LOW FRICTION BANK SELECTION AND CHECKOUT METHOD

§101 §103 §112

DETAILED ACTION Acknowledgements This office action is in response to the claims filed 09/2/2025. Claims 1, 9, and 17 are amended. Claims 2, 4, 10, 12, 18 and 19 are cancelled. Claims 1, 3, 5-9, 11, 13-17, and 20 are pending. Claims 1, 3, 5-9, 11, 13-17, and 20 have been examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 06/27/2025 have been fully considered but they are not persuasive. 101 Applicant argues “The Specification describes a technical problem pertaining to complex authentication procedures that have been implemented by online merchants, online payment services, and financial institutions….In view of these technical problems, claim 1 recites a technical solution for a low-friction, real-time transactional authentication system. The system preserves the security measures necessary to protect user account data but streamlines user authentication through a single financial service backend system without needing extraneous inputs from the disparate systems existing across an e- commerce network environment (e.g., a user device).” Examiner disagrees. First, Applicant’s arguments further iterate that the improvements are directed at improving the user’s experience so the user “no longer needs to perform two-factor authentication measures”. Secondly, the arguments for improved technology are arguments for automation, as stated by the Applicant, of a business process, “it is important to keep in mind that an improvement in the abstract idea itself (e.g. a recited fundamental economic concept) is not an improvement in technology. For example, in Trading Technologies Int’l v. IBG, 921 F.3d 1084, 1093-94, 2019 USPQ2d 138290 (Fed. Cir. 2019), the court determined that the claimed user interface simply provided a trader with more information to facilitate market trades, which improved the business process of market trading but did not improve computers or technology.” MPEP 2106.05(a) (II). The rejection is maintained. 112 Due to Applicant’s amendments, prior 112 rejections are withdrawn. 103 Schropfer teaches and (ii) contacting a mobile network operator associated with a phone number of the account to determine whether the phone number is stable (¶ 90); Claim Interpretation – According to the disclosure (¶ 27), “whether the user has a stable mobile phone number (e.g., checking with a mobile network operator (MNO) to see if the phone number is stable)” Schropfer - A user can provide a name (or nickname) 1410, a phone number 1412 (e.g. mobile phone number), AuthenticationSite ID 1414 (i.e., handle), a Zip Code 1416 (which can be verified with a mobile network operator), and a PIN 1418. (¶ 90) causing the user device to automatically populate the pin entry field with the one-time pin such that a pin input populated in the pin entry field matches the one-time pin; (¶ 62, 63, 81, 97) Schropfer - In the instance where authentication platform 110 has yet to be associated with a specified 3PWebsite 150, the user can be asked to provide authentication credentials so that certain fields can be prefilled in relation to future requests, as seen in the example screen display in FIG. 24. At any point in the future, provided the user is logged into the user app, the user app, when communicating with a “non-partnered” site, can notify the user of the stored authentication credentials and request the user to authenticate using security protocols (e.g., biometrics, PIN, etc.). Once authenticated, the user app can fill in the authentication credentials for the user, and the user can actuate a button to sign-in. (¶ 97) Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1, 3, 5-9, 11, 13-17, and 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Subject Matter Eligibility Standard When considering subject matter eligibility under 35 U.S.C. § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter (101 Analysis: Step 1). Even if the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) (101 Analysis: Step 2a(Prong 1), and if so, Identify whether there are any additional elements recited in the claim beyond the judicial exception(s), and evaluate those additional elements to determine whether they integrate the exception into a practical application of the exception. (101 Analysis: Step 2a (Prong 2). If additional elements does not integrate the exception into a practical application of the exception, claim still requires an evaluation of whether the claim recites additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception. If the claim as a whole amounts to significantly more than the exception itself (there is an inventive concept in the claim), the claim is eligible. If the claim as a whole does not amount to significantly more (there is no inventive concept in the claim), the claim is ineligible. (101 Analysis: Step 2b). The 2019 PEG explains that the abstract idea exception includes the following groupings of subject matter: a) Mathematical concepts b) Certain methods of organizing human activity and c) Mental processes Analysis In the instant case, claim 1 is directed to a method, and claims 9 and 17 are directed to an article of manufacture. Step 2a.1– Identifying an Abstract Idea The claims recite the steps of “receive … identifier… apply… rules… determine a confidence score, send… response… causing… send… pin…causing… determine… matches… send… identifiers… receive a selection… and send account information….” The recited limitations fall within the certain methods of organizing human activity grouping of abstract ideas, specifically, fundamental economic principles, for example, verifying a customer for a transaction. Accordingly, the claims recites an abstract idea. See MPEP 2106. Step 2a.2 – Identifying a Practical Application The claim does currently recite an