DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20  rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-6 and 8-21  of U.S. Patent No 11,107,071.  

17/443,419
11,107,071
1. A method for facilitating a transaction between a merchant subsystem and a computing device, the method comprising, at the computing device: 

interfacing with the merchant subsystem to initialize the transaction; 

determining whether first validation data has been received from a commercial entity subsystem; 
in response to determining that first validation has been received from the commercial entity subsystem:
 providing second validation data and secure data to the commercial entity subsystem, determining whether encrypted secure data has been received from the commercial entity subsystem in response to the commercial entity subsystem authenticating the second validation data, and in response to determining that the encrypted secure data has been received from the commercial entity subsystem:
 providing the encrypted secure data to the merchant subsystem to complete the transaction.
1. A method for providing a transaction between a merchant subsystem and an electronic device, the method comprising, at a commercial entity subsystem: 

receiving, from the merchant subsystem, a challenge request that includes a merchant identifier that is associated with (1) the merchant subsystem, and (2) a merchant online resource of the electronic device, wherein the challenge request includes a signature established using a merchant key associated with the merchant subsystem; 

obtaining the merchant key based on the merchant identifier; 
validating the signature using the merchant key; 
indicating to the electronic device that the merchant online resource is valid; 
receiving validation data and secure data from the electronic device; 
validating the electronic device based on the validation data; encrypting, using the merchant key, the secure data to establish encrypted secure data; and
 providing the encrypted secure data to the electronic device to cause the electronic device to execute the transaction with the merchant subsystem.



Although the claims at issue are not identical, they are not patentably distinct from each other because : though the wordings are different, the limitation carried are either inherently implied or world have been obvious to one of ordinary skill in the art.  17/443, 419 recites determining whether first validation from commercial entity  subsystem.  One ordinary skill in the art would have contemplated that the  act of determining  would include “receiving” since  a challenge request must have been received for performing the validation process.  Conversely, the acting of “ receiving a challenge” would implies determining the first and second validation process which is merely a different way of wording to the patent's " providing he encrypted such data to the merchant subsystem to complete the transaction," as intended use language do not carry patentable weights.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Step 1: Claims 1-8 are method, 9-14 are a medium and 15-20 are a computing device. Thus, each independent claim, on its face, is directed to one of the statutory categories of 35 U.S.C. § 101. However, the claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea  without significantly more.


Step 2A- Prong 1: Independent claims (1, 9 and 15)  recite interfacing with merchant subsystem to initialize the transaction and providing the encrypted secure data to the merchant to complete a transaction  data in response to determine the first and second  validation data  and in response to receive the encrypted data.    The limitation falls within "Certain Methods Of Organizing Human Activity" for managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions) as well as commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations).


Step 2A-Prong 2: This judicial exception is not integrated into a practical application because the only additional elements are merchant   subsystem for performing initializing step, commercial entity subsystem for providing data  .  The merchant  subsystem,  and computing devise and the commercial entity  subsystem  are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of processing data) such that it amounts no more than mere instructions to apply the exception using a generic computer component- MPEP 2106.0S(f).

Step 2B:   The claim does not include additional elements that are sufficient to amount to
significantly more than the judicial exception. As discussed above with respect to integration
of the abstract idea into a practical application, the additional element of using a merchant
subsystem for initialization transaction and providing first and second validation data and encrypted secure  data in response to the determining  mounts to no more than mere instructions to apply the exception using a generic computer  component, and using merchant   subsystem, commercial entity subitem and  and computing  device to send and receive data amount to insignificant extra-solution activity. Mere instructions to apply an exception using a generic computer component, and adding insignificant extra-solution activity to the judicial exception cannot provide an inventive concept. The claims are not patent eligible.  

Dependent claims 2, 10 and 16, these claims recite  limitation that further define the same abstract idea noted in claim 1. 9 and 15.    In addition, they recite the additional element of receiving and providing to   commercial  entity subsystem and   from the merchant subsystem for performing  the validation process.  The commercial entity subsystem, the merchant subsystem and the computing device in both steps are recited at a high-level of generality such that it amount no more than mere instructions to apply the exception using a generic computer component.   Even in combination, these additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to the abstract idea. 

