DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgments
The RCE filed on 07/12/22 is acknowledged. 

Status of Claims
Claims 1-3 and 5-20 are pending. 
In the Amendment filed on 06/21/22, claims 1, 5-8, 11, 17 and 18 were amended, claim 4 was cancelled, and no claims were added. 
Claims 1-3 and 5-20 are rejected.

Non-compliant Amendment
The claim amendments made in the Amendment filed on 06/21/22 do not comply with 37 C.F.R. 1.121(c). First, the status identifiers of the claims are not correct. For example, claims 5 and 6 have been amended but are identified as "original." Second, the claim text has not been marked as required. For example, the amendments to claim 11 include substantial limitations that have been added but have not been underlined ("transmit a one-time password request message to the merchant point-of-sale terminal;" and "receive the calculated one-time password response value from the merchant point-of-sale terminal;"). Accordingly, the claims as presented do not accurately reflect the previous version of the claims. As a courtesy to Applicant, the non-compliant amendments have been entered. Applicant is advised to carefully check the other claim amendments, and future amendments, for compliance with 37 C.F.R. 1.121 to ensure clarity of the record and proper printing of any patent that issues from the instant application.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 06/21/22 has been entered.

Response to Arguments
Regarding the rejections under 35 U.S.C. 101
Applicant's arguments have been fully considered but are not persuasive.
Initially, it is noted that the claims were rejected under 35 U.S.C. 101 on two entirely separate grounds, first, as being directed to or encompassing a human organism, and second, as being directed to abstract ideas without significantly more.
It is noted that Applicant has entirely failed to address or even acknowledge the first ground. 
Accordingly, the entirety of Applicant's arguments are directed to the second ground. 
As for Applicant's arguments, they consist of over 11 pages. In addition, Applicant's arguments appear to be a verbatim repetition of the arguments Applicant presented in Applicant's previous response, in response to the previous Office Action, except that in the instant Response Applicant references also those limitations of the independent claims that Applicant has amended in the instant Amendment. 
Accordingly, Applicant's arguments have been addressed by the Response to Arguments in the previous Office Action, except for the instant claim amendments. 
The rejection is retained as the instant amendments to the independent claims amount to modest modification/elaboration of the abstract idea, plus the introduction of additional computer elements that are merely generic. The combination of an abstract idea and generic computer elements does not provide a practical application.
In addition, both in terms of their individual elements and when viewed as a whole, the independent claims, and in particular the instant amendments thereto, still reflect entirely conventional prior art subject matter, as demonstrated by the instant rejections under 35 U.S.C. 103. Accordingly, the claims do not reflect an improvement.
Further, the claims are not directed to technology (beyond generic computer elements), and any putative improvement is not one in computer functioning or technology. For example, the putative technical improvements cited in the Response at p. 15, first and last paragraphs (last paragraph extending to p. 16), are not in fact technical improvements or improvements in the functioning of a computer, but are rather putative improvements in a business process, combined with generic computer elements.  
In addition, the claims are deemed not analogous to the cases cited by Applicant (McRO, Cosmokey, DDR).
For the reasons given above, the claims are not eligible under 35 U.S.C. 101.
Regarding the rejections under 35 U.S.C. 112
The previous rejections under 35 U.S.C. 112 have been withdrawn, in large part, in view of Applicant's amendments. However, Applicant's instant amendments give rise to new rejections.  
For clarification of the record: 
At page 20 of the Response, with regard to the rejection of claims 1 and 11 under 35 U.S.C. 112(b), Applicant writes that "Applicant has amended claims 1 and 11 to address the Office's concerns." In point of fact, Applicant has so amended claim 1 but not claim 11.
Regarding the rejections under 35 U.S.C. 103
Applicant's arguments have been fully considered but are (1) moot in view of the new combination of prior art being cited in the current rejection (in respect of claims 1-6, 10-16 and 20), and (2) not persuasive(in respect of claims 7-9 and 17-19).
A) Regarding claims 1-6, 10-16 and 20
Applicant's arguments (Response, pp. 21-25) are moot in view of the new combination of prior art being cited in the current rejection.
B) Regarding claims 7-9 and 17-19
Applicant's arguments (Response, pp. 25-27) are not persuasive, as explained below. 
The comments set forth below, although referring to "Applicant's arguments," apply to Applicant's arguments directed to the rejection of claims 7-9 and 17-19, not to Applicant's arguments directed to the rejection of claims 1-6, 10-16 and 20. Note that Applicant's arguments directed to the rejection of claims 7-9 and 17-19 are in fact directed to the rejection of claims 7 and 17.
The Office respectfully disagrees with Applicant's arguments. 
Applicant's arguments represent a wholesale distortion of the record. The Office's remarks below are intended to clarify and correct the record. 
Applicant's arguments are essentially set forth in four paragraphs. These four paragraphs are addressed below in turn. (Note: to provide complete context of Applicant's arguments, the entire paragraphs are quoted.)

