DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims


Instant application is CON of U.S. Application 15/725,893 (U.S. Patent 11,080,697). Claims 1-19 are presented for examination. Examiner has established a double patenting and § 101 rejection for claims 1-19 and § 103 rejection for claims 16-19 in the instant Office action. 

Examiner’s Remarks


Prior Art and Claims 1-15: Prior art references Golan (2004/0254848 A1) (see Fig. 2A) and Makhotin (2011/0208659 A1) (see Fig. 1) show the basic structure of independent claim 1 described in the following claim steps: “a payment network, wherein the payment network is separate from a merchant, an acquirer associated with the merchant, and an issuer of a payment account; a directory server included in the payment network, the directory server coupled in communication with an access control server (ACS) associated with the issuer of the payment account; wherein the directory server is configured to: receive an authentication request, from a merchant plug-in (MPI) associated with the merchant, for a transaction involving the payment account, the payment account associated with an account number, the authentication request including at least one of a token associated with the payment account and the account number; and wherein the directory server is configured to: transmit the DSN and the account number to the ACS associated with the issuer of the payment account, whereby the ACS responds with an issuer authentication value (IAV) in response to authentication of a user associated with the payment account; in response to the IAV, compile an accountholder authentication value (AAV), the AAV including the IAV, the DSN, and an amount of the transaction; and transmit the AAV to a server associated with the MPI involved in the transaction, whereby authentication is ended and the MPI is permitted to proceed to authorization of the transaction through use of the AAV in an authorization request to the issuer of the payment account, via the payment network.” Neither Golan, nor Makhotin, shows a following structure of independent claims 1 and 9 (especially when “the DSS is separate from the merchant, the acquirer associated with the merchant, and the issuer of a payment account” – a limitation that is present in the allowed parent application – is clarified in the claim language considering Fig. 1 labels 104 and 105 of Makhotin): “a digital service server (DSS) coupled in communication with the directory server; wherein the directory server is configured to: transmit the at least one of the token and the account number to the DSS; and wherein the DSS is configured to: generate a directory server nonce (DSN) for the authentication request, and transmit the DSN and the account number for the payment account to the directory server.” Applicant is invited to set up an interview with Examiner to further discuss this issue and/or amend the independent claims 1 and 9.   
Double Patenting




The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR § 1.321(c) or § 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-19 are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,080,697. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are obvious over the reference claims.

Claim Rejections - 35 USC § 101








35 U.S.C. § 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-19 are rejected under 35 USC § 101 because they are directed to non-statutory subject matter. The rationale for this finding is explained below.  










The Supreme Court in Mayo laid out a framework for determining whether an applicant is seeking to patent a judicial exception itself or a patent-eligible application of the judicial exception. See Alice Corp., 134 S. Ct. at 2355,110 USPQ2d at 1981 (citing Mayo, 566 U.S. 66, 101 USPQ2d 1961). This framework, which is referred to as the Mayo test or the Alice/Mayo test (“the test”), is described in detail in Manual of Patent Examining Procedure (”MPEP”) (see MPEP § 2106(III) for further guidance). The step 1 of the test: It need to be determined whether the claims are directed to a patent eligible (i.e., statutory) subject matter under 35 USC § 101. Step 2A of the test: If the claims are found to be directed to a statutory subject matter, the next step is to determine whether the claims are directed to a judicial exception i.e., law of nature, natural phenomenon, and abstract idea (Prong 1). If the claims are found to be directed to an abstract idea, it needs to be determined whether the claims recite additional elements that integrate the judicial exception into a practical application (Prong 2). Step 2B of the test: If the claims are directed to a judicial exception, the next and final step is to determine whether the claims recite additional elements that amount to significantly more than the judicial exception.

Step 1 of the Test: 
When considering subject matter eligibility under 35 USC § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. Here, the claimed invention of claims 1-8 and 16-19 is a system, and, thus, one of the statutory categories of invention. Further, the claimed invention of claims 9-15 is a series of steps, which is method (i.e., a process), which is also one of the statutory categories of invention. 
Conclusion of Step 1 Analysis: Therefore, claims 1-19 are statutory under 35 USC § 101 in view of step 1 of the test.

