DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
The abstract of the disclosure is objected to because it is longer than the threshold of 150 words. The Abstract contains 178 words.  Correction is required.  See MPEP § 608.01(b).

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 2 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
The analysis of the claims is based on the subject matter eligibility test that is detailed in the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG) and the October 2019 Patent Eligibility Guidance Update (October 2019 Update). The conclusions of the test are detailed below. 
In Step 1 of the test, the claims were found to be directed to one of the four statutory categories, which is a process to verify a password. Therefore, the result of Step 1 is the claims are directed to at least one statutory category. 
In Step 2A(1), the claims were found to recite an abstract idea. The claim recites 
downloading a no-touch password verification software application on a receiving computer;
creating a symmetric password;
storing the symmetric password with the no-touch password verification software application on the receiving computer;
sending account information and receiving computer identifying information to a registry server over a communications network;
sending an electronic request from the receiving computer to an initiating computer to vet the receiving computer for inclusion in the trusted customer network of users;
receiving a registered secure token from a verification authority server, the registered secure token created by:
opening the electronic request from the receiving computer at the initiating computer;
sending the opened electronic request from the initiating computer to the registry server;
checking a member registry to confirm that the receiving computer and the initiating computer are members of the trusted customer network of users; and upon confirmation,
forwarding the electronic request to a verification server;
creating a secure token;
registering the secure token in a token registry database; and
forwarding the registered secure token to the receiving computer;
updating the token with the symmetrical password acknowledging that the receiving computer wishes to proceed with an exchange;
forwarding the updated token to the registry server for authorization, the authorization including:
reading the symmetrical password to confirm authorization of the receiving computer to proceed;
adding the symmetrical password to the updated token; and
forwarding the symmetrical password updated token to the verification authority server;
opening the symmetrical password updated token;
checking token ID information against the token registry;
and when the token ID information matches the token registry, retiring the token, and sending a message to the initiating computer indicating token acceptance; 
and when the token ID information does not match the token registry, retiring the token, and sending a message to the initiating computer indicating token rejection. 
The emphasized elements in points a through h can be interpreted as the interaction by a user with a digital wallet provider.  The elements in f.ii through f.vii are interpreted to be executed outside of the method, creating the registered secure token by the verification authority, and still reciting elements that describe the abstract idea. The elements in h.i through h.v.2 are also interpreted to be executed outside of the method, authorizing the user by the registry, and still reciting elements that describe the abstract idea. The claim describes the abstract idea of registering and verifying the user through a verification token, where the elements can be performed between people.  Therefore, the result of Step 2A(1) is the claim recites an abstract idea.
In Step 2A(2), the claims that recite the abstract idea do not integrate the abstract idea into a practical application. The only device considered as part of the claimed invention is the receiving computer that executes the downloading, storing, sending and receiving of data. The limitation reciting creating a symmetric password and updating the token with the symmetrical password appear to be the response to the decisions of the user of the receiving computer. Thus, the receiving device does not appear to improve or change the process that is determined to be abstract. The registry server and the verification authority are recited as separate from the receiving computer, reciting what could be the intended use of the claimed invention. However, each of the registry and authority describe processes that are also considered to recite an abstract idea and each individual device does not change or improve the process that can be performed by a person. The initiating computer is similar to the receiving computer, thus it is reciting an abstract idea and the initiating computer does not change or improve the process that can be performed between people. The abstract idea of performing functions between people is a Certain method of Organizing Human Activity.    Therefore, the result of Step 2A(2) is the claim is directed to the abstract idea. 
In Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the abstract idea. The claims recite the Receiving Computer as the structure to perform the functions of the verification software application, including the downloading, creating, storing, sending, receiving, updating and forwarding. The functions of creating and updating are interpreted as requests given to the user of the receiving device, such as selecting info to create the password, and selecting an approval to update the token. The recited Initiating Computer, Verification Authority and the Registry Server are recited to perform functions that are outside of the claimed invention, thus do not improve or affect the functions executed by the Receiving Computer.  While the additional elements limit the abstract idea to a specific field of technology, there is no improvement to the functions of the recited technology, nor is there an improvement or change to the process directed to the abstract idea. Thus, it is concluded that the additional elements merely recite instructions to execute the abstract idea. Considering the additional elements individually, the claims do not include elements that are sufficient to amount to significantly more than the abstract idea. Considering the additional elements in combination, the steps do not add any meaningful limits on practicing the abstract idea more than the elements analyzed individually and thus do not add significantly more to the claimed invention. Therefore, the result of Step 2B is the claim does not add significantly more to the abstract idea. The test concludes claim 2 is patent ineligible.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-14 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Fallah (US 2021/0218710, hereinafter “Fallah”), in view of Laracey (US 2019/0279198, hereinafter “Laracey”), in view of Isaacson (US 2019/0230070, hereinafter “Isaacson”).