Paragraph 1 (Response, pp. 25-26)
Applicant writes: 
Initially, Applicant notes that on page 30 of the Action, the Office states, in part, that "this storing in association implies a rules database storing rule and offset parameter, and a cardholder information database storing cardholder information (identifier), the rule information associated with the cardholder information (cp. foreign key referencing primary key)." (Emphasis added.) Applicant notes that the Office is unable to identify such limitations in the reference, and therefore states that the reference "implies" such limitations. This is contrary to what the reference actually discloses. For example, Agarwal, at paragraph [0032] explicitly states that "stored in the memory 120 is a login system, method and/or computer program 150, a one-time password system, method and/or computer program 160 that uses the transformation rule(s) and a transaction system, method and/or computer program 170." The single disclosed memory of the server 100 includes all the necessary components to perform the techniques disclosed by Agarwal. The Office's assertion that such a disclosure "implies" Applicant's specific claimed feature is clearly improper and contravenes the statutory requirements of Section 103. (Response, pp. 25-26; emphasis changed from original)


The above-quoted remarks of Applicant are stunningly misleading, grossly misrepresent the content of the Office Action, and fabricate an outright false account of what the Office Action says.
The remarks indicated in bold above, and the underlined portion between them, clearly suggest to the reader that prior art that merely implied certain claim limitations was actually cited in the Office Action as teaching those limitations. Such a suggestion is highly misleading, a gross misrepresentation and an outright fabrication, as the Office Action did not do this at all. 
Rather, the Office Action made it perfectly clear that it was not relying on -- not citing -- what the prior art merely implied, as actually teaching any claim limitations whatsoever. On the contrary, immediately following the assertions as to what the prior art (here, Agarwal) implied, the Office Action stated that the limitations in question (i.e., that were merely implied by Agarwal) were in fact taught by one or more other references (here, Gurunathan and McKown). See excerpts from the Office Action below. 
Excerpts from Office Action, pp. 30-31 (the basis of Applicant's argument as per quotation above) (note the highlighted language):

    PNG
    media_image1.png
    836
    823
    media_image1.png
    Greyscale


    PNG
    media_image2.png
    836
    832
    media_image2.png
    Greyscale


(Note: although the Office Action refers to a "cardholder information database" (as only implicitly taught by Agarwal) in the first excerpt above, the actual claim language is a "cardholder information table," as indicated as being taught by McKown in the second excerpt above.)
The Office's purpose in mentioning what a reference implies is generally to support the proposed combination of that reference with another reference, e.g., to demonstrate that a primary reference already implies what a secondary reference is cited as teaching (or to demonstrate another appropriate point), which point indicates that the primary reference is ripe for combination with the secondary reference. 
Referring again to Applicant's Paragraph 1 quoted above, the underlined remarks and the remarks in bold following them clearly suggest to the reader that the Office Action (1) cited Agarwal 0032 as implying the claim limitations in question and (2) relied on 0032 as teaching those claim limitations for the rejection under 35 U.S.C. 103. Again, such a suggestion is highly misleading, a gross misrepresentation, and an outright fabrication, as the Office Action did nothing of the sort. The Office Action did not cite (or make any reference to) Agarwal 0032 for the rejection of claims 7 and 17 that Applicant is arguing against. See rejection of claims 7 and 17 (the portion rejected over Agarwal), as excerpted from the Office Action below. 
Excerpts from Office Action, pp. 29-30 (note the highlighted language):


    PNG
    media_image3.png
    707
    814
    media_image3.png
    Greyscale


    PNG
    media_image4.png
    349
    819
    media_image4.png
    Greyscale


Indeed, the sole reference to Agarwal 0032 in the entire Office Action is in the rejection of claims 1 and 11 (p. 23), and it is cited merely as background (as discussed above, in support of the proposed combination of references), not as teaching a claim limitation.
	Accordingly, Applicant's reference to the "Office's assertion that such a disclosure implied Applicant's specific  claimed feature …" (Response, p. 26, Paragraph 1, above) is an outright fabrication, which has no basis in truth. The Office made no such assertion.
 	Furthermore, it should be noted that the "implication" referenced in the Office's rejection of claims 7 and 17, which is the object of Applicant's argument, is a reprise of a similar implication referenced in the Office's rejection of claims 1 and 11, where the Office Action initially made clear that what was referenced as being implied by the prior art was not being cited as actually teaching any claim limitation. See the pertinent portion of the rejection of claims 1 and 11, excerpted from the Office Action below.  
Excerpt from Office Action, pp. 23-24 (note the highlighted language):


    PNG
    media_image5.png
    662
    819
    media_image5.png
    Greyscale
 

The reader of the rejection of claims 7 and 17 will recall the very similar discussion of implied subject matter that appeared in the rejection of claims 1 and 11. The discussion in the rejection of claims 1 and 11 serves to reinforce the point that subject matter referenced as implied is not being cited as teaching any claim limitation. 


Paragraph 2 (Response, p. 26)
Applicant further writes:
Secondly, McKown does not remedy the deficiencies of Agarwal and Gurunathan. Rather, McKown describes a method that associates insurance payment linking information with litigation information. The method also associates insurance payment information with the insurance payment linking information. The method also associates the litigation information to identify a potential third-party claim or a potential subrogation claim. Associating the insurance payment linking information with the litigation information may further include associating at least one medical procedure code with at least some of the litigation information. (Response, p. 26; italics in original)

 
In this paragraph, Applicant merely paraphrases McKown's abstract, hewing very close to the original wording. The content of McKown's abstract has nothing to do with the portion of McKown cited in the rejection of Applicant's claims. Accordingly, Applicant's mere regurgitation of McKown's abstract has no bearing on the rejection of Applicant's claims. While it goes without saying that McKown's abstract was not cited in the Office Action, nonetheless this point is explicitly stated in order to guard against the reader's misunderstanding of the record, in view of Applicant's repeated distortions of the record (see Response to Arguments in previous Office Action). 
In any event, Applicant fails entirely to address or even acknowledge the actual portion of McKown cited in the rejection (Office Action, p. 31). Accordingly, Applicant presents no argument whatsoever as to how McKown does not teach the claim limitations for which it is cited. The fact that McKown's abstract teaches certain subject matter has no bearing on whether McKown does or does not teach the subject matter for which it was cited. As Applicant has presented no substantive argument in respect of McKown, no further 'response to argument' can be provided in this regard.
Note: the fact that the entirety of Applicant's Paragraph 2 is italicized is not explicable with any degree of certitude. The italicization appears to be random, such as the result of a typographical or proofreading error, at least as much as it appears to be based on any reason or intention. 