Dependent claims 3, 11 and 17, these claims recite  limitation that further define the same abstract idea noted in claim 1. 9 and 15.    These claims do not contain any further additional elements per step 2A prong 2.  Therefore, they considered patent ineligible for the same reason above.  
Dependent claims 4, 12 and 18, these claims recite  limitation that further define the same abstract idea noted in claim 1. 9 and 15.    These claims do not contain any further additional elements per step 2A prong 2.  Therefore, they considered patent ineligible for the same reason above.  
Dependent claims 5, 13 and 19, these claims recite  limitation that further define the same abstract idea noted in claim 1. 9 and 15.    These claims do not contain any further additional elements per step 2A prong 2.  Therefore, they considered patent ineligible for the same reason above.  
Dependent claims 6, 14 and 20, these claims recite  limitation that further define the same abstract idea noted in claim 1. 9 and 15.    These claims do not contain any further additional elements per step 2A prong 2.  Therefore, they considered patent ineligible for the same reason above.  
Dependent claims 7 and 8, these claims recite  limitation that further define the same abstract idea noted in claim 1.    These claims do not contain any further additional elements per step 2A prong 2.  Therefore, they considered patent ineligible for the same reason above.  




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Makhotin et al (US Pub., 20015/0088756 A1) in view of Karpenko et al (US Pub., No., 2015/0052064 A1) 

With respect to claim 1, Makhotin teaches a  method for facilitating a transaction between a merchant subsystem and a computing device (Fig. 1, and paragraph [0076],   discloses system 100 for performing a remote transaction  using  a remote  key manger and merchant applicant 120 of a mobile devices  120)  ..), the method comprising, at the computing device: 

interfacing with the merchant subsystem to initialize the transaction (Fig. 1, and paragraph [0076], discloses performing a remote transition using remote key manager and a merchant application of a monde device … various entities may be configured to communication  with one entities  over any suitable wireless weird communication network ); 
determining whether first validation data has been received from a commercial entity subsystem(paragraph [0081], discloses an authorization request message may be generated by merchant computer 130 [commercial entity subsystem]   and forward to the acquire computer 150..,   paragraph [0082], discloses the authorization request message may include an issuer account identifier  that may be associated with a payment devices [ first validation data] …, determining whether to identify and/or authorize tractions .., paragraph [0165], discloses  validate the received payment request by checking  to ensure the correct merchant public key    paragraph  [0170] discloses determination and identification of the authentication  computer 191 for authentication  request   );
in response to determining that first validation has been received from the commercial entity subsystem  (paragraph [0083], discloses after the issuer computer 1720 receive the authorization request message, the issuer computer 170, sends an authorization response ..,   ): 

providing second validation data and secure data to the commercial entity subsystem(paragraph [0083], discloses the issuer computer receive an authorization request message and send an authorization response massage back to the payment processing .., paragraph [0103], discloses the merchant computer 130 is  authentic and is authorized to obtain the sensitive  payment credentials in the encrypted payment infoatmion   paragraph [0106], discloses the security information validation module .., configured  to initiate an authentication  communication with a payment processing network and paragraph [0173], discloses send the authentication request ..,  request to both ).

 Makhotin teaches the above elements including  encrypted secure data has been received from the commercial entity subsystem in response to the commercial entity subsystem authenticating the second validation data (paragraph [0012], discloses receive  the payment requesting including the encrypted payment information from the transaction processor application and paragraph [0048], discloses applying an appropriate encryption key to encrypted payment information to obtain the original payment information  ), and providing the encrypted secure data to the merchant subsystem to complete the transaction (paragraph [0105], discloses re-encrypted the decrypted message or information form the message  for secure delivery to the transaction processor ..,    and  paragraph [0197], discloses re-encrypt payment information in the traction response to the merchant application .., send the re-encrypt payment information to the merchant computer    ).   Makhotin failed to teach the corrosinding received encrypted secure data is determined and in response to determining that the encrypted secure data has been received from the commercial entity subsystem. 

