`USAA v. Asghari-Kamrani et al.
`CBM2016-00063
`CBM2016-00064
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`to the credit card on the attached credit card authorization form. Any additional fees may be
`
`charged to the deposit account of MICHAEL P FORTKORT PC, Deposit Account No. 50-3776.
`
`In response to the non—final Office Action mailed August 5, 2011, the Applicants hereby
`
`respectfully submit the following amendments and remarks:
`
`Amendments to the Claims begin on page 3.
`
`Remarks begin on page 17.
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`In the Claims:
`
`Please amend the claims as follows:
`
`1-20. (Cancelled)
`
`21. (Currently Amended) A computer implemented method to authenticate an individual
`
`in communication with an entity over a communication network during communication between
`
`the entity and the individual, the computer implemented method comprising:
`
`receiving electronically a request for a dynamic code for the individual, which request is
`
`received during authentication of the individual by the entity;
`
`calculating the dynamic code for the individual in response to the request during
`
`authentication of the individual by the entity, wherein the dm amic code is valid for a predefined
`
`time and becomes invalid after being used;
`
`sending electronically the dynamic code to the individual during authentication of the
`
`individual by the entity;
`
`receiving electronically an authentication request to authenticate the individual based on a
`
`user information and the dynamic code included in the authentication request; and
`
`verifying an identity of the individual based on the user information and the dynamic
`
`code included in the authentication request.
`
`22. (Previously Presented) The computer implemented method of claim 21, wherein the
`
`request for the dynamic code is received by a computer associated with a first trusted-
`
`authenticator and the authentication request is received by the first trusted—authenticator.
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`23. (Previously Presented) The computer implemented method of claim 21, wherein the
`
`request for the dynamic code is received by a computer associated with a first trusted-
`
`authenticator and the authentication request is received by a computer associated with a second
`
`trusted—authenticator that is different than the first trusted—authenticator.
`
`24. (Currently Amended) The computer implemented method of claim 21, wherein the
`
`dynamic code includes a
`
`
`
`
`
`time—dependent SecureCode.
`
`
`
`25. (Previously Presented) The computer implemented method of claim 21, wherein at
`
`least the dynamic code is encrypted.
`
`26. (Currently Amended) A computer implemented method for an entity to authenticate
`
`an individual over a communication network during communication with the individual, the
`
`method comprising:
`
`requesting electronically both a user information and a dynamic code from the individual
`
`in order to validate the individual’ s identity during communication with the individual, which
`
`individual obtains the dynamic code from a computer associated with a trusted—authenticator
`
`during the communication between the individual and the entity, wherein the dfl amic code is
`
`valid for a predefined time and becomes invalid after being used;
`
`receiving electronically both the user information and the dynamic code from the
`
`individual; and
`
`authenticating the individual based on verification by the trusted—authenticator of the user
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`information and the dynamic code received during communication between the individual and
`
`the entity
`
`
`
`27. (Previously Presented) The computer implemented method of claim 26, wherein the
`
`user information and the dynamic code comprise credentials for verifying the individual’s
`
`identity.
`
`28. (Currently Amended) The computer implemented method of claim 26, wherein the
`
` dynamic code includes a
`
`time—dependent SecureCode.
`
`29. (Previously Presented) The computer implemented method of claim 26, wherein at
`
`least the dynamic code is encrypted.
`
`30. (Previously Presented) The computer implemented method of claim 26, wherein the
`
`entity corresponds to a business, organization, or another individual.
`
`3 1. (Previously Presented) The computer implemented method of claim 26, wherein a
`
`computer associated with a first trusted—authenticator calculates the dynamic code and provides
`
`the dynamic code to the individual during communication between the individual and the entity.