Paragraph 3 (Response, p. 26)
Applicant further writes:
The asserted combination of Agarwal, Gurunathan, and McKown does not describe or suggest a system wherein executable instructions cause a processor to receive a transaction authorization request message from a merchant point-of-sale terminal associated with a merchant, the merchant authorization request message including a payment card identifier. The asserted combination of Agarwal, Gurunathan, and McKown also does not describe a system wherein the executable instructions cause the processor to transmit a generated one-time password to a cardholder device using contact details retrieved from a database. The asserted combination of Agarwal, Gurunathan, and McKown also does not describe a system wherein the executable instructions transmit a one-time password request message to the merchant point-of- sale terminal and receive a calculated one-time password response value from the merchant point-of-sale terminal. (Response, p. 26)

This paragraph consists of three sentences, each of which is merely a conclusory statement. Accordingly, these remarks have no independent probative value. Their persuasive power (or lack thereof) rests entirely on the evidence (or lack thereof) marshalled by Applicant in the preceding and following paragraphs of this section (viz., the section directed to the rejection of claims 7-9 and 17-19).

Paragraph 4 (Response, pp. 26-27)
Applicant further writes:
It is clearly evident that the Office improperly states that the references "imply" certain limitations, cherry-picks various disclosed elements of Agarwal, Gurunathan, and McKown using impermissible hindsight, and ignores how the elements in the prior art are actually described and interact in formulating the rejection. Applicant respectfully submits that it is improper, in determining whether a person of ordinary skill would have been led to this combination of references, simply to "[use] that which the inventor taught against its teacher." In re Lee, 277 F.3d at 1343, citing W.L. Gore & Assocs. v. Garlock, Inc., 721 F.2d 1540, 1553 (Fed. Cir. 1983). See In re Dow Chem. Co., 837 F.2d 469, 473 (Fed. Cir. 1988) ("[t]here must be a reason or suggestion in the art for selecting the procedure used, other than the knowledge learned from the applicant's disclosure"); Cardiac Pacemakers, Inc. v. St. Jude Medical, Inc., 381 F.3d 1371 (Fed. Cir. 2004) ("the suggestion to combine references must not be derived by hindsight from knowledge of the invention itself."). Here, it is clear that the Office gleaned such "implied" teachings of Agarwal directly from Applicant's disclosure. Using Applicant's disclosure as a blueprint to reconstruct the claimed invention from isolated pieces of the prior art contravenes the statutory mandate of § 103, which requires judging obviousness at the point in time when the invention was made. See Grain Processing Corp. v. American Maize-Prods. Co., 840 F.2d 902, 907 (Fed. Cir. 1988) (emphasis added). Thus, Applicant submits that the Office has failed to establish a prima facie case of obviousness. (Response, pp. 26-27; emphasis in original)


Applicant's Paragraph 4 consists of merely discussion of the law and conclusory statements. The first sentence of the paragraph is a conclusory statement. Applicant's point about the references "implying" certain limitations has been addressed above (Paragraph 1). Applicant's points about cherry-picking and hindsight are groundless, as Applicant has not discussed or mentioned any alleged instances of cherry-picking and hindsight in Paragraphs 1-3. Applicant's point about "ignoring …" either refers to the point about implication, which has been addressed above (Paragraph 1), or else is groundless, as Applicant has not discussed or mentioned any alleged instances of such ignoring in Paragraphs 1-3. Applicant's assertion that the "implied" teachings of Agarwal are gleaned from Applicant's disclosure is a conclusory statement and is baseless since, as discussed above (Paragraph 1), the "implied" teachings were not cited as teaching any portions of Applicant's claims, and the rejections in the Office Action provide grounds -- rooted in the prior art reference in question -- explaining the basis on which the implications are asserted, and Applicant has not disputed or even addressed those grounds.
---
As per the entire discussion above, including notably (but not only) the fact that the Office has not relied on or cited implied teachings/implications drawn from the prior art as teaching any portions of Applicant's claims, the Office asserts, contrary to Applicant's allegations, that the rejections of the previous (and instant) Office Action (1) do not violate any statutory/legal or other requirements, (2) are in no way improper, and (3) establish a prima facie case of obviousness.  
For the reasons given above, Applicant's arguments are emphatically and categorically rejected.

Examiner's Comments
Not Positively Recited
Claim 11 recites:
"the cardholder selecting the one-time password offset parameter from the following options: …"
Claim 14 recites:
"wherein the transaction authorization request message includes information identifying a merchant point-of-sale terminal that transmitted the transaction authorization request message, …"
The recitation of the not positively recited use of the claimed invention does not serve to differentiate the claims from the prior art. See In re Wilder, 166 USPQ 545 (CCPA 1970).

Note: In the interest of compact prosecution, prior art is cited for the aforementioned claimed subject matter that does not differentiate the claims from the prior art. See rejection under 35 U.S.C. 103 below.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Section 33(a) of the America Invents Act reads as follows:  
Notwithstanding any other provision of law, no patent may issue on a claim directed to or encompassing a human organism.  

