DETAILED ACTION
This communication responsive to the Application No. 17/231,481 filed on April 15,
2021. Claims 1-7 are pending and are directed towards AUTHENTICATED MESSAGING SESSION WITH CONTACTLESS CARD AUTHENTICATION. Claims 8-20 are withdrawn to non-elected groups II and III. 	

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 04/15/2021 and 11/02/2022 were Acknowledge. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Specification
The disclosure is objected to because of the following informalities: 
In the Spec para [0006], “The instructions also cause the processor to establish an authenticated messaging session for the with the programmatic intelligent agent with the party” should rather be “The instructions also cause the processor to establish an authenticated messaging session for  the programmatic intelligent agent with the party”. 
In the Spec para [0052], “The inputs 642 may include a counter value and/or a name 650 of the initiating party” should rather be “The inputs 642 may include a counter value 648 and/or a name 650 of the initiating party”. 
Appropriate correction is required.

The use of the term “WIFI” in para [0033] and “BLUETOOTH” in para [0059], which is a trade name or a mark used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.

Drawings
The drawings are objected to because element 1120 in FIG. 11 should read “What is My Routing Number” instead of “Why is My Routing Number?”.  
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
In addition to Replacement Sheets containing the corrected drawing figure(s), applicant is required to submit a marked-up copy of each Replacement Sheet including annotations indicating the changes made to the previous version.  The marked-up copy must be clearly labeled as “Annotated Sheets” and must be presented in the amendment or remarks section that explains the change(s) to the drawings.  See 37 CFR 1.121(d)(1).  Failure to timely submit the proposed drawing and marked-up copy will result in the abandonment of the application.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim(s) 1-6 are rejected under 35 U.S.C. 103 as being unpatentable over Moon et al. US 2020/0244700 A1 (hereinafter “Moon”) in view of Goldthwaite et al. US 2012/0072350 A1 (hereinafter “Goldthwaite”)

As per claim 1, Moon teaches a method, comprising: 
receiving a message from a party via a messaging service at a programmatic intelligent agent running on a processor of a computing device, the message requesting a response message from the programmatic intelligent agent (first computing system 122 may receive a request to initiate the chatbot session from the executed chatbot application, e.g., executed chatbot application 104 … first computing system 122 may receive messaging data generated by executed chatbot application 104 during the established chatbot session (e.g., in step 304). As described herein, executed chatbot application may generate the messaging data based on input provided to client device 102 by user 101, e.g., via a corresponding input unit and in response to a presentation of the initial, introductory message within chatbot interface 182. For example, the input provided by user 101 may include an inquiry posed by user 101 during the existing chatbot session, the inquiry may reference a product or service provided or offered by the financial institution associated first computing system 122, a business unit of that financial institution, one or more related financial institutions or business entities, or a third-party financial institution unrelated to the first computing system 122. Moon, para [0127]-[0128]); 
with the processor, determining that authentication is needed (first computing system 122 may perform any of the exemplary processes described herein to verify an authenticity of the request and further, to confirm a prior authentication of an identity of user 101 by client device 102. Moon, para [0127]); 
sending a request message from the programmatic intelligent agent to the party, the request message containing information for launching code for authenticating the party (the one or more received elements of messaging data may include textual content that characterizes the inquiry, along with a unique identifier of one or more of user 101 (e.g., an alphanumeric authentication credential, a digital identifier, etc.), of client device 102 (e.g., a network address, such as an IP address, a MAC address, etc.), or of executed chatbot application 104 (e.g., an application cryptogram [code for authentication], etc.) Moon, para [0129])( first computing system 122 may generate the digital authentication token based on an application of one or more token-generation algorithms or processes to input data that includes, but is not limited to, an identifier of client device 102 and/or executed chatbot application 104 (e.g., a network address of client device 102, such as an IP address, an identifier or address of a programmatic interface of executed chatbot application 104, etc.), a portion of the received messaging data (e.g., that characterizes the specified inquiry), and additionally, or alternatively, portions of generated linguistic element data and contextual information generated through the application of the NLP algorithms or techniques described herein. In some instances, the digital authentication token may be characterized by a structure specified by, or recognized by, the chatbot engine executed by the additional computing system and/or a programmatic interface of that executed chatbot engine, and examples of the digital authentication token include, but are not limited to, a cryptogram, a hash, random number, or other element of cryptographic data having a predetermined length or structure. Moon, para [0139]); 
receiving confirmation at the programmatic intelligent agent that the party has been authenticated (verify the digital authentication token, and responsive to a successful verification, generate an appropriate response to the specified inquiry based on the locally accessible elements of sensitive customer, account, or transaction data, augment the established chatbot session by establishing secure, programmatic communications session with executed chatbot application 104, and provision the generated response to client device 102 for presentation on chatbot interface 182 during the augmented chatbot session. Moon, para [0140]); and 
initiating an authenticated messaging session between the party and the programmatic intelligent agent (establishing secure, programmatic communications session with executed chatbot application 104, and provision the generated response to client device 102 for presentation on chatbot interface 182 during the augmented chatbot session. Moon, para [0140]).
Moon does not explicitly teach authentication by contactless card, receiving confirmation that the party has been authenticated via contactless card. 
However, Goldthwaite teaches authentication by contactless card (The communication device may further include an authentication client application. The authentication client application includes instructions for receiving the first message from the authentication server over the second network, displaying the first message to the customer, requesting and receiving authorization for payment for the purchase order with the payment card from the customer, retrieving payment card identification number, requesting and receiving payment card security information from the customer, routing the authorization result and in case of a positive authorization result the payment card identification and security information to the authentication server over the second network… The identification information of the payment card may include at least one of payment card number, payment card expiration date, cardholder's name, cardholder's contact information, cardholder's account information, issuer financial institution identification, issuer financial institution contact information, and security information for the authentication of the cardholder. The security information may include at least one of a personal identification number (PIN), password, biometric signal, fingerprint, retinal scan, voice signal, digital signature, and encrypted signature, username and password combinations, identity certificate such as X.509, public and private keys to support Public Key Infrastructure (PKI), a Universal Card Authentication Field (UCAF), or combinations thereof. The security information of the payment card may be entered by the customer via the communication device. Goldthwaite, para [0017])( The authentication system 108 includes an authentication server 107 that is adapted to send and receive messages in a short message service (SMS) format to a mobile phone 110 via an SMS carrier 109. The mobile phone 110 is adapted to receive the contactless smart payment card. Goldthwaite, para [0041]), receiving confirmation that the party has been authenticated via contactless card (The authorization result and payment card identification and security information are routed from the authentication server to the payment server over the first network and from the payment server to a financial institution over the first network system. The financial institution is the issuer of the payment card and is asked to approve and execute the requested payment and to route the payment approval result through the payment server to the merchant server and to the authentication server. Goldthwaite, para [0016])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Moon in view of Goldthwaite. One would be motivated to do so, to enhance the security and the flexibility of the system by authenticating users using their contactless cards.

