DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on October 11, 2022 has been entered.
 
Notice of Pre-AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Acknowledgements
This Office Action is in response to Applicant’s response filed on October 11, 2022 which refers to the response filed on September 9, 2022 (“September 2022 Response”).  The September 2022 Response contained, inter alia, claim amendments (“September 2022 Claim Amendments”) and “REMARKS” (“September 2022 Remarks”).
Claims 1, 4-5, 7, 10-11, 13-17 and 19-20 are currently pending and have been examined. 

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1, 4-5, 7, 10-11, 14-17, and 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Smith (US 2010/0191648 A1)(“Smith”) in view of Dewe et al. (WO 2007/145540 A2)(“Dewe”) and further in view of Rover et al. (US 7,386,727 B1)(“Rover”).

As to Claim 1, Smith discloses a method carried out by a first unit (user terminal 111), a server (interchange 101) and a second unit (mobile phone 117) for providing multi-factor transaction verification (Fig.4 and [0065]-[0066]) comprising:
initiating an electronic transaction over a first channel by the first unit and the server after a first level of user authentication (authentication via PIN, [0086])([0086]);
providing to the server by the first unit, transaction information (purchase request 177) provided by a user, that comprises detail information known to the user about the transaction (Fig.7 and [0067]);
perform a second level user authentication of the user after the first level of user authentication by:
during the electronic transaction over the first channel, receiving from the server, by the second unit, a transaction confirmation request (request in “confirmation message,” [0088]) for the transaction and receiving from the server the same transaction information provided by the user that comprises the detail information about the transaction to thwart malware that can interfere with the transaction, via a second channel, different from the first channel, based on the transaction (Fig.9, [0065]-[0066], and [0088]-[0090]);
providing through a user interface, by the second unit that is registered ([0086], [0012], [0041]) to the same user as the first unit, the received transaction information from the server (“the interchange (101) transmits a confirmation to the mobile phone…” [0088]), without user intervention, that comprises a replication of the detail information about the transaction previously provided by the user for evaluation by the user of the second unit (Fig.9 and [0089]-[0090]);
requesting, by the second unit, in response to the transaction confirmation request, confirmation of the transaction by the user of the second unit ([0074] and [0090]); 
generating, a transaction confirmation code (“code” [0072], such as “a secret code representing the payment request,” [0090]; “secret code,” [0077]) ([0076]-[0077]); 
sending, by the second unit, the transaction confirmation code to the server for verification ([0078] and [0091]); and
verifying whether the transaction should be allowed ([0091]).
Smith does not directly disclose 
generating, by the second unit, a transaction confirmation code using the received transaction information that is the same transaction information provided to the server by the user, in response to a transaction confirmation by the user of the second unit, wherein the second unit generates the transaction confirmation code by electronically signing the received transaction information from the server using at least one of: a shared secret key assigned to the second unit and to the server, or by using an asymmetric cryptographic algorithm; 
sending, by the second unit, the transaction confirmation code that is generated by the second unit using the received transaction information from the server to the server for verification; and
generating, by the server, an expected transaction confirmation code for the second unit and comparing the expected transaction confirmation code with the received transaction confirmation code from the second unit.
Dewe teaches
generating, by a second unit (mobile device 5), a transaction confirmation code (“token,” page 5, line 2) using received transaction information (“transaction information… payee account and amount,” page 8, line 21)(see page 8, lines 19-30), in response to a transaction confirmation (“activation,” page 8, line 13) by the user of the second unit (“the token is generated by mobile telephony device 5 upon activation of the cryptographic based application by a user,” page 8, lines 12-13); 
sending, by the second unit, the transaction confirmation code that is generated by the second unit using the received transaction information, to the server (system 3) for verification (“is sent via wireless network 6 to authentication system 3” page 8, lines 13-14); and
generating, by the server, an expected transaction confirmation code for the second unit and comparing the expected transaction confirmation code with the received transaction confirmation code from the second unit (“Authentication system 3 generates a token based on the same seed…” page 7, lines 13-22).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify Smith by the features of Dewe, and in particular to include in Smith the features of generating, by the second unit, a transaction confirmation code using the received transaction information (that is the same transaction information provided to the server, as in Smith) in response to a transaction confirmation by the user of the second unit; sending, by the second unit, the transaction confirmation code that is generated by the second unit using the received transaction information to the server for verification; and generating, by the server, an expected transaction confirmation code for the second unit and comparing the expected transaction confirmation code with the received transaction confirmation code from the second unit, as taught by Dewe. 
A person having ordinary skill in the art would have been motivated to combine these features because it “prevents a man in the middle modifying transaction information once a channel is validated by a valid token,” (Dewe, page 8, line 33).
Rover teaches generating a code (signed message 9) by electronically signing the received transaction information (message 3) from the server (“message server,” C.3, L.39) using at least one of: a shared secret key assigned to the second unit and to the server, or by using an asymmetric (public/private key, C.1, L.7-16) cryptographic algorithm (“algorithm,” C.1, L.12)(Abstract and C.4, L.29-30).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the invention of the Smith/Dewe combination by the features of Rover and in particular to include in Smith’s generating of the transaction confirmation code in the Smith/Dewe combination, Rover’s feature of generating the code (i.e. Smith’s transaction confirmation code) by electronically signing the received transaction information from the server using at least one of: a shared secret key assigned to the second unit and to the server, or by using an asymmetric cryptographic algorithm, as in Smith’s second unit, in the Smith/Dewe combination.  A person having ordinary skill in the art would have been motivated to combine these features because this would provide an added layer of security to the transaction.

