SYSTEMS AND METHODS FOR AUTHENTICATED PEER-TO-PEER DATA TRANSFER USING RESOURCE LOCATORS

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/8/2026 has been entered.Claims 37 and 41 are cancelledClaim 42 and 43 are newClaims 21-34 and 36, 38-40, 42 and 43 are pending Response to Arguments 1.) Applicant’s argument(s) filed on 1/8/2026 regarding 35 U.S.C. 103 rejection of claims 21, 31, 35 and 38 have been fully considered but, is not persuasive. In the remarks, applicant argues:The reference, Delsuc, on page 9 of the remarks, does not teach "the abstracted identifier information is generated using a unique identifier, a counter, and a cryptographic algorithm,"The examiner respectfully disagrees with the applicant. Delsuc discloses in paragraph 0173 that a login link for “mybank” consists of a concatenation of components. Implicitly, a login consists of identification information that may comprise abstracted identifier information used in a validation process. Therefore, the concatenated components that comprise the logon information form part of the claimed abstracted identification information. As such, the OTP, defined by the code generator in paragraph 0182, forms part of the abstracted identifier information as described by the login URL in paragraph 0173. As defined in paragraph 0182, the OTP is a function of a counter value, a hash value[i.e. unique identifier] and a OCRASuite defining the type of cryptographic options. Therefore, Delsuc discloses the limitation of “an abstracted identifier information is generated using a unique identifier, a counter, and a cryptographic algorithm”, as claimed. 2.) Applicant’s amendment to claims 21, 31, and 38 filed on 1/8/2026 regarding, “…the website being operative to initiate a secure peer-to- peer data transfer involving the recipient user and the cardholder at a scheduled time; and the one or more transfer parameters comprising comprise a peer- to-peer data transfer directionality, andthe peer-to-peer data transfer directionality can be adiusted to reverse the transfer“, necessitated the new ground(s) of rejection presented in this Office action. Therefore, Applicant's arguments with respect to claims 1-20 have been considered but are moot in view of the new ground(s) of rejection.3.) Applicant’s argument(s) filed on 1/8/2026 regarding 35 U.S.C. 103 rejection of claim 41 has been fully considered but, is not persuasive. In the remarks, applicant argues: Applicant submits that Kim's description of activating a reverse direction grant and retransmitting a forward data frame does not teach or suggest "the one or more transfer parameters comprise a peer-to-peer data transfer directionality" and "the peer-to-peer data transfer directionality can be adjusted to reverse the transfer," The Examiner respectfully disagrees with the Applicant. Kim discloses in paragraph 18, “if the communication unit succeeds in reception of the forward data frame, the communication unit may set the value[i.e. note: parameter] of the mode data field to indicate that the reverse data frame is present, and may transmit at least part of the reverse data frame within a valid transmission time”. Therefore, Kim discloses a value[i.e. parameter] that is set to indicate the presence of a directional reverse data frame that may be transmitted subject to a valid transmission time. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 1.) Claims 21-24, 28, 31, 32, 34, 36, 38, 39, 42 and 43 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210272098, Delsuc in view of US 20220232417, Kim In regards to claim 21, Delsuc teaches a secure peer-to-peer data transfer system comprising: a contactless card associated with a cardholder and comprising a processor and a memory(US 20210272098, Delsuc, para. 0018 and 0041: [0018]- The NFC forum defined a structure for writing data to tags or exchanging data between two NFC devices. The format is called NDEF. An NDEF record can contain multiple different RTD. An RTD is an information set for a single application. An RTD can only contain a single information such as text, a URI, a business card or pairing information for other technologies. [0041]- In a second step, the inventors found out how to use said trusted NDEF record notably in a method and a system that enables a bank-customer to perform secure mobile application activation or strong customer authentication using a contactless card, which uses the NDEF Tag, (preferably in read only mode for certain mobile)) , wherein the processor is configured to: dynamically generate a unique(US 20210272098, Delsuc, para. 0044, According to one particular aspect of a particular operation of the invention method, the contactless card (or NFC device) may be configured for creating (preferably in real-time or dynamically) a record that is compatible with NDEF record standard.) link after the contactless card enters a communication field associated with a communication device of a recipient user distinct from the cardholder, the [[URL]] link being operative to launch a website on the communication device, (US 20210272098, Delsuc, para. 0220 - 0222: [0220]- In the case of URL, the NDEF application 2 may uses the URL 25 as a base, and adds the variables as extension to create a final URL[i.e. note: link]; [0221]- At step 106, the data format of the record 22 may be either a JSON data block, XML block, URI, or an URL.