DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This non-final action is in response to the filing of the current application 19/185,864 filed on 8/19/2025.
Claims 1-20 have been presented and are pending.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/6/2025 and 4/29/2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Continuation
This application is a continuation application of U.S. application no. 17/940,405 filed on 9/21/2022, now US Patent No. 12,572,928 (Parent Application), which is a continuation application of U.S. application no. 17/676,328 filed on 2/21/2022, now US Patent No. 12,211,033 (Parent Application), which claims the benefit of and priority of U.S. provision application no. 63/181,861 filed on April 29, 2021 and also claims the benefit of and priority of U.S. provision application no. 63/152,581 filed on February 23, 2021. See MPEP §201.07. In accordance with MPEP §609.02 A. 2 and MPEP §2001.06(b) (last paragraph), the Examiner has reviewed and considered the prior art cited in the Parent Application. Also, in accordance with MPEP §2001.06(b) (last paragraph), all documents cited or considered ‘of record’ in the Parent Application are now considered cited or ‘of record’ in this application. Additionally, Applicant(s) are reminded that a listing of the information cited or ‘of record’ in the Parent Application need not be resubmitted in this application unless Applicant(s) desire the information to be printed on a patent issuing from this application. See MPEP §609.02 A. 2.
Specification
The use of the term, i.e., Apple, Google, Samsung, Citrix, Azure, etc., which are trade name(s) or mark(s) used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.
The applicant is advised to review the Specification to identify all the trademark expressions and properly mark the expressions as noted above.
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01(o). Correction of the following is required: “first service provider” in claims 1, 10, and 19.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Per independent claims 1, 10, and 18, the claims recite in part wherein the computing system determines that the transaction request is valid … from the computing system. The scope of the claims is unclear as the claims previous recite two computing system, i.e., 1) a computing system of the first service provider and 2) a computing system associated with the financial account. In other word, it is unclear as to which one of the previously recited computing systems refer to “the computing system”.
Per claim 5, the claim recites in part The method of claim 4, further comprising generating, by the smart device, the device access token responsive to receiving the selection of the financial account. The independent claim, however, also recites in part generating, by a smart device, a device access token for the smart device based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to a financial account, (iii) a user identifier corresponding to a user of the smart device, and (iv) an identifier of a software application corresponding to a first service provider. Given the claim construction, one of ordinary would appreciate that the device access token is generated twice which renders the claim to be indefinite.
The applicant is advised to amend the claim to further limit the step of generating of the device access token in claim 1, i.e., The method of claim 4, wherein the generating, by the smart device, the device access token is in responsive to receiving the selection of the financial account, instead of reciting two separate steps of generating of the device access token.
Claim 7 also includes the same deficiency, hence is also rejected.
The dependent claims are rejected as they depend on claim(s) above without curing the deficiency identified in the independent claim(s).
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, 9, 11-14, and 19 of U.S. Patent No. 12,229,758.
Although the claims at issue are not identical, they are not patentably distinct from each other because:
Per claim 1, ‘758 discloses a method comprising:
generating, by a smart device, a device access token for the smart device based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to a financial account, (iii) a user identifier corresponding to a user of the smart device, and (iv) an identifier of a software application corresponding to a first service provider (claim 1: a second selection of a second software application of a second service provider ... generating, by the smart device, a device access token based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to the financial account, and (iii) a user identifier corresponding to a user of the smart device, the device access token generated such that the account restriction for the second software application is encoded as part of the device access token);
retrievably storing, by the smart device in a secure storage element of the smart device, the device access token in association with the software application (claim 3: retrievably storing, by the smart device in a secure storage element of the smart device, the device access token including the account restriction in association with the second software application);
receiving, by the smart device, a transaction request from the software application executing on the smart device (claim 1: receiving, by the smart device, a transaction request from the second software application executing on the smart device);
responsive to receiving the transaction request, (i) establishing, by the smart device, a secure authorized session between the smart device and a computing system of the first service provider, and (ii) accessing, by the smart device, the previously stored device access token according to the identifier of the software application (claim 1: responsive to determining that the transaction request does not violate the account restriction, establishing, by the smart device, a secure authorized session between the smart device and the computing system of the first service provider; claim 4: accessing the device access token in response to determining that the transaction request does not violate the account restriction);
validating, by the smart device, the device access token with respect to the software application (claim 1: determining, by the smart device, that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token);
transmitting, by the smart device to a computing system associated with the financial account, the device access token and the transaction request, wherein the computing system determines that the transaction request is valid by parsing the identifier of the software application encoded as part of the device access token (claim 1: transmitting, to the computing system, via the secure authorized session, the device access token and one of (i) the transaction request, or (ii) a modified transaction request, wherein the computing system of the first service provider determines that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token);
receiving, by the smart device from the computing system, an electronic message responsive to the transaction request being validated (claim 1: receiving, by the smart device from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request); and
providing, by the smart device to the software application, a response to the transaction request based on the electronic message (claim 1:providing, by the smart device to the second software application, a response to the transaction request based on the electronic message).