Regarding Claims 1 and 2, Fallah teaches 
downloading an identity verification software application on a receiving computer (interpreting the use of an app provider, similar for every software application: “The user device 21 will download and install a device control application, and generate a UID, in a manner similar to the administrator device 20 as discussed with reference to FIG. 11. Once completed, the user device 21 may either initiate a request to be added as a user for a given client device, or the administrator device 20 may initiate the request.” See Fallah in [0119]);
creating an asymmetric cryptographic key pair, including a public key and a private key (interpreting the basic creation of these keys as part of the installation execution: “At step 425, as part of the initial execution of the newly installed firmware, the client device 10 generates and stores at least one set of asymmetric encryption keys for use in encryption/decryption and signing operations. As it is generally preferable to employ distinct key pairs for encryption/decryption and signing, at least two asymmetric public-private key pairs may be generated at this stage and stored in the key store of the client device 10.” See Fallah in [0090]);
storing the private key on the receiving computer (it is conventional for any app to store what is created by the app, See Fallah in [0119]);
sending account information, receiving computer identifying information, and the public key from the receiving computer to a registry server over a communications network (as part of the registration of the installed app on the new device, See Fallah in [0090]);
The claims as recited include limitations that are not performed by the receiving computer, and are interpreted to be outside of the functional limitations of the claimed invention. Limitations reciting:
the encrypted registered secure token created by: 1) opening the electronic request from the receiving computer at the initiating computer; 2) double key encrypting the electronic request; 3) sending the double key encrypted electronic request from the initiating computer to the registry server; 4) decrypting the double key encrypted electronic request received by the registry server; 5) checking a member registry to confirm that the receiving computer and the initiating computer are members of the trusted customer network of users; and upon confirmation, 6) encrypting and forwarding the electronic request to a verification server; 7) decrypting the encrypted electronic request received by the verification server; 8) creating a secure token; 9) registering the secure token in a token registry database; and 10) encrypting the registered secure token; 
are not described in the claim to be performed by the receiving computer, thus are only reciting elements that are the intended use of the claimed invention. The other limitations reciting:
the verification including: 1) decrypting the encrypted updated secure token;  2) reading the decrypted secure token to confirm identity verification information of the receiving computer; 3) encrypting the read secure token; 4) forwarding the encrypted read secure token to the verification authority server; 5) decrypting the forwarded encrypted read secure token through the verification authority server; 6) checking token ID information against the token registry, (a) and when the token ID information matches the token registry, retiring the token, and sending an encrypted message to the initiating computer indicating token acceptance; and (b) when the token ID information does not match the token registry, retiring the token, and sending an encrypted message to the initiating computer indicating token rejection.
are also not described in the claim to be performed by the receiving computer, thus are only reciting elements that are the intended use of the claimed invention. Were the initiating computer, the registry server and the verification authority server be positively recited to perform the functions as part of the claimed invention, the claims would include these elements that are currently interpreted as intended use.
Fallah does not expressly teach sending an electronic request from the receiving computer to an initiating computer to vet the receiving computer for inclusion in the trusted customer network of users; receiving an encrypted registered secure token from a verification authority server at the receiving computer; updating the registered secure token with approval information acknowledging that the receiving computer wishes to proceed with an exchange; forwarding the encrypted updated token to the initiating computer for verification by the verification server.  
