SERVER-TO-DEVICE SECURE DATA EXCHANGE TRANSACTIONS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This non-final action is in response to the filing of the current application 19/185,864 filed on 4/22/2025. Claims 1-20 have been presented and are pending. Information Disclosure Statement The information disclosure statement (IDS) submitted on 5/5/2025 and 6/13/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Continuation This application is a continuation application of U.S. application no. 17/969,795 filed on 10/20/2022, now US Patent No. 12,380,437 (Parent Application), which is a continuation application of U.S. application no. 17/676,328 filed on 2/21/2022, now US Patent No. 12,211,033 (Parent Application), which claims the benefit of and priority of U.S. provision application no. 63/181,861 filed on April 29, 2021 and also claims the benefit of and priority of U.S. provision application no. 63/152,581 filed on February 23, 2021. See MPEP §201.07. In accordance with MPEP §609.02 A. 2 and MPEP §2001.06(b) (last paragraph), the Examiner has reviewed and considered the prior art cited in the Parent Application. Also, in accordance with MPEP §2001.06(b) (last paragraph), all documents cited or considered ‘of record’ in the Parent Application are now considered cited or ‘of record’ in this application. Additionally, Applicant(s) are reminded that a listing of the information cited or ‘of record’ in the Parent Application need not be resubmitted in this application unless Applicant(s) desire the information to be printed on a patent issuing from this application. See MPEP §609.02 A. 2. Specification The use of the term, i.e., Apple, Google, Samsung, Citrix, Azure, etc., which are trade name(s) or mark(s) used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term. Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks. The applicant is advised to review the Specification to identify all the trademark expressions and properly mark the expressions as noted above. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-8 of U.S. Patent No. 12,299,678. Although the claims at issue are not identical, they are not patentably distinct from each other because: Per claim 1, ‘678 discloses a method comprising: receiving, by a first smart device, a first selection of a second smart device to enroll in a server-to-device secure data exchange and a second selection of a financial account of a user that the second smart device is permitted to access, a server-to-device secure data exchange ecosystem allowing multiple applications and/or smart devices to transact with a computing system of a service provider indirectly via the first smart device (see claim 1: receiving, by a first smart device via a first software application executing on the first smart device, a request to enroll the first smart device in a server-to-device secure data exchange ecosystem that allows multiple applications and/or smart devices to transact with a computing system of a service provider indirectly via the first smart device; receiving, by the first smart device, via a graphical user interface presented by the first software application, a first selection of a second smart device to enroll in the server-to-device secure data exchange and a second selection of a financial account of a user that the second smart device is permitted to access); generating, by the first smart device, a device access token based at least in part on an account restriction generated based on the first and second selections (see claim 1: generating, by the first smart device, a device access token based on (i) a device identifier corresponding to the first smart device, (ii) a financial account identifier corresponding to the financial account of the user that the second smart device is permitted to access, (iii) a user identifier corresponding to the user, (iv) a device identifier corresponding to the second smart device, and (v) account restriction generated based on the first and second selections); receiving, by the first smart device, a transaction request from the second smart device (see claim 1: receiving, by the first smart device, a transaction request from the second smart device that is locally paired to the first smart device); determining, by the first smart device, whether the transaction request is authorized based on the account restriction in the device access token (see claim 1: determining, by the first smart device, whether the transaction request is authorized based on the account restriction in the device access token); establishing, by the first smart device, in response to receiving the transaction request, a secure authorized session between the first smart device and the computing system of the service provider based on determining whether the transaction request is authorized based the account restriction in the device access token (see claim 1: establishing, by the first smart device, in response to receiving the transaction request, a secure authorized session between the first smart device and the computing system of the service provider based on determining whether the transaction request is authorized based the account restriction in the device access token); transmitting, to the computing system, via the secure authorized session, the device access token and one of (i) the transaction request, or (ii) a modified transaction request (see clam 1: transmitting, to the computing system, via the secure authorized session, the device access token and one of (i) the transaction request, or (ii) a modified transaction request); receiving, by the first smart device from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request (see claim 1: receiving, by the first smart device from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request); and providing, by the first smart device to the second smart device, a response to the transaction request based on the electronic message (see claim 1: providing, by the first smart device to the second smart device, a response to the transaction request based on the electronic message). As per claim 2, ‘678 discloses wherein the device