Per independent claim 10, the claim is significantly similar to claim 1. Hence claim 10 is also rejected. Furthermore, claims 11, 13, and 14 of the ‘758 disclose the corresponding smart device performing the similar step(s) as recited in claims 1, 3, and 4 of the ‘758. As such, claim 10 is rejected based on claims 11, 13, and 14.
Per independent claim 19, the claim is significantly similar to claim 1. Hence claim 19 is also rejected.
As per claims 2, 11, and 20, ‘758 further teaches receiving, by the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to communicate with the computing system indirectly via the smart device (claim 1: receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device)(claim 11).
As per claims 3 and 12, ‘758 further teaches wherein the software application is a first software application, and the method further comprises: receiving, by the smart device, the request to enroll the smart device in a server-to-device secure data exchange from a second software application executing on the smart device; and receiving, by the smart device, via the second software application, a selection of the first software application for enrollment in the server-to-device secure data exchange (claim 1: receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device; receiving, by the smart device, a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application; claim 2: wherein the first selection and the second selection are received via the first software application executing on the smart device)(claim 11 and claim 12).
As per claims 4 and 13, ‘758 further teaches receiving, by the smart device, input specifying a selection of the financial account (claim 1: receiving, by the smart device, a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application)(claim 11);.
As per claims 5 and 14, ‘758 further teaches generating, by the smart device, the device access token responsive to receiving the selection of the financial account (Claim 1: receiving, by the smart device, a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application; generating, by the smart device, a device access token based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to the financial account, and (iii) a user identifier corresponding to a user of the smart device, the device access token generated such that the account restriction for the second software application is encoded as part of the device access token)(claim 11).
As per claims 6 and 15, ‘758 further teaches receiving, by the smart device, an account restriction applicable to the software application (claim 1: receiving, by the smart device, a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application)(claim 11).
As per claims 7 and 16, ‘758 further teaches generating, by the smart device, the device access token to further include the account restriction (claim 1: the device access token generated such that the account restriction for the second software application is encoded as part of the device access token)(claim 11).
As per claims 8 and 17, ‘758 further teaches applying, by the smart device, the account restriction to the transaction request (claim 1: determining, by the smart device, that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token) (claim 11).
As per claims 9 and 18, ‘758 further teaches transmitting, by the smart device, the account restriction to the computing system via the secure authorized session (claim 9: transmitting the account restriction to the computing system via the secure authorized session)(claim 19).
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-3, 6, 9, 11-13, 16, and 19 of U.S. Patent No. 12,399,973.
Although the claims at issue are not identical, they are not patentably distinct from each other because:
Per claim 1, ‘973 discloses a method comprising:
generating, by a smart device, a device access token for the smart device based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to a financial account, (iii) a user identifier corresponding to a user of the smart device, and (iv) an identifier of a software application corresponding to a first service provider (claim 1: generating, by the smart device, a device access token based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to the financial account, (iii) a user identifier corresponding to a user of the smart device, and (iv) an identifier of the second software application;);
retrievably storing, by the smart device in a secure storage element of the smart device, the device access token in association with the software application (claim 1: retrievably storing, by the smart device in a secure storage element of the smart device, the device access token in association with the second software application;);
receiving, by the smart device, a transaction request from the software application executing on the smart device (claim 1: receiving, by the smart device, a transaction request from the second software application executing on the smart device);
responsive to receiving the transaction request, (i) establishing, by the smart device, a secure authorized session between the smart device and a computing system of the first service provider, and (ii) accessing, by the smart device, the previously stored device access token according to the identifier of the software application (claim 1: responsive to receiving the transaction request, (i) establishing, by the smart device, a secure authorized session between the smart device and the computing system of the first service provider, and (ii) accessing, by the smart device, the previously stored device access token according to the identifier of the second software application);
validating, by the smart device, the device access token with respect to the software application (claim 1: validating, by the smart device, the device access token with respect to the second software application);
transmitting, by the smart device to a computing system associated with the financial account, the device access token and the transaction request, wherein the computing system determines that the transaction request is valid by parsing the identifier of the software application encoded as part of the device access token (claim 1: transmitting, by the smart device to the computing system, via the secure authorized session, the device access token and one of (i) the transaction request, or (ii) a modified transaction request, wherein the computing system of the first service provider determines that the transaction request is valid by parsing the identifier of the second software application encoded as part of the device access token);
receiving, by the smart device from the computing system, an electronic message responsive to the transaction request being validated (claim 1: receiving, by the smart device from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request, the electronic message provided based on the device access token being validated); and
providing, by the smart device to the software application, a response to the transaction request based on the electronic message (claim 1: providing, by the smart device to the second software application, a response to the transaction request based on the electronic message).