Step 2A of the Test: 
Prong 1: Claims 1-19, however, recite an abstract idea of authenticating users to accounts. The creation of authenticating users to accounts, as recited in the independent claims 1, 9, and 16, belongs to certain methods of organizing human activity (i.e., fundamental economic principles or practices including mitigating risk) that are found by the courts to be abstract ideas. The limitations in independent claims 1, 9, and 16, which set forth or describe the recited abstract idea, are recited in the following steps: “generate a directory server nonce (DSN) for the authentication request” (claim 1), “in response to the IAV, compile an accountholder authentication value (AAV), the AAV including the IAV, the DSN, and an amount of the transaction” (claim 1), “mapping the token to a primary account number (PAN) for the payment account” (claim 9), “validating the cryptogram” (claim 9), “generating a directory server nonce (DSN) for the authentication request” (claim 9), “in response to an issuer authentication value (IAV) from the ACS, compiling an accountholder authentication value (AAV), the AAV including the IAV, the DSN, and an amount of the transaction” (claim 9), and “compile an accountholder authentication value (AAV) for the transaction, the AAV including the IAV, the DSN, and the amount of the transaction” (claim 16). 
Prong 2: In addition to abstract steps recited above in Prong 1, independent claims 1, 9, and 16, recite additional limitations: “a payment network, wherein the payment network is separate from a merchant, an acquirer associated with the merchant, and an issuer of a payment account” (claim 1), “a directory server included in the payment network, the directory server coupled in communication with an access control server (ACS) associated with the issuer of the payment account” (claim 1), “a digital service server (DSS) coupled in communication with the directory server” (claim 1), “a merchant plug-in (MPI) associated with the merchant” (claims 1 and 16), “a directory server” (claims 9 and 16), “a digital service server (DSS)” (claim 9), and “an access control server (ACS) associated with an issuer of the payment account” (claims 9 and 16). These additional elements are recited at a high level of generality (i.e., as a generic processor performing a generic computer function of ranking information based on a determined amount of use) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Further, the combination of these additional elements is no more than mere instructions to apply the exception using a generic device. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Also, the following limitations recite insignificant extra solution activity (for example, data gathering): “receive an authentication request for a transaction involving the payment account, the payment account associated with an account number, the authentication request including at least one of a token associated with the payment account and the account number” (claim 1), “transmit the at least one of the token and the account number to the DSS” (claim 1), “transmit the DSN and the account number for the payment account to the directory server” (claim 1), “transmit the DSN and the account number to the ACS associated with the issuer of the payment account, whereby the ACS responds with an issuer authentication value (IAV) in response to authentication of a user associated with the payment account” (claim 1), “transmit the AAV to a server associated with the MPI involved in the transaction, whereby authentication is ended and the MPI is permitted to proceed to authorization of the transaction through use of the AAV in an authorization request to the issuer of the payment account” (claim 1), “receiving an authentication request for a transaction directed to a merchant and associated with a payment account, the authentication request including a token associated with the payment account and a cryptogram, wherein the directory server is included in a payment network” (claim 9), “transmitting the token and the cryptogram to a digital service server (DSS)” (claim 9), “transmitting, by the DSS, the DSN and the PAN to the directory server” (claim 9), “transmitting, by the directory server, the DSN and the PAN to an access control server (ACS) associated with an issuer of the payment account” (claim 9), “transmitting the AAV to one of the merchant and a server, thereby concluding the authentication of a user associated with the payment account and providing the AAV as an indication of the authentication for inclusion in authorization of the transaction” (claim 9), “receive an authentication request for a transaction associated with a payment account, the payment account identified by a primary account number (PAN), the authentication request including a cryptogram and at least one of a token and the PAN” (claim 16), “transmit the PAN, a directory server nonce (DSN) for the transaction and an amount for the transaction to an access controller server (ACS) associated with an issuer of the payment account” (claim 16), “receive an issuer authentication value (IAV) from the ACS” (claim 16), and “transmit the AAV to a merchant server plug-in (MPI) associated with a merchant involved in the transaction, whereby the authentication is complete and the AAV is included in an authorization request for the transaction as evidence of the completed authentication” (claim 16). These additional limitations do not integrate the abstract idea into a practical application because they do not impose a meaningful limit on the judicial exception. The additional limitations of independent claims 1, 9, and 16, here do not render improvements to the functioning of a computer or to any other technology or technical field (see MPEP § 2106.05(a)), nor do they integrate the abstract idea into a practical application under MPEP § 2106.05(b) (particular machine); MPEP § 2106.05(c) (particular transformations); or MPEP § 2106.05(e) (other meaningful limitations).  
Conclusion of Step 2A Analysis: Therefore, independent claims 1, 9, and 16, are non-statutory under 35 USC § 101 in view of step 2A of the test. 	