[0222]- Then the Mobile Application (2) then sends (107) the Record including with the Credentials (23) entered (26) by the user (20) in the Mobile Application (2) to the Application Server (17) over the communication network (15), where the network may be the internet and preferably using a secure communication link such as TLS. ), wherein the link comprises: a first set of information comprising one or more abstracted identification information uniquely identifying the contactless card and a specific peer-to peer data transfer session(US 20210272098, Delsuc, para. 0176 and 0177: [0176]- The query name “id” also referred to as blob (21), represents the identity of the card and/or cardholder here exemplified with the value “0123456789abcdef” [0177]- Looking further, we see the query name “counter”, and in the first record (22-A) has the value “01” and the second record (22-B) have the value “02”, where the counter is incremented with one between the first and second session, and thereby creating a dynamic part in the record or message.[i.e. note: the counter identifies the session]), wherein the abstracted identifier information is generated using a unique identifier, a counter, and a cryptographic algorithm(US 20210272098, Delsuc, para. 0182, the generation of the code=HMAC-SHA-256(seed, OCRASuite|‘0x00’|C|Q), wherein the C is the counter, and Q contains a concatenation of the captured data, or the hash of the concatenated captured data, wherein the OCRASuite explains the type of cryptographic options. The response or code may be then used at least as “OTP”.), a second set of information including information associated with the cardholder loaded on to the contactless card at the time of personalization of the card(US 20210272098, Delsuc, para. 0176 and 0177: [0176]- The query name “id” also referred to as blob (21), represents the identity of the card and/or cardholder here exemplified with the value “0123456789abcdef”), and Delsuc does not teach the website being operative to initiate a secure peer-to-peer data transfer involving the recipient user and the cardholder at a scheduled time; one or more data fields for specifying one or more transfer parameters, wherein: the one or more transfer parameters comprise a peer-to-peer data transfer directionality, and the peer-to-peer data transfer directionality can be adjusted to reverse the transfer However, Kim teaches the website being operative to initiate a secure peer-to-peer data transfer involving the recipient user and the cardholder at a scheduled time(US 20220232417, Kim, para. 0018, if the communication unit succeeds in reception of the forward data frame, the communication unit may set the value[i.e. note: parameter] of the mode data field to indicate that the reverse data frame is present, and may transmit at least part of the reverse data frame within a valid transmission time); one or more data fields for specifying one or more transfer parameters, wherein: the one or more transfer parameters comprise a peer-to-peer data transfer directionality, and the peer-to-peer data transfer directionality can be adjusted to reverse the transfer(US 20220232417, Kim, para. 0018 and 0029, [0018]- if the communication unit succeeds in reception of the forward data frame, the communication unit may set the value[i.e. note: parameter] of the mode data field to indicate that the reverse data frame is present, and may transmit at least part of the reverse data frame within a valid transmission time. [0029]- There is an advantage in that a reverse data frame can be transmitted while enabling retransmission of a forward data frame within a valid transmission time[i.e. note a scheduled time frame] even if transmission of the forward data frame fails, when a reverse direction grant is activated in the wireless AV system supporting a reverse direction grant protocol.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Delsuc with the teaching of Kim because a user would have been motivated to regulate network traffic flow, taught by Kim, in order to prevent traffic collision in the data transmission in the system taught by Delsuc (Kim, para. 0149) In regards to claim 22, the combination of Delsuc and Kim teach the secure peer-to-peer data transfer system of claim 21, wherein the link comprises a near field communication data exchange format uniform resource locator (NDEF URL) (US 20210272098, Delsuc, para. 0141, The NDEF Application 5 of the NFC card, may interface with the mobile 1 through the contactless interface 4. The card may have preferably a personalized secret 6 which could for example be a seed or key 6 or other generally used type of secret; The NFC device may preferably also have in the example, a counter 7 and an optional URL 25.). In regards to claim 23, the combination of Delsuc and Kim teach the secure peer-to-peer data transfer system of claim 22, wherein the processor is further configured to transmit the NDEF URL via near field communication(US 20210272098, Delsuc, para. 0141, The NDEF Application 5 of the NFC card, may interface with the mobile 1 through the contactless interface 4.). In regards to claim 24, the combination of Delsuc and Kim teach the secure peer-to-peer