As per claim 2, Moon and Goldthwaite teach the method of claim 1, wherein the received message from the party requests access to confidential information or sensitive information (a financial institution (or a particular business unit of that financial institution, such as a retail banking unit) that provides certain products or related services to user 101, and as such, may maintain sensitive customer, account, or transaction data that characterizes the provided products or related services. Moon, para [0131]).

As per claim 3, Moon and Goldthwaite teach the method of claim 2, further comprising generating and sending the response message to the party, wherein the response message contains at least some of the confidential information or at least some of the sensitive information (In response to the determination that first computing system 122 is capable of generating the response to the messaging data (e.g., step 310; YES), first computing system 122 may perform any of the exemplary processes described herein to generate a response to the inquiry specified within the received messaging data based on selected portions of the locally maintained elements of sensitive customer, account, or transaction data. Moon, para [0132]).

As per claim 4, Moon and Goldthwaite teach the method of claim 2, wherein the party has a secure account with an institution and wherein the method further comprises the programmatic intelligent agent accessing the secure account to generate the response message (user 101 may interact with the established chatbot session to resolve inquiries associated with the subset of the financial services, such as, but not limited to, a request for a current balance of a checking account or a credit card account issued by the financial institution, a request to initiate bill-payment transaction involving the checking account, a request to replace a physical transaction card associated with a credit or debit card account issued by the financial institution, or a request that first computing system 122 provision client device 102 with one or more application programs (e.g., mobile payment or banking applications). Moon, para [0021]) (In response to the determination that first computing system 122 is capable of generating the response to the messaging data (e.g., step 310; YES), first computing system 122 may perform any of the exemplary processes described herein to generate a response to the inquiry specified within the received messaging data based on selected portions of the locally maintained elements of sensitive customer, account, or transaction data. Moon, para [0132]).

As per claim 5, Moon and Goldthwaite teach the method of claim 1, wherein the received message from the party requests a financial transaction (user 101 may interact with the established chatbot session to resolve inquiries associated with the subset of the financial services, such as, but not limited to, a request for a current balance of a checking account or a credit card account issued by the financial institution, a request to initiate bill-payment transaction involving the checking account, a request to replace a physical transaction card associated with a credit or debit card account issued by the financial institution, or a request that first computing system 122 provision client device 102 with one or more application programs (e.g., mobile payment or banking applications). Moon, para [0021]).

As per claim 6, Moon and Goldthwaite teach the method of claim 1. Moon does not explicitly teach wherein the messaging service is a Short Message Service (SMS) messaging service.
However, this feature is well known in the art, and Herse teaches wherein the messaging service is a Short Message Service (SMS) messaging service (The first and second messages may be formatted in Short Message Service (SMS). Goldthwaite, para [0012])( The authentication server 107 receives and transmits messages in a short message service (SMS) format to the merchant's mobile phone 110 via an SMS carrier through a wireless Global System for Mobile Communication (GSM) network 90. Goldthwaite, para [0039]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Moon in view of Goldthwaite. One would be motivated to do so, to enhance the flexibility of the system by using SMS.

Claim(s) 7 is rejected under 35 U.S.C. 103 as being unpatentable over Moon et al. US 2020/0244700 A1 (hereinafter “Moon”) in view of Goldthwaite et al. US 2012/0072350 A1 (hereinafter “Goldthwaite”) and further in view of Herse et al. US 2013/0173759 A1 (hereinafter “Herse”)

As per claim 7, Moon and Goldthwaite teach the method of claim 1. Moon does not explicitly teach establishing a time limit to the authenticated messaging session such that at expiration of the time limit, the messaging session is no longer authenticated. 
However, Herse teaches establishing a time limit to the authenticated messaging session such that at expiration of the time limit, the messaging session is no longer authenticated (the memory 144 stores a validity time period generation algorithm for generating a validity time period value during which a communication session involving the server to be accessed and the browser is valid, i.e. once the time period value from a precise time to be determined has expired, the communication session is terminated. Herse, para [0070]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the system of Moon in view of Herse. One would be motivated to do so, to enhance the security of the system by terminating idle communication sessions.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
 A. Ho et al. US 11,423,392 B1 directed to methods for information verification using a contactless card. 
B. Sharma US 2021/0314282 A1 directed to methods for aggregating user sessions for interactive transactions using virtual assistants. 
C. Naydonov US 2018/0183735 A1 directed to artificial intelligence system for automatically generating custom travel documents. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



Respectfully Submitted

/KHALID M ALMAGHAYREH/Examiner, Art Unit 2492