DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is a non-final office action on application 19/054,133.
Claims 1-20 are pending.
Continuation
This application is a continuation application of U.S. Patent Application No. 17/946,211 filed on 9/16/2022, now U.S. Patent No. 12,229,758 ("Parent Application"), which is a continuation of U.S. Patent Application No. 17/676,328 filed on 2/21/2022, now U.S. Patent No. 12,211,033. See MPEP §201.07. In accordance with MPEP §609.02 A. 2 and MPEP §2001.06(b) (last paragraph), the Examiner has reviewed and considered the prior art cited in the Parent Application. Also in accordance with MPEP §2001.06(b) (last paragraph), all documents cited or considered ‘of record’ in the Parent Application are now considered cited or ‘of record’ in this application. Additionally, Applicant(s) are reminded that a listing of the information cited or ‘of record’ in the Parent Application need not be resubmitted in this application unless Applicant(s) desire the information to be printed on a patent issuing from this application. See MPEP §609.02 A. 2.
Information Disclosure Statement (IDS)
IDS received on 6/13/2025 and 5/5/2025 have been considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 4 and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Per claims 4 and 15, the claims recite “accessing/access the device access token in response to determining that the transaction request does not violate the account restriction.” Here, the scope of the claims is unclear as the independent claims is clear to recite that the account restriction “is encoded as part of the device access token”. In other word, the device access token needs to be accessed in order to determine that the transaction request does not violate the account restriction (i.e., account restriction that has been encoded as part of the device access token).
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 12,229,758. Although the claims at issue are not identical, they are not patentably distinct from each other because:
Per independent claim 1, ‘758 discloses a method comprising:
receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows one or more applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device (claim 1, receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device);
receiving, by the smart device, a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application (claim 1, receiving, by the smart device, a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application);
generating, by the smart device, a device access token based at least in part on (i) a device identifier corresponding to the smart device, and (ii) a financial account identifier corresponding to the financial account, the device access token generated such that the account restriction for the second software application is encoded as part of the device access token (claim 1, generating, by the smart device, a device access token based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to the financial account, and (iii) a user identifier corresponding to a user of the smart device, the device access token generated such that the account restriction for the second software application is encoded as part of the device access token);
receiving, by the smart device, a transaction request from the second software application executing on the smart device (claim 1, receiving, by the smart device, a transaction request from the second software application executing on the smart device);
determining, by the smart device, that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token (claim 1, determining, by the smart device, that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token);
responsive to determining that the transaction request does not violate the account restriction, transmitting, to the computing system, the device access token and one of (i) the transaction request, or (ii) a modified transaction request, wherein the computing system of the first service provider determines that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token (claim 1, responsive to determining that the transaction request does not violate the account restriction, establishing, by the smart device, a secure authorized session between the smart device and the computing system of the first service provider; transmitting, to the computing system, via the secure authorized session, the device access token and one of (i) the transaction request, or (ii) a modified transaction request, wherein the computing system of the first service provider determines that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token);
receiving, by the smart device from the computing system, an electronic message responsive to the transaction request or to the modified transaction request (claim 1, receiving, by the smart device from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request); and
providing, by the smart device to the second software application, a response to the transaction request based on the electronic message (claim 1, providing, by the smart device to the second software application, a response to the transaction request based on the electronic message).
As per claim 2, ‘758 discloses wherein the first selection and the second selection are received via the first software application executing on the smart device (see claim 2).
As per claim 3, ‘758 discloses retrievably storing, by the smart device in a secure storage element of the smart device, the device access token including the account restriction in association with the second software application (see claim 3).
As per claim 4, ‘758 discloses accessing the device access token in response to determining that the transaction request does not violate the account restriction (see claim 4).
As per claim 5, ‘758 discloses wherein the account restriction is received via the first software application (see claim 5).
As per claim 6, ‘758 discloses generating, by the smart device, the modified transaction request based on the transaction request and the account restriction (see claim 6).