data transfer system of claim 21, wherein the processor is further configured to transmit the link to the communication device, to initiate a data transfer associated with a third set of information(US 20210272098, Delsuc, para. 0222, Then the Mobile Application (2) then sends (107) the Record including with the Credentials (23) entered (26) by the user (20) in the Mobile Application (2) to the Application Server (17) over the communication network (15), where the network may be the internet and preferably using a secure communication link such as TLS.). In regards to claim 28, the combination of Delsuc and Kim teach the secure peer-to-peer data transfer system of claim 21, wherein one or more actions, based on the link, are configured to identify a user(US 20210272098, Delsuc, para. 0222 and 0224: [0222]- hen the Mobile Application (2) then sends (107) the Record including with the Credentials (23) entered (26) by the user (20) in the Mobile Application (2) to the Application Server (17) over the communication network (15), where the network may be the internet and preferably using a secure communication link such as TLS. In a preferred embodiment, [0224]- At step 108, the application server 17 forwards the record 22 and credentials 23 to the validation server 18 (either as they are or in a wrapped encryption format). If the data is wrapped, the validation server 18 first decrypts and optionally verifies the authenticity of the data by checking the integrity, (this step is not shown).). In regards to claim 31, Delsuc teaches a method of implementing a secure peer-to-peer data transfer, comprising: dynamically generating, after entry of a contactless card into a communication field of a first device associated with a recipient(US 20210272098, Delsuc, para. 0044, According to one particular aspect of a particular operation of the invention method, the contactless card (or NFC device) may be configured for creating (preferably in real-time or dynamically) a record that is compatible with NDEF record standard.), a link, the link including abstracted identifier information and one or more account and identity information associated with a cardholder(US 20210272098, Delsuc, para. 0220 – 0222, 0237: [0220]- In the case of URL, the NDEF application 2 may uses the URL 25 as a base, and adds the variables as extension to create a final URL[i.e. note: link]; [0221]- At step 106, the data format of the record 22 may be either a JSON data block, XML block, URI, or an URL.[0222]- Then the Mobile Application (2) then sends (107) the Record including with the Credentials (23) entered (26) by the user (20) in the Mobile Application (2) to the Application Server (17) over the communication network (15), where the network may be the internet and preferably using a secure communication link such as TLS. [0237]- NDEF application 5 starts to capture internal card data, such as seed and counter 7. It may also capture optional data not show here, such as blob 21 and Application Transaction Counter (ATC) 10 from an EMV application 11. The blob may take any form of data, such as an identity of the user and/or card, the Primary Account Number (PAN) ); transmitting, the link to a first application running on the first device(US 20210272098, Delsuc, para. 0222, Then the Mobile Application (2) then sends (107) the Record including with the Credentials (23) entered (26) by the user (20) in the Mobile Application (2) to the Application Server (17) over the communication network (15), where the network may be the internet and preferably using a secure communication link such as TLS.) . Delsuc does not teach the link being operative to:launch a website on the first device displaying one or more identity information associated with the cardholder, the website comprising one or more data fields for specifying one or more transfer parameters, and initiate the secure peer-to-peer data transfer in accordance to the one or more transfer parameters, wherein: the one or more transfer parameters comprise a peer-to-peer data transfer directionality, and the peer-to-peer data transfer directionality can be adjusted to reverse the transfer, and initiate the secure peer-to-peer data transfer in accordance with the one or more transfer parameters at a scheduled time However, Kim teaches the link being operative to:launch a website on the first device displaying one or more identity information associated with the cardholder, the website comprising one or more data fields for specifying one or more transfer parameters, and initiate the secure peer-to-peer data transfer in accordance to the one or more transfer parameters, wherein: the one or more transfer parameters comprise a peer-to-peer data transfer directionality, and the peer-to-peer data transfer directionality can be adjusted to reverse the transfer, and initiate the secure peer-to-peer data transfer in accordance with the one or more transfer parameters at a scheduled time(US 20220232417, Kim, para. 0018 and 0029, [0018]- if the communication unit succeeds in reception of the forward data frame, the communication unit may set the value[i.e. note: transfer parameter] of the mode data field to indicate that the reverse data frame is present, and may transmit at least part of the reverse data frame within a valid transmission time. [0029]- There is an advantage in that a reverse data frame can be transmitted while enabling retransmission of a forward data frame within a valid transmission time[i.e. note a scheduled time frame] even if transmission of the forward data frame fails, when a reverse direction grant is activated in the wireless AV system supporting a reverse direction grant protocol.