Per independent claim 10, the claim is significantly similar to claim 1. Hence claim 10 is also rejected. Furthermore, claim 11 of the ‘758 disclose the corresponding smart device performing the similar step(s) as recited in claim 1 of the ‘758. As such, claim 10 is rejected based on claim 11.
Per independent claim 19, the claim is significantly similar to claim 1. Hence claim 19 is also rejected.
As per claims 2, 11, and 20, ‘973 further teaches receiving, by the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to communicate with the computing system indirectly via the smart device (claim 1: receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device)(claim 11).
As per claims 3 and 12, ‘973 further teaches wherein the software application is a first software application, and the method further comprises: receiving, by the smart device, the request to enroll the smart device in a server-to-device secure data exchange from a second software application executing on the smart device; and receiving, by the smart device, via the second software application, a selection of the first software application for enrollment in the server-to-device secure data exchange (claim 1: receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device; claim 2: wherein the first selection and the second selection are received via the first software application executing on the smart device)(claim 11 and claim 12).
As per claims 4 and 13, ‘973 further teaches receiving, by the smart device, input specifying a selection of the financial account (claim 1: receiving, by the smart device, a first selection of a financial account)(claim 11);.
As per claims 5 and 14, ‘973 further teaches generating, by the smart device, the device access token responsive to receiving the selection of the financial account (Claim 1: receiving, by the smart device, a first selection of a financial account … responsive to receiving the first selection and the second selection generating, by the smart device, a device access token)(claim 11).
As per claims 6 and 15, ‘973 further teaches receiving, by the smart device, an account restriction applicable to the software application (claim 3: receiving, by the smart device, an account restriction applicable to the second software application)(claim 13).
As per claims 7 and 16, ‘973 does not particularly teach generating, by the smart device, the device access token to further include the account restriction. However, as ‘973 teaches including parameters in device access token providing access, it would have been obvious to one of ordinary skill in the art prior to the effective filing of claimed invention to include any known parameters, including account restriction, in the device access token in ‘973 in controlling access.
As per claims 8 and 17, ‘973 further teaches applying, by the smart device, the account restriction to the transaction request (claim 6: generating, by the smart device, the modified transaction request based on the transaction request and the account restriction) (claim 16).
As per claims 9 and 18, ‘973 further teaches transmitting, by the smart device, the account restriction to the computing system via the secure authorized session (claim 9: transmitting the account restriction to the computing system via the secure authorized session)(claim 19).
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-2, 4, 8, 11-13, and 18 of U.S. Patent No. 12,572,928.
Although the claims at issue are not identical, they are not patentably distinct from each other because:
Per claim 1, ‘928 discloses a method comprising:
generating, by a smart device, a device access token for the smart device based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to a financial account, (iii) a user identifier corresponding to a user of the smart device, and (iv) an identifier of a software application corresponding to a first service provider (claim 1: generating, by the smart device, a device access token based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to a financial account of a user, and (iii) a user identifier corresponding to the user);
retrievably storing, by the smart device in a secure storage element of the smart device, the device access token in association with the software application (Claim 4: retrievably storing, by the smart device in a secure storage element of the smart device, the device access token and the account restriction in association with the second software application);
receiving, by the smart device, a transaction request from the software application executing on the smart device (claim 1: receiving, by the smart device, a transaction request from the second software application executing on the smart device);
responsive to receiving the transaction request, (i) establishing, by the smart device, a secure authorized session between the smart device and a computing system of the first service provider, and (ii) accessing, by the smart device, the previously stored device access token according to the identifier of the software application (claim 1: … establishing, by the smart device, in response to receiving the transaction request, a secure authorized session between the smart device and the computing system of the first service provider; Claim 4: retrievably storing, by the smart device in a secure storage element of the smart device, the device access token and the account restriction in association with the second software application);
validating, by the smart device, the device access token with respect to the software application (claim 1: determining, by the smart device, that the transaction request is received from the second software application and that the account restriction is applicable to the second software application);
transmitting, by the smart device to a computing system associated with the financial account, the device access token and the transaction request, wherein the computing system determines that the transaction request is valid by parsing the identifier of the software application encoded as part of the device access token (claim 1: transmitting, by the smart device to the computing system, via the secure authorized session, the device access token and one of (i) the transaction request, or (ii) a modified transaction request, wherein the computing system of the first service provider determines that the transaction request is valid by parsing the identifier of the second software application encoded as part of the device access token);
receiving, by the smart device from the computing system, an electronic message responsive to the transaction request being validated (claim 1: receiving, by the smart device from the computing system, via the secure authorized session, the electronic message responsive to the transaction request); and
providing, by the smart device to the software application, a response to the transaction request based on the electronic message (claim 1: providing, by the smart device to the second software application, a response to the transaction request based on the electronic message).