However, Laracey does teach 
sending an electronic request from the receiving computer to an initiating computer to vet the receiving computer for inclusion in the trusted customer network of users (the initiating computer is not described as a verification authority, interpreting the message is sent to a verification authority: “In the illustrative embodiment shown in FIG. 5, the merchant 108 has several relationships, and in the depicted transaction (at the interaction labeled as “1”), requests issuance of a token from token issuing authority 250b. The request may be requested in a message such as a merchant payment authorization request message which transmits information associated with the pending transaction to the token issuing authority 250b.” See Laracey in [0097] in reference to Figure 5);
receiving an […] registered secure token from a [token issuing] authority server at the receiving computer (“Upon receipt of the merchant payment authorization request message, the token issuing authority 250b generates or otherwise identifies a token for use in the transaction. The token issuing authority 250b may also create a pending transaction record associated with the token. In some embodiments, the pending transaction record may include information including a merchant identifier, a terminal identifier, a transaction amount, and other data associated with the pending transaction. Pursuant to some embodiments, the token generated or obtained by the token issuing authority 250b includes information usable to identify token issuing authority 250b.” See Laracey in [0097]), 
updating the registered secure token with approval information acknowledging that the receiving computer wishes to proceed with an exchange (“Pursuant to some embodiments, either a “static” token or a “dynamic” token may be used. In an embodiment where a “static” token is used (e.g., such as one that is assigned for use by a specific point of transaction location and which does not include any variable information for each transaction), the transaction management system 130 matches the information in the customer transaction lookup request (received from the mobile device 102) with the information in the merchant payment authorization request (received from the merchant 108) by matching the token information received in each of the messages. Once a match is found, the transaction management system 130 transmits a transaction detail message (via path 114) to the customer's mobile device 102.” See Laracey in [0034]; “In embodiments using a “dynamic” token (e.g., where the token is generated by either the merchant 108, the transaction management system 130, or the token issuing authority before it is displayed on a display device associated with the merchant during a checkout transaction, and where the token may include additional information about a transaction), checkout processing may proceed without a need for a customer transaction lookup request message to be transmitted to the transaction management system 130. For example, in some embodiments, some or all of the transaction details may be encoded in a dynamic token which, when captured and processed by the mobile device 102, provides the transaction details to the mobile device 102.” See Laracey in [0036]);
forwarding the […] updated token to the initiating computer for verification by the […] server (“In either event, however, the token is used to match messages from the mobile device 102 with messages from the merchant 108 at the transaction management system 130 (or at a combination of a wallet issuer and a token issuing authority as described herein).” See Laracey in [0036]; “Once the mobile device 102 (and, in some embodiments, the wallet issuer 260) has information associated with the pending transaction (including, for example, information identifying the merchant 108, the transaction amount, and the like), processing may continue with an interaction labeled as “5”. … In processing during the interaction shown as item “5”, the wallet issuer 260, interacting with the mobile payment application on the mobile device 102 may proceed to perform processing to determine which payment account(s) of the customer may be used in the transaction.” See Laracey in [0112]-[0113]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to include in the teachings of Fallah to “verify a recipients identifier”, as taught by Laracey, to improve the process of secure access request and secure authorization for a transaction.
Fallah, in view of Laracey, substantially teaches decrypting and encrypting data within the client computer (“At step 425, as part of the initial execution of the newly installed firmware, the client device 10 generates and stores at least one set of asymmetric encryption keys for use in encryption/decryption and signing operations. As it is generally preferable to employ distinct key pairs for encryption/decryption and signing, at least two asymmetric public-private key pairs may be generated at this stage and stored in the key store of the client device 10. Additionally, if the cryptographic algorithms include a hybrid algorithm, multiple asymmetric key pairs will be required for encryption/decryption. Thus, more than two key pairs may be generated at this stage.” See Fallah in [0090]).
Fallah, in view of Laracey, does not expressly teach decrypting the encrypted registered secure token received from the verification server using the receiving computer; and encrypting the updated registered secure token. 
However, Isaacson does teach decrypting the token data for processing and re-encrypting the token for the payment processing (“The merchant may use a private key to decrypt the data when processing the payments or the token information. A merchant identity certificate or a transport layer security certificate can be used to authenticate a merchant session with network servers.” … “As soon as the user authorizes the payment 1756, payment information can be encrypted to prevent an unauthorized third party from accessing it. In one aspect, the payment request can be sent to a secure element (such as the secure element used on iPhones to enable Apple Pay with near field communication at a merchant site), which is a dedicated chip on the user's device 1746. The secure element adds the payment data for the specified card and merchant, creating an encrypted payment token 1758. It then passes 1760 this token to network servers 1750, where the servers reencrypt the token using the merchant payment processing certificate 1762. The servers 1750 transmit 1762 the reencrypted token back to the user device 1746.” Where it is interpreted that the process of reencryption is possible using the mobile device if the mobile device already has the keys to “decrypt” the token information, See Isaacson in [0381]-[0384]). 