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Delsuc with the teaching of Kim because a user would have been motivated to regulate network traffic flow, taught by Kim, in order to prevent traffic collision in the data transmission in the system taught by Delsuc (Kim, para. 0149) In regards to claim 32, the combination of Delsuc and Kim teach the method of claim 31, further comprising authenticating a user associated with the first device by activating one or more actions based on the link(US 20210272098, Delsuc, para. 0222 and 0223: [0222]- Then the Mobile Application (2) then sends (107) the Record including with the Credentials (23) entered (26) by the user (20) in the Mobile Application (2) to the Application Server (17) over the communication network (15), where the network may be the internet and preferably using a secure communication link such as TLS.[0224]- At step 108, the application server 17 forwards the record 22 and credentials 23 to the validation server 18 (either as they are or in a wrapped encryption format). If the data is wrapped, the validation server 18 first decrypts and optionally verifies the authenticity of the data by checking the integrity, (this step is not shown).). In regards to claim 34, the combination of Delsuc and Kim teach the method of claim 31, wherein the abstracted identifier information is generated using a unique identifier and a cryptographic algorithm(US 20210272098, Delsuc, fig. 7 and para. 0182, where the NDEF message includes an OTP. [182]- the generation of the code=HMAC-SHA-256(seed, OCRASuite|‘0x00’|C|Q), wherein the C is the counter, and Q contains a concatenation of the captured data, or the hash of the concatenated captured data, wherein the OCRASuite explains the type of cryptographic options. The response or code may be then used at least as “OTP”.). In regards to claim 36, the combination of Delsuc and Kim teach the method of claim 31, wherein the link comprises a near field communication data exchange format uniform resource locator (NDEF URL) (US 20210272098, Delsuc, para. 0141, The NDEF Application 5 of the NFC card, may interface with the mobile 1 through the contactless interface 4.). In regards to claim 38, Delsuc teaches a computer readable non-transitory medium comprising computer-executable instructions that, when executed by a processor, perform procedures comprising the steps of: dynamically generating, after entry of the processors of the contactless card into a communication field of a first device associated with a recipient(US 20210272098, Delsuc, para. 0044, According to one particular aspect of a particular operation of the invention method, the contactless card (or NFC device) may be configured for creating (preferably in real-time or dynamically) a record that is compatible with NDEF record standard.), a link, the link including abstracted identifier information and one or more account and identity information associated with a cardholder(US 20210272098, Delsuc, para. 0220 – 0222, 0237: [0220]- In the case of URL, the NDEF application 2 may uses the URL 25 as a base, and adds the variables as extension to create a final URL[i.e. note: link]; [0221]- At step 106, the data format of the record 22 may be either a JSON data block, XML block, URI, or an URL.[0222]- Then the Mobile Application (2) then sends (107) the Record including with the Credentials (23) entered (26) by the user (20) in the Mobile Application (2) to the Application Server (17) over the communication network (15), where the network may be the internet and preferably using a secure communication link such as TLS. [0237]- NDEF application 5 starts to capture internal card data, such as seed and counter 7. It may also capture optional data not show here, such as blob 21 and Application Transaction Counter (ATC) 10 from an EMV application 11. The blob may take any form of data, such as an identity of the user and/or card, the Primary Account Number (PAN) ); transmitting, the link to a first application running on the first device(US 20210272098, Delsuc, para. 0222, Then the Mobile Application (2) then sends (107) the Record including with the Credentials (23) entered (26) by the user (20) in the Mobile Application (2) to the Application Server (17) over the communication network (15), where the network may be the internet and preferably using a secure communication link such as TLS.). Delsuc does not teach the link being operative to:launch a website on the first device displaying one or more identity information associated with the cardholder, the website comprising one or more data fields for specifying one or more transfer parameters, and initiate the secure peer-to-peer data transfer in accordance to the one or more transfer parameters, wherein:the one or more transfer parameters comprise a peer-to-peer data transfer directionality, and the peer-to-peer data transfer