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`32. (Cancelled)
`
`33. (Cancelled)
`
`34. (Currently Amended) A computer implemented method for a website to authenticate
`
`an individual over a communication network during a communication session between the
`
`individual and the website, the computer implemented method comprising:
`
`requesting by a computer associated with the website both a user information and a
`
`dynamic code from the individual in order to validate the individual’ s identity, wherein the
`
`dfl amic code is valid for a predefined time and becomes invalid after being used;
`
`receiving both the user information and the dynamic code from the individual, which
`
`individual receives the dynamic code during the communication session between the individual
`
`and the website; and
`
`creating an authentication request message including the user information and the
`
`dynamic code and providing the authentication request message to a first computer associated
`
`with a trusted—authenticator, the trusted authenticator authenticating the individual based on the
`
`user information and the dynamic code.
`
`35. (Previously Presented) The computer implemented method of claim 34, wherein the
`
`user information and the dynamic code comprise credentials for verifying the individual’s
`
`identity.
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`36. (Previously Presented) The computer implemented method of claim 34, wherein the
`
`dynamic code includes a non—predictable and time—dependent SecureCode.
`
`37. (Previously Presented) The computer implemented method of claim 34, wherein at
`
`least the dynamic code is encrypted.
`
`38. (Previously Presented) The computer implemented method of claim 34, wherein a
`
`second computer associated with the trusted—authenticator calculates the dynamic code and
`
`provides the dynamic code to the individual during the communication session between the
`
`individual and the website.
`
`39. (Cancelled)
`
`40. (Cancelled)
`
`41. (Currently Amended) A computer implemented method for authenticating an
`
`individual in communication with an entity over a communication network during
`
`communication between the entity and the individual, the method comprising:
`
`receiving by a computer associated with the entity a dynamic code during authentication
`
`of the individual by the entity, which said dynamic code was sent to the individual by a trusted-
`
`authenticator in response to a request for the dynamic code from the trusted—authenticator during
`
`authentication of the individual by the entity and was calculated by the trusted—authenticator
`
`during authentication of the individual by the entity, wherein the dynamic code is valid for a
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`predefined time and becomes invalid after being used;
`
`sending electronically by the entity an authentication request to a trusted—authenticator to
`
`authenticate the individual based on a user information and a received dynamic code included in
`
`the authentication request, wherein said authentication request is sent during authentication of the
`
`individual by the entity; and
`
`receiving electronically by the entity a message from the trusted—authenticator either
`
`confirming or denying an identity of the individual based on the user information and the
`
`received dynamic code included in the authentication request from the entity during the time of
`
`authentication of the individual by the entity.
`
`42. (Previously Presented) The computer implemented method according to claim 41,
`
`wherein the entity and the trusted—authenticator are the same.
`
`43. (Previously Presented) The computer implemented method according to claim 41,
`
`wherein the entity and the trusted—authenticator are different.
`
`44. (Previously Presented) The computer implemented method according to claim 41,
`
`wherein said dynamic code is calculated after receiving the request from the individual for the
`
`dynamic code.
`
`45. (Previously Presented) The computer implemented method according to claim 41,
`
`wherein said dynamic code comprises a different value each time the dynamic code is requested
`
`by the individual.
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`46. (Currently Amended) A computer implemented method for authenticating an
`
`individual in communication with an entity during communication between the entity and the
`
`individual, the computer implemented method comprising:
`
`sending electronically a request for a dynamic code to a trusted—authenticator during
`
`authentication of the individual by the entity;
`
`receiving electronically the dynamic code from the trusted—authenticator during
`
`authentication of the individual by the entity, which dynamic code was calculated by a computer
`
`associated with the trusted—authenticator during authentication of the individual by the entity,
`
`wherein the dynamic code is valid for a predefined time and becomes invalid after being used;
`
`sending electronically the dynamic code and user information during authentication of the
`
`individual by the entity to the trusted—authenticator for verification by the trusted—authenticator
`
`during authentication of the individual by the entity; and
`
`receiving electronically acceptance or denial of authentication from the entity based on
`
`verification by the trusted—authenticator of the user information and dynamic code received from
`
`the individual during authentication of the individual by the entity.