Per independent claim 10, the claim is significantly similar to claim 1. Hence claim 10 is also rejected. Furthermore, claims 11 and 13 of the ‘928 disclose the corresponding smart device performing the similar step(s) as recited in claims 1 and 4 of the ‘928. As such, claim 10 is rejected based on claims 11 and 16.
Per independent claim 19, the claim is significantly similar to claim 1. Hence claim 19 is also rejected.
As per claims 2, 11, and 20, ‘928 further teaches receiving, by the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to communicate with the computing system indirectly via the smart device (claim 1: receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device)(claim 11).
As per claims 3 and 12, ‘928 further teaches wherein the software application is a first software application, and the method further comprises: receiving, by the smart device, the request to enroll the smart device in a server-to-device secure data exchange from a second software application executing on the smart device; and receiving, by the smart device, via the second software application, a selection of the first software application for enrollment in the server-to-device secure data exchange (claim 1: receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device; Claim 2: receiving, by the smart device, a first selection of the financial account and a second selection of the second software application of the second service provider, wherein the device access token is generated in response to receiving the first selection and the second selection)(claim 11 and claim 12).
As per claims 4 and 13, ‘928 further teaches receiving, by the smart device, input specifying a selection of the financial account (Claim 2: receiving, by the smart device, a first selection of the financial account)(claim 12);.
As per claims 5 and 14, ‘928 further teaches generating, by the smart device, the device access token responsive to receiving the selection of the financial account (Claim 2: receiving, by the smart device, a first selection of the financial account and a second selection of the second software application of the second service provider, wherein the device access token is generated in response to receiving the first selection and the second selection)(claim 12).
As per claims 6 and 15, ‘928 further teaches receiving, by the smart device, an account restriction applicable to the software application (claim 1: receiving, by the smart device, an account restriction applicable to the second software application)(claim 11).
As per claims 7 and 16, ‘928 does not particularly teach generating, by the smart device, the device access token to further include the account restriction. However, as ‘928 teaches including parameters in device access token providing access, it would have been obvious to one of ordinary skill in the art prior to the effective filing of claimed invention to include any known parameters, including account restriction, in the device access token in ‘928 in controlling access.
As per claims 8 and 17, ‘928 further teaches applying, by the smart device, the account restriction to the transaction request (claim 1: determining, by the smart device, that the transaction request is received from the second software application and that the account restriction is applicable to the second software application) (claim 11).
As per claims 9 and 18, ‘928 further teaches transmitting, by the smart device, the account restriction to the computing system via the secure authorized session (claim 8: transmitting the account restriction to the computing system via the secure authorized session)(claim 18).
Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 3, 4, 11, 12, 14, 15, and 20 of copending Application No. 19/054,133 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because:
Per claim 1, ‘133 discloses a method comprising:
generating, by a smart device, a device access token for the smart device based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to a financial account, (iii) a user identifier corresponding to a user of the smart device, and (iv) an identifier of a software application corresponding to a first service provider (claim 1: generating, by the smart device, a device access token based at least in part on (i) a device identifier corresponding to the smart device, and (ii) a financial account identifier corresponding to the financial account, the device access token generated such that the account restriction for the second software application is encoded as part of the device access token);
retrievably storing, by the smart device in a secure storage element of the smart device, the device access token in association with the software application (Claim 3: retrievably storing, by the smart device in a secure storage element of the smart device, the device access token including the account restriction in association with the second software application);
receiving, by the smart device, a transaction request from the software application executing on the smart device (claim 1: receiving, by the smart device, a transaction request from the second software application executing on the smart device);
responsive to receiving the transaction request, (i) establishing, by the smart device, a secure authorized session between the smart device and a computing system of the first service provider, and (ii) accessing, by the smart device, the previously stored device access token according to the identifier of the software application (claim 11: wherein the device access token is transmitted via a secure authorized session, established by the smart device, between the smart device and the computing system of the first service provider; claim 4: accessing the device access token in response to determining that the transaction request does not violate the account restriction);
validating, by the smart device, the device access token with respect to the software application (claim 1: determining, by the smart device, that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token);
transmitting, by the smart device to a computing system associated with the financial account, the device access token and the transaction request, wherein the computing system determines that the transaction request is valid by parsing the identifier of the software application encoded as part of the device access token (claim 1: transmitting, to the computing system, the device access token and one of (i) the transaction request, or (ii) a modified transaction request, wherein the computing system of the first service provider determines that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token);
receiving, by the smart device from the computing system, an electronic message responsive to the transaction request being validated (claim 1: receiving, by the smart device from the computing system, an electronic message responsive to the transaction request or to the modified transaction request); and
providing, by the smart device to the software application, a response to the transaction request based on the electronic message (claim 1: providing, by the smart device to the second software application, a response to the transaction request based on the electronic message).
Per independent claim 10, the claim is significantly similar to claim 1. Hence claim 10 is also rejected. Furthermore, claims 12, 14-15, and 20 of the ‘133 disclose the corresponding smart device performing the similar step(s) as recited in claims 1, 3-4, and 11 of the ‘133. As such, claim 10 is rejected based on claims 12, 14-15, and 20.
Per independent claim 19, the claim is significantly similar to claim 1. Hence claim 19 is also rejected.
As per claims 2, 11, and 20, ‘133 further teaches receiving, by the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to communicate with the computing system indirectly via the smart device (claim 1: receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows one or more applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device)(claim 12).
As per claims 3 and 12, ‘133 further teaches wherein the software application is a first software application, and the method further comprises: receiving, by the smart device, the request to enroll the smart device in a server-to-device secure data exchange from a second software application executing on the smart device; and receiving, by the smart device, via the second software application, a selection of the first software application for enrollment in the server-to-device secure data exchange (claim 1: receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows one or more applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device; receiving, by the smart device, a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application)(claim 12).
As per claims 4 and 13, ‘133 further teaches receiving, by the smart device, input specifying a selection of the financial account (Claim 1: receiving, by the smart device, a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application)(claim 12);.
As per claims 5 and 14, ‘133 further teaches generating, by the smart device, the device access token responsive to receiving the selection of the financial account (Claim 1: receiving, by the smart device, a first selection of a financial account … generating, by the smart device, a device access token based at least in part on (i) a device identifier corresponding to the smart device)(claim 12).
As per claims 6 and 15, ‘133 further teaches receiving, by the smart device, an account restriction applicable to the software application (claim 5: wherein the account restriction is received via the first software application)(claim 16).
As per claims 7 and 16, ‘133 further teaches generating, by the smart device, the device access token to further include the account restriction (claim 1: the device access token generated such that the account restriction for the second software application is encoded as part of the device access token)(claim 12).
As per claims 8 and 17, ‘133 further teaches applying, by the smart device, the account restriction to the transaction request (claim 1: determining, by the smart device, that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token) (claim 12).
As per claims 9 and 18, ‘133 further teaches transmitting, by the smart device, the account restriction to the computing system via the secure authorized session (claim 9: ttransmitting the account restriction to the computing system via a secure authorized session.)(claim 19).
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Conclusion
Claim interpretation: claim 1 is directed to a method by a smart device that encompasses the smart device step(s) in interaction with 1) a software application executing on the smart device; 2) a computing system of a first service provider corresponding to the software application; and 3) a computing system associated with the financial account. Given the claim construction, one of ordinary skill would appreciate that there are two distinct computer system recited in the claim. The smart device, responsive to receiving a transaction request from the software application executing on the smart device and corresponds to the first service provider, a) establishes a secure authorized session between the smart device and the computing system of the first service provider and b) accesses the previously stored device access token according to the identifier of the software application. The smart device validates the device access token (i.e., retrieved device access token). The smart device transmits to a computing system associated with a financial account, i.e., one of parameters the smart device based in generating the device access token, the device access token (i.e., retrieved and validated device access token) and the transaction request received from the software application. The smart device receives from the computing system an electronic message responsive to the transaction request being validated by the computing system by parsing the identifier of the software application encoded as part of the device access token by the computing system, and the smart device providing to the software application a response to the transaction request based on the electronic message.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
- Access/permission/authorization token/ticket are well known in the art of authorization prior to the effective filing of instant claim(s). For example:
US Patent 10,791,197 discloses use of access token that an application executing on a user device to access user’s account with network media service. A token request is received by the network media service from the user device. The network media service generates an access token and stores the access token in association with the application identifier, user identifier, user device account identifier, an issuance timestamp, a revocation timestamp, etc. in a token database. The media service can send the access token to operating system on user device and store the received token in association with the application identifier for the application in token repository. The application can obtain the token from the repository or the operating system in order to use the token to access the user’s account from the network media service. Upon receiving the token from the application, the media service can validate the token and provide the access.