access token is generated in response to receiving the first selection and the second selection (see claim 2). As per claim 3, ‘678 discloses wherein the device access token is generated based further on a device identifier corresponding to the first smart device (see claim 1: generating, by the first smart device, a device access token based on (i) a device identifier corresponding to the first smart device, (ii) a financial account identifier corresponding to the financial account of the user that the second smart device is permitted to access, (iii) a user identifier corresponding to the user, (iv) a device identifier corresponding to the second smart device …). As per claim 4, ‘678 discloses wherein the device access token is generated based further on a financial account identifier corresponding to the financial account of the user that the second smart device is permitted to access (see claim 1: generating, by the first smart device, a device access token based on (i) a device identifier corresponding to the first smart device, (ii) a financial account identifier corresponding to the financial account of the user that the second smart device is permitted to access …). As per claim 5, ‘678 discloses wherein the device access token is generated based further on a user identifier corresponding to the user (see claim 1: generating, by the first smart device, a device access token based on (i) a device identifier corresponding to the first smart device, (ii) a financial account identifier corresponding to the financial account of the user that the second smart device is permitted to access, (iii) a user identifier corresponding to the user …). As per claim 6, ‘678 discloses wherein the device access token is generated based further on a device identifier corresponding to the second smart device (see claim 1: generating, by the first smart device, a device access token based on (i) a device identifier corresponding to the first smart device, (ii) a financial account identifier corresponding to the financial account of the user that the second smart device is permitted to access, (iii) a user identifier corresponding to the user, (iv) a device identifier corresponding to the second smart device …). As per claim 7, ‘678 discloses receiving, by the first smart device via a first software application executing on the first smart device, a request to enroll the first smart device in the server-to-device secure data exchange ecosystem (see claim 1: receiving, by a first smart device via a first software application executing on the first smart device, a request to enroll the first smart device in a server-to-device secure data exchange ecosystem that allows multiple applications and/or smart devices to transact with a computing system of a service provider indirectly via the first smart device). As per claim 8, ‘678 discloses wherein at least one of the first selection or the second selection is received by the first smart device via a first software application executing on the first smart device (see claim 1: receiving, by the first smart device, via a graphical user interface presented by the first software application, a first selection of a second smart device to enroll in the server-to-device secure data exchange and a second selection of a financial account of a user that the second smart device is permitted to access). As per claim 9, ‘678 discloses generating, by the first smart device, the modified transaction request based on the transaction request and the account restriction (see claim 3). As per claim 10, ‘678 discloses wherein the modified transaction request is transmitted to the computing system via the secure authorized session (see claim 4). As per claim 11, ‘678 discloses wherein the second smart device is locally paired to the first smart device when the transaction request is received by the first smart device from the second smart device (see claim 1: receiving, by the first smart device, a transaction request from the second smart device that is locally paired to the first smart device). As per claim 12, ‘678 discloses storing, by the first smart device, the device access token in a secure storage element of the first smart device (see claim 1: storing, by the first smart device in a secure storage element of the first smart device, the device access token). As per claim 13, ‘678 discloses wherein the response comprises the electronic message received from the computing system (see claim 5). As per claim 14, ‘678 discloses receiving, from a second software application executing on the first smart device, a second transaction request, wherein the second software application is associated with a second service provider that is distinct from the service provider; establishing, by the first smart device, in response to receiving the second transaction request, a second secure authorized session between the first smart device and the computing system of the service provider; and transmitting, to the computing system, via the second secure authorized session, the device access token and one of (i) the second transaction request, or (ii) a second modified transaction request (see claim 6). As per claim 15, ‘678 discloses receiving, by the first smart device from the computing system, via the second secure authorized session, a second electronic message responsive to the second transaction request or to the second modified transaction request; and providing, by the first smart device to the second software application, a second response to the second transaction request based on the second electronic message (see claim 6). As per claim 16, ‘678 discloses wherein the financial account is held by the service provider (see claim 7). As per claim 17, ‘678 discloses a first smart device comprising one or more hardware processors (see claim 8: first smart device comprising one or more processors configured to), the first smart device configured to: receive a first selection of a second smart device to enroll in a server-to-device secure data exchange and a second selection of a financial account of a user that the second smart device is permitted to