directionality can be adiusted to reverse the transfer, and initiate the secure peer-to-peer data transfer in accordance with the one or more transfer parameters at a scheduled time However, Kim teaches the link being operative to:launch a website on the first device displaying one or more identity information associated with the cardholder, the website comprising one or more data fields for specifying one or more transfer parameters, and initiate the secure peer-to-peer data transfer in accordance to the one or more transfer parameters, wherein:the one or more transfer parameters comprise a peer-to-peer data transfer directionality, and the peer-to-peer data transfer directionality can be adiusted to reverse the transfer, and initiate the secure peer-to-peer data transfer in accordance with the one or more transfer parameters at a scheduled time(US 20220232417, Kim, para. 0018 and 0029, [0018]- if the communication unit succeeds in reception of the forward data frame, the communication unit may set the value[i.e. note: transfer parameter] of the mode data field to indicate that the reverse data frame is present, and may transmit at least part of the reverse data frame within a valid transmission time. [0029]- There is an advantage in that a reverse data frame can be transmitted while enabling retransmission of a forward data frame within a valid transmission time[i.e. note a scheduled time frame] even if transmission of the forward data frame fails, when a reverse direction grant is activated in the wireless AV system supporting a reverse direction grant protocol.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Delsuc with the teaching of Kim because a user would have been motivated to regulate network traffic flow, taught by Kim, in order to prevent traffic collision in the data transmission in the system taught by Delsuc (Kim, para. 0149) In regards to claim 39, the combination of Delsuc and Kim teach the computer readable non-transitory medium of claim 38, the procedures further comprising authenticating a user associated with the first device by activating one or more actions based on the link(US 20210272098, Delsuc, para. 0222 and 0223: [0222]- Then the Mobile Application (2) then sends (107) the Record including with the Credentials (23) entered (26) by the user (20) in the Mobile Application (2) to the Application Server (17) over the communication network (15), where the network may be the internet and preferably using a secure communication link such as TLS.[0224]- At step 108, the application server 17 forwards the record 22 and credentials 23 to the validation server 18 (either as they are or in a wrapped encryption format). If the data is wrapped, the validation server 18 first decrypts and optionally verifies the authenticity of the data by checking the integrity, (this step is not shown).). In regards to claim 42, the combination of Delsuc and Kim teach the method of claim 31, wherein the scheduled time is scheduled instantly(US 20220232417, Kim, para. 0126, a first data frame currently buffered may be transmitted at a first valid transmission time,[i.e. note: where a currently stored data frame may, implicitly, be transmitted instantly when the schedule timing coincides with the currently held data frame]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Delsuc with the teaching of Kim because a user would have been motivated to regulate network traffic flow, taught by Kim, in order to prevent traffic collision in the data transmission in the system taught by Delsuc (Kim, para. 0149) In regards to claim 43, the combination of Delsuc and Kim teach the method of claim 31, wherein the abstracted identifier information is generated using a unique identifier, a counter, and a cryptographic algorithm(US 20210272098, Delsuc, para. 0182, the generation of the code=HMAC-SHA-256(seed, OCRASuite|‘0x00’|C|Q), wherein the C is the counter, and Q contains a concatenation of the captured data, or the hash of the concatenated captured data, wherein the OCRASuite explains the type of cryptographic options. The response or code may be then used at least as “OTP”.) 2.) Claims 25-27 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210272098, Delsuc in view of US 20220232417, Kim and further in view of US 20200106752, Rule In regards to claim 25, the combination of Delsuc and Kim teach the secure peer-to-peer data transfer system of claim 24. The combination of Delsuc and Kim do not teach wherein the third set of information is entered into the website based on one or more inputs provided by the recipient user However, Rule teaches wherein the third set of information is entered into the website based on one or more inputs provided by the recipient user(US 20200106752, Rule, para. 0187, FIG. 13 depicts an exemplary system by which a user can update his or her credit card information with a third party website. A user can receive a new card 1301, with a new credit card number and other identifying information, in addition to other card information, such as a CVV number, expiration date, or other miscellaneous information.