As to Claim 4, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses comprising displaying on the second unit a user interface that visually presents the received transaction information in clear text (Fig.9) and wherein the user interface comprises controls operable to confirm or cancel the transaction (“send,” or “cancel,” Fig.9). 

As to Claim 5, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses sending a transaction cancellation message to the server from the second unit in response to user cancellation of the transaction via a cancellation indication (“cancel,” Fig.9) entered by the user of the second unit in response to presentation of the received transaction information from the server (see Fig.9 and [0073]). 

As to Claim 7, Smith discloses an electronic transaction system comprising:
a server (interchange 101) operative to provide a transaction session and communicate via a second channel with a second unit (mobile phone 117)(Fig.4);
a first unit (user terminal 111) operative to initiate an electronic transaction with the server, via a first channel, after a first level of user authentication affirmation (entering phone number and clicking “accept” button, Fig.8) and provide transaction information (purchase request 177) known to the user to the server, the transaction information being provided by the user after the first level authentication affirmation comprising detail information (phone number) about the transaction (Fig.8); 
the second unit, that is registered ([0086], [0012], [0041]) to the same user as the first unit operative to perform second level authentication of the user after the first level user authentication affirmation by:
receiving during the transaction over the first channel, a transaction confirmation request for the electronic transaction and the same transaction information that comprises the detail information about the transaction via a second channel to thwart malware that can interfere with the transaction, based on the electronic transaction from the server (Fig.9, [0065]-[0066], and [0088]-[0090]);
providing through a user interface, the received transaction information from the server (“the interchange (101) transmits a confirmation to the mobile phone…” [0088]), without user intervention, that comprises a replication of the detail information previously provided by the user about the transaction from the server for evaluation by the user of the second unit (Fig.9 and [0089]-[0091]);
requesting, in response to the transaction confirmation request, confirmation of the transaction by the user ([0074] and [0090]);
generating a transaction confirmation code (“code” [0072], such as “a secret code representing the payment request,” [0090]; “secret code,” [0077]) ([0076]-[0077]); 
sending, the transaction confirmation code to the server for verification ([0078]); and
and verifying whether the transaction should be allowed ([0091]).
Smith does not directly disclose 
generating, by the second unit, a transaction confirmation code using the received transaction information that is the same transaction information provided to the server by the user, in response to a transaction confirmation by the user, wherein generating the transaction confirmation code is done by electronically signing the received transaction information from the server using at least one of: a shared secret key assigned to the second unit and to the server, or by using an asymmetric cryptographic algorithm; 
sending the transaction confirmation code that is generated by the second unit using the received transaction information from the server to the server for verification; and
wherein the server is operative to cryptographically generate an expected transaction confirmation code for the second unit and compare the expected transaction confirmation code with the received transaction confirmation code from the second unit.
Dewe teaches
generating, by a second unit (mobile device 5), a transaction confirmation code (“token,” page 5, line 2) using received transaction information (“transaction information… payee account and amount,” page 8, line 21)(see page 8, lines 19-30),  in response to a transaction confirmation (“activation,” page 8, line 13) by the user (“the token is generated by mobile telephony device 5 upon activation of the cryptographic based application by a use,” page 8, lines 12-13); 
sending the transaction confirmation code that is generated by the second unit using the received transaction information to the server (system 3) for verification (“is sent via wireless network 6 to authentication system 3” page 8, lines 13-14); and
wherein the server is operative to cryptographically generate an expected transaction confirmation code for the second unit and compare the expected transaction confirmation code with the received transaction confirmation code from the second unit (“Authentication system 3 generates a token based on the same seed…” page 7, lines 13-22).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify Smith by the features of Dewe, and in particular to include in Smith the features of generating, by the second unit, a transaction confirmation code using the received transaction information (that is the same transaction information provided to the server, as in Smith) in response to a transaction confirmation by the user; sending, by the second unit, the transaction confirmation code that is generated by the second unit using the received transaction information to the server for verification; and wherein the server is operative to cryptographically generate an expected transaction confirmation code for the second unit and compare the expected transaction confirmation code with the received transaction confirmation code from the second unit, as taught by Dewe. 
A person having ordinary skill in the art would have been motivated to combine these features because it “prevents a man in the middle modifying transaction information once a channel is validated by a valid token,” (Dewe, page 8, line 33).
Rover teaches generating a code (signed message 9) by electronically signing the received transaction information (message 3) from the server (“message server,” C.3, L.39) using at least one of: a shared secret key assigned to the second unit and to the server, or by using an asymmetric (public/private key, C.1, L.7-16) cryptographic algorithm (“algorithm,” C.1, L.12)(Abstract and C.4, L.29-30).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the invention of the Smith/Dewe combination by the features of Rover and in particular to include in Smith’s generating of the transaction confirmation code in the Smith/Dewe combination, Rover’s feature of generating the code (i.e. Smith’s transaction confirmation code) by electronically signing the received transaction information from the server using at least one of: a shared secret key assigned to the second unit and to the server, or by using an asymmetric cryptographic algorithm, as in Smith’s second unit, in the Smith/Dewe combination.  A person having ordinary skill in the art would have been motivated to combine these features because this would provide an added layer of security to the transaction.