However, Karpenko teaches determining and in response to determining that the encrypted secure data has been received from the commercial entity subsystem(paragraph [0135], discloses merchant applciation121 receives the encrypted payment information and sends the encrypted payment information to the merchant computer .. determine the appropriate  merchant computer to send the encrypted payment information..).   Therefore, it would have been obvious to the one ordinary skill in the art before the effective filing date of the claimed invention for  receive  the payment requesting including the encrypted payment information from the transaction processor application of Makhotin with determining the appropriate merchant to send the encrypted payment information of Karpenko  in order to ensure the transaction  data was not altered, modified, and/or switched during transaction  processing (see Karpenko, paragraph [0139]).
 
With respect to claim 2,  Makhotin  in view of Karpenko teaches elements of claim 1, furthermore, Makhotin  teaches the method   wherein, prior to providing the first validation data, the commercial entity subsystem: receives, from the merchant subsystem, a challenge request that includes a merchant identifier that is associated with (1) the merchant subsystem, and (2) a merchant online resource of the computing device, wherein the challenge request includes a signature established using a merchant key associated with the merchant subsystem, obtains the merchant key based on the merchant identifier, and validates the signature using the merchant key (paragraphs [0043]-[0044], discloses transaction information may include a transaction amount, transaction time, transaction data, merchant information (e.g., registered merchant identifier, address, merchant computer IP addresses etc. and paragraph [0096] disclose a signature associated with a merchant certificate  cannot be validated or if a certificate is not matched with a certificate authority ) .
With respect to claim 3,  Makhotin  in view of Karpenko teaches elements of claim 2, furthermore, Makhotin  teaches the method  wherein, prior to receiving the challenge request, the commercial entity subsystem receives, during a registration process with the merchant subsystem, (1) the merchant identifier, and (2) the merchant key(paragraph [0027], discloses merchant keys associated  with the validated merchant …, and paragraph [0198], discloses merchant information providing during registration  ..,) .  



With respect to claim 4,  Makhotin  in view of Karpenko teaches elements of claim 2, furthermore, Makhotin  teaches the method  wherein the second validation data includes a validation session identifier: established between the computing device and the merchant subsystem in conjunction with initializing the transaction, and provided by the merchant subsystem to the commercial entity subsystem in the challenge request (paragraph [0188], discloses challenge-reasons, or another  type of customer  authentication process..).  

With respect to claim 5,  Makhotin  in view of Karpenko teaches elements of claim 4, furthermore, Makhotin  teaches the method wherein the validation session identifier is associated with the merchant key for a threshold amount of time (paragraph [0158], discloses  a merchant certificate associated with merchant computer and any other transaction data associated with the payment transaction the .., transaction amount, merchant identifier, product identifier, etc..).

With respect to claim 6, Makhotin  in view of Karpenko teaches elements of claim 1, furthermore, Makhotin teaches the method  wherein the secure data includes: payment credential data to be used in a financial transaction, or health data to be used in a health transaction (paragraph [0077], discoes a business entity (i.e.,  Bank)).  

With respect to claim 7, Makhotin  in view of Karpenko teaches elements of claim 1, furthermore, Makhotin teaches the method wherein the encrypted secure data is encrypted with a merchant key associated with the merchant subsystem(paragraph [0195], discloses re-encrypt the payment information using the determined merchant public key) .  


With respect to claim 8, Makhotin  in view of Karpenko teaches elements of claim 1, furthermore, Makhotin teaches the method wherein the second validation data is validation data that enables the commercial entity subsystem to validate the computing device(paragraph  [0054], discloses authenticate or validate device).

