface.
11
A networked system comprising a processor, a memory and an input-output circuit for enabling an expedited payment extension in a web browser, the processor being physically configured according to computer executable instructions for:




[remaining limitations the same as indicated in claim 1]
9
A networked system comprising a processor, a memory
and an input-output circuit for enabling an expedited payment
extension in a web browser to execute a purchase
transaction on a user account with a merchant website, the
processor being physically configured according to computer
executable instructions for:

[remaining limitations the same as indicated in claim 1]
15
Same as Claim 5 except dependent from Claim 11
8
See above
18
Same as in Claim 8 except dependent from Claim 11
4
See above


All Dependent Claims in the current Application are rejected based on their dependence to one of the rejected Independent Claims under double patenting. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1–4, 6–14, and 16–20 are rejected under 35 U.S.C. 103 as being unpatentable over Siegal et al. (U.S. Pat. Pub. No. 2009/0177587) [“Siegal”] in view of Howe (U.S. Pat. Pub. No. 2014/0250010) [“Howe”] and further in view of Oborne (U.S. Pat. No. 2012/0316992) [“Oborne”]

	Regarding Claim 1, Siegal discloses
A processor-implemented method of enabling an expedited payment extension in a web browser to execute a purchase transaction on a user account with a merchant website, the method comprising: 
(See at least ¶ [0011], “one of the payment methods taught herein comprises receiving from the e-commerce merchant payment transaction details relating to an e-commerce purchase being conducted by the user at the e-commerce merchant website.” “Online terminal 102 contains software necessary for an online authentication process such as the one described herein. Such software may include a web browser 106, device drivers 108 to communicate with BSD 104, and a downloaded web browser component 110 (e.g., ActiveX controls, Java applets, and/or other ''plug-in" components etc.) for managing BSD 104 and enabling communication between BSD 104 and APS 100.” ¶ [0019].)

receiving, at a processor, an execute action to an extension area of the web browser to start the expedited payment extension;
(Examiner interprets “execute action” as “mouse click” and “extension area” as a “visual indication” in view of Applicant’s Specification, ¶¶ [0021], [0047]. 
See at least ¶ [0032], “During an e-commerce payment transaction, the user may peruse the merchant's e-commerce website, adding goods to his electronic shopping cart (as managed by merchant web server 112) until he is ready to checkout. When the user engages the merchant's checkout process (e.g., by clicking a checkout button) (step 402), the merchant web server 112 may transmit a payment message to the payment management component 128 of the APS 100 (step 404).” A checkout button is a visual indication. ¶ [0019] (“user’s personal computer”). The personal computer is a first processor.)

executing, through the processor, the expedited payment extension in the web browser [send payment message], wherein the processor [user’s personal computer] executes both the web browser and the expedited payment extension;
(See at least Fig. 4, step 404, and associated text ¶ [0032], cited supra, where after clicking the checkout button, “the merchant web server 112 may transmit a payment message to the payment management component 128 of the APS 100 (step 404).” ¶ [0019] (“user’s personal computer” having a “web browser 106” and “and a downloaded web browser component 110”). )

accessing, through the processor, authentication data [biometric data] by the expedited payment extension from the web browser, […] ; 
(See at least ¶ [0019], “Online terminal 102 contains software necessary for an online authentication process such as the one described herein. Such software may include a web browser 106, device drivers 108 to communicate with BSD 104, and a downloaded web browser component 110 (e.g., ActiveX controls, Java applets, and/or other ''plug-in" components etc.) for managing [biometric sensor device] BSD 104 and enabling communication between BSD 104 and APS 100.” See also, ¶ [0029] & [0030] where “a biometric authentication enabled website” triggers the “biometric sensor device (BSD)” attached to a user’s computer to collect a biometric sample from the user for authentication.)

communicating, through the processor, the authentication data to an authentication authority over a payment processing network; 
(Examiner interprets “payment processing network” as a “dedicated network” with “limited access” and “security” that “receives payment data” and communicates with entities in the payment process. Spec., ¶ [0028]. Examiner interprets “authentication authority” as “the entity that authenticates the user” Spec., ¶ [0029]. See at least ¶ [0030] where the “biometric sensor device (BSD) transmits biometric information to the authentication sever 118. The communication network is “a dedicated TCP/IP connection” that is “private” or “proprietary,” which is a payment processing network. ¶ [0022].) 