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Fallah to include “decrypting a token, modifying and approving the token, and re-encrypting the token”, as taught by Isaacson, to secure the personal identification information for registry, during the authorization process, against theft and fraud.
Where claim 2 recites password the interpretation is that it describes identifying information as recited in claim 1. The rejection of claim 1 covers the elements recited in claim 2 based on this interpretation, therefore claim 2 is rejected as obvious over the prior art. 
Regarding Claim 3, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Laracey, in view of Isaacson, further teaches vetting the receiving computer includes confirming a unique identifying characteristic of the receiving computer, wherein the unique identifying characteristic of the receiving computer includes a unique device identifier (UDID) (this function is interpreted as part of the registry server, outside of the claimed invention: “The initial identifier may be based on a manufacturer's identifier, such as a serial number applied by an original equipment manufacturer.” See Fallah in [0047]; “Each mobile device 202 may, for example, be identified by its phone number and/or other unique identifier(s) (such as a hardware serial number, an ASIN, a Advertising Identifier in the case of an iPhone, a component serial number such as a CPU serial number or the like).” See Laracey in [0084]; “In one aspect, the system stores whatever information is necessary to use the payment request API on the user device. For example, when a user adds a debit or credit card to a payment mechanism, the account information is encrypted and sent to a network server. The server(s) then link up with the user bank to verify the information. The bank can create an encrypted device account number that is transmitted back to the servers and stored on the secure element in the user device. The secure element can be embedded in a near field communication (NFC) chip on a device. This number is completely unique to the user device and to the credit and debit cards (or cryptocurrency or other forms of payment) associated with it.” See Isaacson in [0379]).
Regarding Claim 4, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Laracey, in view of Isaacson, further teaches updating the token with approval information acknowledging that the receiving computer wishes to proceed with an exchange includes: launching and displaying an approval window with the receiving computer, the approval window including initiating computer information and a secure token value; and generating and displaying an accept option to a user of the receiving computer to continue a transaction (“Assuming these initial checks are successful, the proxy system 80 then contacts the administrator device 20-2 for confirmation that the pairing should proceed 645. Such requests for confirmation may be presented on an administrator device in a user interface of the device control application executing on the administrator device. A response 650 is received by the proxy system 80 accepting or rejecting the pairing; if the pairing request is rejected, again the process may end with a failure message sent to the requesting device.” See Fallah in [0116]; “In some embodiments, the transaction management system 130 transmits a payment authorization request message to the customer's mobile device, enabling the customer to have a final opportunity to confirm or cancel the payment transaction, although this step is optional. The customer's confirmation or cancellation is transmitted from the mobile device 102 as a customer payment authorization message to the transaction management system 130 via path 114.” See Laracey in [0037]; “FIG. 12F illustrates another aspect of dynamically changing the processing of the user input. The method includes presenting a user input field that processes input according to a default destination site (1260), receiving user input in the input field (1262), based on the user input, automatically presenting an object indicating that if the user enters the user input in the input field, that the user will transition to a second destination site that differs from the default destination site (1264), and receiving a confirmation from the user to process the user input (1266). The method further includes, based on the confirmation, transitioning the user to the second destination site (1268). The confirmation can be the user hitting an enter button, providing some other type of input indicating that the user input should be processed or pressing the enter key on a keyboard.” See Isaacson in [0243]).
Regarding Claim 5, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah further teaches the receiving computer sends and receives to and from at least one of the group of the initiating computer, the registry server, and the verification authority server using a pre-registered mobile number on a cellular network (“These devices may be adapted for wireless local area network (WLAN) communication and may communicate with the distributed ledger proxy system 80 and other accessible nodes in the environment in a manner similar to the example mesh network 30. They may, alternatively, be configured with suitable radio access technology compliant with one or more cellular communications standards such as 5.sup.th generation (5G), as may defined by the Third Generation Partnership Project (3GPP) or International Mobile Telecommunications-2020 (IMT-2020) Standard, or earlier (fourth to second generation) standards such as Long Term Evolution (LTE), Universal Mobile Telecommunications System (UMTS), or Global System for Mobile Communications (GSM). In the case of a client device 10 that is expected to be mobile during the course of day-to-day operation (e.g., a vehicle or a personal medical device), it may be preferable for the client device 10 to be equipped for cellular communications unless it is accompanied by a paired communications device with cellular access, such as a smartphone. The network infrastructure required for these communication methods is omitted for clarity in FIG. 1.” See Fallah in [0036]).