additional element but the additional element does not that integrate the judicial exception into a practical application. The claim recites “applying apply a set of rules to transaction and account information for an account associated with the user….” According to the disclosure( ¶ 27), “verification rules 116 stores a set of rules for verifying or authenticating a user or an account for use in online purchases. In some embodiments, the set of rules includes rules for checking account information in user database 114. For example, rules for checking account information in user database 114 include whether a user account is eligible or enabled for online payment, whether there is sufficient balance in the account for the payment transaction, whether the user has a stable mobile phone number (e.g., checking with a mobile network operator (MNO) to see if the phone number is stable), whether the mobile phone number may be sent SMS messages, whether the user has consented to third-party data sharing, whether the user or the transaction present any fraud risks, and whether the user or the transaction trip any security flags. In some embodiments, checking whether a user has stable mobile phone number includes contacting the user's MNO to see if the user has recently made changes to their account, such as number porting.” From the disclosure, the application of the rules can be as standard as checking whether a customer’s account has sufficient funds, which is not only a fundamental economic practice, but also falls under the abstract idea of customer verification for a transaction. Accordingly, even in combination, this additional element does not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Mere instructions to apply the exception using generic computer components and limitations to a particular field of use or technological environment do not amount to practical applications. The claim in directed to an abstract idea. Step 2b The claim limitations recite “receive” or “send” are not additional elements and they amount to no more than mere instructions to apply the exception using a generic computer component. For the same reason these elements are not sufficient to provide an inventive concept. This is also determined to be well-understood, routine and conventional activity in the field. The Symantec, TLI, and OIP Techs, court decision cited in MPEP 2106.05(d)(II) indicates that mere receipt or transmission of data over a network is a well-understood, routine and conventional function when it is claimed in a merely generic manner, as it is here. Therefore, when considering the additional elements alone, and in combination, there is no inventive concept in the claim and thus the claim is not eligible. Viewed as a whole, instructions/method claims recite the concept of a fundamental economic practice as performed by a generic computer. The claims do not currently recite any additional elements or combination of additional elements that amount to significantly more than the judicial exception. The additional elements used to perform the claimed judicial exception amount to no more than mere instructions to implement the abstract idea in a network, and/or merely uses a network as a tool to perform an abstract idea and/or generally linking the use of the judicial exception to a particular environment. Dependent claims 3, 5-8, 11, 13-16, and 20 discuss functions in more descriptive detail of the steps geared toward the abstract idea. As such, these elements do not provide the significantly more to the underlying abstract idea necessary to render the invention patentable. The claims do not, for example, purport to improve the functioning of the computer itself. Nor do they effect an improvement in any other technology or technical field. Therefore, based on case law precedent, the claims are claiming subject matter similar to concepts already identified by the courts as dealing with abstract ideas. See Alice Corp. Pty. Ltd., 573 U.S. 208 (citing Bilski v. Kappos, 561, U.S. 593, 611 (2010)). The claims at issue amount to nothing significantly more than an instruction to apply the abstract idea using some unspecified, generic computer. See Alice Corp. Pty. Ltd., 573 U.S. 208. Mere instructions to apply the exception using a generic computer component and limitations to a particular field of use or technological environment cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible. Conclusion The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not affect an improvement to another technology or technical filed; the claim does not amount to an improvement to the functioning of a computer system itself; and the claim does not move beyond a general link of the use of an abstract idea to a particular technological environment. Accordingly, the Examiner concludes that there are no meaningful limitations in the claim that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself. Dependent claims do not resolve the deficiency of independent claims and accordingly stand rejected under 35 USC 101 based on the same rationale. Dependent claims 3, 5-8, 11, 13-16, and 20 are also rejected. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1, 3, 5-9, 11, 13-17, and 20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 1 and 10 recites “when the processor determines that the confidence score exceeds a confidence threshold …causing the user device to display a pin entry field on the website;… causing the user device to automatically populate the pin entry field with the one-time pin such that a pin input populated in the pin entry field matches the one-time pin”. According to the disclosure (¶ 65, 95, 96), “In 260, method 200 includes sending user device 130B a one-time pin. The one-time pin is further described above with respect to FIG. 1 . Financial services backend 110 sends the one-time pin to user device 130B. The one-time pin may be sent in an SMS message. In some embodiments, the SMS message automatically populates a pin entry form on the website for online payment service 120.Website 308 still has unique identifier 302 containing the UID. A new popup, pin entry interface 332, covers the entry fields for card information 304 and cardholder name form 306. Pin entry interface 332 has an entry field for the one-time pin (e.g., for completing operation 270), which is contained in the SMS message indicated by SMS message receipt popup 334. ” The disclosure recites the received SMS message automatically populating the PIN entry form on the website. The disclosure does not support when the processor determines that the confidence score exceeds a confidence threshold, causing the user device to display a pin entry field on the website, and causing the user device to automatically populate the pin entry field with the one-time pin such that a pin input populated in the pin entry field matches the one-time pin. Dependent claims 3, 5-8, 11, 13-16, and 20 are also rejected. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3, 5, 9, 11, 13, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Patni et al. (US 2019/0213585) (“Patni”), in view of O’Cuilinn et al. (US 20180165679) (“Cuilinn”) and further in view of Schropfer et al. (US 20150326550) (“Schropfer”). Regarding claims 1, 9 and 17, Patni discloses receiving, from an online payment service that causes a website to display on a user device, a unique identifier for a user and transaction information about a transaction that is being attempted through the online payment service via the website (¶ 7-17, 55-66, 76-87, 92-95, 110, 120-125); Patni - At step 108, subsequent to receipt of the payment card details or payment account details at the merchant server, a request for an OTP may be transmitted to an authentication server through a communication network… The received inputs may be transmitted from the device at which they are received from the user, to authentication server 214 a—for example by way of one or more network communications routed through any of the merchant server 206 …where pre-booked OTP based authentication is being used in connection with an electronic payment transaction being executed at an online web-site (e.g., an e-commerce website hosted on a merchant server) that has been accessed through the web browser of an internet enabled computer or any other user device, the network session may be initiated between merchant server 206 or the internet enabled computer or user device on one side,… (ii) who intends to use this credit card to execute payment of Indian Rupees (INR) 2,000 towards online purchase of a railway ticket from the Indian Railways Catering and Tourism Corporation (IRCTC) website for a New Delhi-Mumbai train, (¶ 8, 61, 65, 66) applying, by a processor, a set of rules to the transaction information and account information for an account associated with the user, by applying in parallel a first subset of rules and a second subset of rules retrieved from a rules database (¶ 25, 26, 61-64, 78- 88, 93-95, 109-116) Patni - the user submits to the issuer bank server or payment network server (i) an instruction to generate a pre-booked OTP, (ii) payment card or payment account details of the user—with which the generated pre-booked OTP may be associated (which payment card or payment account details may include any authentication details required for carrying out an electronic transaction through said payment card or payment account and (iii) specified transaction parameters corresponding to a proposed payment transaction that is intended to be executed by the user in the future—including any one or more of a merchant identifier, identifier corresponding to an item, article or service towards which payment is intended to be made, transaction type, transaction amount, transaction date or range of dates within which the transaction may be executed, or a defined time window within which the transaction is intended to be executed, identifiers associated with processor implemented device through which the transaction request is intended to be forwarded, or any other parameters associated with the future transaction. (¶ 78) wherein the processor applies the first subset of rules by: (i) determining whether the user has an account enabled for online payment, (ii) determining whether the account has an amount sufficient to pay for the transaction, (iii)determining whether the account includes the user device on file which can receive a one- time pin, and (iv) determining whether the user consents to third-party data sharing, and (¶ 19, 25, 26, 61-64, 74-88, 116, 117) Patni - the user submits to the issuer bank server or payment network server (i) an instruction to generate a pre-booked OTP, (ii) payment card or payment account details of the user—with which the generated pre-booked OTP may be associated (which payment card or payment account details may include any authentication details required for carrying out an electronic transaction through said payment card or payment account and (iii) specified transaction parameters corresponding to a proposed payment transaction that is intended to be executed by the user in the future—including any one or more of a merchant identifier, identifier corresponding to an item, article or service towards which payment is intended to be made, transaction type, transaction amount, transaction date or range of dates within which the transaction may be executed, or a defined time window within which the transaction is intended to be executed, identifiers associated with processor implemented device through which the transaction request is intended to be forwarded, or