receiving, at the processor [user device] from the authentication authority via the payment processing network, the user account for the merchant website based on [successful authentication] ; 
(Examiner interprets “receiving a user account for the merchant website” as “receiving payment data” in view of Applicant’s Specification, ¶ [0031]. The particular way of successful authentication is disclosed by the secondary reference Howe, infra. 
See at least ¶ [0021], “payment information may be transmitted by the payment management component 128 [of the Authentication Provider Service (APS) 100] directly to the web browser 106 at the online terminal 102 to be populated into the OSP's web page.” “[I]n addition to authentication transactions, APS 100 may be further enabled to conduct payment transactions between an authenticated user and an [Online Service Provider] OSP 112 that is an e-commerce merchant. In such an embodiment, APS 100 may additionally have a payment management component 128 that interacts with the OSP web server 112, the web browser 106 at the online terminal 102, the identity management component 116, an electronic wallet server 126, and payment processor 130.” ¶ [0021], Fig. 1 (“APS 100” includes “authentication server 118.”). 

receiving, at the processor, an authentication approval from the authentication authority over the payment processing network; 
(Examiner interprets “payment processing network” as a “dedicated network” with “limited access” and “security” that “receives payment data” and communicates with entities in the payment process. Spec., ¶ [0028]. Examiner interprets “authentication authority” as “the entity that authenticates the user” Spec., ¶ [0029]. See at least ¶ [0030] where a match between the collected biometric sample and the registered biometric sample (approval), a federated identity specific for the user and merchant website is transmitted to the merchant server. The communication network between is “a dedicated TCP/IP connection” that is “private” or “proprietary,” which is a payment processing network. ¶ [0022].)

receiving, at the processor, payment data including a payment token in the web browser from the authentication authority, wherein the payment token […] is unique to the merchant website; and 
(See at least ¶ [0033] where payment data is received from the payment management component of the authentication provider service (APS) and presented to the web browser 106. Payment data includes a unique federated identity token to be used between the merchant and the authentication provider system (APS). See also, ¶¶ [0033], [0025], [0020]. 

executing, at the processor, the transaction in the web browser executing the expedited payment extension, the transaction being executed in response to the authentication approval and based on the payment data.  
(See at least ¶ [0033] & [0034] where payment details are presented and selected in a web browser executing the merchant’s checkout process (payment extension). The payment management component receives approval from the web browser 106 and the payment details are sent to a payment processor 130. ¶ [0033]. The transaction is executed in response to matching the user’s biometric data and payment card selection. Id.)

	Siegal discloses “accessing … authentication data by the expedited payment extension from the web browser” but not authentication data that includes “items purchased data.” Siegal discloses “receiving … the user account for the merchant website” upon successful authentication (as interpreted) but not successfully authenticated in the particular way of “based on the items purchased data stored in the web browser, wherein the items purchased data corresponds to past purchases of the user account with the merchant website and the items purchased data is analyzed for fraud. Therefore, Siegal does not disclose but Howe discloses:

wherein the authentication data includes items purchased data stored in the web browser and accessed by the expedited payment extension;
(Examiner interprets “items purchased data” as “historical browsing history” because a user’s computing device must have visited a merchant’s website to make a purchase and as defined by the claims “corresponds to past purchases” in some way.
See at last Fig. 5, step 504 and associated text ¶ [0054], “In step 504, a first receiving device (e.g., the cookie receiving unit 202) may receive cookie data (e.g., the cookie data 118), wherein the cookie data includes at least historical browsing data (e.g., the historical browsing data 410) and a computing device identifier. In embodiments where the consumer identifier may correspond to a computing device 104, the cookie data 118 may originate from the computing device 104.” “[T]he cookie data 118 may be included in the authorization request.” ¶ [0055]. “When the consumer 102 initiates the transaction, the computing device 104 may transmit the cookie data 108 to a processing server 112. In some embodiments, the merchant webpage may be including programming code that instructs a web browsing application on the computing device 104 to transmit the cookie data 118 to the processing server 112. In other embodiments, the merchant 108 may read the cookie data 118 from the computing device 104 and may transmit the cookie data to the processing server 112 via the network 106.” ¶ [0023].)