As per claim 7, ‘758 discloses wherein the modified transaction request is transmitted to the computing system via a secure authorized session (see claim 7).
As per claim 8, ‘758 discloses wherein generating the modified transaction request comprises applying the account restriction to the transaction request (see claim 8).
As per claim 9, ‘758 discloses transmitting the account restriction to the computing system via a secure authorized session (see claim 9).
As per claim 10, ‘758 discloses wherein the response comprises the electronic message received from the computing system (see claim 10).
As per claim 11, ‘758 discloses wherein the device access token is transmitted via a secure authorized session, established by the smart device, between the smart device and the computing system of the first service provider (see claim 1, establishing, by the smart device, a secure authorized session between the smart device and the computing system of the first service provider; transmitting, to the computing system, via the secure authorized session, the device access token).
As per other independent claim 12, ‘758 discloses a smart device comprising one or more processors (preamble of claim 11) configured to:
receive, via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows one or more applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device (claim 11, receive, via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device);
receive a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application (claim 11, receive a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application);
generate a device access token based at least in part on (i) a device identifier corresponding to the smart device, and (ii) a financial account identifier corresponding to the financial account, the device access token generated such that the account restriction for the second software application is encoded as part of the device access token (claim 11, generate a device access token based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to the financial account, and (iii) a user identifier corresponding to a user of the smart device, the device access token generated such that the account restriction for the second software application is encoded as part of the device access token);
receive a transaction request from the second software application executing on the smart device (claim 11, receive a transaction request from the second software application executing on the smart device);
determine that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token (claim 11, determining that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token);
responsive to determining that the transaction request does not violate the account restriction, transmit the device access token and one of (i) the transaction request, or (ii) a modified transaction request, wherein the computing system of the first service provider determines that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token (claim 11, responsive to determining that the transaction request does not violate the account restriction, establish a secure authorized session between the smart device and the computing system of the first service provider; transmit, via the secure authorized session, the device access token and one of (i) the transaction request, or (ii) a modified transaction request, wherein the computing system of the first service provider determines that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token);
receive, from the computing system, an electronic message responsive to the transaction request or to the modified transaction request (claim 11, receive, from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request); and
provide, to the second software application, a response to the transaction request based on the electronic message (claim 11, provide, to the second software application, a response to the transaction request based on the electronic message).
As per claim 13, ‘758 discloses wherein the first selection and the second selection are received via the first software application executing on the smart device (see claim 12).
As per claim 14, ‘758 discloses the one or more processors further configured to retrievably store, in a secure storage element of the smart device, the device access token including the account restriction in association with the second software application (see claim 13).
As per claim 15, ‘758 discloses the one or more processors further configured to access the device access token in response to determining that the transaction request does not violate the account restriction (see claim 14).
As per claim 16, ‘758 discloses wherein one or more processors are configured to receive the account restriction via the first software application (see claim 15).
As per claim 17, ‘758 discloses the one or more processors further configured to generate the modified transaction request based on the transaction request and the account restriction (see claim 16).
As per claim 18, ‘758 discloses wherein the modified transaction request is transmitted to the computing system via a secure authorized session (see claim 17).
As per claim 19, ‘758 discloses wherein generating the modified transaction request comprises applying, by the one or more processors, the account restriction to the transaction request (see claim 18).
As per claim 20, ‘758 discloses wherein the device access token is transmitted via a secure authorized session, established by the smart device, between the smart device and the computing system of the first service provider (see claim 11, establish a secure authorized session between the smart device and the computing system of the first service provider; transmit, via the secure authorized session, the device access token).
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,399,973 in view of US Patent Publication No. 20210075782 (“Dunjic”).