Claims 11-20 are rejected under 35 U.S.C. 101 and section 33(a) of the America Invents Act as being directed to or encompassing a human organism.  See also Animals - Patentability, 1077 Off. Gaz. Pat. Office 24 (April 21, 1987) (indicating that human organisms are excluded from the scope of patentable subject matter under 35 U.S.C. 101). Specifically:
- Claim 11 recites "the cardholder selecting the one-time password offset parameter from the following options: …;"
Claims 12-20 are rejected by virtue of their dependency from a rejected base claim.
Claims 1-3 and 5-20 are rejected under 35 U.S.C. 101 because the claimed inventions are directed to abstract ideas without significantly more. 
In the instant case, claims 1 and 11 are directed a system and a method for "authenticating a user with a one-time password having a one-time password offset parameter."
Claims 1 and 11 are directed to the abstract idea of "authenticating a cardholder for a payment card transaction, based on a one-time password that is transformed according to a rule" (see specification, e.g., 0002, 0018, 0022-0029) which is grouped under "certain methods of organizing human activity," specifically, "fundamental economic practices or principles" and/or "commercial or legal interactions" in prong one of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance). Claim 1 recites "… cardholder information for a cardholder, the cardholder information including one or more of the following: a payment card identifier, contact details for the cardholder, the one-time password offset parameter, and a rule to produce a calculated one-time password response value using the one-time password offset parameter, the one-time password offset parameter including one or more of the following options: a stock value, a market index value, an exchange rate, a location, a temperature, and a time; … receive a transaction authorization request message from a merchant …, the transaction authorization request message including the payment card identifier; search … using the payment card identifier; retrieve the contact details for the cardholder … based on the payment card identifier; generate a one-time password; transmit the generated one-time password to a cardholder … using the retrieved contact details; transmit a one-time password request message to the merchant …; receive the calculated one-time password response value from the merchant …; retrieve … the rule for producing the calculated one-time password response value and the one-time password offset parameter; produce a test one-time password from the one-time password offset parameter and the generated one-time password based on the retrieved rule; compare the calculated one-time password response value to the test one-time password; and authenticate the calculated one-time password response value based on the calculated one-time password response value matching the test one-time password." Claim 11 recites identical or similar limitations including additionally "receive a calculated one-time password response value from the cardholder …;." Accordingly, the claims recite an abstract idea (See 2019 Revised Patent Subject Matter Eligibility Guidance).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of the claims such as "database," "system," "processor," "memory device," and "point-of-sale terminal," represent the use of a computer as a tool to perform an abstract idea and/or do no more than generally link the abstract idea to a particular field of use. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to (i.e., automate or implement) the acts of authenticating a cardholder for a payment card transaction, based on a one-time password that is transformed according to a rule, specifically, as recited above.
When analyzed under step 2B (See 2019 Revised Patent Subject Matter Eligibility Guidance), the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. Viewed as a whole, the combination of elements recited in the claims merely describes the concept of authenticating a cardholder for a payment card transaction, based on a one-time password that is transformed according to a rule, specifically, as recited above, using computer technology (e.g., processor). Therefore, the use of these additional elements does no more than employ a computer as a tool to automate and/or implement the abstract idea, which cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). 
Hence, claims 1 and 11 are not patent eligible.
Dependent claims 2, 3, 5-10 and 12-20 describe additional operations of or related to the abstract idea (claims 2, 3, 5, 6, 8-10, 12-16 and 18-20), generic computer elements (e.g., POS terminal) used to implement the abstract idea (claim 14), and/or further detail of data (contact details, transaction authorization request message) or of database contents (claims 2, 7, 10, 14, 17). Thus, the dependent claims further describe the abstract idea and the use of the processor or computer system to automate or implement the abstract idea. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the use of the computer in each step does no more than employ the computer as a tool to carry out functions corresponding to the acts performed in the abstract idea. Merely applying instructions by reciting the computing structure as a tool to implement the claimed limitations (see MPEP 2106.05(f)) or merely linking the use of the judicial exception to a particular technological environment or field of use (MPEP § 2106.05(h)), does not serve to provide significantly more than the abstract idea.


Claim Rejections - 35 U.S.C. § 112 
The following is a quotation of 35 U.S.C. 112(b):
b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-3 and 5-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Lack of Antecedent Basis
Claim 1 recites "receive the calculated one-time password response value from the merchant point-of-sale terminal." The underlined language lacks antecedent basis. 
Claims 2, 10, 12 and 20 recite "said processor being further programmed, as part of the operation of transmitting the generated one-time password to the cardholder, …" (claims 2, 10) and "said operation of transmitting the generated one-time password to the cardholder, …" (claims 12, 20). The underlined language lacks antecedent basis. 
Claims 8 and 18 recite "identify[ing] a cardholder table record having the payment card identifier entry that matches the payment card identifier included in the transaction authorization request message." The underlined language lacks antecedent basis. No such matching payment card identifier has previously been recited. 
Claims 9 and 19 recite "identify[ing], from the rules table, the rule entry referenced by the foreign key." The underlined language lacks antecedent basis. 
Claims 2, 3, 5-10, 13 and 19 are (also) rejected by virtue of their dependency from a rejected claim.

Unclear Antecedent Basis
Claims 3 and 13 recite "said processor further programmed to delay further processing for a predetermined period after transmitting the generated one-time password to the cardholder …" (claim 3) and "said method further comprising delaying further processing for a predetermined period after transmitting the generated one-time password to the cardholder" (claim 13). It is not clear whether or not the underlined language refers back to the limitation in the respective base claims 1 and 11, "transmit the generated one-time password to a cardholder device using the retrieved contact details."
Claims 5 and 15 recite "said processor further programmed to delay further processing for a predetermined period after transmitting the one-time password request message to the merchant" (claim 5) and "said method further comprising delaying further processing for a predetermined period after transmitting the one-time password request message to the merchant" (claim 15). It is not clear whether or not the underlined language refers back to the limitation in the respective base claims 1 and 11, "transmit a one-time password request message to the merchant point-of-sale terminal." 
Claims 7 and 17 recite 
said database comprising: 
[i] a rules table including one or more rules table records, with each table record including a primary key, a rule entry of the rule for producing the calculated one-time password response value, and an offset parameter component; and 
[ii] a cardholder information table including one or more cardholder table records, with each cardholder table record including a foreign key and a payment card identifier entry, the foreign key referencing the primary key of the rules table.