[successfully authenticating the user] based on the items purchased data stored in the web browser, wherein the items purchased data corresponds to past purchases of the user account with the merchant website and the items purchased data is analyzed for fraud; 
(See at least ¶ [0036], “Figs. 3A and 3B are a process flow illustrating a method for cookie-based authentication.” As explained supra, cookie data 118 contains “historical browsing data 410,” which is “items purchased data correspond[ing] to past purchases of the user account with the merchant website,” as explained by Howe, Fig. 4 and associated text ¶¶ [0044]–[0051] (describing the “Correlation Between Transaction Data and Browsing Data”). The items purchased data is analyzed for fraud. ¶ [0049] (“The processing server 112 may use the correlation identified between the transaction data entries 210 and the browsing records 412 to identify an authentication score, which may indicate the likelihood that an initiated financial transaction is not fraudulent.”).
Primary reference Siegal teaches accessing biometric authentication by the expedited payment extension from the web browser and analyzing the biometric authentication for fraud when making an online payment transaction as explained supra. The sole difference between primary reference and the claimed subject matter is that Siegal does not disclose items purchased authentication data. The primary reference authenticates using biometric authentication data and the claim calls for authenticating using items purchased authentication data.  
Secondary reference Howe discloses items purchased authentication data corresponding to past purchases from the merchant website. Howe teaches a method for cookie-based authentication of a financial transaction when making an online financial transaction at a merchant’s website as explained supra. Cookie data 118 contains historical browsing data that is correlated with past transactions to identify an authentication score, indicating the likelihood that an initiated financial transaction is fraudulent. Howe, ¶¶ [0048], [0049], Fig. 4.
Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself—that is, in the substitution of the items purchase authentication data of secondary reference Howe for the biometric authentication data of primary reference Siegal. Thus, this simple substitution of one known element for another producing a predictable result renders the clam obvious. 
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention, to have authenticated a transaction using items purchased data that has been analyzed for fraud as explained in Howe, to the known invention of Siegal, with the motivation to reduce fraud by “providing added authentication to Internet-based consumer payment transactions,” Howe, ¶ [0006], and “enable stronger authentication without any necessary modifications to legacy payment systems of the merchant 108 or the issuer 116.” Howe, ¶ [0027]; see also, ¶ [0003]–[0005].

Siegal discloses a payment token unique to a merchant website but not explicitly a payment token that is single-use. Thus, Siegal does not disclose but Oborne discloses:

the payment token is a one-time use code
(See at least ¶ [0028], (the user may select to conduct the transaction using a one-time token, e.g., an anonymized credit card number, see e.g., 205b.”)
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention, to have combined a one-time use payment token as explained in Oborne, to the known invention of Siegal, with the motivation to “secur[e] user data and prevent[ ] fraud,” Oborne, ¶ [0008], and to maintain user anonymity for compliance with “privacy regulations specific to the country code” for routing “the token and payment processing to payment servers in the appropriate country” to “prevent [ ] the user’s private information from being seen in inappropriate jurisdictions.” Oborne, ¶ [0023].)

Regarding Claim 2, Siegal, Howe, and Oborne disclose
[t]he method of claim 1, the execute action, and the extension area as discussed above.
Siegal further discloses
wherein the execute action includes a mouse click and 
(See at least Fig. 4, step 404, and associated text ¶ [0032], cited supra, where after clicking the checkout button, “the merchant web server 112 may transmit a payment message to the payment management component 128 of the APS 100 (step 404).” ¶ [0019] (“user’s personal computer” having a “web browser 106” and “and a downloaded web browser component 110”).)