access, a server-to-device secure data exchange ecosystem allowing multiple applications and/or smart devices to transact with a computing system of a service provider indirectly via the first smart device (claim 8: receive, via a first software application executing on the first smart device, a request to enroll the first smart device in a server-to-device secure data exchange ecosystem that allows multiple applications and/or smart devices to transact with a computing system of a service provider indirectly via the first smart device; receive, via a graphical user interface presented by the first software application, a first selection of a second smart device to enroll in the server-to-device secure data exchange and a second selection of a financial account of a user that the second smart device is permitted to access); generate a device access token based at least in part on an account restriction generated based on the first and second selections (see claim 8: generate a device access token based on (i) a device identifier corresponding to the first smart device, (ii) a financial account identifier corresponding to the financial account of the user that the second smart device is permitted to access, (iii) a user identifier corresponding to the user, (iv) a device identifier corresponding to the second smart device, and (v) account restriction generated based on the first and second selections); receive a transaction request from the second smart device (Claim 8: receive a transaction request from the second smart device that is locally paired with the first smart device); determine whether the transaction request is authorized based on the account restriction in the device access token (see claim 8: determine whether the transaction request is authorized based on the account restriction in the device access token); establish a secure authorized session between the first smart device and the computing system of the service provider based on whether the transaction request is authorized based on the account restriction in the device access token (see claim 8: establish, in response to receiving the transaction request, a secure authorized session between the first smart device and the computing system of the service provider based on determining whether the transaction request is authorized based the account restriction in the device access token); transmitting, to the computing system, via the secure authorized session, the device access token and one of (i) the transaction request, or (ii) a modified transaction request (see claim 8: transmit, to the computing system, via the secure authorized session, the device access token and one of (i) the transaction request, or (ii) a modified transaction request); receiving, from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request (see claim 8: receive, from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request); and providing, by the first smart device to the second smart device, a response to the transaction request based on the electronic message (see claim 8: provide, to the second smart device, a response to the transaction request based on the electronic message). As per claim 18, ‘678 discloses wherein the device access token is generated based further on at least one of: a device identifier corresponding to the first smart device; a financial account identifier corresponding to the financial account of the user that the second smart device is permitted to access; a user identifier corresponding to the user; or a device identifier corresponding to the second smart device (see claim 8: generate a device access token based on (i) a device identifier corresponding to the first smart device, (ii) a financial account identifier corresponding to the financial account of the user that the second smart device is permitted to access, (iii) a user identifier corresponding to the user, (iv) a device identifier corresponding to the second smart device, and (v) account restriction generated based on the first and second selections). As per claim 19, ‘678 discloses configured to receive, via a software application executing on the first smart device, a request to enroll the first smart device in the server-to-device secure data exchange ecosystem (see claim 8: receive, via a first software application executing on the first smart device, a request to enroll the first smart device in a server-to-device secure data exchange ecosystem that allows multiple applications and/or smart devices to transact with a computing system of a service provider indirectly via the first smart device). As per claim 20, ‘678 discloses wherein the first selection and the second selection are received via a software application executing on the first smart device (see claim 8: receive, via a graphical user interface presented by the first software application, a first selection of a second smart device to enroll in the server-to-device secure data exchange and a second selection). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. - US Patent 9,055,050: discloses a method for allowing a software application running on a second mobile device to access some of the first party information once the first party authenticates the software application. The authentication process comprises the second mobile device sending an application ID which is uniquely assigned to the software application and a device ID which is uniquely assigned to the second computing device to a first mobile device. The second mobile device also sends a set of permissions the software application requires from the user to the first mobile device. After receiving confirmation from the first party as to whether the first party is willing to grant the software application access to some or all of the first party’s information based on the set of access permissions the software application requires, the first mobile device generates an access token using the application ID and the device ID. The first mobile device sends the access token to a remote server from where the second mobile device may subsequently retrieve the access token. In alternate