any other parameters associated with the future transaction. (¶ 78) (ii) contacting a mobile network operator associated with a phone number of the account to determine whether the phone number is stable; (¶ 11) Patni - It has been found that OTP based authentication suffers from drawbacks—particularly in situations where the user location has poor network connectivity (e.g. having poor or non-existent mobile phone network connectivity or poor or non-existent internet connectivity). The poor connectivity prevents transmission of a generated OTP to the user's mobile device, or may prevent the user from accessing an OTP that has been transmitted to the user's registered email address. (¶ 11) sending, to the online payment service, a response that the user has the account (¶ 7-14, 55-66, 76-89, 92-95, 120-125); Patni - (ii) in the course of generating the pre-booked OTP, said pre-booked OTP has been associated with (a) the payment card or payment account details that are being provided to the merchant server 204, 704 at step 804 and (b) one or more transaction parameters corresponding to the transaction that is sought to be implemented at the merchant server 204, 704. (¶ 94) sending, to the user device, the one-time pin; and(¶ 7-14, 55-66, 76-89, 92-95, 120-125); Patni - At step 510 the generated pre-booked OTP is transmitted from the authentication server to the user. (¶ 82) causing the user device to display a pin entry field on the website (¶ 17, 26, 65); Claim Interpretation – According to the disclosure (¶ 95, 96), “ Website 308 still has unique identifier 302 containing the UID. A new popup, pin entry interface 332, covers the entry fields for card information 304 and cardholder name form 306. Pin entry interface 332 has an entry field for the one-time pin (e.g., for completing operation 270), which is contained in the SMS message indicated by SMS message receipt popup 334. ” Patni - The invention also provides a method for one-time-password (OTP) based payment authentication, comprising the steps of (i) receiving through a user interface, user input for session initiation, said user input for session initiation comprising one or more of user identity information and user authentication information,…The received inputs may be transmitted from the device at which they are received from the user, to authentication server 214 a (¶ 26, 65) when the pin input matches the one-time pin, sending, to the online payment service, one or more account identifiers for the account associated with the user to populate an account information interface; receiving a selection of an account identifier from the account information interface; and sending a user account card verification value, and an expiration date corresponding to the selected account identifier to the online payment service to process the transaction through the website, (¶ 7-17, 23, 55-66, 76-87, 92-110, 120-125); Patni - the user initiates a session (preferably a secure session) with the merchant server through a website or software application corresponding to the merchant.—… the user 202 a, 702 a communicates payment card or payment account details to the merchant server 204, 704—which payment card or payment account details may be input at the user device 202 b, 702 b for onward communication to the merchant server 204, 704…. As discussed above, the authentication server may thereafter receive (i) a second OTP input by a user subsequent to commencement of a payment transaction, and (ii) one or more detected transaction parameters corresponding to said payment transaction. The authentication server may subsequently authorize an electronic payment corresponding to the payment transaction, responsive to determination of a match between the first OTP and the second OTP, and between the identified one or more identified transaction parameters and corresponding one or more detected transaction parameters. (¶ 84, 93, 116) Patni does not disclose wherein the processor applies the second subset of rules by: (i) deriving geolocation data of the user device in real-time based on a comparison between a stored location of the user and a transmitted location of the user device to determine whether the user presents a fraud risk, and (ii) contacting a mobile network operator associated with a phone number of the account to determine whether the phone number is stable ;determining a confidence score based on the application of the set of rules, the confidence score indicating a confidence that the user who submitted the unique identifier to the online payment service is authorized to access the account information; when the processor determines that the confidence score exceeds a confidence threshold: causing the user device to automatically populate the pin entry field with the one-time pin such that a pin input populated in the pin entry field matches the one-time pin;a virtual account number, wherein the virtual account number is a proxy of the selected account identifier. Cuilinn teaches wherein the processor applies the second subset of rules by: (i) deriving geolocation data of the user device in real-time based on a comparison between a stored location of the user and a transmitted location of the user device to determine whether the user presents a fraud risk (¶ 40-53); Cuilinn - The method comprises checking if the cardholder's registered mobile device is in the same location as a location associated with the transaction. The geolocation data used is from the cardholder's mobile device, provided via their mobile operator, or related third party… The transaction request may include geolocation data. The geolocation data may comprise card present (CP) geolocation data… the method includes determining if a comparison of the geolocation data of the transaction request with geolocation