the extension area includes extension area includes [sic] a visual indication in a browser action bar [webpage] that the expedited payment extension is available. (Rearrangement of parts to a different location without modifying the operation of the device or without producing a novel or unexpected result, would be an obvious matter of design choice within the ordinary skill of the art. MPEP § 2144.04(VI)(C). Here, the italicized limitation for the claimed location of the extension area is an obvious design choice, the location not affecting the function of the extension area. Applicant claims an “extension area” located “in a browser action bar” that when selected performs the claimed payment, transaction, and authentication functions. Applicant’s Specification discloses that the location of the “extension area” is a design choice not affecting its function. For example, Applicant’s Specification discloses the “extension area 205 … in a browser action bar”; Spec., ¶ [0022]; “integrated into a browser 201 or other computing application”; Spec., ¶ [0023]; “a sidebar such as in Figs. 4a–47, a miniature area such as in Figs. 3a–3c[,] and a miniature entry graphical user interface such as in Figs. 2a–2e.” Spec., ¶ [0023]. “The format of the extension 207 may take on a variety of forms.” ¶ [0024]. Thus, Applicant takes the position that the location of the extension area is merely a design choice, its location not affecting its function. Accordingly, the italicized limitation is prima facie obvious to a PHOSITA. 
See at least ¶ [0032], “During an e-commerce payment transaction, the user may peruse the merchant's e-commerce website, adding goods to his electronic shopping cart (as managed by merchant web server 112) until he is ready to checkout. When the user engages the merchant's checkout process (e.g., by clicking a checkout button) (step 402), the merchant web server 112 may transmit a payment message to the payment management component 128 of the APS 100 (step 404).” A checkout button is a visual indication. 
Alternatively, Howe, ¶ [0039] (“the consumer 102 may interact with (e.g., click on) a "checkout" button displayed on the merchant webpage.”). For Howe, the resolution of the remaining Graham factual inquiries to support a conclusion of obviousness that a particular known technique was recognized as part of the ordinary skill in the pertinent art is substantively the same as that presented in Claim 1 supra, and is incorporated in its entirety herein, mutatis mutandis, to support the rejection of Claim 2.

Regarding Claim 3, Siegal, Howe, and Oborne disclose
[t]he method of claim 1, and the authentication data as discussed above.
Howe further discloses
wherein the authentication data further includes a password [MAC address] for a sign in name that is stored locally [computer device 104] as a browser cookie and merchant data [merchant webpage].
(See at least ¶ [0022], “The computing device 104 may store cookie data 118 based on the browsing of the consumer 102 and/or the merchant webpage.” ¶ [0023] (merchant reading cookie data from computing device 104); ¶ [0047]. “[T]he cookie data 118 includes an identifier identifying the computing device 104, such as a media access control (MAC) address.” ¶ [0023]. The MAC address may be a consumer identifier. ¶ [0031]. “The consumer identifier may be a unique value used for the identification of a consumer (e.g., the consumer 102).” ¶ [0031]. The consumer identifier is included in the authorization request to permit access to the transaction database 114. ¶¶ [0033], [0042]. Thus, the MAC address is functionally equivalent under BRI as a password for permitting access. The italicized limitation recited intended use because it describes a purpose or function of the thing being claimed, which is “a password.” Accordingly, statements of intended use fail to limit the scope of the claim under BRI. MPEP § 2103(I)(C).)
The resolution of the remaining Graham factual inquiries to support a conclusion of obviousness that a particular known technique was recognized as part of the ordinary skill in the pertinent art is substantively the same as that presented in Claim 1 supra, and is incorporated in its entirety herein, mutatis mutandis, to support the rejection of Claim 3.

Regarding Claim 4, Siegal, Howe, and Oborne disclose
[t]he method of claim 1, and the payment processing network as discussed above.
Siegal further discloses
wherein the payment processing network includes a dedicated network that receives the payment data and communicates the payment data to entities of the transaction.
(See at least ¶ [0022], “a dedicated TCP/IP connection between the payment processor 130 and the ASP 100 may be used.”)

Regarding Claim 6, Siegal, Howe, and Oborne disclose
[t]he method of claim 1, and the authentication data as discussed above.
Howe further discloses
wherein the authentication data is further used to improve one or more fraud algorithms at the payment processing network. 
(See at least ¶ [0027], The use of the authentication score may improve the authentication of consumers conducting payment transaction over the Internet and other forms of electronic commerce.” A “payment score” is an algorithm.)
The resolution of the remaining Graham factual inquiries to support a conclusion of obviousness that a particular known technique was recognized as part of the ordinary skill in the pertinent art is substantively the same as that presented in Claim 1 supra, and is incorporated in its entirety herein, mutatis mutandis, to support the rejection of Claim 6.