`
`47. (Previously Presented) The computer implemented method according to claim 46,
`
`wherein the entity and the trusted—authenticator are the same.
`
`48. (Previously Presented) The computer implemented method according to claim 46,
`
`wherein the entity and the trusted—authenticator are different.
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`49. (Previously Presented) The computer implemented method according to claim 46,
`
`wherein said dynamic code is calculated after receiving the request from the individual for the
`
`dynamic code.
`
`50. (Previously Presented) The computer implemented method according to claim 46,
`
`wherein said dynamic code comprises a different value each time the dynamic code is requested
`
`for an individual.
`
`51. (Currently Amended) A computer implemented method to authenticate an individual
`
`during communication between the individual and another entity, the method comprising:
`
`receiving electronically a request for a dynamic code, wherein the request is received
`
`during authentication of the individual by the entity;
`
`sending the dynamic code electronically to the individual during authentication of the
`
`individual by the entity, wherein the dm amic code is valid for a predefined time and becomes
`
`invalid after being used;
`
`receiving electronically an authentication request from the entity to authenticate the
`
`individual based on a user information and dynamic code received from the individual during
`
`authentication of the individual by the entity, wherein said authentication request is received
`
`during authentication of the individual by the entity; and
`
`verifying by a computer an identity of the individual based on the user information and
`
`the received dynamic code in response to the authentication request from the entity during the
`
`time of authentication of the individual by the entity.
`
`-10-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`52. (Previously Presented) The computer implemented method according to claim 51,
`
`further comprising:
`
`sending electronically a confirmation or denial authentication message to the entity during
`
`authentication of the individual by the entity.
`
`5 3. (Previously Presented) The computer implemented method according to claim 51,
`
`wherein the entity comprises a trusted—authenticator.
`
`54. (Previously Presented) The computer implemented method according to claim 51,
`
`wherein said dynamic code is calculated after receiving the request for the dynamic code.
`
`55. (Previously Presented) The computer implemented method according to claim 51,
`
`wherein said dynamic code comprises a different value each time the dynamic code is requested
`
`for the individual.
`
`5 6. (Currently Amended) A computer implemented method to perform a two—factor
`
`authentication of an individual based on a user information as a first credential and a dynamic
`
`code as a second credential during communication over a network between an entity and the
`
`individual, the method comprising;
`
`receiving electronically acceptance or denial of two—factor authentication from the entity
`
`based on two credentials received from the individual, wherein:
`
`said user information comprises the first credential and said dynamic code comprises the
`
`second credential;
`
`-11-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`said dynamic code was calculated by a computer pro gram associated with %E56é
`
`£1ee%a trusted—authenticator and provided to the individual during said communication between
`
`the entity and the individual, wherein the dm amic code is valid for a predefined time and
`
`becomes invalid after being used;
`
`said user information and said dynamic code were electronically received and verified by
`
`the trusted—authenticator during authentication of the individual by the entity; and
`
`said dynamic code comprises a different value each time the individual receives a
`
`dynamic code from a trusted—authenticator.
`
`57. (Currently Amended) A computer implemented method to perform a two—factor
`
`authentication of an individual based on a user information as a first credential and a dynamic
`
`code as a second credential during communication between the entity and the individual, the
`
`method comprising;
`
`accepting or denying electronically of a two—factor authentication of the individual based
`
`on two credentials received from the individual, wherein:
`
`said user information comprises the first credential and said dynamic code comprises the
`
`second credential;
`
`said dynamic code was calculated by a first computer associated with a trusted-
`
`authenticator and sent by a second computer associated with the trusted—authenticator to the
`
`individual during communication between the individual and the entity, wherein the dm amic
`
`code is valid for a predefined time and becomes invalid after being used;
`
`said user information and said dynamic code were received electronically during
`
`authentication of the individual by the entity and were verified by the trusted—authenticator during
`
`-12-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`said communication between the individual and the entity; and
`
`said first computer associated with said trusted—authenticator calculates a different value
`
`for said dynamic code each time the individual requests a dynamic code from the trusted-
`
`authenticator.