Per claim 1, ‘973 discloses a method comprising:
receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows one or more applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device (claim 1, receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device);
receiving, by the smart device, a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application (claim 1, receiving, by the smart device, a first selection of a financial account held by the first service provider, and a second selection of a second software application of a second service provider distinct from the first service provider)(claim 3: receiving, by the smart device, an account restriction applicable to the second software application);
generating, by the smart device, a device access token based at least in part on (i) a device identifier corresponding to the smart device, and (ii) a financial account identifier corresponding to the financial account, the smart device, (ii) a financial account identifier corresponding to the financial account, (iii) a user identifier corresponding to a user of the smart device, and (iv) an identifier of the second software application);
receiving, by the smart device, a transaction request from the second software application executing on the smart device (claim 1, receiving, by the smart device, a transaction request from the second software application executing on the smart device);
responsive to determining that the transaction request does not violate the account restriction, transmitting, to the computing system, the device access token and one of (i) the transaction request, or (ii) a modified transaction request, the modified transaction request comprises applying the account restriction to the transaction request);
receiving, by the smart device from the computing system, an electronic message responsive to the transaction request or to the modified transaction request (claim 1, receiving, by the smart device from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request, the electronic message provided based on the device access token being validated); and
providing, by the smart device to the second software application, a response to the transaction request based on the electronic message (claim 1, providing, by the smart device to the second software application, a response to the transaction request based on the electronic message.).
While ‘973 claims disclose the smart device generating a device access token based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to the financial account, (iii) a user identifier corresponding to a user of the smart device, and (iv) an identifier of the second software application and validating the device access token with respect to the second software application and technique of parsing content associated with the second software application encoded as part of the device access token to validate the transaction request, ‘973 does not particularly teach that the device access token is further encoded with an account restriction applicable to the second software and determining that the transaction request does not violate the account restriction applicable to the second software by parsing the account restriction for the second software application encoded as part of the device access token.
Dunjic, however, discloses access token that includes permissions, i.e., restriction, for a first application to access the user account and using the access token and granting access using the access token that indicates permissions ([0023], access permissions for the first application to access the user account may be included in a first token; [0045]; [0055]; [0057]; [0058]; [0085], access permissions may indicate restrictions imposed by the user)(by Dunjic disclosing restriction included in the access token, Dunjic necessarily teaches parsing).
As ‘973 generally teaches local validation of the access token and server-side validation of the transaction request using the access token by parsing, it would have been obvious to one of ordinary skill in the art before the effective filing of instant claim to utilize the technique of inclusion of restriction for a particular application in the access token as taught by Dunjic in validating the access token and validating the transaction request as disclosed in ‘973 for the purpose providing effective solution for handling software requests to access user account data at a protected data resource.
As per claim 2, ‘973/Dunjic discloses wherein the first selection and the second selection are received via the first software application executing on the smart device (‘973: claim 2).
As per claim 3, ‘973/Dunjic discloses retrievably storing, by the smart device in a secure storage element of the smart device, the device access token including the account restriction in association with the second software application (‘973: claim 1, retrievably storing, by the smart device in a secure storage element of the smart device, the device access token in association with the second software application; and claim 5, storing the account restriction in the secure storage element in association with the second software application).
As per claim 4, ‘973/Dunjic discloses accessing the device access token in response to determining that the transaction request does not violate the account restriction (‘973: claim 1, retrievably storing, by the smart device in a secure storage element of the smart device, the device access token in association with the second software application … validating, by the smart device, the device access token with respect to the second software application)(Dunjic: [0023], access permissions for the first application to access the user account may be included in a first token; [0045]; [0055]; [0057]; [0058]; [0085], access permissions may indicate restrictions imposed by the user).
As per claim 5, ‘973/Dunjic discloses wherein the account restriction is received via the first software application (‘973: claim 4).
As per claim 6, ‘973/Dunjic discloses generating, by the smart device, the modified transaction request based on the transaction request and the account restriction (‘973: claim 6).
As per claim 7, ‘973/Dunjic discloses wherein the modified transaction request is transmitted to the computing system via a secure authorized session (‘973: claim 7).