Step 2B of the Test: The additional elements of independent claims 1, 9, and 16, (see above under Step 2A – Prong 2) are well-understood, routine, and conventional elements that amount to no more than implementing the abstract idea with a computerized system. The Applicant’s Specification describes these additional elements in following terms:
[0036] Upon receipt of the authorization request, the payment network 136 may be configured to interact with the DSS 110, via path 140 (although this is not required in all embodiments (e.g. where the payment network 136 knows the appropriate key(s), etc.)). Specifically, the payment network 136 may be configured to validate the MAC included in the full AAV and/or the full AAV itself. The payment network 136 may further be configured to otherwise validate and/or confirm the full AAV, or part thereof, for example, based on version information included in the full AAV. 
[0037] Once validated, the payment network 136 is configured to provide the authorization request, or parts thereof, to the DSS 110. The DSS 110 is configured to confirm the validation of the DSRP cryptogram based on the DSN, when the DSRP cryptogram was previously validated by the DSS 110. Conversely, the DSS 110 is configured to locate the DSRP data for the transaction, by use of the DSN (or the ATC included therein) and to validate the DSRP data, as described above. In addition, the DSS 110 is also configured to map the token included in the authorization request, if any, to the corresponding account number (e.g., PAN, etc.). 

[0038] The DSS 110 is configured to then return the account number and a validation result to the payment network 136, via path 140. In connection with the above, the payment network 136 and/or the DSS 110 may be further configured to provide additional services to the transaction based on the payment account and/or the consumer 102. For example, the DSS 110 may be configured to determine if one or more usage requirements of the token is satisfied (e.g., the token is permitted to be used in e-commerce, etc.), or, optionally, to check the transaction amount, name of the merchant, and currency, etc. 

10Attorney Docket No. 16754-000301-US[0039] Thereafter, the payment network 136 is configured to provide the 
authorization request (including the account number and the validation result) to the issuer 104, along path 142.

[0043] FIG. 2 illustrates the exemplary computing device 200, which may include, for example, one or more servers, workstations, personal computers, laptops, tablets, smartphones, other suitable computing devices, etc. In addition, the computing device 200 may include a single computing device, or it may include multiple computing devices located in close proximity, or multiple computing devices distributed over a geographic region, so long as the computing devices are specifically configured to function as described herein. In at least one embodiment, the computing device 200 is accessed (for use as described herein) as a cloud, fog and/or mist type computing device. With that said, the system 100 should not be considered to be limited to the computing device 200, as described below, as different computing devices and/or arrangements of computing devices may be used. In addition, different components and/or arrangements of components may be used in other computing devices. 

[0044] Referring to FIG. 2, the exemplary computing device 200 includes a processor 202 and a memory 204 coupled to (and in communication with) the processor 202. The processor 202 may include one or more processing units (e.g., in a multi-core configuration, etc.). For example, the processor 202 may include, without limitation, a central processing unit (CPU), a microcontroller, a reduced instruction set computer (RISC) processor, an application specific integrated circuit (ASIC), a programmable logic device (PLD), a gate array, and/or any other circuit or processor capable of the functions described herein. 

This is a description of general-purpose computer. Further, prior art Golan (2004/0254848 A1) (see Fig. 2A) and Makhotin (2011/0208659 A1) (see Fig. 1) teaches the structure of Applicant’s system. Still further, the elements of transmitting and receiving information to and from a user device amounts to no more than mere instructions to apply the exception using generic computer components. For the same reason these elements are not sufficient to provide an inventive concept. The additional elements of transmitting and receiving information to and from a user device were considered insignificant extra-solution activity in Step 2A – Prong 2. Re-evaluating here in Step 2B, they are also determined to be well-understood, routine, and conventional activity in the field. Similarly to OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network), and buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network), the additional elements of independent claims 1, 9, and 16, receive or transmit data over a network in a merely generic manner. The courts have recognized receiving and sending data functions as well-understood, routine and conventional when claimed in a merely generic manner. Therefore, the additional elements of independent claims 1, 9, and 16, are well-understood, routine, and conventional. Further, taken as combination, the additional elements add nothing more than what is present when the elements are considered individually. There is no indication that the combination provides any effect regarding the functioning of the computer or any improvement to another technology. 
Conclusion of Step 2B Analysis: Therefore, independent claims 1, 9, and 16, are non-statutory under 35 USC § 101 in view of step 2B of the test. 