Regarding Claim 7, Siegal, Howe, and Oborne disclose
[t]he method of claim 1, and the payment token as discussed above.
Siegal further discloses
wherein the payment token includes a merchant-specific payment account number.
(See at least ¶ [0033] where payment data is received from the payment management component of the authentication provider service (APS) and presented to the web browser 106. Payment data includes a unique federated identity token to be used between the merchant and the authentication provider system (APS). See also, ¶¶ [0033], [0025], [0020]. “Such a payment message may include the amount of the purchase transaction, a description of the transaction, and merchant identification information (e.g., merchant account number and other identifying information) and/or any other merchant or payment transaction details or information which may be required by a payment processor 130 to authorize a payment transaction. 
Alternatively, See at least Oborne, ¶ [0053], describing an exemplary XML-encoded issuer data file). For Oborne, the resolution of the remaining Graham factual inquiries to support a conclusion of obviousness that a particular known technique was recognized as part of the ordinary skill in the pertinent art is substantively the same as that presented in Claim 1 supra, and is incorporated in its entirety herein, mutatis mutandis, to support the rejection of Claim 7.
Regarding Claim 8, Siegal, Howe, and Oborne disclose
[t]he method of claim 1, and the extension area as discussed above.
Siegal further discloses
wherein the extension area comprises at least one of a sidebar, a miniature area, and a miniature entry graphical user interface [webpage]
(As explained above in response to Claim 2, which is incorporated as if set out at length, these claimed features identified by italics describe the location of the extension area and do not modify the operation of the extension area or produce a novel or unexpected result by its location. Thus, these claimed features would be an obvious matter of design choice within the ordinary skill of the art. MPEP § 2144.04(VI)(C). However, should a reviewing court disagree, both Siegal and Howe disclose an extension area in a “graphical user interface” said limitation. The characterization as “miniature entry” is merely a label, nonfunctional, and/or relative terminology, that fails to limit the scope of the claim under BRI. MPEP § 2103(I)(C); MPEP § 2111.05.  See Siegal, ¶ [0032], “During an e-commerce payment transaction, the user may peruse the merchant's e-commerce website, adding goods to his electronic shopping cart (as managed by merchant web server 112) until he is ready to checkout. When the user engages the merchant's checkout process (e.g., by clicking a checkout button) (step 402).”
Alternatively, Howe, ¶ [0039], “Methods for initiating a financial transaction using a webpage on a network 106 (e.g., the Internet) will be apparent to persons having skill in the relevant art. For example, the consumer 102 may interact with (e.g., click on) a "checkout" button displayed on the merchant webpage.” For Howe, the resolution of the remaining Graham factual inquiries to support a conclusion of obviousness that a particular known technique was recognized as part of the ordinary skill in the pertinent art is substantively the same as that presented in Claim 1 supra, and is incorporated in its entirety herein, mutatis mutandis, to support the rejection of Claim 8.

Regarding Claim 9, Siegal, Howe, and Oborne disclose
[t]he method of claim 1 as discussed above.
Siegal further discloses
further comprising auto-filling one or more of a name, a billing address, 
(See at least ¶ [0036], the authenticated user's electronic wallet information could be transmitted by the payment management component 128 to web browser 106 in order to populate required fields (e.g., in an OSP web page residing on user web browser 106) for payment authorization, such as full user name, account number, expiration date, billing address, etc.” The use of “at least one of” and “or” is interpreted as requiring only one of the limitations. Limitations not explicitly rejected are indicated by 

Regarding Claim 10, Siegal, Howe, and Oborne disclose
[t]he method of claim 1 and executing, at the processor, the transaction in the web browser executing the expedited payment extension as discussed above.
Siegal further discloses
wherein executing, at the processor, the transaction in the web browser executing the expedited payment extension includes sending the payment data to the payment network and 
(See at least ¶ [0033], “Once the payment management component 128 receives approval from the web browser 106, it is able to mark the transaction in the queue as approved and forward the payment details (e.g., user's credit card or debit card or eCheck information, merchant's account, etc.) to payment processor 130.”

	Siegal does not disclose but Oborne discloses:
	
analyzing the payment data for one or more of verification, sufficient funds/amounts, and fraud.
(See at least ¶ [0061], “on obtaining the user data, e.g., 640a-n, the issuer server may determine whether the user can pay for the transaction using funds available in the account, e.g., 64la-n. For example, the issuer server may determine whether the user has a sufficient balance remaining in the account, sufficient credit associated with the account, and/or the like. Based on the determination, the issuer server (s) may provide an authorization response, e.g., 642a-n, to the pay network server.”)
For Oborne, the resolution of the remaining Graham factual inquiries to support a conclusion of obviousness that a particular known technique was recognized as part of the ordinary skill in the pertinent art is substantively the same as that presented in Claim 1 supra, and is incorporated in its entirety herein, mutatis mutandis, to support the rejection of Claim 10.