As per claim 8, ‘973/Dunjic discloses wherein generating the modified transaction request comprises applying the account restriction to the transaction request (‘973: claim 8).
As per claim 9, ‘973/Dunjic discloses transmitting the account restriction to the computing system via a secure authorized session (‘973: claim 9).
As per claim 10, ‘973/Dunjic discloses wherein the response comprises the electronic message received from the computing system (‘973: claim 10, wherein the transaction request is a request for data.; claim 20, wherein the response comprises the electronic message received from the computing system).
As per claim 11, ‘973/Dunjic discloses wherein the device access token is transmitted via a secure authorized session, established by the smart device, between the smart device and the computing system of the first service provider (‘973: claim 1, establishing, by the smart device, a secure authorized session between the smart device and the computing system of the first service provider … transmitting, by the smart device to the computing system, via the secure authorized session, the device access token).
As per claim 12, ‘973 discloses a smart device comprising one or more processors configured to (claim 1 preamble):
receive, via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows one or more applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device (claim 11, receive, via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device);
receive a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application (claim 11, receive a first selection of a financial account held by the first service provider, and a second selection of a second software application of a second service provider distinct from the first service provider; claim 13, receive an account restriction applicable to the second software application);
generate a device access token based at least in part on (i) a device identifier corresponding to the smart device, and (ii) a financial account identifier corresponding to the financial account,
receive a transaction request from the second software application executing on the smart device (claim 11, receive a transaction request from the second software application executing on the smart device);
responsive to determining that the transaction request does not violate the account restriction, transmit the device access token and one of (i) the transaction request, or (ii) a modified transaction request, wherein the computing system of the first service provider
receive, from the computing system, an electronic message responsive to the transaction request or to the modified transaction request (claim 1, receive, from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request, the electronic message provided based on the device access token being validated); and
provide, to the second software application, a response to the transaction request based on the electronic message (claim 1, provide, to the second software application, a response to the transaction request based on the electronic message).
While ‘973 claims disclose the smart device generating a device access token based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to the financial account, (iii) a user identifier corresponding to a user of the smart device, and (iv) an identifier of the second software application and validating the device access token with respect to the second software application and technique of parsing content associated with the second software application encoded as part of the device access token to validate the transaction request, ‘973 does not particularly teach that the device access token is further encoded with an account restriction applicable to the second software and determining that the transaction request does not violate the account restriction applicable to the second software by parsing the account restriction for the second software application encoded as part of the device access token.
Dunjic, however, discloses access token that includes permissions, i.e., restriction, for a first application to access the user account and using the access token and granting access using the access token that indicates permissions ([0023], access permissions for the first application to access the user account may be included in a first token; [0045]; [0055]; [0057]; [0058]; [0085], access permissions may indicate restrictions imposed by the user)(by Dunjic disclosing restriction included in the access token, Dunjic necessarily teaches parsing).
As ‘973 generally teaches local validation of the access token and server-side validation of the transaction request using the access token by parsing, it would have been obvious to one of ordinary skill in the art before the effective filing of instant claim to utilize the technique of inclusion of restriction for a particular application in the access token as taught by Dunjic in validating the access token and validating the transaction request as disclosed in ‘973 for the purpose providing effective solution for handling software requests to access user account data at a protected data resource.
As per claim 13, ‘973/Dunjic discloses wherein the first selection and the second selection are received via the first software application executing on the smart device (‘973: claim 12).
As per claim 14, ‘973/Dunjic discloses the one or more processors further configured to retrievably store, in a secure storage element of the smart device, the device access token including the account restriction in association with the second software application (‘973: claim 11, retrievably storing, by the smart device in a secure storage element of the smart device, the device access token in association with the second software application; Claim 15, storing the account restriction in the secure storage element in association with the second software application).