Regarding Claim 6, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Isaacson, further teaches at least one of the group of the receiving computer, the initiating computer, the registry server, and the verification authority server adds a breadcrumb of information to communications to create a log of communication activity indicating that the identity verification software application on the receiving computer updated the token with additional identifying information (“At some stage, the communication and tracking of the packet can transition to a normal tracking and notification process such as is operated by Amazon.com for managing purchases made, return policies, etc. If a return is to be made, the merchant can transfer 1 Bitcoin to the smart contract which can then make a payment according to its protocol to the purchaser.” See Isaacson in [0687]).
Regarding Claim 7, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Laracey, further teaches sending the double key encrypted electronic request from the initiating computer to the registry server includes forwarding a verification request to a surrogate initiator computer who then takes the place of the initiating computer and completes the identity verification method on behalf of the initiating computer (this function is not part of the claimed invention as it is performed outside of the receiving computer; the interpretation of the independent claim is the verification request is transferred to a verification, See Laracey in [0112]-[0113]).
Regarding Claim 8, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Laracey, in view of Isaacson, further teaches sending the authentication message includes at least one of the group of a password, a user ID, a hardware ID, and a biometric identifying characteristic (See Fallah in [0047]; See Laracey in [0084]; See Isaacson in [0379]).
Regarding Claim 9, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah further teaches verification and token acceptance is used to approve at least one of the group of a payment transaction and an email transmission (“Thus, in one aspect, a system is provided in which a distributed ledger computing system maintains a distributed ledger for storing security-related information for a plurality of network-enabled client devices, and a proxy computing system is configured to exchange security-related messages with the plurality of network-enabled client devices over a first communication path, and to engage in transactions or call functions with the distributed ledger on behalf of the network-enabled client devices over a second communication path.” See Fallah in [0023]).
Regarding Claim 10, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah further teaches sending or receiving the digital token by at least one of the group of the receiving computer, the initiating computer, the registry server, and the verification authority server is performed using at least one of the group of the Internet, Wi-Fi, a local area network, and a peer-to-peer (p2p) network (“In a typical household implementation, devices on the mesh network 30 communicate with any accessible external nodes (e.g., services accessible over a public network such as the Internet) via an access point and Internet gateway. Other example client devices 10′ and 10″ shown in FIG. 1 are a blood glucose monitor and an automobile, respectively, with a common administrator device 20. These devices are illustrated as operating outside a mesh network, although of course those skilled in the art will recognize that a network communication-enabled automobile may be configured for communication in ad hoc mesh networks, for example using a for vehicle-to-vehicle (V2V) protocol. These devices may be adapted for wireless local area network (WLAN) communication and may communicate with the distributed ledger proxy system 80 and other accessible nodes in the environment in a manner similar to the example mesh network 30. They may, alternatively, be configured with suitable radio access technology compliant with one or more cellular communications standards such as 5.sup.th generation (5G), as may defined by the Third Generation Partnership Project (3GPP) or International Mobile Telecommunications-2020 (IMT-2020) Standard, or earlier (fourth to second generation) standards such as Long Term Evolution (LTE), Universal Mobile Telecommunications System (UMTS), or Global System for Mobile Communications (GSM). In the case of a client device 10 that is expected to be mobile during the course of day-to-day operation (e.g., a vehicle or a personal medical device), it may be preferable for the client device 10 to be equipped for cellular communications unless it is accompanied by a paired communications device with cellular access, such as a smartphone. The network infrastructure required for these communication methods is omitted for clarity in FIG. 1.” … “As mentioned above, control messages and vendible data are routed from the client device 10 to the designated recipients along different communication paths, thus providing for separation of the control and data planes in the network. One example is shown in FIG. 4., which depicts communication amongst a client device 10, a peer device (e.g., another client device 10, and administrator device 20, or other user device 21), the proxy server 80, distributed ledger system 90, data storage and/or distribution system 60, and a data consumer 70. In this example, the client device 10 and peer device 10, 20, 21 may engage in P2P communication (path 1) using any appropriate wired or wireless technology and protocol (e.g., Zigbee™ or Bluetooth™). Vendible data collected by the client device 10 in this example is transmitted by the client device 10 via a public network (path 2) to the data storage and/or distribution system 60. Typically, the data will be addressed to a predetermined address defined in the client device's software or firmware. After it is received by the data storage and/or distribution system 60, the data may then be retrieved by the data consumer 70, or pushed or streamed to the data consumer. These transmissions may occur over a public or private network (path 3).” See Fallah in [0036]-[0037]). 
