Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsStripe, Inc. › 18756071
Last updated: April 19, 2026
Application No. 18/756,071

SECURE TOKEN DRIVEN CONDITIONAL ROUTING OF PROCEEDS

Non-Final OA §103§DP
Filed
Jun 27, 2024
Examiner
SCOTT, RANDY A
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Stripe, Inc.
OA Round
1 (Non-Final)
85%
Grant Probability
Favorable
1-2
OA Rounds
3y 1m
To Grant
82%
With Interview

Interview Optional

-2.6% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 937 resolved cases, 2023–2026

Examiner Intelligence

SCOTT, RANDY A View full profile →
Grants 85% — above average
85%
Career Allow Rate
793 granted / 937 resolved
+26.6% vs TC avg
Minimal -3% lift
Without
With
+-2.6%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
27 currently pending
Career history
964
Total Applications
across all art units

Statute-Specific Performance

§101
11.8%
-28.2% vs TC avg
§103
56.3%
+16.3% vs TC avg
§102
11.9%
-28.1% vs TC avg
§112
10.7%
-29.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 937 resolved cases

Office Action

§103 §DP
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION 1. This Office Action is responsive to the communication filed 6/27/2024. Information Disclosure Statement 2. The information disclosure statement (IDS) submitted on 6/27/2024 was filed after the mailing date of the instant application. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Double Patenting 3. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. 4. Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 12,063,212. Instant Application 18/756,071 Patent No. US 12,063,212 Claim 1: A computer-implemented method performed by a server computer system for processing a routing of data between a first remote computing system and a second remote computing system, comprising: receiving, by an interface of the server computer system from the first remote computing system, a request to generate a token for the routing of data between the first remote computing system and the second remote computing system, the request comprising a set of parameters, wherein at least one of the set of parameters defines a condition for routing the data between the first remote computing system and the second remote computing system; generating, by a processing system of the server computer system, the token for the routing of data, the token referencing at least the first remote computing system, the second remote computing system, and the set of parameters; processing, by the server computer system, the routing of data between the first remote computing system and the second remote computing system using the set of parameters referenced by the token. 2. The method of claim 1, further comprising: generating, by the server computer system, a randomly generated identifier that references the set of parameters; and transmitting, by the server computer system to at least one of the first remote computing system and the second remote computing system, the randomly generated identifier that references the set of parameters. 3. The method of claim 2, further comprising: receiving, by the server computer system, the randomly generated identifier from one of the first remote computing system or the second remote computing system; performing the processing, by the server computer system, of the routing of data between the first remote computing system and the second remote computing system in response to verification of the condition defined by the at least one of the set of parameters. 4. The method of claim 2, wherein the randomly generated identifier comprises a pointer or link to a data storage location of a data store where the set of parameters are stored by the server computer system, and the pointer and link are the token. 5. The method of claim 2, wherein the randomly generated identifier is stored in an object or file, and the object or file comprises the token. 6. The method of claim 1, wherein the set of parameters comprises an incomplete set of parameters, and the method further comprises: receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system; performing, by the server computer system, a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system; and in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token. 7. The method of claim 1, wherein the interface comprises an application programming interface (API) request interface, and wherein the request to initiate the routing of data between the first remote computing system and the second remote computing system is received as an API message transmitted to the API request interface over a communications network. 8. The method of claim 1, wherein the token is decipherable at the server computer system and indecipherable to the first remote computing system and the second remote computing system. 9. The method of claim 1, further comprising: analyzing, by the server computer system, one or more fraud detection parameters associated with the request to generate the token; detecting, by the server computer system, whether a risk of fraud determined based on the analysis of the one or more fraud detection parameters satisfies a fraud detection threshold; rejecting, by the server computer system, the request to generate the token when the risk of fraud fails to satisfy the fraud detection threshold; and accepting, by the server computer system, the request to generate the token when the risk of fraud satisfies the fraud detection threshold. 10. The method of claim 9, wherein the one or more fraud detection parameters associated with the request to generate the token comprise: one or more of a total number of tokens requested by the first remote computing system over a period of time, a total number of routings of data processed by the server computer system for the first remote computing system, whether one of the set of parameters deviates from an expected parameter value. 11. A non-transitory machine-readable medium, having instructions stored thereon, which when executed by a processing system of a server computer system, cause the server computer system to performing operations for processing a routing of data between a first remote computing system and a second remote computing system, the operations comprising: receiving, by an interface of the server computer system from the first remote computing system, a request to generate a token for the routing of data between the first remote computing system and the second remote computing system, generating, by a processing system of the server computer system, the token for the routing of data, the token referencing at least the first remote computing system, the second remote computing system, and the set of parameters; sending, by the server computer system, the token to the second remote computing system; in response to receiving a request to initiate the routing of data between the first remote computing system and the second remote computing system, the request comprising the token, verifying, by the server computer system, one or more of the set of parameters are satisfied by one or more corresponding current parameters associated with the routing of data being processed between the first remote computing system and the second remote computing system, the one or more parameters verified as being satisfied comprise the condition; and in response to the verification of the one or more of the set of parameters are satisfied by the one or more corresponding current parameters, processing, by the server computer system, the routing of data between the first remote computing system and the second remote computing system using the set of parameters referenced by the token. 