DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Status
The claims filed on 11/25/2025 have been entered.
Claims 1-20 are pending.
Claims 1 and 11 are independent.
Claims 1-17 and 19-20 are previously presented.
Claim 18 is original.
Response to Arguments
Applicant's arguments filed 11/25/2025 have been considered but they are not persuasive.
35 U.S.C. 103
Regarding independent claims 1 and 11, Applicant’s arguments regarding Oberheide (US 2011/0219230 A1) have been considered but are not persuasive.
Applicant argues that Oberheide does not disclose claim 1 limitations reciting "receive, by the security server, an authentication request message from a transaction server, wherein the authentication request message includes a trusted unique mobile identifier associated with a mobile device of a user and a return link," and "transmit, by the security server, the return link to the mobile device and an authentication confirmation message to the transaction server."
The argument is not persuasive. Applicant specifically argues that Oberheide makes no mention of the URL being received by a security server AND transmitting the return link to the mobile device; and that Oberheide’s initial message including the URL is sent from the authentication platform to the user that is authorized to approved transactions. However, the argument is not commensurate with the scope of the claim. Independent claim 1 does not require an “URL” to be received by the security server from the transaction server. The claim merely recites a “return link”, which reasonably encompasses information linking the authorization request back to the transaction to be authorized. Oberheide discloses a requesting third party (transaction server) sending a request to an auth platform (security server). The request includes metadata which is subsequently transmitted to a user mobile device, e.g. “transaction information including payer, payee, account numbers transfer amount, and transaction date and time” (para. 0013). After receiving the authorization request message, Oberheide discloses transmitting, by the auth platform (security server), an authentication URL (authentication link) to the user mobile device; the user following the authentication URL (authentication link); the auth platform (security server) transmitting the transaction information (return link) to the user mobile device; and the auth platform (security server) sending a confirmation to the requesting third party (transaction server). Accordingly, the disclosed authorization request message does include a “return link” by virtue of including the transaction information. Thus, Oberheide teaches the claim limitations of "receive, by the security server, an authentication request message from a transaction server, wherein the authentication request message includes a trusted unique mobile identifier associated with a mobile device of a user and a return link," and "transmit, by the security server, the return link to the mobile device and an authentication confirmation message to the transaction server."
While Oberheide, as discussed above, does disclose receiving a return link in the authorization request message, note that, under broadest reasonable interpretation, claim 1 does not necessarily require the security server to receive the link itself. The claim recites “…the authentication request message includes a trusted unique mobile identifier associated with the mobile device user and a return link”. Here, the claim does not necessarily require the link to be received by the security server as part of the message payload but could be reasonably interpreted as requiring instead that the mobile identifier be “associated with” a return link. For example, the claim does not recite “the authentication request message includes: (1) a trusted unique mobile identifier associated with the mobile device user; and (2) a return link”.
Applicant further argues that “Oberheide is silent with regards to the URL link being a return link transmitted along with an authentication confirmation message. Rather, the URL link in Oberheide is merely used to retrieve a full message providing additional information and options for a transaction response.4 The URL link of Oberheide therefore cannot be a return link included with an authentication confirmation message, because the authentication has not yet occurred. Rather, the URL link merely facilitates the authentication.”
The argument is not persuasive. As discussed above, the URL sent to the mobile device in Oberheide is relied upon for the claimed “authentication link” and is not relied upon for the claimed “return link”. As further discussed above, Oberheide discloses sending the transaction data (return link) to the user mobile device and sending a confirmation message to the transaction server.
With regards to the second “transmit” step being recited after the “authenticate” step, the claimed step of authenticating the mobile device is not limited to completing authentication of the transaction, and instead reasonably encompasses performing or initiating authentication operations of the mobile device before completion of the transaction authentication process. For example, the mobile device could be authenticated before sending the transaction details to the mobile device. Thus, the claimed invention is met by the combination of Oberheide and Larkin as set forth in the rejection.
For the above reasons, the prior claim rejections under 35 U.S.C. 103 are maintained herein.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 5-13, and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide (US 2011/0219230 A1) in view of Larkin (US 2015/0038120 A1).