Regarding Claim 11, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Laracey, further teaches sending the electronic request from the initiating computer to the registry server includes: adding a transaction ID to be routed with the electronic request; and linking the electronic request and subsequently generated tokens to an individual communication (These functions are interpreted to not be part of the claimed invention, and are interpreted as the intended use of the claimed invention. The transaction ID is interpreted to be added by the receiving computer, and the linking of the request and the tokens is interpreted as created by the receiving computer: “The selected token is associated with the transaction in a merchant transaction queue at the transaction management system 130 (or at the token issuing authority as described further below) where it is made available to be matched with transactions from a customer message queue at the transaction management system 130 (or at a wallet issuer as will be described further below).” … “The merchant system 108, upon capturing the token from the mobile device 102, associates the token with the pending transaction details (which may include the total transaction amount and other details of the items scanned) and transmits a process transaction request message to the transaction management system 130 which includes the token information as well as information about the transaction (which may include the transaction amount, among other information).” See Laracey in [0035] and [0044]).
Regarding Claim 12, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah further teaches sending the electronic request from the initiating computer to the registry server includes: setting a timer when the electronic request is sent; and rejecting a verification when the electronic request is not received by the registry server within a predetermined time (These functions are interpreted to not be part of the claimed invention, and are interpreted as the intended use of the claimed invention. The setting a timer is interpreted as adding a time stamp, and the rejection of verification is interpreted as failing to meet an attribute: “It may be noted that the client device 10 may, on later occasions, contact the firmware source 40 to re-download the firmware or obtain updates; to do so, the requests sent may include not only the initial identifier, but also version and timestamp information indicating the currently installed version of firmware and the time of download or installation. The content and formatting of requests to the firmware source, such as request 405, may be determined by the skilled reader.” … “In some implementations, the firmware update 415 received by the client device 10 is timestamped with the date of transmission to the client device 10, and must be installed within a predetermined time after the timestamp to ensure that the firmware is valid. The firmware may be configured such that if the firmware is not installed within the predetermined time, any attempted installation of the firmware will fail.” See Fallah in [0087] and [0089]). 
Regarding Claim 13, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Laracey, further teaches creating a secure token includes creating a secure token with a monetary value (These functions are interpreted to not be part of the claimed invention, and are interpreted as the intended use of the claimed invention. The creation of the token with a monetary value is interpreted as the receiving computer providing a monetary value: “The merchant system 108, upon capturing the token from the mobile device 102, associates the token with the pending transaction details (which may include the total transaction amount and other details of the items scanned) and transmits a process transaction request message to the transaction management system 130 which includes the token information as well as information about the transaction (which may include the transaction amount, among other information).” See Laracey in [0044]).
Regarding Claim 14, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah further teaches sending the electronic request from the initiating computer to the registry server includes sending an identifying image of a receiving party to be checked against a registered image of the receiving party in the registry (These functions are interpreted to not be part of the claimed invention, and are interpreted as the intended use of the claimed invention. The check against a registered image of the receiving party is interpreted as the receiving computer sending an image for verification: “…the addition of a user device 21 may be initiated by the administrator device 20. In one implementation, the administrator device 20 obtains the UID 715 of the proposed user device 21. This may be obtained using methods described above: for example, a user may manually input the UID of the user device 21 into the appropriate input field of the device control application; the administrator device 20 may be configured to receive the UID using NFC or by other wireless means, or by scanning a two-dimensional barcode displayed on a screen of the user device 21, or even by receiving a message (e.g., a short message service (SMS) message).” See Fallah in [0119]).