12. The non-transitory machine-readable medium of claim 11, wherein the operations further comprise: generating, by the server computer system, a randomly generated identifier that references the set of parameters; and transmitting, by the server computer system to at least one of the first remote computing system and the second remote computing system, the randomly generated identifier that references the set of parameters. 13. The non-transitory machine-readable medium of claim 12, wherein the operations further comprise: accessing, by the server computer system, the set of parameters referenced by the randomly generated identifier; and performing the processing, by the server computer system, of the routing of data between the first remote computing system and the second remote computing system in response to verification of the condition defined by the at least one of the set of parameters. 14. The non-transitory machine-readable medium of claim 11, wherein the set of parameters comprises an incomplete set of parameters, and the operations further comprise: receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system; performing, by the server computer system, a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system; and in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token. 15. The non-transitory machine-readable medium of claim 11, wherein the operations further comprise: analyzing, by the server computer system, one or more fraud detection parameters associated with the request to generate the token; detecting, by the server computer system, whether a risk of fraud determined based on the analysis of the one or more fraud detection parameters satisfies a fraud detection threshold; rejecting, by the server computer system, the request to generate the token when the risk of fraud fails to satisfy the fraud detection threshold; and accepting, by the server computer system, the request to generate the token when the risk of fraud satisfies the fraud detection threshold. 16. A server computer system for processing a routing of data between a first remote computing system and a second remote computing system, comprising: a memory storing instructions; and a processing system, coupled with the memory, and configured to execute the instructions causing the server computer system to perform operations, comprising: receiving, by an interface of the server computer system from the first remote computing system, a request to generate a token for the routing of data between the first remote computing system and the second remote computing system, generating the token for the routing of data, the token referencing at least the first remote computing system, the second remote computing system, and the set of parameters, sending the token to the second remote computing system, in response to receiving a request to initiate the routing of data between the first remote computing system and the second remote computing system, the request comprising the token, verifying one or more of the set of parameters are satisfied by one or more corresponding current parameters associated with the routing of data being processed between the first remote computing system and the second remote computing system, the one or more parameters verified as being satisfied comprise the condition, and in response to the verification of the one or more of the set of parameters are satisfied by the one or more corresponding current parameters, processing the routing of data between the first remote computing system and the second remote computing system using the set of parameters referenced by the token. 17. The system of claim 16, wherein the processing system is further configured to perform operations comprising: generating a randomly generated identifier that references the set of parameters; and transmitting, to at least one of the first remote computing system and the second remote computing system, the randomly generated identifier that references the set of parameters. 18. The system of claim 17, wherein the processing system is further configured to perform operations comprising: receiving the randomly generated identifier from one of the first remote computing system or the second remote computing system; accessing the set of parameters referenced by the randomly generated identifier; and performing the processing, by the server computer system, of the routing of data between the first remote computing system and the second remote computing system in response to verification of the condition defined by the at least one of the set of parameters. 19. The system of claim 16, wherein the set of parameters comprises an incomplete set of parameters, and wherein the processing system is further configured to perform operations comprising: receiving, by the interface, a validation challenge and a challenge response defined by the first remote computing system; performing a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system; and in response to a successful validation of the second remote computing system, receiving, by the interface, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token. 20. The system of claim 16, wherein the processing system is further configured to perform operations comprising: analyzing one or more fraud detection parameters associated with the request to generate the token; detecting whether a risk of fraud determined based on the analysis of the one or more fraud detection parameters satisfies a fraud detection threshold; rejecting the request to generate the token when the risk of fraud fails to satisfy the fraud detection threshold; and accepting the request to generate the token when the risk of fraud satisfies the fraud detection threshold. Claim 1: A computer-implemented method performed by a server computer system for processing a routing of data between a first remote computing system and a second remote computing system, comprising: receiving, by an interface of the server computer system from the first remote computing system, a request to initiate the routing of data between the first remote computing system and the second remote computing system, the request comprising an incomplete set of parameters; receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system; generating, by a processing system of the server computer system, a token for the routing of data, the token referencing at least the first remote computing system and the incomplete set of parameters, processing, by the server computer system, the routing of data between the first remote computing system and the second remote computing system using the complete set of parameters referenced by the token. 