embodiment, the first mobile device sends the access token directly to the second mobile device. The software application executing on the second mobile device may access information of the first party with the access token. While disclosing generating, by a first device, access token using APP ID of a software executing on a second device and device ID of the second device; transmitting of the access token to the second device; and allowing the second device to access personal information using the access token, the disclosure does not disclose the particular steps as recited in claim 1, including the account restriction in the device access token and the particular flow of the first smart device receiving request from the second smart device, sending the access token to the computing system along with one of the transaction request or a modified transaction request, receiving an electronic message from the computing system, and providing to the second device a response to the transaction request based on the electronic message. - US Patent 9,628,558 discloses a method and system for sharing of web-based content between devices by use of a proxy server that is embedded in a browser to share content, i.e., audio/video, online banking information, etc., between devices. A first device utilizes a proxy server to stream video content from a first web server to a second device. This content sharing may be on a one-to-one, one-to-many, or many-to-one basis. The patent discloses an enrollment interface that may be used to enroll a local device such as a smart phone in Fig. 1 in a personal proxy network. The local device is able to act as a proxy device with regards to sharing of content from a source, thereby providing a user an option to share content with other devices in the personal proxy network. PNG media_image1.png 809 551 media_image1.png Greyscale The patent, however, does not disclose the generating of the access token and use of the account restriction in the device access token for providing the information requested by the second device as claimed in claim 1. - US Patent 10,205,718 discloses transferring of authentication mechanism for transferring an authentication of the user from a first electronic device to a second electronic device. The authentication mechanism includes transferring an access token (e.g., an OAuth access token) between the first and second device, thereby providing a set of access rights that relates to service used by the user under an identity-management system. The use of the same access token on both electronic devices may further ensure that the user’s sessions with services expire at the same time. The disclosure does not disclose the particular steps as recited in claim 1, including the account restriction in the device access token and the particular flow of the first smart device receiving request from the second smart device, sending the access token to the computing system along with one of the transaction request or a modified transaction request, receiving an electronic message from the computing system, and providing to the second device a response to the transaction request based on the electronic message. - US 20140379801 discloses methods, devices, and system for utilizing dashboard software that enables retrieval of user account information from various services on a shared computing device. The publication further discloses a second device such as a smartphone that may install and utilize the dashboard software. The second device may receive account information as a push service from the shared computing device. This may enable a user of the second device to monitor the activity/notifications/status of the users of the services associated with the shared computing device. The second device also may act as a proxy device by retrieving and relaying account information related to its user to the shared computing device. In other word, the shared computing device receives and displays account information retrieved by other devices (proxies). The publication, however, does not disclose the particulars of generating of the access token and use of the account restriction in the device access token for providing the information requested by the second device as claimed in claim 1. - US 10205779 discloses a system and method, particularly information sharing between electronic device, i.e., transfer of information between at least two electronic devices bound to each other. The patent disclosure discloses binding of two devices and interaction with a server. The disclosure utilizes browser-integrated options to send identical data to a server that performs verification of the data in for to allow information sharing. The publication, however, does not disclose the particulars of generating of the access token and use of the account restriction in the device access token for providing the information requested by the second device as claimed in claim 1. - “Building secure healthcare services using OAuth 2.0 and JSON web token in IOT cloud scenario” discloses use of OAuth in delegating authorization that allows the patient seeking clinical care to authorize automatic monthly payments from his bank account without the patient being required to supply his credentials to the clinic. The publication does not disclose the particular steps as recited in claim 1, including the account restriction in the device access token and the particular flow of the first smart device receiving request from the second smart device, sending the access token to the computing system along with one of the transaction request or a modified transaction request, receiving an electronic message from the computing system, and providing to the second device a response to the transaction request based on the electronic message. Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN S KIM whose telephone number is (571)270-5287. The examiner can normally be reached Monday -Friday: 7:00 - 3:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached at 571-272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /STEVEN S KIM/Primary Examiner, Art Unit 3698