With respect to claim 9, Makhotin teaches a  non-transitory computer readable storage medium configured to store instruction that, when executed by a processor included in a computer device, cause the computing device to perform a transaction with a merchant subsystem   (Fig. 1, and paragraph [0076],   discloses system 100 for performing a remote transaction  using  a remote  key manger and merchant applicant 120 of a mobile devices  120)  ..), by carrying out steps that include: 

interfacing with the merchant subsystem to initialize the transaction (Fig. 1, and paragraph [0076], discloses performing a remote transition using remote key manager and a merchant application of a monde device … various entities may be configured to communication  with one entities  over any suitable wireless weird communication network ); 
determining whether first validation data has been received from a commercial entity subsystem(paragraph [0081], discloses an authorization request message may be generated by merchant computer 130 [commercial entity subsystem]   and forward to the acquire computer 150..,   paragraph [0082], discloses the authorization request message may include an issuer account identifier  that may be associated with a payment devices [ first validation data] …, determining whether to identify and/or authorize tractions .., paragraph [0165], discloses  validate the received payment request by checking  to ensure the correct merchant public key    paragraph  [0170] discloses determination and identification of the authentication  computer 191 for authentication  request   );
in response to determining that first validation has been received from the commercial entity subsystem  (paragraph [0083], discloses after the issuer computer 1720 receive the authorization request message, the issuer computer 170, sends an authorization response ..,   ): 

providing second validation data and secure data to the commercial entity subsystem(paragraph [0083], discloses the issuer computer receive an authorization request message and send an authorization response massage back to the payment processing .., paragraph [0103], discloses the merchant computer 130 is  authentic and is authorized to obtain the sensitive  payment credentials in the encrypted payment infoatmion   paragraph [0106], discloses the security information validation module .., configured  to initiate an authentication  communication with a payment processing network and paragraph [0173], discloses send the authentication request ..,  request to both ).

 Makhotin teaches the above elements including  encrypted secure data has been received from the commercial entity subsystem in response to the commercial entity subsystem authenticating the second validation data (paragraph [0012], discloses receive  the payment requesting including the encrypted payment information from the transaction processor application and paragraph [0048], discloses applying an appropriate encryption key to encrypted payment information to obtain the original payment information  ), and providing the encrypted secure data to the merchant subsystem to complete the transaction (paragraph [0105], discloses re-encrypted the decrypted message or information form the message  for secure delivery to the transaction processor ..,    and  paragraph [0197], discloses re-encrypt payment information in the traction response to the merchant application .., send the re-encrypt payment information to the merchant computer    ).   Makhotin failed to teach the corrosinding received encrypted secure data is determined and in response to determining that the encrypted secure data has been received from the commercial entity subsystem. 

However, Karpenko teaches determining and in response to determining that the encrypted secure data has been received from the commercial entity subsystem(paragraph [0135], discloses merchant applciation121 receives the encrypted payment information and sends the encrypted payment information to the merchant computer .. determine the appropriate  merchant computer to send the encrypted payment information..).   Therefore, it would have been obvious to the one ordinary skill in the art before the effective filing date of the claimed invention for  receive  the payment requesting including the encrypted payment information from the transaction processor application of Makhotin with determining the appropriate merchant to send the encrypted payment information of Karpenko  in order to ensure the transaction  data was not altered, modified, and/or switched during transaction  processing (see Karpenko, paragraph [0139]).
 
With respect to claim 10,  Makhotin  in view of Karpenko teaches elements of claim 9, furthermore, Makhotin  teaches the non-transitory computer readable storage medium wherein, prior to providing the first validation data, the commercial entity subsystem: receives, from the merchant subsystem, a challenge request that includes a merchant identifier that is associated with (1) the merchant subsystem, and (2) a merchant online resource of the computing device, wherein the challenge request includes a signature established using a merchant key associated with the merchant subsystem, obtains the merchant key based on the merchant identifier, and validates the signature using the merchant key (paragraphs [0043]-[0044], discloses transaction information may include a transaction amount, transaction time, transaction data, merchant information (e.g., registered merchant identifier, address, merchant computer IP addresses etc. and paragraph [0096] disclose a signature associated with a merchant certificate  cannot be validated or if a certificate is not matched with a certificate authority ) .
With respect to claim 11,  Makhotin  in view of Karpenko teaches elements of claim 10, furthermore, Makhotin  teaches the non-transitory computer readable storage medium   wherein, prior to receiving the challenge request, the commercial entity subsystem receives, during a registration process with the merchant subsystem, (1) the merchant identifier, and (2) the merchant key(paragraph [0027], discloses merchant keys associated  with the validated merchant …, and paragraph [0198], discloses merchant information providing during registration  ..,) .  