In claims 7 and 17, [i] recites "each table record including a primary key," hence a plurality of primary keys, while [ii] recites "the primary key of the rules table." It is not clear which of the multiple primary keys in [i] is being referred to by "the primary key of the rules table" in [ii].  
Claims 9 and 19 recite "identify[ing], from the cardholder table record, the foreign key referencing the primary key." It is not clear which of the multiple primary keys in claims 7 and 17 is being referred to by "the primary key" in claims 9 and 19. See rejection of claims 7 and 17 immediately above. In addition, in claims 7 and 17, [ii] recites "each cardholder table record including a foreign key …," hence a plurality of foreign keys. It is not clear which of the multiple foreign keys in claims 7 and 17 is being referred to by "the foreign key" in claims 9 and 19. 
Claims 8, 9, 18 and 19 are (also) rejected by virtue of their dependency from a rejected claim.

Unclear Scope 
Claim 1 recites "the one-time password offset parameter including one or more of the following options: a stock value, a market index value, an exchange rate, a location, a temperature, and a time." It is not clear what it means for a "parameter" to include an "option." In addition, it is not clear how the recited items, "a stock value, a market index value, an exchange rate, a location, a temperature, and a time," are options since, on their face, they are not. Accordingly, the claim is unclear. 
Claim 11 recites "the cardholder selecting the one-time password offset parameter from the following options: a cardholder-selectable mathematical operation, …." As best understood, the most closely related subject matter in the specification is, e.g., 0070-0074. Based on the specification, it is understood that the mathematical operation is in the manner of a transformation rule by which to combine the one-time password offset parameter with the one-time password; the mathematical operation is not the parameter itself. The apparent discrepancy between claim language and specification renders the claims unclear. In addition, it is not clear how a "parameter" is, or is selected from, a "mathematical operation" (among other "options").
Claim 14 recites "transmitting a one-time password request message to the merchant point-of-sale terminal." Base claim 11 already recites the same limitation. Accordingly, the recitation of claim 14 appears to be redundant. The apparent redundancy renders the claims unclear. 
An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed (See In re Zletz, 893 F.2d 319,321 (Fed. Cir. 1989)).
Claims 2, 3, 5-10 and 12-20 are (also) rejected by virtue of their dependency from a rejected claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3, 5, 6, 10-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Agarwal (U.S. Patent Application Publication No. 2016/0080366 A1) in view of Pitz et al. (U.S. Patent Application Publication No. 2017/0357971 A1), hereafter Pitz, and further in view of Gurunathan et al. (U.S. Patent Application Publication No. 2017/0091730 A1), hereafter Gurunathan.