data of a mobile device of the cardholder is greater or less than a confidence threshold 131. (¶ 44, 45, 51) determining a confidence score based on the application of the set of rules, the confidence score indicating a confidence that the user who submitted the unique identifier to the online payment service is authorized to access the account information; when the processor determines that the confidence score exceeds a confidence threshold: (¶ 17, 48-61); Cuilinn - The confidence threshold may vary according to location. For example, the confidence threshold may be set higher or lower according to the threat of payment card fraud associated with the country from which the transaction request is initiated. If the comparison of the geolocation data of the transaction request with the geolocation data of a mobile device of the cardholder returns a confidence score that is the same as or greater than a confidence threshold, a decision may be made to maintain or reduce the level of step-up authentication required 132… On the other hand, if the comparison of the transaction request with the geolocation data returns a confidence score less than a confidence threshold, a decision may be made to increase the level of step-up authentication required 133. (¶ 53, 61) a virtual account number, wherein the virtual account number is a proxy of the selected account identifier(¶ 9, 38); Cuilinn - Payment cards may include credit cards, debit cards, charge cards, stored-value cards, prepaid cards, fleet cards, virtual payment numbers, virtual card numbers, controlled payment numbers, etc. (¶ 38) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Patni and Cuilinn in order to verify the actual identity and account of the user performing the ecommerce transaction and mitigate fraud (Cuilinn; ¶ 12, 13). Schropfer teaches and (ii) contacting a mobile network operator associated with a phone number of the account to determine whether the phone number is stable (¶ 90); Claim Interpretation – According to the disclosure (¶ 27), “whether the user has a stable mobile phone number (e.g., checking with a mobile network operator (MNO) to see if the phone number is stable)” Schropfer - A user can provide a name (or nickname) 1410, a phone number 1412 (e.g. mobile phone number), AuthenticationSite ID 1414 (i.e., handle), a Zip Code 1416 (which can be verified with a mobile network operator), and a PIN 1418. (¶ 90) causing the user device to automatically populate the pin entry field with the one-time pin such that a pin input populated in the pin entry field matches the one-time pin; (¶ 62, 63, 81, 97) Schropfer - In the instance where authentication platform 110 has yet to be associated with a specified 3PWebsite 150, the user can be asked to provide authentication credentials so that certain fields can be prefilled in relation to future requests, as seen in the example screen display in FIG. 24. At any point in the future, provided the user is logged into the user app, the user app, when communicating with a “non-partnered” site, can notify the user of the stored authentication credentials and request the user to authenticate using security protocols (e.g., biometrics, PIN, etc.). Once authenticated, the user app can fill in the authentication credentials for the user, and the user can actuate a button to sign-in. (¶ 97) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Patni, Cuilinn and Schropfer in order to protect a user against security issues on a website (Schropfer; ¶ 1-3). Regarding claims 3 and 11, Patni discloses wherein the unique identifier is selected from a group consisting of: a user name, a user phone number, and a user email address (¶ 5, 9, 11, 71, 72). Regarding claims 5 and 13, Patni discloses wherein the user device is a mobile phone, a rule from the set of rules is whether the user has consented to receive short message service (SMS) messages on the mobile phone, and the one-time pin is sent to the mobile phone via SMS messaging (¶ 61, 72). Claims 6-8, 14-16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Patni et al. (US 2019/0213585) (“Patni”), in view of O’Cuilinn et al. (US 20180165679) (“Cuilinn”), in view of Schropfer et al. (US 20150326550) (“Schropfer”) and further in view of Sims et al. (US 2018/0211249) (“Sims”). Regarding claims 6, 14 and 20, neither Patni, Cuilinn nor Schropfer teach wherein the virtual account number configured to represent the selected account identifier to the online payment service. Sims teaches wherein the virtual account number configured to represent the selected account identifier to the online payment service (¶ 37, 42, 43, 45, 50, 54, 58). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Patni, Cuilinn, Schropfer and Sims in order to take safety precautions to protect customers’ information (Sims; ¶ 1-4). Regarding claims 7 and 15, Sims teaches wherein the virtual account number is further configured to be different from an additional virtual account number configured to represent the selected account identifier to a different online payment service (¶ 37, 42, 43, 45, 50, 54, 58). Regarding claims 8 and 16, Sims teaches wherein the one or more account identifiers are sent to the online payment service in a format configured to automatically populate an account information form (¶ 37, 42, 43, 45, 50, 54, 58). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Vasu et al., (US 2017/0270517) teaches tokens and OTP. Cao et al. (US 20200153821) (“Cao”) THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ILSE I IMMANUEL whose telephone number is (469)295-9094. The examiner can normally be reached Monday-Friday 9:00 am to 5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA H PATEL can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ILSE I IMMANUEL/Primary Examiner, Art Unit 3699