Regarding Claim 16, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah further teaches the identity verification software application on the receiving computer interfaces with an operating system on the receiving computer to request identifying data characteristics of at least one of the group of the operating system and a Unique Device Identifier (UDID) (“The initial identifier may be based on a manufacturer's identifier, such as a serial number applied by an original equipment manufacturer.” See Fallah in [0047]).
Regarding Claim 17, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Laracey, further teaches 
checking the member registry to confirm that the verification authority server is a member of the trusted customer network of users, (This function does not further limit the claimed invention of claim 1 as it is a function of the registry server and not of the recipient computer. This function is outside of the claimed invention and is interpreted as the intended use of the claimed invention. The checking of the verification authority is interpreted as receiving the token with a verification authority identifier, See Laracey in [0084]) and
wherein checking the member registry to confirm that the receiving computer and the initiating computer and the verification authority server are members of the trusted customer network of users includes identifying at least one of the group of the receiving computer, the initiating computer, and the verification authority server with at least one of a digital signature and a hard coding of the registry server's Uniform Resource Locator (URL), to confirm network membership (This function is outside of the claimed invention and is interpreted as the intended use of the claimed invention. The checking the member registry is interpreted as the receiving computer providing a digital signature: “In some implementations, the firmware update 415 received by the client device 10 is timestamped with the date of transmission to the client device 10, and must be installed within a predetermined time after the timestamp to ensure that the firmware is valid. The firmware may be configured such that if the firmware is not installed within the predetermined time, any attempted installation of the firmware will fail. Generally, delivery of the firmware update 415 may follow the firmware source's best practices, which may include such time limitations, encryption policies, digital signature polices, etc.” See Fallah in [0089]).
Regarding Claim 18, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Laracey, further teaches a communication path to and from the receiving computer is a cellular communication network through an account in a name of a receiving party seeking identity verification, and wherein, the cellular communication is accessed by a connection established with a single-purpose phone number used only for trusted customer identity verification (“Pursuant to some embodiments, the mobile device 102 may be a smart phone or a Web enabled mobile device such as, for example, an iPhone®, an Android® phone, or any phone that can access and display Web content or access the Internet. In some embodiments, the mobile device 102 communicates with transaction management system 130 using a cellular or wireless network.” See Laracey in [0040]).
Regarding Claim 19, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Laracey, in view of Isaacson, further teaches receiving evidence of physical possession of the receiving party computer from a receiving party seeking identity verification (See Fallah in [0047]; See Laracey in [0084]; See Isaacson in [0379]).
Regarding Claim 20, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 19. Fallah, in view of Laracey, in view of Isaacson, further teaches the evidence of physical possession of the receiving party computer includes evidence of the purchase of the receiving computer in an account name of the receiving party (See Fallah in [0047]; See Laracey in [0084]; See Isaacson in [0379]).

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Fallah, in view of Laracey, in view of Isaacson, and further in view of Zimberoff (US 11,227,252, hereinafter “Zimberoff”).
Regarding Claim 15, Fallah, in view of Laracey, in view of Isaacson, teaches the limitations of claim 1. Fallah, in view of Laracey, in view of Isaacson, does not explicitly teach the receiving computer is a smart phone in the physical possession of a receiving party.
However, Zimberoff does teach the receiving computer is a smart phone in the physical possession of a receiving party (“The recipient computing device 68 may also use the token in various ways. The recipient computing device 67 may be a smart phone or similar mobile device that is operated by a person associated with handling the item transport in some way, such as an employee at a shipping store or post office, a receptionist or other employee at the addressee's place of business, the addressee herself, or the like. In some examples, the token is associated with a rule that requires the delivery agent to present the token as a form of authentication.” See Zimberoff in Col 4 Ln 66 – Col 5 Ln 8).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to include in the teachings of Fallah to “use a portable smart device for the recipient”, as taught by Zimberoff, because it would support the process of a secure access request and secure authorization for a transaction.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDGAR R. MARTINEZ-HERNANDEZ whose telephone number is (571)270-0658. The examiner can normally be reached M-F from 9:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JOHN W. HAYES can be reached on (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/ERM/Examiner, Art Unit 3685   

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685