With respect to claim 12,  Makhotin  in view of Karpenko teaches elements of claim 10, furthermore, Makhotin  teaches the non-transitory computer readable storage medium   wherein the second validation data includes a validation session identifier: established between the computing device and the merchant subsystem in conjunction with initializing the transaction, and provided by the merchant subsystem to the commercial entity subsystem in the challenge request (paragraph [0188], discloses challenge-reasons, or another  type of customer  authentication process..).  

With respect to claim 13,  Makhotin  in view of Karpenko teaches elements of claim 12, furthermore, Makhotin  teaches the non-transitory computer readable storage medium  wherein the validation session identifier is associated with the merchant key for a threshold amount of time (paragraph [0158], discloses  a merchant certificate associated with merchant computer and any other transaction data associated with the payment transaction the .., transaction amount, merchant identifier, product identifier, etc..).

With respect to claim 14, Makhotin  in view of Karpenko teaches elements of claim 1, furthermore, Makhotin teaches the non-transitory computer readable storage medium   wherein the secure data includes: payment credential data to be used in a financial transaction, or health data to be used in a health transaction (paragraph [0077], discoes a business entity (i.e.,  Bank)).  
With respect to claim 15, Makhotin teaches a  computing device configured to perform a transaction with a merchant subsystem, the computing device comprising a processor conjured to cause the computing device (Fig. 1, and paragraph [0076],   discloses system 100 for performing a remote transaction  using  a remote  key manger and merchant applicant 120 of a mobile devices  120)  ..), to carry out steps that include: 

interfacing with the merchant subsystem to initialize the transaction (Fig. 1, and paragraph [0076], discloses performing a remote transition using remote key manager and a merchant application of a monde device … various entities may be configured to communication  with one entities  over any suitable wireless weird communication network ); 
determining whether first validation data has been received from a commercial entity subsystem(paragraph [0081], discloses an authorization request message may be generated by merchant computer 130 [commercial entity subsystem]   and forward to the acquire computer 150..,   paragraph [0082], discloses the authorization request message may include an issuer account identifier  that may be associated with a payment devices [ first validation data] …, determining whether to identify and/or authorize tractions .., paragraph [0165], discloses  validate the received payment request by checking  to ensure the correct merchant public key    paragraph  [0170] discloses determination and identification of the authentication  computer 191 for authentication  request   );
in response to determining that first validation has been received from the commercial entity subsystem  (paragraph [0083], discloses after the issuer computer 1720 receive the authorization request message, the issuer computer 170, sends an authorization response ..,   ): 

providing second validation data and secure data to the commercial entity subsystem(paragraph [0083], discloses the issuer computer receive an authorization request message and send an authorization response massage back to the payment processing .., paragraph [0103], discloses the merchant computer 130 is  authentic and is authorized to obtain the sensitive  payment credentials in the encrypted payment infoatmion   paragraph [0106], discloses the security information validation module .., configured  to initiate an authentication  communication with a payment processing network and paragraph [0173], discloses send the authentication request ..,  request to both ).

 Makhotin teaches the above elements including  encrypted secure data has been received from the commercial entity subsystem in response to the commercial entity subsystem authenticating the second validation data (paragraph [0012], discloses receive  the payment requesting including the encrypted payment information from the transaction processor application and paragraph [0048], discloses applying an appropriate encryption key to encrypted payment information to obtain the original payment information  ), and providing the encrypted secure data to the merchant subsystem to complete the transaction (paragraph [0105], discloses re-encrypted the decrypted message or information form the message  for secure delivery to the transaction processor ..,    and  paragraph [0197], discloses re-encrypt payment information in the traction response to the merchant application .., send the re-encrypt payment information to the merchant computer    ).   Makhotin failed to teach the corrosinding received encrypted secure data is determined and in response to determining that the encrypted secure data has been received from the commercial entity subsystem. 