As per claim 15, ‘973/Dunjic discloses the one or more processors further configured to access the device access token in response to determining that the transaction request does not violate the account restriction (‘973: claim 11. retrievably storing, by the smart device in a secure storage element of the smart device, the device access token in association with the second software application … validating, by the smart device, the device access token with respect to the second software application) (Dunjic: [0023], access permissions for the first application to access the user account may be included in a first token; [0045]; [0055]; [0057]; [0058]; [0085], access permissions may indicate restrictions imposed by the user).
As per claim 16, ‘973/Dunjic discloses wherein one or more processors are configured to receive the account restriction via the first software application (‘973: claim 14).
As per claim 17, ‘973/Dunjic discloses the one or more processors further configured to generate the modified transaction request based on the transaction request and the account restriction (‘973: claim 16).
As per claim 18, ‘973/Dunjic discloses wherein the modified transaction request is transmitted to the computing system via a secure authorized session (‘973: claim 17).
As per claim 19, ‘973/Dunjic discloses wherein generating the modified transaction request comprises applying, by the one or more processors, the account restriction to the transaction request (‘973: claim 18).
As per claim 20, ‘973/Dunjic discloses wherein the device access token is transmitted via a secure authorized session, established by the smart device, between the smart device and the computing system of the first service provider (‘973: claim 19).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US Patent Publication No. 20190318122 discloses a system and method for secure permissioning of access to user account, including secure distribution of aggregated user account data. The system utilizes authorization token that is shared among systems in order to confirm authorization of the user account data. The system moderate access of the financial report to third-party entities, i.e., application, utilizing various techniques including use of access token(s). The publication, however, does not particularly teach the aspect of generating of the device access token and the determining of the violation using the account restriction by parsing the account restriction for the second software application encoded as part of the device access token locally and server-side in order to provide a response to the transaction request based on the electronic message received from the server to the second software application that is executing on the smart device as recited in the independent claims.
US Patent Publication No. 20120291102 discloses a permission-based administrative controls for selectively managing which of the functions of a mobile device are to be made available, or are to be blocked, for selected applications that may operate on the mobile device. The policy on a mobile device specifies which application that are installed or are executing on the mobile device may access, or may not access, data functions or operations that are associated with the mobile device permissions, such as a permission to access calendar data or contact data. When an application seeks to access a function, a security application determines whether the policy allows or disallows such access before allowing the function to be performed. The publication, however, does not teach the particulars of device access token and the use in determining of the violation using the account restriction by parsing the account restriction for the second software application encoded as part of the device access token locally and server-side in order to provide a response to the transaction request based on the electronic message received from the server to the second software application that is executing on the smart device as recited in the independent claims.
US Patent Publication No. US 20140059565 discloses a method for providing settlement information in which a device provides settlement information to an application which is installed on the device includes executing a first application which is installed on the device, receiving settlement information from an external device via the executed first application, converting at least a part of the received settlement information, and providing the converted settlement information to a second application which is installed on the device in order to allow the second application to use the received settlement information. The publication, however, does not teach the particulars of device access token and the use in determining of the violation using the account restriction by parsing the account restriction for the second software application encoded as part of the device access token locally and server-side in order to provide a response to the transaction request based on the electronic message received from the server to the second software application that is executing on the smart device as recited in the independent claims.
US Patent Publication No. 20210075782 discloses a method and system for controlling third-party access of a protected data resource. The reference discloses access token that includes restriction associated with a first application, the restriction/permission for the first application to access a user account at a protected data source. The reference, however, does not disclose the third-party to be an application that is executing on a smart device and the interactions among the first application executing on the smart device, the second application, and the smart device in achieving providing a response to the transaction request based on the electronic message received from the server to the second software application that is executing on the smart device as recited in the independent claims.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN S KIM whose telephone number is (571)270-5287. The examiner can normally be reached Monday -Friday: 7:00 - 3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached at 571-272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/STEVEN S KIM/Primary Examiner, Art Unit 3698