3. The method of claim 1, further comprising: generating a randomly generated identifier that references the complete set of parameters; transmitting, by the server computer system to the first remote computing system, the randomly generated identifier that references the complete set of parameters. 3. The method of claim 1, further comprising: generating a randomly generated identifier that references the complete set of parameters; transmitting, by the server computer system to the first remote computing system, the randomly generated identifier that references the complete set of parameters; performing the processing, by the server computer system, of the routing of data between the first remote computing system and the second remote computing system in response to receiving the randomly generated identifier with the request to perform the processing of the routing of data. 5. The method of claim 3, wherein the randomly generated identifier comprises a pointer or link to a data storage location of a data store where the complete set of parameters are stored by the server computer system, and the pointer and link are the token. 6. The method of claim 3, wherein the randomly generated identifier is stored in an object or file, and the object or file comprises the token. 1. (cont.) the request comprising an incomplete set of parameters; receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system; performing, by the server computer system, a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system; in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token. 2. The method of claim 1, wherein the interface comprises an application programming interface (API) request interface, and wherein the request to initiate the routing of data between the first remote computing system and the second remote computing system, the validation challenge and the challenge response, and the second set of parameters are received as API messages transmitted to the API request interface over a communications network. 1.(cont.) wherein the token decipherable at the server computer system and indecipherable to the first remote computing system and the second remote computing system; 8. The method of claim 1, wherein the request to initiate the routing of data comprises a request to generate the token, further comprising: analyzing, by an analytics engine of the server computer system, one or more fraud detection parameters associated with the request to generate the token; detecting, by the analytics engine, whether the determined risk of fraud satisfies a fraud detection threshold; rejecting the request to generate the token when the determined risk of fraud fails to satisfy the fraud detection threshold; and accepting the request to generate the token when the determined risk of fraud satisfied the fraud detection threshold. 9. The method of claim 8, wherein the one or more fraud detection parameters associated with the request to generate the token comprise: one or more of a total number of tokens requested by the first remote computing system over a period of time, a total number of routings of data processed by the server computer system for the first remote computing system, whether one of the incomplete set of parameters deviates from an expected value of a parameter. 10. A non-transitory machine-readable medium, having instructions stored thereon, which when executed by a processing system of a server computer system, cause the server computer system to perform operations for processing a routing of data between a first remote computing system and a second remote computing system, the operations comprising: receiving, by an interface of the server computer system from the first remote computing system, a request to initiate the routing of data between the first remote computing system and the second remote computing system, generating a token for the routing of data, the token referencing at least the first remote computing system and the incomplete set of parameters, and the token decipherable at the server computer system and indecipherable to the first remote computing system and the second remote computing system; in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token; and processing the routing of data between the first remote computing system and the second remote computing system using the complete set of parameters referenced by the token. 12. The non-transitory machine-readable medium of claim 10, further comprising: generating a randomly generated identifier that references the complete set of parameters; transmitting, by the server computer system to the first remote computing system, the randomly generated identifier that references the complete set of parameters. 13. The non-transitory machine-readable medium of claim 12, further comprising: accessing the complete set of parameters referenced by the randomly generated identifier in response to the receipt of the randomly generated identifier; completing the processing of the routing of data between the first remote computing system and the second remote computing system in response to the verification of the one or more of the complete set of parameters are satisfied by the one or more corresponding current parameters. 10 (cont). the request comprising an incomplete set of parameters; receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system; 10 (cont). performing a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system; in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token. 14. The non-transitory machine-readable medium of claim 10, wherein the request to initiate the routing of data comprises a request to generate the token, further comprising: analyzing, by an analytics engine of the server computer system, one or more fraud detection parameters associated with the request to generate the token; detecting, by the analytics engine, whether the determined risk of fraud satisfies a fraud detection threshold; rejecting the request to generate the token when the determined risk of fraud fails to satisfy the fraud detection threshold; and accepting the request to generate the token when the determined risk of fraud satisfies the fraud detection threshold. 15. A server computer system for processing a routing of data between a first remote computing system and a second remote computing system, comprising: a memory storing instructions; and a processing system, coupled with the memory, and configured to execute the instructions causing the server computer system to perform operations, comprising: receiving, by an interface of the server computer system from the first remote computing system, a request to initiate the routing of data between the first remote computing system and the second remote computing system, generating a token for the routing of data, the token referencing at least the first remote computing system and the incomplete set of parameters, and the token decipherable at the server computer system and indecipherable to the first remote computing system and the second remote computing system; performing a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system; in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token; and processing the routing of data between the first remote computing system and the second remote computing system using the complete set of parameters referenced by the token. 