Regarding Claims 1 and 11
Agarwal teaches:
(element A) … cardholder information for a cardholder, the cardholder information including one or more of the following: a payment card identifier, contact details for the cardholder (0085 user's registered device/email id; the teaching of registration implies that registration data are stored in a database, which database is taught by the secondary references, see below), the one-time password offset parameter (Figs. 8, 9, 0045, 0047, 0054-0079, e.g., (add) your birth date; stored as part of rule), and a rule to produce a calculated one-time password response value using the one-time password offset parameter (0046, Fig. 7, 720, 0049 server receives (stores) transformation rule selected by user; transformation rule encompasses offset parameter), the one-time password offset parameter from the following options: a stock value, a market index value, an exchange rate, a location, a temperature, and a time (0008, 0044-0048, Figs. 7-9);
(element B) a processor coupled to …; and a memory device including executable instructions thereon, the executable instructions causing the processor to: (Figs. 1A, 1B, 110, 120, 0087-0092)
(element C) receive a transaction authorization request message ..., the transaction authorization request message including the … identifier; (0038, Fig. 3, 310, 0040 user login request is transaction authorization request, as per 0040's teaching that transaction may include any transaction with computer system, e.g., a computer session, and alternatively under broadest reasonable interpretation; user id and/or password is identifier under broadest reasonable interpretation)
(element D) search … using the … identifier; (0085)
(element E) retrieve the contact details for the cardholder … based on the … identifier; (0085) 
(element F) generate a one-time password; (0005, 0036, 0085)
(element G) transmit the generated one-time password to a cardholder device using the retrieved contact details; (0005, 0009, 0010, 0036, 0038, 0085, Figs. 2, 3, 220)
(element H-1) … one-time …; (0005, 0009, 0010, 0036, 0038, 0039, 0085, Figs. 2, 3, 220, 240)
(claim 11 only:) (element H-2) receive a calculated one-time password response value from the cardholder; (0005, 0009, 0010, 0036, 0039, Figs. 2, 3, 240)
(element H-3) … calculated one-time …; (0005, 0009, 0010, 0036, 0038, 0039, 0085, Figs. 2, 3, 220, 240)
(element I) retrieve, from …, the rule for producing the calculated one-time password response value and the one-time password offset parameter; (0010 response involves transforming the OTP using (i.e., retrieving) the transformation rule (transformation rule encompasses both rule and offset parameter, as per above); this can be performed by the server, in which case the rule is retrieved, as per 0044, 0046-0047, 0049-0050, Figs. 7, 10 (Agarwal, e.g., 0008, 0044-0048, Figs. 7-9, teaches user selects or creates user's own rule specific to individual user, hence implies (in order for Agarwal's system to function) that server stores rule in association with user, and this storing in association implies storing in a database, which database is taught by the secondary references, see below); 0036, 0040 comparison of response with OTP as transformed by transformation rule involves using (retrieving) rule, as above)
(element J) produce a test one-time password from the one-time password offset parameter and the generated one-time password based on the retrieved rule; (0009, 0010, 0036)
(element K) compare the calculated one-time password response value to the test one-time password; and (0005, 0009, 0036, 0040, Figs. 2, 3, 240)
(element L) authenticate the calculated one-time password response value based on the calculated one-time password response value matching the test one-time password. (0005, 0009, 0036, 0040, Figs. 2, 3, 250)
Agarwal is deemed to implicitly teach a database storing cardholder information in association with rule/password offset parameter, but does not explicitly reference a database (e.g., 0085 user's registered device/email id: the teaching of registration implies that registration data are stored in a database; 0008, 0044-0048, Figs. 7-9 user selects or creates user's own rule specific to individual user, hence in order for Agarwal's system to function the server would store each particular user's specific rule in association with the particular user; such storing of data in association implies storing in a database). However, since Agarwal does not explicitly mention the term "database," Pitz and/or Gurunathan are cited as teaching the database limitations, as set forth below.
Further, Agarwal, e.g., 0032, 0033, 0040, explicitly teaches that the OTP may be used for authentication in the context of a transaction processing system, but Agarwal does not explicitly teach all the details of the transaction processing aspects. However, Pitz and/or Gurunathan teach the pertinent limitations, as set forth below.
Agarwal does not explicitly disclose the following limitations in their entirety but Pitz teaches: 
(element A) a database comprising cardholder information for a cardholder, the cardholder information including one or more of the following: a payment card identifier, contact details for the cardholder, the one-time password offset parameter, and a rule to produce a calculated one-time password response value using the one-time password offset parameter, …; (0060, 0062) (Alternatively taught by Gurunathan, as per below)
(element B) a processor coupled to said database; and a memory device including executable instructions thereon, the executable instructions causing the processor to: (Figs. 1, 2, 11 and associated description) (Alternatively taught by Gurunathan, as per below)
(element C) receive a transaction authorization request message from a merchant point-of-sale terminal associated with a merchant, the transaction authorization request message including the payment card identifier; (0076-0077, Fig. 3A, 302, 304; payment card identifier is taught by "payment account information" or alternatively by data elements of ISO 8583, see "MasterCard Debit Switch Operations Manual" (SECTION 4: ISO 8583–1987 DATA ELEMENT DEFINITIONS), as cited on enclosed Form PTO-892, Notice of References Cited)
(element D) search said database using the payment card identifier; (0060, 0062) (Alternatively taught by Gurunathan, as per below)
(element E) retrieve the contact details for the cardholder from said database, based on the payment card identifier; (0060, 0062) 
(element H-1) transmit a … password request message to the merchant point-of-sale terminal; (0084-0085, Fig. 3B, 322, 324 processing server transmits authentication request message to merchant point of sale device (POS), causing the POS to display user interface requesting user input of authentication data/PIN/password, etc.)
(element H-3) receive the … password response value from the merchant point-of-sale terminal; (0087, Fig. 3B, 328, 330 in response to the request message (element H-1), POS transmits response message containing the authentication data (e.g., PIN entered by user) to processing server)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Agarwal's systems and methods for authentication using transformed one-time passwords, by incorporating therein these teachings of Pitz pertaining to receiving a transaction authorization request message from the POS, and transmitting a password request message to and receiving a password response value from the POS (in addition to, or instead of, transmitting to and receiving from the user's mobile device), because Agarwal, e.g., 0040, explicitly teaches that its disclosure is applicable to e-commerce/financial transactions (hence including payment card transactions) and Pitz's teachings provide a common way of implementing such application, so Pitz merely fleshes out implementation details that Agrawal omits because Agrawal's primary focus is on password transformation rules rather than on the various contexts in which those rules can be applied. In addition, the combination is also obvious because Pitz's teachings of using either a user's mobile device and/or a POS device for receipt/return of password renders Agarwal's system more flexible, accommodating a wider range of merchant practices (e.g., whether to use POS or user device for this authentication process), and hence more user-friendly. In addition, the combination is obvious in respect of Pitz's teachings pertaining to a database because Agarwal implies such use of a database (as explained above) and because Agarwal, e.g., 0040, explicitly teaches that its disclosure is applicable to e-commerce/financial transactions (hence including payment card transactions) and hence Agarwal's systems and methods would collect payment card information and associate it with user information including password information. Finally, the combination is also a matter of (A) Combining prior art elements according to known methods to yield predictable results; (B) Simple substitution of one known element for another to obtain predictable results; (C) Use of known technique to improve similar devices (methods, or products) in the same way; and/or (D) Applying a known technique to a known device (method, or product) ready for improvement to yield predictable results. MPEP 2143.I.A-D.
Agarwal does not explicitly disclose the following limitations in their entirety but Gurunathan teaches: 
 (element A) a database comprising cardholder information for a cardholder, the cardholder information including one or more of the following: a payment card identifier, contact details for the cardholder, the one-time password offset parameter, and a rule to produce a calculated one-time password response value using the one-time password offset parameter, …; (e.g., 0015, 0019, 0034, 0037, 0059, 0066, 0076, 0078, 0098) (Also taught by Pitz, as per above) 
(element B) a processor coupled to said database; and a memory device including executable instructions thereon, the executable instructions causing the processor to: (e.g., 0037, 0078, 0098, Fig. 2, Fig. 6, 0084, 0087) (Also taught by Pitz, as per above)
(element D) search said database using the payment card identifier; (0015, 0019, 0034, 0037, 0059, 0066, 0076, 0078, 0098) (Also taught by Pitz, as per above)
(element I) … said database …; (0015, 0019, 0034, 0037, 0059, 0066, 0076, 0078, 0098)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Agarwal's systems and methods for authentication using transformed one-time passwords, by incorporating therein Gurunathan's teachings pertaining to associating one-time password information with payment card information, and using a database in that regard for storage and retrieval, because Agarwal implies such use of a database (as explained above) and because Agarwal, e.g., 0040, explicitly teaches that its disclosure is applicable to e-commerce/ financial transactions (hence including payment card transactions) and hence Agarwal's systems and methods would collect payment card information and associate it with user information including password information, although Agarwal omits such implementation details as it is focused on the password transformation rules. In addition, the combination is also a matter of (A) Combining prior art elements according to known methods to yield predictable results; (B) Simple substitution of one known element for another to obtain predictable results; (C) Use of known technique to improve similar devices (methods, or products) in the same way; and/or (D) Applying a known technique to a known device (method, or product) ready for improvement to yield predictable results. MPEP 2143.I.A-D.