However, Karpenko teaches determining and in response to determining that the encrypted secure data has been received from the commercial entity subsystem(paragraph [0135], discloses merchant applciation121 receives the encrypted payment information and sends the encrypted payment information to the merchant computer .. determine the appropriate  merchant computer to send the encrypted payment information..).   Therefore, it would have been obvious to the one ordinary skill in the art before the effective filing date of the claimed invention for  receive  the payment requesting including the encrypted payment information from the transaction processor application of Makhotin with determining the appropriate merchant to send the encrypted payment information of Karpenko  in order to ensure the transaction  data was not altered, modified, and/or switched during transaction  processing (see Karpenko, paragraph [0139]).
 
With respect to claim 16,  Makhotin  in view of Karpenko teaches elements of claim 15, furthermore, Makhotin  teaches the computing device wherein, prior to providing the first validation data, the commercial entity subsystem: receives, from the merchant subsystem, a challenge request that includes a merchant identifier that is associated with (1) the merchant subsystem, and (2) a merchant online resource of the computing device, wherein the challenge request includes a signature established using a merchant key associated with the merchant subsystem, obtains the merchant key based on the merchant identifier, and validates the signature using the merchant key (paragraphs [0043]-[0044], discloses transaction information may include a transaction amount, transaction time, transaction data, merchant information (e.g., registered merchant identifier, address, merchant computer IP addresses etc. and paragraph [0096] disclose a signature associated with a merchant certificate  cannot be validated or if a certificate is not matched with a certificate authority ) .
With respect to claim 17,  Makhotin  in view of Karpenko teaches elements of claim 16, furthermore, Makhotin  teaches the computing device wherein, prior to receiving the challenge request, the commercial entity subsystem receives, during a registration process with the merchant subsystem, (1) the merchant identifier, and (2) the merchant key(paragraph [0027], discloses merchant keys associated  with the validated merchant …, and paragraph [0198], discloses merchant information providing during registration  ..,) .  

With respect to claim 18,  Makhotin  in view of Karpenko teaches elements of claim 16, furthermore, Makhotin  teaches the computing device wherein the second validation data includes a validation session identifier: established between the computing device and the merchant subsystem in conjunction with initializing the transaction, and provided by the merchant subsystem to the commercial entity subsystem in the challenge request (paragraph [0188], discloses challenge-reasons, or another  type of customer  authentication process..).  

With respect to claim 19,  Makhotin  in view of Karpenko teaches elements of claim 18, furthermore, Makhotin  teaches the computing device  wherein the validation session identifier is associated with the merchant key for a threshold amount of time (paragraph [0158], discloses  a merchant certificate associated with merchant computer and any other transaction data associated with the payment transaction the .., transaction amount, merchant identifier, product identifier, etc..).
With respect to claim 20, Makhotin  in view of Karpenko teaches elements of claim 1, furthermore, Makhotin teaches the computing device wherein the secure data includes: payment credential data to be used in a financial transaction, or health data to be used in a health transaction (paragraph [0077], discoes a business entity (i.e.,  Bank)).  



Prior art on the record: 
Makhotin et al (US Pub., 20015/0088756 A1) discloses embodiments of the invention are directed to methods, apparatuses, computer-readable media, and systems for securely processing remote transactions. One embodiment is directed to a method of processing a remote transaction initiated by a communication device. The method comprising a server computer receiving a payment request including encrypted payment information that is encrypted using a first key. The encrypted payment information including security information. 

Karpenko et al (US Pub., No., 2015/0052064 A1) discloses embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device. The method comprises receiving, by a mobile payment application on a secure memory of the mobile device, transaction data from a trans action processor application on the mobile device.


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SABA DAGNEW whose telephone number is (571)270-3271. The examiner can normally be reached 9-6:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Waseem Ashraf can be reached on (571) 270 -3948. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SABA DAGNEW/Primary Examiner, Art Unit 3682