17. The server computer system of claim 15, wherein the processing system is further configured to perform operations, comprising: generating a randomly generated identifier that references the complete set of parameters; transmitting, by the server computer system to the first remote computing system, the randomly generated identifier that references the complete set of parameters; 18. The server computer system of claim 17, wherein the processing system is further configured to perform operations, comprising: receiving the randomly generated identifier with the request to perform the processing of the routing of data; accessing the complete set of parameters referenced by the randomly generated identifier; and completing the processing of the routing of data between the first remote computing system and the second remote computing system in response to the verification of the one or more of the complete set of parameters are satisfied by the one or more corresponding current parameters 15 (cont). the request comprising an incomplete set of parameters; receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system; performing a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system; in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token 19. The server computer system of claim 15, wherein the request to initiate the routing of data comprises a request to generate the token, and the processing system is further configured to perform operations, comprising: analyzing, by an analytics engine of the server computer system, one or more fraud detection parameters associated with the request to generate the token; detecting, by the analytics engine, whether the determined risk of fraud satisfies a fraud detection threshold; rejecting the request to generate the token when the determined risk of fraud fails to satisfy the fraud detection threshold; and accepting the request to generate the token when the determined risk of fraud satisfies the fraud detection threshold. Claim Rejections – 35 USC 103 5. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 6. Claims 1-5, 7, 9, 11-13, 15-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Davis et al (US 2016/0180325) in view of Charles et al (US 2010/0088520). Regarding claim 1, Davis et al teaches computer-implemented method performed by a server computer system (fig. 1, ‘108) for processing a routing of data between a first remote computing system and a second remote computing system (fig. 1, ‘108, ‘200a, ‘200b, which disclose a server device for facilitating transactions between a mobile consumer device and a mobile merchant device), comprising: the request comprising a set of parameters, wherein at least one of the set of parameters defines a condition for routing the data between the first remote computing system and the second remote computing system (fig. 3A-3D, & par [0222], which disclose the request for the server to transmit data between the mobile consumer client device and the mobile merchant device containing information corresponding to the consumer device and merchant device); generating, by a processing system of the server computer system, the token for the routing of data, the token referencing at least the first remote computing system, the second remote computing system, and the set of parameters (par [0123] & par [0130], which disclose the generated token containing data corresponding to the consumer and merchant devices); sending, by the server computer system, the token to the second remote computing system (par [0130], lines 14-19, which discloses transmitting the token to the merchant device); verifying, by the server computer system, one or more of the set of parameters are satisfied by one or more corresponding current parameters associated with the routing of data being processed between the first remote computing system and the second remote computing system (par [0223], lines 4-9, which discloses the server providing a notification disclosing that data corresponding to user payment credentials have been received and merchant payment credentials have been successfully processed), the one or more parameters verified as being satisfied comprise the condition (par [0130], lines 16-19 and par [0131], lines 1-5, which disclose the server payment engine validating credentials corresponding to both the client and merchant); and in response to the verification of the one or more of the set of parameters are satisfied by the one or more corresponding current parameters, processing, by the server computer system, the routing of data between the first remote computing system and the second remote computing system using the set of parameters referenced by the token (fig. 2-3D & par [0074], which disclose validating data transfer between the merchant and consumer device, via the intermediary server, upon the token referencing payment credentials associated with the consumer and merchant devices). Davis et al does not explicitly teach receiving, by an interface of the server computer system from the first remote computing system, a request to generate a token for the routing of data between the first remote computing system and the second remote computing system and in response to receiving a request to initiate the routing of data between the first remote computing system and the second remote computing system, the request comprising the token. However, Charles et al teaches receiving, by an interface of the server computer system from the first remote computing system, a request to generate a token for the routing of data between the first remote computing system and the second remote computing system (par [0049], lines 1-10 and par [0050], lines 5-15, which disclose a client transmitting a token generation request to a central server for initiating a transaction with another peer), and in response to receiving a request to initiate the routing of data between the first remote computing system and the second remote computing system, the request comprising the token (par [0050], lines 16-18, which discloses sending the token in a peer to peer transaction). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Charles et al within the teachings of Davis et al would provide the predictive result of improving security of processing transactions in a client transaction provisioning environment by using certificated to prevent potentially malicious peers from altering or forging secure content belonging to other peers (as disclosed in par [0047-0048] of Charles et al) because this feature would prevent user payment credentials disclosed by Davis et al from being fraudulently tampered before the requesting client has been authorized to access the content. Regarding claim 2, Davis et al and Charles et al teach the limitations of claim 1. Davis et al further teaches generating, by the server computer system, a randomly generated identifier that references the set of parameters (fig. 3A, ‘320, “generate transaction ID”); and transmitting, by the server computer system to at least one of the first remote computing system and the second remote computing system, the randomly generated identifier that references the set of parameters (par [0101], lines 9-13, “provide users access to the transaction ID”). Regarding claim 3, Davis et al and Charles et al teach the limitations of claim 1. Davis et al further teaches receiving, by the server computer system, the randomly generated identifier from one of the first remote computing system or the second remote computing system (par [0106], lines 8-12, “include the transaction ID in any information sent from the client devices”); accessing, by the server computer system, the set of parameters referenced by the randomly generated identifier (par [0106], lines 12-15, “identify a particular transaction to which the information corresponds”); and performing the processing, by the server computer system, of the routing of data between the first remote computing system and the second remote computing system in response to verification of the condition defined by the at least one of the set of parameters (par [0132], lines 7-9, “provide additional authorization information, agree to terms and conditions…”). Regarding claim 4, Davis et al and Charles et al teach the limitations of claim 1. Davis et al further teaches wherein the randomly generated identifier comprises a pointer or link to a data storage location of a data store where the set of parameters are stored by the server computer system, and the pointer and link are the token (par [0123], lines 5-10, “random string called a “token” as a pointer to the stored payment credential”). Regarding claim 5, Davis et al and Charles et al teach the limitations of claim 1. Davis et al further teaches wherein the randomly generated identifier is stored in an object or file, and the object or file comprises the token (par [0074], lines 1-4, “token can reference a payment credential stored by the network application”). Regarding claim 7, Davis et al and Charles et al teach the limitations of claim 1. Davis et al further teaches wherein the interface comprises an application programming interface (API) request interface (par [0086], lines 1-5, “employ one or more application programming interfaces (APIs)”), and wherein the request to initiate the routing of data between the first remote computing system and the second remote computing system is received as an API message transmitted to the API request interface over a communications network. Regarding claim 9, Davis et al and Charles et al teach the limitations of claim 1. Davis et al further teaches analyzing, by the server computer system, one or more fraud detection parameters associated with the request to generate the token (par [0096], lines 1-10, “determining the likelihood of fraudulent activity”); detecting, by the server computer system, whether a risk of fraud determined based on the analysis of the one or more fraud detection parameters satisfies a fraud detection threshold (fig. 2, ‘238, “risk calculator”); rejecting, by the server computer system, the request to generate the token when the risk of fraud fails to satisfy the fraud detection threshold (par [0097], “risk associated with the consumer/merchant is below a predetermined threshold”); and accepting, by the server computer system, the request to generate the token when the risk of fraud satisfies the fraud detection threshold (par [0123], lines 1-5, “after determining the risk, the payment engine 206 can generate 316 a token”). Regarding claim 11, Davis et al teaches a non-transitory machine-readable medium, having instructions stored thereon, which when executed by a processing system of a server computer system (fig. 1, ‘108) cause the server computer system to performing operations for processing a routing of data between a first remote computing system and a second remote computing system (fig. 1, ‘108, ‘200a, ‘200b, which disclose a server device for facilitating transactions between a mobile consumer device and a mobile merchant device), comprising: the request comprising a set of parameters, wherein at least one of the set of parameters defines a condition for routing the data between the first remote computing system and the second remote computing system (fig. 3A-3D, & par [0222], which disclose the request for the server to transmit data between the mobile consumer client device and the mobile merchant device containing information corresponding to the consumer device and merchant device); generating, by a processing system of the server computer system, the token for the routing of data, the token referencing at least the first remote computing system, the second remote computing system, and the set of parameters (par [0123] & par [0130], which disclose the generated token containing data corresponding to the consumer and merchant devices); sending, by the server computer system, the token to the second remote computing system (par [0130], lines 14-19, which discloses transmitting the token to the merchant device); verifying, by the server computer system, one or more of the set of parameters are satisfied by one or more corresponding current parameters associated with the routing of data being processed between the first remote computing system and the second remote computing system (par [0223], lines 4-9, which discloses the server providing a notification disclosing that data corresponding to user payment credentials have been received and merchant payment credentials have been successfully processed), the one or more parameters verified as being satisfied comprise the condition (par [0130], lines 16-19 and par [0131], lines 1-5, which disclose the server payment engine validating credentials corresponding to both the client and merchant); and in response to the verification of the one or more of the set of parameters are satisfied by the one or more corresponding current parameters, processing, by the server computer system, the routing of data between the first remote computing system and the second remote computing system using the set of parameters referenced by the token (fig. 2-3D & par [0074], which disclose validating data transfer between the merchant and consumer device, via the intermediary server, upon the token referencing payment credentials associated with the consumer and merchant devices). Davis et al does not explicitly teach receiving, by an interface of the server computer system from the first remote computing system, a request to generate a token for the routing of data between the first remote computing system and the second remote computing system and in response to receiving a request to initiate the routing of data between the first remote computing system and the second remote computing system, the request comprising the token. However, Charles et al teaches receiving, by an interface of the server computer system from the first remote computing system, a request to generate a token for the routing of data between the first remote computing system and the second remote computing system (par [0049], lines 1-10 and par [0050], lines 5-15, which disclose a client transmitting a token generation request to a central server for initiating a transaction with another peer), and in response to receiving a request to initiate the routing of data between the first remote computing system and the second remote computing system, the request comprising the token (par [0050], lines 16-18, which discloses sending the token in a peer-to-peer transaction). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Charles et al within the teachings of Davis et al would provide the predictive result of improving security of processing transactions in a client transaction provisioning environment by using certificated to prevent potentially malicious peers from altering or forging secure content belonging to other peers (as disclosed in par [0047-0048] of Charles et al) because this feature would prevent user payment credentials disclosed by Davis et al from being fraudulently tampered before the requesting client has been authorized to access the content. Regarding claim 12, Davis et al and Charles et al teach the limitations of claim 11. Davis et al further teaches generating, by the server computer system, a randomly generated identifier that references the set of parameters (fig. 3A, ‘320, “generate transaction ID”); and transmitting, by the server computer system to at least one of the first remote computing system and the second remote computing system, the randomly generated identifier that references the set of parameters (par [0101], lines 9-13, “provide users access to the transaction ID”). Regarding claim 13, Davis et al and Charles et al teach the limitations of claim 11. Davis et al further teaches receiving, by the server computer system, the randomly generated identifier from one of the first remote computing system or the second remote computing system (par [0106], lines 8-12, “include the transaction ID in any information sent from the client devices”); accessing, by the server computer system, the set of parameters referenced by the randomly generated identifier (par [0106], lines 12-15, “identify a particular transaction to which the information corresponds”); and performing the processing, by the server computer system, of the routing of data between the first remote computing system and the second remote computing system in response to verification of the condition defined by the at least one of the set of parameters (par [0132], lines 7-9, “provide additional authorization information, agree to terms and conditions…”). Regarding claim 15, Davis et al and Charles et al teach the limitations of claim 11. Davis et al further teaches analyzing, by the server computer system, one or more fraud detection parameters associated with the request to generate the token (par [0096], lines 1-10, “determining the likelihood of fraudulent activity”); detecting, by the server computer system, whether a risk of fraud determined based on the analysis of the one or more fraud detection parameters satisfies a fraud detection threshold (fig. 2, ‘238, “risk calculator”); rejecting, by the server computer system, the request to generate the token when the risk of fraud fails to satisfy the fraud detection threshold (par [0097], “risk associated with the consumer/merchant is below a predetermined threshold”); and accepting, by the server computer system, the request to generate the token when the risk of fraud satisfies the fraud detection threshold (par [0123], lines 1-5, “after determining the risk, the payment engine 206 can generate 316 a token”). Regarding claim 16, Davis et al teaches a server computer system (fig. 1, ‘108) for processing a routing of data between a first remote computing system and a second remote computing system (fig. 1, ‘108, ‘200a, ‘200b, which disclose a server device for facilitating transactions between a mobile consumer device and a mobile merchant device), comprising: a memory storing instructions (fig. 7, ‘704); and a processing system, coupled with the memory, and configured to execute the instructions causing the server computer system to perform operations (fig. 7, ‘702/‘704), comprising: the request comprising a set of parameters, wherein at least one of the set of parameters defines a condition for routing the data between the first remote computing system and the second remote computing system (fig. 3A-3D, & par [0222], which disclose the request for the server to transmit data between the mobile consumer client device and the mobile merchant device containing information corresponding to the consumer device and merchant device); generating the token for the routing of data, the token referencing at least the first remote computing system, the second remote computing system, and the set of parameters (par [0123] & par [0130], which disclose the generated token containing data corresponding to the consumer and merchant devices); sending the token to the second remote computing system (par [0130], lines 14-19, which discloses transmitting the token to the merchant device); verifying one or more of the set of parameters are satisfied by one or more corresponding current parameters associated with the routing of data being processed between the first remote computing system and the second remote computing system (par [0223], lines 4-9, which discloses the server providing a notification disclosing that data corresponding to user payment credentials have been received and merchant payment credentials have been successfully processed), the one or more parameters verified as being satisfied comprise the condition (par [0130], lines 16-19 and par [0131], lines 1-5, which disclose the server payment engine validating credentials corresponding to both the client and merchant); and in response to the verification of the one or more of the set of parameters are satisfied by the one or more corresponding current parameters the routing of data between the first remote computing system and the second remote computing system using the set of parameters referenced by the token (fig. 2-3D & par [0074], which disclose validating data transfer between the merchant and consumer device, via the intermediary server, upon the token referencing payment credentials associated with the consumer and merchant devices). Davis et al does not explicitly teach receiving, by an interface of the server computer system from the first remote computing system, a request to generate a token for the routing of data between the first remote computing system and the second remote computing system and in response to receiving a request to initiate the routing of data between the first remote computing system and the second remote computing system, the request comprising the token. However, Charles et al teaches receiving, by an interface of the server computer system from the first remote computing system, a request to generate a token for the routing of data between the first remote computing system and the second remote computing system (par [0049], lines 1-10 and par [0050], lines 5-15, which disclose a client transmitting a token generation request to a central server for initiating a transaction with another peer), and in response to receiving a request to initiate the routing of data between the first remote computing system and the second remote computing system, the request comprising the token (par [0050], lines 16-18, which discloses sending the token in a peer-to-peer transaction). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Charles et al within the teachings of Davis et al would provide the predictive result of improving security of processing transactions in a client transaction provisioning environment by using certificated to prevent potentially malicious peers from altering or forging secure content belonging to other peers (as disclosed in par [0047-0048] of Charles et al) because this feature would prevent user payment credentials disclosed by Davis et al from being fraudulently tampered before the requesting client has been authorized to access the content. Regarding claim 17, Davis et al and Charles et al teach the limitations of claim 16. Davis et al further teaches generating a randomly generated identifier that references the set of parameters (fig. 3A, ‘320, “generate transaction ID”); and transmitting to at least one of the first remote computing system and the second remote computing system, the randomly generated identifier that references the set of parameters (par [0101], lines 9-13, “provide users access to the transaction ID”). Regarding claim 18, Davis et al and Charles et al teach the limitations of claim 16. Davis et al further teaches receiving the randomly generated identifier from one of the first remote computing system or the second remote computing system (par [0106], lines 8-12, “include the transaction ID in any information sent from the client devices”); Accessing the set of parameters referenced by the randomly generated identifier (par [0106], lines 12-15, “identify a particular transaction to which the information corresponds”); and performing the processing, by the server computer system, of the routing of data between the first remote computing system and the second remote computing system in response to verification of the condition defined by the at least one of the set of parameters (par [0132], lines 7-9, “provide additional authorization information, agree to terms and conditions…”). Regarding claim 20, Davis et al and Charles et al teach the limitations of claim 16. Davis et al further teaches analyzing one or more fraud detection parameters associated with the request to generate the token (par [0096], lines 1-10, “determining the likelihood of fraudulent activity”); detecting whether a risk of fraud determined based on the analysis of the one or more fraud detection parameters satisfies a fraud detection threshold (fig. 2, ‘238, “risk calculator”); rejecting the request to generate the token when the risk of fraud fails to satisfy the fraud detection threshold (par [0097], “risk associated with the consumer/merchant is below a predetermined threshold”); and accepting the request to generate the token when the risk of fraud satisfies the fraud detection threshold (par [0123], lines 1-5, “after determining the risk, the payment engine 206 can generate 316 a token”). 7. Claims 6, 8, 10, 14, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Davis et al (US 2016/0180325) in view of Charles et al (US 2010/0088520), further in view of Hazel et al (US 2016/0027003). Regarding claim 6, Davis et al does not explicitly teach receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system; and performing, by the server computer system, a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system. However, Charles et al teaches receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system (par [0041], “challenge & response”); and performing, by the server computer system, a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system (par [0041-0042], “authorizing the client to perform the series of transactions with the peer”). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Charles et al within the teachings of Davis et al would provide the predictive result of improving security of processing transactions in a client transaction provisioning environment by using certificated to prevent potentially malicious peers from altering or forging secure content belonging to other peers (as disclosed in par [0047-0048] of Charles et al) because this feature would prevent user payment credentials disclosed by Davis et al from being fraudulently tampered before the requesting client has been authorized to access the content. Davis et al and Charles et al do not explicitly teach wherein the set of parameters comprises an incomplete set of parameters, and in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token. However, Hazel et al further teaches wherein the set of parameters comprises an incomplete set of parameters (par [0031], lines 7-12, “blank fields for input of transaction information”), and in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token (par [0050], lines 1-15, which discloses populating the field data with referenced information). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Hazel et al within the teachings of Davis et al and Charles et al would provide the predictive result of expediting token-based authentication for accessing secure content by incorporating the automatic populating of encrypted user credentials (as disclosed in par [0033] of Hazel et al) because this feature allows for faster access to authentication-requiring credentials while ensuring the automatically populated data remains encrypted. Regarding claim 8, Davis et al and Charles et al do not explicitly teach wherein the token is decipherable at the server computer system and indecipherable to the first remote computing system and the second remote computing system. However, Hazel et al further teaches wherein the token is decipherable at the server computer system (par [0062], lines 13-15, “provide clear text data to the transaction processor”) and indecipherable to the first remote computing system and the second remote computing system (par [0030], lines 12-14, “token information is encrypted before it leaves”). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Hazel et al within the teachings of Davis et al and Charles et al according to the motivation disclosed regarding claim 6. Regarding claim 10, Davis et al and Charles et al do not explicitly teach wherein the one or more fraud detection parameters associated with the request to generate the token comprise: one or more of a total number of tokens requested by the first remote computing system over a period of time, a total number of routings of data processed by the server computer system for the first remote computing system, whether one of the set of parameters deviates from an expected parameter value. However, Hazel et al further teaches wherein the one or more fraud detection parameters (par [0071], lines 12-16) associated with the request to generate the token comprise: one or more of a total number of tokens requested by the first remote computing system over a period of time (par [0044], lines 6-8, “obtain the information from a variety of different types of tokens”), a total number of routings of data processed by the server computer system for the first remote computing system, whether one of the set of parameters deviates from an expected parameter value (par [0070], lines 13-15, “transaction amounts”). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Hazel et al within the teachings of Davis et al and Charles et al according to the motivation disclosed regarding claim 6. Regarding claim 14, Davis et al does not explicitly teach receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system; and performing, by the server computer system, a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system. However, Charles et al teaches receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system (par [0041], “challenge & response”); and performing, by the server computer system, a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system (par [0041-0042], “authorizing the client to perform the series of transactions with the peer”). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Charles et al within the teachings of Davis et al would provide the predictive result of improving security of processing transactions in a client transaction provisioning environment by using certificated to prevent potentially malicious peers from altering or forging secure content belonging to other peers (as disclosed in par [0047-0048] of Charles et al) because this feature would prevent user payment credentials disclosed by Davis et al from being fraudulently tampered before the requesting client has been authorized to access the content. Davis et al and Charles et al do not explicitly teach wherein the set of parameters comprises an incomplete set of parameters, and in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token. However, Hazel et al further teaches wherein the set of parameters comprises an incomplete set of parameters (par [0031], lines 7-12, “blank fields for input of transaction information”), and in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token (par [0050], lines 1-15, which discloses populating the field data with referenced information). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Hazel et al within the teachings of Davis et al and Charles et al would provide the predictive result of expediting token-based authentication for accessing secure content by incorporating the automatic populating of encrypted user credentials (as disclosed in par [0033] of Hazel et al) because this feature allows for faster access to authentication-requiring credentials while ensuring the automatically populated data remains encrypted. Regarding claim 19, Davis et al does not explicitly teach receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system; and performing a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system. However, Charles et al teaches receiving, by the interface of the server computer system, a validation challenge and a challenge response defined by the first remote computing system (par [0041], “challenge & response”); and performing a validation of the second remote computing system based on the validation challenge and the challenge response defined by the first remote computing system (par [0041-0042], “authorizing the client to perform the series of transactions with the peer”). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Charles et al within the teachings of Davis et al would provide the predictive result of improving security of processing transactions in a client transaction provisioning environment by using certificated to prevent potentially malicious peers from altering or forging secure content belonging to other peers (as disclosed in par [0047-0048] of Charles et al) because this feature would prevent user payment credentials disclosed by Davis et al from being fraudulently tampered before the requesting client has been authorized to access the content. Davis et al and Charles et al do not explicitly teach wherein the set of parameters comprises an incomplete set of parameters, and in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token. However, Hazel et al further teaches wherein the set of parameters comprises an incomplete set of parameters (par [0031], lines 7-12, “blank fields for input of transaction information”), and in response to a successful validation of the second remote computing system, receiving, by the interface of the server computer system, a second set of parameters from the second remote computing system, wherein the incomplete set of parameters and the second set of parameters form a complete set of parameters referenced by the token (par [0050], lines 1-15, which discloses populating the field data with referenced information). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the disclosure of Hazel et al within the teachings of Davis et al and Charles et al would provide the predictive result of expediting token-based authentication for accessing secure content by incorporating the automatic populating of encrypted user credentials (as disclosed in par [0033] of Hazel et al) because this feature allows for faster access to authentication-requiring credentials while ensuring the automatically populated data remains encrypted. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Randy A. Scott whose telephone number is (571) 272-3797. The examiner can normally be reached on Monday-Thursday 7:30 am-5:00 pm, second Fridays 7:30 am-4pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RANDY A SCOTT/Primary Examiner, Art Unit 2439 20260120
Read full office action

Prosecution Timeline

Jun 27, 2024
Application Filed
Jan 23, 2026
Non-Final Rejection — §103, §DP
Apr 16, 2026
Applicant Interview (Telephonic)
Apr 16, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

16/159,436
Patent 12564764
SYSTEM AND METHOD OF BASKETBALL TESTING
2y 5m to grant Granted Mar 03, 2026
18/318,617
Patent 12556581
Policy based privileged remote access in zero trust private networks
2y 5m to grant Granted Feb 17, 2026
17/850,852
Patent 12549389
DEVICE FOR IMPLEMENTING GATED ARRAY BLOCKCHAIN PROTECTION CODES FOR IOT DEVICES
2y 5m to grant Granted Feb 10, 2026
17/895,996
Patent 12531883
IDENTIFICATION OF MALICIOUS CONTENT IN OPERATING SYSTEM CLIPBOARD
2y 5m to grant Granted Jan 20, 2026
18/401,612
Patent 12531837
VALIDATION ENGINE FOR FIREWALL MIGRATION
2y 5m to grant Granted Jan 20, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
85%
Grant Probability
82%
With Interview (-2.6%)
3y 1m
Median Time to Grant
Low
PTA Risk
Based on 937 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month