Regarding claims 1 and 11, Oberheide discloses a security server comprising at least one processor coupled to at least one memory and configured to:
receive, by the security server, an authentication request message from a transaction server, wherein the authentication request message includes a trusted unique mobile identifier associated with a mobile device of a user and a return link (see para. 0010-0013);
transmit, by the security server, a data message including an authentication link to the mobile device (see para. 0013-0015);
transmit, by the security server, the return link to the mobile device and an authentication confirmation message to the transaction server (see para. 0013-0015).
Oberheide does not explicitly disclose, but Larkin teaches obtaining, by the security server from a wireless carrier, a unique mobile identifier of the mobile device and authenticating based at least in part on a comparison of the trusted unique mobile identifier and the unique mobile identifier (see para. 0069-0077, 0086-0093).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method of Oberheide to include the feature taught by Larkin.
One of ordinary skill in the art would have been motivated to make the modification to improve fraud prevention (see Lurkin, para. 0063).
Regarding claims 2 and 12, the combination as set forth with regards to the base claim discloses the trusted unique mobile identifier comprises a mobile phone number for the mobile device, provided during an enrollment of the user for conducting transactions at the transaction server (see Oberheide, para. 0011-0013 teaching enrollment of mobile phone; Larkin, para. 0069-0072 teaching the identifier being an MSISDN).
Regarding claims 3 and 13, the combination as set forth with regards to the base claim discloses the trusted unique mobile identifier is provided during the enrollment along with information from the user that authenticates the user at the transaction server during enrollment (see Oberheide, para. 0011-0013 teaching enrollment of mobile phone; Larkin, para. 0069-0072 teaching the identifier being an MSISDN).
Regarding claims 5 and 15, the combination as set forth with regards to the base claim teaches the authentication link includes metadata with an associated hyperlink active period (see Oberheide, para. 0013-0015; Larkin, para. 0084-0085, 0127-0128).
Regarding claims 6 and 16, the combination as set forth with regards to the base claim teaches the authentication link includes metadata with an associated hyperlink time limit (see Oberheide, para. 0013-0015; Larkin, para. 0084-0085, 0127-0128).
Regarding claims 7 and 17, the combination as set forth with regards to the base claim teaches the mobile device of the user accesses the transaction server to initiate a transaction using a website corresponding to the transaction server and displayed at the mobile device, and in response to initiating the transaction, the transaction server identifies the user and sends the authentication request message to the security server (see Obeheide, para. 0012; Larkin, para. 0063-0068, 0101-0102).
Regarding claims 8 and 18, the combination as set forth with regards to the base claim teaches the transaction server identifies the user based on identifying information entered by the user at the website (see Obeheide, para. 0012; Larkin, para. 0057-0059, 0063-0068).
Regarding claims 9 and 19, the combination as set forth with regards to the base claim teaches wherein the security server is further configured to: send, a device authentication response message to the mobile device for advancing the website to a device authentication page indicating that the mobile device is being authenticated (see Oberheide, para. 0013, 0015; Larkin, para. 0085, 0100-0103, 0128-0133).
Regarding claims 10 and 20, the combination as set forth with regards to the base claim teaches the security server is further to: receive an authentication confirmation request message from the transaction server requesting that the security server provide the status of authentication (see Oberheide, para. 0015; Larkin, para. 0097, 0145-0147).
Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide (US 2011/0219230 A1) in view of Larkin (US 2015/0038120 A1), further in view of Soelberg (US 2015/0106955 A1).
Regarding claims 4 and 14, the combination as set forth with regards to the base claim does not explicitly teach, but Soelberg teaches the message header comprises an HTTP message header; and the unique mobile identifier is inserted into an enriched HTTP header under the control of a wireless carrier network (see paras. 0020-0021).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method of Oberheide to include the authentication features of Soelberg.
One of ordinary skill in the art would have been motivated to make the modification to improve authentication (see Soelberg, para. 0021).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Loomis (US 2008/0222049 A1) discloses a system and method for authenticating a consumer, wherein a merchant requests payment authorization from gateway, the merchant sends transaction status and a receipt URL to an issuer authentication server; and the issuer authentication server returns the consumer to the receipt URL provided by the merchant (see Fig. 5).
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERIC T WONG whose telephone number is (571)270-3405. The examiner can normally be reached 9am-5pm M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael W Anderson can be reached at 571-270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ERIC T WONG/Primary Examiner, Art Unit 3693
ERIC WONG
Primary Examiner
Art Unit 3693