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Delsuc and Kim with the teaching of Rule because a user would have been motivated to protect the critical card data information, taught by Delsuc, by replacing stored card information, taught by Rule, in order to secure data information from malicious behavior(see Rule, para. 0200) In regards to claim 26, the combination of Delsuc and Kim teach the secure peer-to-peer data transfer system of claim 24. The combination of Delsuc and Kim do not teach wherein the third set of information comprises at least one selected from the group of a quantity, a digital asset, and recipient information However, Rule teaches wherein the third set of information comprises at least one selected from the group of a quantity, a digital asset, and recipient information (US 20200106752, Rule, para. 0187, FIG. 13 depicts an exemplary system by which a user can update his or her credit card information with a third party website.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Delsuc and Kim with the teaching of Rule because a user would have been motivated to protect the critical card data information, taught by Delsuc, by replacing stored card information, taught by Rule, in order to secure data information from malicious behavior(see Rule, para. 0200) In regards to claim 27, the combination of Delsuc and Kim teach the secure peer-to-peer data transfer system of claim 24. The combination of Delsuc and Kim do not teach wherein the processor is further configured to initiate the data transfer responsive to a confirmation of the third set of information via an authenticated response from the cardholder(US 20200106752, Rule, para. 0086, Server 320 may comprise a web server in communication with database 335. Server 325 may comprise an account server. In some examples, server 320 may be configured to validate one or more credentials from contactless card 305 and/or client device 310 by comparison with one or more credentials in database 335. Server 325 may be configured to authorize one or more requests, such as payment and transaction, from contactless card 305 and/or client device 310.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Delsuc and Kim with the teaching of Rule because a user would have been motivated to protect the critical card data information, taught by Delsuc, by replacing stored card information, taught by Rule, in order to secure data information from malicious behavior(see Rule, para. 0200) 3.) Claim 29 is rejected under 35 U.S.C. 103 as being unpatentable over US 20210272098, Delsuc in view of US 20220232417, Kim and further in view of US 20190172055, Hale In regards to claim 29, the combination of Delsuc and Kim teach the secure peer-to-peer data transfer system of claim 28. The combination of Delsuc and Kim do not teach at least one action from the one or more actions comprises launching a website configured to initiate the data transfer upon receiving one or more valid authentication inputs from the communication device associated with the recipient user and an authenticated confirmation from a computing device associated with the cardholder However, Hale teaches at least one action from the one or more actions comprises launching a website configured to initiate the data transfer upon receiving one or more valid authentication inputs from the communication device associated with the recipient user and an authenticated confirmation from a computing device associated with the cardholder(US 20190172055, Hale, para. 0474 and 0475: [0474]- Stored value cards used for promotional, incentive, and loyalty applications generally do not leverage chip technology, but can be made to incorporate an embedded NFC chip or other NFC element with NDEF encoding that sends an executable command in the encode string that directs the cardholder's smart device 23, e.g., an NFC enabled smartphone, tablet or similar device to connect to a remotely hosted website and provide secure credentials unique to the specific card or item 30 and thus provide a secure link between the account, e.g., a stored value account of the card or item 30, and subsequent activities of the cardholder while visiting the designated website(s)).[0475]- When in the presence of a smart device 23, e.g., a smartphone, tablet, or other NFC enabled device, the website is designed to verify the NFC element of the card or item 30 and the Primary Account Number (PAN) of the card, tokenized representation of the PAN, or item 30.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Delsuc and Kim with the teaching of Hale because a user would have been motivated to use the NFC enabled device, taught by Hale, to monitor the transactions, taught by the combination of Delsuc and Kim, in order to confirm a product’s brand legitimacy prior to making a purchase(Hale, para. 0078) 4.) Claim 30 is rejected under 35 U.S.C. 103 as being unpatentable over US 20210272098, Delsuc in view of US 20220232417, Kim and further in view of US 20120324027, Vaynblat In regards to claim 30, the combination of Delsuc and Kim teach the secure peer-to-peer data transfer system of claim 21. The combination of Delsuc and Kim do not teach wherein the recipient user associated with the communication device is identified by at least one selected from the group of device fingerprinting and a cookie However, Vaynblat teaches wherein the recipient user associated with the communication device is identified by at least one selected from the group of device fingerprinting and a cookie(US 20120324027, Vaynblat, para. 0014, Each user is identifier through unique but anonymous user ID (e.g., RadiumOne user identifier (R1 UID)). The RadiumOne user ID is stored in a RadiumOne cookie as well as in RadiumOne Operating Storage of User Models. When RadiumOne cookie is not available, the RadiumOne user ID is evaluated using device fingerprinting algorithms.