As to Claim 10, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses wherein the second unit is a wireless mobile unit and is operative to provide a user interface that visually presents the received transaction information in clear text on the user interface (Fig.9) and wherein the user interface comprises controls operable to confirm or cancel the transaction (“send,” or “cancel,” Fig.9).

As to Claim 11, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses sending a transaction cancellation message to the server in response to user cancellation of the transaction via a cancellation indication (“cancel,” Fig.9) entered by the user of the second unit in response to presentation of the received transaction information from the server (Fig.9 and [0073]). 


As to Claim 14, Smith discloses a wireless mobile device (mobile phone 117) comprising:
a wireless transceiver ([0033] and [0109]);
one or more processors (processors 403) operatively coupled to the wireless transceiver ([0102]);
memory (memory 408) comprising executable instructions that when executed cause the one or more processors ([0102] and [0107]) to,
perform second level authentication ([0086]) of a user after a first level of user authentication occurs by:
receiving from the transceiver, a transaction confirmation request for an electronic transaction and transaction information from a server (“the interchange (101) transmits a confirmation to the mobile phone…” [0088]), provided by a user (Fig.9, [0065]-[0066], and [0088]-[0090]) after the first level of user authentication (entering phone number and clicking “accept” button, Fig.8) that comprises detail information known the user (phone number) about the transaction (Fig.8) to thwart malware that can interfere with the transaction based on the electronic transaction between another device (user terminal 111) that is registered to the same user as the first unit, and the server  (interchange 101); 
providing through a user interface, the same received transaction information, without user intervention, that comprises a replication of the detail information about the transaction for evaluation by the user of the mobile device (Fig.9);
requesting, in response to the transaction confirmation request, confirmation of the transaction by the user of the mobile device ([0074] and [0090]); 
generating, a transaction confirmation code (“code” [0072], such as “a secret code representing the payment request,” [0090]; “secret code,” [0077]) ([0076]-[0077]); 
sending, via the wireless received, the transaction confirmation code to the web server for verification ([0078]).
Smith does not directly disclose 
the generating, a transaction confirmation code using the received transaction information that is the same transaction information provided to the server by the user, in response to a transaction confirmation by the user of the mobile device, wherein generating the transaction confirmation code is done by electronically signing the received transaction information using at least one of: a shared secret key assigned to the mobile device and to a server, or by using an asymmetric cryptographic algorithm; 
sending, the transaction confirmation code that is generated using the received transaction information to the web server for verification.
Dewe teaches
generating, by a mobile device (mobile device 5), a transaction confirmation code (“token,” page 5, line 2) using received transaction information (“transaction information… payee account and amount,” page 8, line 21)(see page 8, lines 19-30),  in response to a transaction confirmation (“activation,” page 8, line 13) by the user of the mobile device (“the token is generated by mobile telephony device 5 upon activation of the cryptographic based application by a use,” page 8, lines 12-13 ); 
sending the transaction confirmation code that is generated using the received transaction information to the web server (system 3) for verification (page 8, lines 13-14).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify Smith by the features of Dewe, and in particular to include in Smith the features of generating, by the mobile device, a transaction confirmation code using the received transaction information (that is the same transaction information provided to the server, as in Smith) in response to a transaction confirmation by the user of the mobile device; sending, by the second unit, the transaction confirmation code that is generated using the received transaction information to the server for verification, as taught by Dewe. 
A person having ordinary skill in the art would have been motivated to combine these features because it “prevents a man in the middle modifying transaction information once a channel is validated by a valid token,” (Dewe, page 8, line 33).