Dependent Claims: Dependent claims 2-8 depend on independent claim 1; dependent claims 10-15 depend on independent claim 9; and dependent claims 17-19 depend on independent claim 16. The elements in dependent claims 2-8, 10-15, and 17-19, which set forth or describe the abstract idea, are: “the authentication request includes the token associated with the payment account; and the DSS is further configured to map the token to the account number for the payment account, before transmitting the account number to the directory server” (claim 2 – further narrowing the abstract idea), “the authentication request includes a cryptogram; and the DSS is configured to validate the cryptogram, before transmitting the DSN to the directory server” (claim 3 – further narrowing the abstract idea), “the authentication request includes a cryptogram; and the DSS is configured to: store the cryptogram in memory prior to transmitting the DSN to the directory server; locate the cryptogram in the memory based on the DSN; and later validate the cryptogram in response to the authorization request including the AAV” (claim 4 – further narrowing the abstract idea), “the amount of the transaction includes a logarithmic amount of the transaction; and the AAV further includes a merchant ID” (claim 5 – further narrowing the abstract idea), “the directory server is further configured to generate a message authentication code (MAC) based on at least the DSN; the AAV includes the MAC; and the payment network is configured to: receive the authorization request including the AAV, from the acquirer associated with the merchant; validate the MAC based on a shared key with the directory server; and transmit the authorization request, or part thereof, to the DSS” (claim 6 – further narrowing the abstract idea), “the authentication request includes the token; and the DSN includes at least an application transaction count (ATC) specific to the token and a randomly generated value” (claim 7 – further narrowing the abstract idea), “the amount of the transaction includes a logarithmic amount of the transaction; and the AAV includes the IAV, the DSN, the logarithmic amount, a truncated hash of a merchant ID for the merchant, a currency code, a key ID for a shared key, and a message authentication code (MAC) generated by the shared key” (claim 8 – further narrowing the abstract idea), “the DSN includes at least an application transaction count (ATC) specific to the token and a randomly generated value” (claim 10 – further narrowing the abstract idea), “compressing at least one of the amount of the transaction and a merchant ID associated with the merchant; and the AAV includes the compressed at least one of the amount and the merchant ID” (claim 11 – further narrowing the abstract idea), “generating, by the directory server, a message authentication code (MAC), the AAV further includes the MAC; and validating, by the payment network, the MAC in response to an authorization request including the AAV” (claim 12 – further narrowing the abstract idea), “mapping, by the DSS, the token to the PAN after validating the MAC, and transmitting, by the payment network, the authorization request with the PAN and a validation result to the issuer of the payment account” (claim 13 – further narrowing the abstract idea), “the AAV includes the IAV, the DSN, a logarithmic value of the amount of the transaction, a truncated hash of a merchant ID for the merchant, a currency code, a key ID for a shared key used to generate the MAC, and the MAC” (claim 14 – further narrowing the abstract idea), “generating, by the ACS, the IAV based on a shared key and at least the PAN and the DSN; and validating, by an issuer computing device associated with the issuer of the payment account, the IAV based on the shared key and at least the PAN and the DSN” (claim 15 – further narrowing the abstract idea), “the directory server is configured to receive the DSN from a digital service server (DSS) before transmitting the DSN to the ACS” (claim 17 – insignificant extra solution activity), “the directory server is configured to generate a message authentication code (MAC) for the transaction based on at least the DSN and to compile the MAC into the AAV; and the system further includes a server configured to validate the MAC, in response to receipt of the AAV in the authorization request for the transaction, prior to permitting the authorization request to pass to the issuer of the payment account” (claim 18 – further narrowing the abstract idea), and “the directory server is further configured to determine a logarithmic value for the amount of the transaction and to determine a truncated hash for a merchant ID for the merchant; and the AAV includes the logarithmic value and the truncated hash of the merchant ID” (claim 19 – further narrowing the abstract idea). 
Conclusion of Dependent Claims Analysis: Dependent claims 2-8, 10-15, and 17-19, do not correct the deficiencies of independent claims 1, 9, and 16, and they are, thus, rejected on the same basis.