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Delsuc and Kim with the teaching of Vaynblat because a user would have been motivated to monitor shared transaction history, taught by the combination of Delsuc and Kim, by applying social graph methods, taught by Vaynblat, in order to improve web browsing experience by personalizing web content ads for a user(Vaynblat, para. 0007) 5.) Claims 33 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210272098, Delsuc in view of US 20220232417, Kim and further in view of US 20150096001, Morikuni In regards to claim 33, the combination of Delsuc and Kim teach the method of claim 32. The combination of Delsuc and Kim do not teach wherein the one or more actions comprise at least one selected from the group of requesting confirmation of a third set of information associate with the secure peer-to-peer data transfer, launching a second website configured to identify the user associated with the first device, and requesting one or more login credentials However, Morikuni teaches wherein the one or more actions comprise at least one selected from the group of requesting confirmation of a third set of information associate with the secure peer-to-peer data transfer, launching a second website configured to identify the user associated with the first device, and requesting one or more login credentials (US 20150096001, Morikuni, para. 0016 and 0019: [0016]- the browser device can send an identification of the secure website (e.g., a uniform resource locator (URL) or an Internet Protocol (IP) address) to the mobile device over the secure channel, and the mobile device can query its credential vault to retrieve the user credentials associated with the secure website. The mobile device can send the user credentials to the browser device, which can auto-fill the login page of the secure website with the user credentials and accordingly access the secure website.[0019]- According to embodiments, the mobile device 110 can store or otherwise maintain a credential vault application 109 or other type of credential manager application that stores and has access to user credentials for the website of the website server 115, and optionally user credentials for other websites[e.g. note: 2nd website].). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Delsuc and Kim with the teaching of Morikuni because a user would have been motivated to use a credential vault, taught by Morikuni, for managing credential usage in the system taught by Delsuc, in order to secure the credentials from malicious activities(Morikuni, para. 0015) In regards to claim 40, the combination of Delsuc and Kim teach the computer readable non-transitory medium of claim 39. The combination of Delsuc and Kim do not teach wherein the one or more actions comprise at least one selected from the group of requesting confirmation of a third set of information associate with the secure peer-to-peer data transfer, launching a second website configured to identify the user associated with the first device, and requesting one or more login credentials However, Morikuni teaches wherein the one or more actions comprise at least one selected from the group of requesting confirmation of a third set of information associate with the secure peer-to-peer data transfer, launching a second website configured to identify the user associated with the first device, and requesting one or more login credentials (US 20150096001, Morikuni, para. 0016 and 0019: [0016]- the browser device can send an identification of the secure website (e.g., a uniform resource locator (URL) or an Internet Protocol (IP) address) to the mobile device over the secure channel, and the mobile device can query its credential vault to retrieve the user credentials associated with the secure website. The mobile device can send the user credentials to the browser device, which can auto-fill the login page of the secure website with the user credentials and accordingly access the secure website.[0019]- According to embodiments, the mobile device 110 can store or otherwise maintain a credential vault application 109 or other type of credential manager application that stores and has access to user credentials for the website of the website server 115, and optionally user credentials for other websites[e.g. note: 2nd website].). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Delsuc and Kim with the teaching of Morikuni because a user would have been motivated to use a credential vault, taught by Morikuni, for managing credential usage in the system taught by Delsuc, in order to secure the credentials from malicious activities(Morikuni, para. 0015) CONCLUSION Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469. The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /GREGORY A LANE/Examiner, Art Unit 2438 /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438