Regarding Claims 2 and 12
Agarwal in view of Pitz and Gurunathan teaches the limitations of base claims 1 and 11 as set forth above. Agarwal further teaches:
the contact details for the cardholder including a preferred method of contact, (0085 under broadest reasonable interpretation, preferred method of contact is taught by contact information provided by user at registration)
said processor being further programmed, as part of the operation of transmitting the generated one-time password to the cardholder, to transmit the generated one-time password using the preferred method of contact of the cardholder. (0085)

Regarding Claims 3 and 13 
Agarwal in view of Pitz and Gurunathan teaches the limitations of base claims 1 and 11 and intervening claims 2 and 12 as set forth above. Gurunathan further teaches:
said processor further programmed to delay further processing for a predetermined period after transmitting the generated one-time password to the cardholder. (0033, 0076 user given allotted time to use OTP indicates further processing is delayed prior to user's use of OTP)

Regarding Claims 5 and 15
Agarwal in view of Pitz and Gurunathan teaches the limitations of base claims 1 and 11 and intervening claim 14 as set forth above. Gurunathan further teaches:
said processor further programmed to delay further processing for a predetermined period after transmitting the one-time password request message to the merchant. (0033, 0076 user given allotted time to use OTP indicates further processing is delayed prior to user's use of OTP)

Regarding Claims 6 and 16
Agarwal in view of Pitz and Gurunathan teaches the limitations of base claims 1 and 11 and intervening claim 14 as set forth above. Agarwal further teaches:
said processor further programmed to transmit a payment authorization response message to the merchant. (0007, 0040 "proceeding with a transaction … in response to a confirmation …" includes transmitting payment authorization response message to merchant)

Regarding Claims 10 and 20
Agarwal in view of Pitz and Gurunathan teaches the limitations of base claims 1 and 11 as set forth above. Agarwal further teaches:
the contact details for the cardholder including at least two methods of contact, (0085)
said processor being further programmed, as part of the operation of transmitting the generated one-time password to the cardholder, to transmit the generated one-time password using each of the methods of contact of the cardholder. (0085 send OTP to user's registered device id/email id, see also 0012 all features may be combined in any way/combination, e.g., sending OTP via both device id and email id)

Regarding Claim 14
Agarwal in view of Pitz and Gurunathan teaches the limitations of base claims 1 and 11 as set forth above. 
Pitz further teaches: 
(element A) wherein the transaction authorization request message includes information identifying a merchant point-of-sale terminal that transmitted the transaction authorization request message, (0076-0077)
(element B) said method further comprising: transmitting a … password request message to the merchant point-of-sale terminal; and (0084-0085, Fig. 3B, 322, 324 processing server transmits authentication request message to merchant point of sale device (POS), causing the POS to display user interface requesting user input of authentication data/PIN/password, etc.)
(element C) as part of the operation of receiving the … password response value from the cardholder, receive the calculated one-time password response value from the merchant point-of-sale terminal, the merchant point-of-sale terminal being associated with a merchant. (0087, Fig. 3B, 328, 330 in response to the request message (element B), POS transmits response message containing the authentication data (e.g., PIN entered by user) to processing server)
Agarwal further teaches: 
(element B) … one-time …; (0005, 0009, 0010, 0036, 0038, 0039, 0085, Figs. 2, 3, 220, 240)
(element C) … calculated one-time …; (0005, 0009, 0010, 0036, 0038, 0039, 0085, Figs. 2, 3, 220, 240)
Alternately, Gurunathan further teaches: 
(element C) as part of the operation of receiving the calculated one-time password response value from the cardholder, receive the calculated one-time password response value from the merchant point-of-sale terminal, the merchant point-of-sale terminal being associated with a merchant. (0026, 0062, 0076-0077)

Claims 7-9 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Agarwal (U.S. Patent Application Publication No. 2016/0080366 A1) in view of Pitz et al. (U.S. Patent Application Publication No. 2017/0357971 A1), hereafter Pitz, further in view of Gurunathan et al. (U.S. Patent Application Publication No. 2017/0091730 A1), hereafter Gurunathan, and further in view of McKown (U.S. Patent Application Publication No. 2017/0372432 A1).