Rover teaches generating a code (signed message 9) by electronically signing the received transaction information (message 3) using at least one of: a shared secret key assigned to the mobile device and to a server, or by using an asymmetric cryptographic algorithm (“algorithm,” C.1, L.12)(Abstract and C.4, L.29-30).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the invention of the Smith/Dewe combination by the features of Rover and in particular to include in Smith’s generating of the transaction confirmation code in the Smith/Dewe combination, Rover’s feature of generating the code (i.e. Smith’s transaction confirmation code) by electronically signing the received transaction information using at least one of: a shared secret key assigned to the mobile device, as in Smith’s second unit,  and to a server, or by using an asymmetric cryptographic algorithm, in the Smith/Dewe combination.  A person having ordinary skill in the art would have been motivated to combine these features because this would provide an added layer of security to the transaction.

As to Claim 15, the Smith/Dewe/Rover combination discloses as discussed above.  Rover teaches wherein the one or more processors are operative to generate the transaction confirmation code by electronically signing the received transaction information using a cryptographic key associated with the mobile device (Abstract and C.4, L.29-30), wherein the cryptographic key is at least one of the shared secret key assigned to the mobile device and to the server, or a private signing key (“secret key,” C.1, L.10) of a public/private key pair (“secret key and public key,” C.1, L.10) used in an asymmetric cryptographic algorithm (“algorithm,” C.1, L.12)(Abstract and C.4, L.29-30).

As to Claim 16, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses wherein the one or more processors are operative to display a user interface that visually presents the received transaction information in clear text (Fig.9) and wherein the user interface comprises controls operable to confirm or cancel the transaction (see controls “send” and “cancel” depicted in Fig.9). 

As to Claim 17, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses wherein the one or more processors are operative to send a transaction cancellation message to a server in response to user cancellation of the transaction via a cancellation indication (“cancel,” Fig.9) entered by the user of the device in response to presentation of the received transaction information from the server (Fig.9). 

As to Claim 20, the Smith/Dewe/Rover combination discloses as discussed above.  Smith further discloses wherein providing through a user interface, by the second unit, the received transaction information comprises providing the replication of the detail information in clear text (see Fig.9).

Claim 13 and 19 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Smith in view of Dewe and further in view of Rover and Law et al. (US 2010/0145861 A1)(“Law”).

As to Claim 13, the Smith/Dewe/Rover combination discloses as discussed above.  
Smith does not directly disclose store and display on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using the second unit. 
Law teaches store and display on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using a unit (Fig.8 and [0091]).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the system of the Smith/Dewe/Rover combination by the feature of Law and in particular to include in Smith’s second unit in the Smith/Dewe/Rover combination, Law’s feature of store and display on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using the second unit.  A person having ordinary skill in the art would have been motivated to combine these features because this would aid in repudiation of the transactions.

As to Claim 19, the Smith/Dewe/Rover combination discloses as discussed above.  
Smith does not directly disclose wherein the one or more processors are operative to store and display on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using the mobile device.
Law teaches storing and displaying on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using the mobile device (Fig.8 and [0091]).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the Smith/Dewe/Rover combination by the feature of Law and in particular to include in Smith’s one or more processors in the Smith/Dewe/Rover combination, Law’s feature of storing and displaying on a user interface, transaction history data corresponding to a plurality of electronic transactions that were confirmed or cancelled using the mobile device.  A person having ordinary skill in the art would have been motivated to combine these features because this would aid in repudiation of the transactions.