Conclusion of the 35 USC § 101 Analysis: Therefore, claims 1-19 are rejected as directed to an abstract idea without “significantly more” under 35 USC § 101.

Claim Rejections - 35 USC § 102
















The following is a quotation of the appropriate paragraphs of 35 U.S.C. § 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under § 151, or in an application for patent published or deemed published under § 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.



Claims 16-18 are rejected under 35 U.S.C. § 102(a)(2) as being anticipated by Makhotin (2011/0208658 A1).

As to claim 16, Makhotin shows a directory server (Makhotin: Fig. 1, label 105) configured to: receive an authentication request for a transaction associated with a payment account, the payment account identified by a primary account number (PAN), the authentication request including a cryptogram and at least one of a token and the PAN (Makhotin: page 3, ¶¶ 36-38); transmit the PAN, a directory server nonce (DSN) for the transaction and an amount for the transaction to an access controller server (ACS) associated with an issuer of the payment account (Makhotin: page 3, ¶ 39); receive an issuer authentication value (IAV) from the ACS (Makhotin: page 3, ¶ 42); compile an accountholder authentication value (AAV) for the transaction, the AAV including the IAV, the DSN, and the amount of the transaction (Makhotin: page 3, ¶ 42); and transmit the AAV to a merchant server plug-in (MPI) associated with a merchant involved in the transaction, whereby the authentication is complete and the AAV is included in an authorization request for the transaction as evidence of the completed authentication (Makhotin: page 3, ¶ 43).  

As to claim 17, Makhotin shows all the elements of claim 16. Makhotin also shows that the directory server is configured to receive the DSN from a digital service server (DSS) before transmitting the DSN to the ACS (Makhotin: page 3, ¶ 38).  


As to claim 18, Makhotin shows all the elements of claim 17. the directory server is configured to generate a message authentication code (MAC) for the transaction based on at least the DSN and to compile the MAC into the AAV (Makhotin: page 3, ¶ 38); and the system further includes a server configured to validate the MAC, in response to receipt of the AAV in the authorization request for the transaction, prior to permitting the authorization request to pass to the issuer of the payment account (Makhotin: page 3, ¶ 39).  

Claim Rejections - 35 USC § 103


The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in § 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claim 19 is rejected under 35 U.S.C. § 103 as being unpatentable over Makhotin in view of Sobhani (2015/0006426 A1), and further in view of Arndt (WO 01/84509 A2).

As to claim 19, Makhotin shows all the elements of claim 18. Makhotin does not show the directory server being further configured to determine a logarithmic value for the amount of the transaction and the AAV including the logarithmic value. Sobhani shows he directory server being further configured to determine a logarithmic value for the amount of the transaction and the AAV including the logarithmic value (Sobhani: page 3, ¶ 61). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Makhotin by the directory server being further configured to determine a logarithmic value for the amount of the transaction and the AAV including the logarithmic value of Sobhani in order for user to make a charitable contribution on the merchant website (Sobhani: page 1, ¶ 5).
Makhotin in view of Sobhani does not show determining a truncated hash for a merchant ID for the merchant and the AAV including the truncated hash of the merchant ID. Arndt shows determining a truncated hash for a merchant ID for the merchant and the AAV including the truncated hash of the merchant ID (Arndt: page 24, lines 24-31; and page 25, lines 1-8). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Makhotin in view of Sobhani by determining a truncated hash for a merchant ID for the merchant and the AAV including the truncated hash of the merchant ID of Arndt in order add a security advantage (Arndt: page 25, line 1).

Conclusion




















The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Piel (2017/0091772 A1) discloses: “a platform for determining, processing, storing, and analyzing authentication data from various internal and external systems within an authentication ecosystem, and from other authentication systems providing authentication services.”

Groarke (CA 3034657 A1) discloses: “The network translation computing device receives a web-based authentication response including a plurality of data elements.”

Ismaili et al. “A Secure Electronic Transaction Payment Protocol Design and Implementation.” (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 5, No. 5, pages 172-180 (2014).





















Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRPI H. KANERVO whose telephone number is 571-272-9818. The examiner can normally be reached on Monday – Friday, 10 am – 6 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander G. Kalinowski can be reached on 571-272-6771. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRPI H KANERVO/Primary Examiner, Art Unit 3691