PNG
media_image1.png
572
700
media_image1.png
Greyscale
PNG
media_image2.png
539
756
media_image2.png
Greyscale
US Publication 20130318592 discloses use of access token configured to be used to authenticate a device and the user in order to provide access to an account information. A credential is required for first authentication and the access token is issued and stored thereafter so that the access token can be retrieved and used to authenticate the device and the user for access to the account information. The token may be generated based on a date, a time, a customer identifier, device identifier and/or random number and is refreshed, i.e., a new token is generated each time, the device accesses the account information.
US Publication 20050254514: discloses an electronic token useable for controlling access to a resource. The electronic token includes a token grantor identifier indicating a token grantor, a token grantee identifier indicating a token grantee, and a resource access control field that is used to indicate control of additional limitations of token grantee access to a resource as specified by the token grantor. The electronic token is generated and transmitted to a token grantee computer system that utilizes the electronic token in requesting a resource from a computer system.
US Patent 9,055,050: discloses a method for allowing a software application running on a second mobile device to access some of the first party information once the first party authenticates the software application. The authentication process comprises the second mobile device sending an application ID which is uniquely assigned to the software application and a device ID which is uniquely assigned to the second computing device to a first mobile device. The second mobile device also sends a set of permissions the software application requires from the user to the first mobile device. After receiving confirmation from the first party as to whether the first party is willing to grant the software application access to some or all of the first party’s information based on the set of access permissions the software application requires, the first mobile device generates an access token using the application ID and the device ID. The first mobile device sends the access token to a remote server from where the second mobile device may subsequently retrieve the access token. In alternate embodiment, the first mobile device sends the access token directly to the second mobile device. The software application executing on the second mobile device may access information of the first party with the access token.
While disclosing generating, by a first device, access token using APP ID of a software executing on a second device and device ID of the second device; transmitting of the access token to the second device; and allowing the second device to access personal information using the access token, the disclosure does not disclose the particular steps as recited in claim 1, including the account restriction in the device access token and the particular flow of the first smart device receiving request from the second smart device, sending the access token to the computing system along with one of the transaction request or a modified transaction request, receiving an electronic message from the computing system, and providing to the second device a response to the transaction request based on the electronic message.
US Publication 20140007195 discloses use of access token, particularly providing account access to a third-party application without having to provide user credentials. The access token is generated with expiration time and issued to the third-party application for specific access to the user account.
US Publication 20160350747 discloses use of authentication token in providing access to a user;s account information to an aggregator. A customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator may collect account information on behalf of the customer. Rather than providing their username, password, and/or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter their credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator. Subsequently, the aggregator may use the token to obtain read-only access to financial account information for one or more financial accounts that are maintained by the financial institution for the customer.
The references, however, does not teach the claimed invention of a smart device, responsive to receiving a transaction request from the software application executing on the smart device and corresponds to the first service provider, a) establishing a secure authorized session between the smart device and the computing system of the first service provider and b) accessing the previously stored device access token according to the identifier of the software application; the smart device validating the device access token (i.e., retrieved device access token); the smart device transmitting to a computing system associated with a financial account, i.e., one of parameters the smart device based in generating the device access token, the device access token (i.e., retrieved and validated device access token) and the transaction request received from the software application; the smart device receiving from the computing system an electronic message responsive to the transaction request being validated by the computing system by parsing the identifier of the software application encoded as part of the device access token by the computing system, and the smart device providing to the software application a response to the transaction request based on the electronic message.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN S KIM whose telephone number is (571)270-5287. The examiner can normally be reached Monday -Friday: 7:00 - 3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached at 571-272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/STEVEN S KIM/Primary Examiner, Art Unit 3698