Regarding Claims 7 and 17
Agarwal in view of Pitz and Gurunathan teaches the limitations of base claims 1 and 11 as set forth above. Agarwal further teaches: 
… a rules … including one or more rules … a rule … of the rule for producing the calculated one-time password response value, and an offset parameter component; and a cardholder information … including one or more cardholder … and a … identifier, … of the rules …. (As per 0044, 0046-0047, 0049-0050, Figs. 7, 10, Agarwal teaches user selects or creates user's own rule specific to individual user, hence Agarwal is deemed to teach (in order for Agarwal's system to function) that server stores rule in association with user (as explained above, Agarwal's transformation rule includes both rule and offset parameter); this storing in association implies a rules database storing rule and offset parameter, and a cardholder information database storing cardholder information (identifier), the rules information associated with the cardholder information (cp. foreign key referencing primary key). However, since Agarwal does not explicitly disclose the terms "database" and "table," Gurunathan and/or McKown are cited as teaching the database/table limitations, as set forth below.)
Gurunathan further teaches:
said database comprising: a rules … including one or more rules … a rule entry of the rule for producing the calculated one-time password response value, and an offset parameter component; and a cardholder information … including one or more cardholder … and a payment card identifier, … of the rules …. (0015, 0019, 0034, 0037, 0059, 0066, 0076, 0078, 0098) (Note: Gurunathan is relied upon for only the underlined language; Agarwal teaches the other language here set forth)
As per above, Agarwal teaches the claimed contents of the database tables and the claimed association but does not explicitly disclose the arrangement of two separate database tables and the formal details of the relational database structure. Gurunathan explicitly teaches storing payment card information linked to OTP rule information (unique reference code/number denoting application comprising algorithm for generating OTP) in a database, for future retrieval/use. But Agarwal and Gurunathan do not disclose complete implementation details of the database storage and the implicit relational database structure (including the linkage of associated information) as their inventions are directed to OTPs rather than databases. Accordingly, Agarwal and Gurunathan are not cited as teaching subject matter they disclose only incompletely or merely render implicit; rather, a different reference (in this case, McKown) is cited as teaching such subject matter. Thus, McKown teaches:
… table … table records, with each table record including a primary key, … entry … ; … table … table records, with each cardholder table record including a foreign key … the foreign key referencing the primary key … table. (0077)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Agarwal's systems and methods for authentication using one-time passwords, by incorporating therein McKown's teachings pertaining to relational database structure (formal structural elements such as tables and records, and linking/associating by primary and foreign keys), because Agarwal explicitly teaches storing in association, e.g., information collected during registration, for future retrieval/ use, but Agarwal does not disclose complete implementation details of the database storage and the implicit relational database structure (including the linkage of associated information) as Agarwal's invention is directed to OTPs rather than databases. Thus, too, the instant combination is a matter of (A) Combining prior art elements according to known methods to yield predictable results. MPEP 2143.I.A.

Regarding Claims 8 and 18 
Agarwal in view of Pitz and Gurunathan and McKown teaches the limitations of base claims 1 and 11 and intervening claims 7 and 17 as set forth above. Agarwal further teaches:
said processor being further programmed, as part of the operation of searching …, to: search the cardholder information …; and (0044, 0046-0047, 0049-0050, Figs. 7, 10, as per claim 7 above, 0085)
identify a cardholder … having the … identifier entry that matches the … identifier included in the transaction authorization request message. (0044, 0046-0047, 0049-0050, Figs. 7, 10, as per claim 7 above, 0085)
Gurunathan further teaches:
said processor being further programmed, as part of the operation of searching the database, to: search the cardholder information … ; and (0015, 0019, 0034, 0037, 0059, 0066, 0076, 0078, 0098)
identify a cardholder … record having a payment card identifier entry that matches the payment card identifier included in the transaction authorization request message. (0015, 0019, 0034, 0037, 0059, 0066, 0076, 0078, 0098) (Note: Gurunathan is relied upon for only the underlined language; Agarwal teaches the other language here set forth)
McKown further teaches:
… table; and (0077)
… table record …. (0077)

Regarding Claims 9 and 19
Agarwal in view of Pitz and Gurunathan and McKown teaches the limitations of base claims 1 and 11 and intervening claims 7, 8, 17 and 18 as set forth above. Agarwal further teaches:
said processor further programmed to: … cardholder …; and (0044, 0046-0047, 0049-0050, Figs. 7, 10, as per claim 7 above, 0009, 0010, 0036)
… rules … rule …. (0044, 0046-0047, 0049-0050, Figs. 7, 10, as per claim 7 above, 0009, 0010, 0036)
McKown further teaches:
… identify, from the … table record, the foreign key referencing the primary key; and (0077)
identify, from the … table, the … entry referenced by the foreign key. (0077)

Conclusion
The prior art made of record and not relied upon, as set forth in the accompanying Notice of References Cited (PTO-892), is considered pertinent to Applicant's disclosure. Among the cited references, Shetty, Quirke, Guiseppe, Williams, Smales and Ibrahim teach authentication based on a verification credential, e.g., a one-time password, that is transformed, e.g., using an offset parameter; Maggio and at least some of the aforementioned references teach, inter alia, associating a verification credential, e.g., a one-time password, with user credentials, e.g., a payment card identifier, e.g., in a database, table, or the like; and Yang and Santiago teach structural and implementation detail of a relational database. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DOUGLAS W PINSKY whose telephone number is (571)272-4131.  The examiner can normally be reached on 8:30 am - 5:30 pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II, can be reached on 571-272-6709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or 
access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DWP/
Examiner, Art Unit 3692
/DANIEL S FELTEN/Primary Examiner, Art Unit 3692