Claim Interpretation
35 USC § 112, 6th paragraph
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: 
“a first unit operative to initiate an electronic transaction with the server, via a first channel, in response to a first level of user authentication affirmation and provide transaction information known to the user to the server, the transaction information comprising detail information about the transaction” as recited in Claim 7; and
“the second unit, that is registered to the same user as the first unit, operative to perform second level authentication of the user after the first level user authentication affirmation by:
receiving during the transaction over the first channel, a transaction confirmation request for the electronic transaction and the same transaction information that comprises detail information about the transaction via the second channel to thwart malware that can interfere with the transaction, based on the electronic transaction from the server; 
providing through a user interface, the received transaction information, without user intervention, that comprises a replication of the detail information previously provided by the user about the transaction from the server for evaluation by the user of the second unit;
requesting, in response to the transaction confirmation request, confirmation of the transaction by the user; 
generating a transaction confirmation code using the received transaction information that is the same transaction information provided to the server by the user in response to a transaction confirmation by the user, wherein generating the transaction confirmation code is done by electronically signing the received transaction information using at least one of: a shared secret key assigned to the second unit and to the server, or by using an asymmetric cryptographic algorithm; 
sending the transaction confirmation code that is generated using the received transaction information to the server for verification” as recited in Claim 7.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Response to Arguments
Applicant’s arguments filed in the October 2022 Remarks have been fully considered and addressed below.
On pages 10-12 of the October 2022 Remarks, Applicant argues that the references of record do not teach “generating ... a transaction confirmation code ...” and “sending ... the transaction confirmation code.”  Applicant first explains at a high level that Dewe “does not teach what the office action admits Smith fails to disclose” and Applicant also mentioned that Rover fails to disclose what Dewe is missing.  Applicant opines that Examiner’s previous response to this argument ignores and parses claim language.  Elaborating on the argument that Dewe is deficient, Applicant argues that Dewe does not teach that the transaction confirmation code is generated by the server, while seemingly acknowledging that it is in fact generated, but using transaction information received from the user.  The Examiner respectfully disagrees.  In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).  This argument is unpersuasive because Applicant acknowledges that Dewe teaches what it is relied upon. Applicant does not offer an explanation as to why the reasons given to combine the base reference (Smith) with Dewe's features to arrive at the claim language would be improper (beyond arguing in general that claim language cannot be ignored or parsed), or alternatively, why Smith does not disclose the features for which it is relied on in the rejection. 
Smith discloses providing the received transaction information from the server (“the interchange (101) transmits a confirmation to the mobile phone…” [0088]).
In combining Smith with feature of Dewe it is explained that it would have been obvious to one of ordinary skill in the art at the time the invention was made to modify Smith by the features of Dewe, and in particular to include in Smith the features of generating, by the second unit, a transaction confirmation code using the received transaction information (that is the same transaction information provided to the server, as in Smith) in response to a transaction confirmation by the user of the second unit; sending, by the second unit, the transaction confirmation code that is generated by the second unit using the received transaction information to the server for verification; and generating, by the server, an expected transaction confirmation code for the second unit and comparing the expected transaction confirmation code with the received transaction confirmation code from the second unit, as taught by Dewe.  A person having ordinary skill in the art would have been motivated to combine these features because it “prevents a man in the middle modifying transaction information once a channel is validated by a valid token,” (Dewe, page 8, line 33).  
Furthermore, Rover teaches generating a code (signed message 9) by electronically signing the received transaction information (message 3) from the server (“message server,” C.3, L.39) using at least one of: a shared secret key assigned to the second unit and to the server, or by using an asymmetric (public/private key, C.1, L.7-16) cryptographic algorithm (“algorithm,” C.1, L.12)(Abstract and C.4, L.29-30).  
For the reasons given above, the Examiner finds the arguments unpersuasive. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONICA A MANDEL whose telephone number is (571)270-7046. The examiner can normally be reached Monday-Friday 10:00 AM-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hajime Rojas can be reached on (571) 270-5491. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/M.A.M/Examiner, Art Unit 3681                                                                                                                                                                                                        November 5, 2022

/HAJIME ROJAS/Supervisory Patent Examiner, Art Unit 3681