Regarding Claim 11, Siegal discloses
A networked system comprising a processor, a memory and an input-output circuit [keyboard] for enabling an expedited payment extension in a web browser, the processor being physically configured according to computer executable instructions for:
(See at least ¶ [0019], “Online terminal 102 is connected via a network” and may be a “personal computer” with a “keyboard” … Online terminal 102 contains software necessary for an online authentication process such as the one described herein. Such software may include a web browser 106, device drivers 108 to communicate with BSD 104, and a downloaded web browser component 110 (e.g., ActiveX controls, Java applets, and/or other ''plug-in" components etc.).” A personal computer has a memory and processor. “This invention pertains to online authentication and transactions and more specifically, a method and system for providing secure authentication of customers seeking to access secure information and financial services via an online interface.” ¶ [0002]. ¶ [0032] where a user uses a personal computer to add items to an online shopping card.)
The remaining limitations of Claim 11 are not substantively different than those presented in Claim 1 and are therefore, rejected, mutatis mutandis, based on Siegal, Howe, and Oborne for the same rationale presented in Claim 1 supra.
The resolution of the remaining Graham factual inquiries to support a conclusion of obviousness that a particular known technique was recognized as part of the ordinary skill in the pertinent art is substantively the same as that presented in Claim 1 supra, and is incorporated in its entirety herein, mutatis mutandis, to support the rejection of Claim 11.

Regarding Claims 12, 13, 14, 16, 17, 18, 19, and 20, Siegal, Howe, and Oborne disclose
The networked system of claim 11 as explained above.
The remaining limitations of Claims 12, 13, 14, 16, 17, 18, 19, and 20, are not substantively different than those presented in Claims 2, 3, 4, 6, 7, 8, 9, and 10, respectively, and are therefore, rejected, mutatis mutandis, based on Siegal, Howe, and Oborne for the same rationale presented in Claims 2, 3, 4, 6, 7, 8, 9, and 10, respectively, supra.

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Siegal, Howe, and Oborne, and further in view of Sartor (Int. Pat. Pub. No. WO 2014/020622 A1) [“Sartor”]

Regarding Claim 5, Siegal, Howe, and Oborne disclose
[t]he method of claim 1 as discussed above.
Siegal further discloses
further comprising receiving a selection at the processor of one payment device from a plurality of payment devices and 
(See at least ¶ [0033], “the payment management component 128 is able to present the payment details (e.g., user's credit card or debit card or eCheck information, etc.) to the web browser 106 and request selection of a desired payment type (e.g., where multiple payment types are available and/or the user has not already predefined a default payment type) and a confirmation from the user of the transaction details (e.g., amount, description of purchase, etc.) (step 414). Once the payment management component 128 receives approval from the web browser 106, it is able to mark the transaction in the queue as approved and forward the payment details (e.g., user's credit card or debit card or eCheck information, merchant's account, etc.) to payment processor 130 to accept the transaction (step 416).”

	Siegal does not disclose but Sartor discloses

the authentication data includes an amount available to spend on the selected payment device.
(See at least pp. 9–10, “In case of electronic money with a limited spending ceiling, a valid value of the content of the authorization data field AUT D indicates a valid authorization for the mobile electronic device 2 to use the electronic money for trying to perform a purchase transaction with a limited expenditure amount. In this case the second message MSG2 carries the available balance field AV BL and the content of the available balance field AV BL indicates the amount of funds available on the electronic money, meaning that the electronic money is authorized to perform (and thus it can actually perform only) a purchase transaction for an expenditure up to the amount of available funds.” Fig. D-8.)
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention, to have combined with authentication data, an available amount to spend on the selected payment device as explained in Sartor, to the known invention of Siegal, “[i]n [the] case of electronic money with a limited spending ceiling,” which Sartor defines as a credit card. Sartor, p. 009; pp. 006–7 (“electronic money” defined as “credit card with a limited spending ceiling”).

Regarding Claim 15, Siegal, Howe, and Oborne disclose
The networked system of claim 11 as explained above.
The remaining limitations of Claim 15 are not substantively different than those presented in Claim 5, and are therefore, rejected, mutatis mutandis, based on Siegal, Howe, Oborne, and Sartor, for the same rationale presented in Claim 5, supra.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES H MILLER whose telephone number is (469)295-9082. The examiner can normally be reached M-F 9:30 - 4:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett M Sigmond can be reached on (303) 297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES H MILLER/Examiner, Art Unit 3694                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 BASCOM Global Internet Services v. AT&T MOBILITY, 827 F.3d 1341 (Fed. Cir. 2016).