`
`5 8. (Previously Presented) The computer implemented method according to claim 57,
`
`wherein the first computer and the second computer are the same.
`
`5 9. (Cancelled).
`
`60. (Cancelled).
`
`61. (Cancelled).
`
`62. (Currently Amended) A computer implemented method to perform a two—factor
`
`authentication of an individual based on a user information as a first credential and a dynamic
`
`code as a second credential during communication between the entity and the individual, the
`
`method comprising;
`
`accepting or denying electronically of the two—factor authentication of the individual
`
`based on two credentials received from the individual, wherein:
`
`said user information comprises the first credential and said dynamic code comprises the
`
`second credential;
`
`said dynamic code was calculated by a trusted—authenticator and sent to the individual for
`
`-13-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`authentication between the individual and the entity, wherein the dm amic code is valid for a
`
`predefined time and becomes invalid after being used;
`
`said user information and said dynamic code were received electronically during
`
`authentication of the individual by the entity and user information was verified by a first
`
`computer and dynamic code was verified by a second computer associated with the trusted-
`
`authenticator during said communication between the individual and the entity; and
`
`said dynamic code comprises a different value each time the individual receives a
`
`dynamic code from a trusted—authenticator.
`
`63. (Previously Presented) The computer implemented method according to claim 62,
`
`wherein the first computer and the second computer are the same.
`
`64. (Previously Presented) The computer implemented method according to claim 62,
`
`wherein said dynamic code is valid for a predefined time and may be used by the individual
`
`before becoming invalid.
`
`65. (New) The computer implemented method of claim 34, wherein a computer program
`
`associated with the trusted—authenticator calculates the dynamic code and provides the dynamic
`
`code to the individual during the communication session between the individual and the website.
`
`66. (New) The computer implemented method of claim 21, wherein the user information
`
`is verified by a first computer and dynamic code is verified by a second computer.
`
`-14-
`
`
`
`67. (New) The computer implemented method according to claim 34, wherein the website
`
`and the trusted—authenticator are the same.
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`68. (New) The computer implemented method of claim 34, wherein the user information
`
`is Verified by a first computer and dynamic code is Verified by a second computer associated with
`
`the trusted—authenticator.
`
`69. (New) The computer implemented method according to claim 41, wherein the entity
`
`and the trusted—authenticator are the same.
`
`70. (New) The computer implemented method of claim 41 wherein the user information
`
`is Verified by a first computer and dynamic code is Verified by a second computer associated with
`
`the trusted—authenticator.
`
`71. (New) The computer implemented method of claim 5 6, wherein the user information
`
`is Verified by a first computer and dynamic code is Verified by a second computer associated with
`
`the trusted—authenticator.
`
`72. (New) The computer implemented method according to claim 56, wherein the entity
`
`and the trusted—authenticator are the same.
`
`73. (New) The computer implemented method according to claim 57, wherein the entity
`
`and the trusted—authenticator are the same.
`
`-15-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`74. (New) The computer implemented method according to claim 46, wherein the
`
`dynamic code is alphanumeric.
`
`75. (New) The computer implemented method according to claim 56, wherein the
`
`dynamic code is alphanumeric.
`
`76. (New) The computer implemented method according to claim 21, wherein the
`
`dynamic code is alphanumeric.
`
`77. (New) The computer implemented method according to claim 26, wherein the
`
`dynamic code is alphanumeric.
`
`78. (New) The computer implemented method according to claim 34, wherein the
`
`dynamic code is alphanumeric.
`
`79. (New) The computer implemented method according to claim 41, wherein the
`
`dynamic code is alphanumeric.
`
`80. (New) The computer implemented method according to claim 57, wherein the
`
`dynamic code is alphanumeric.
`
`-16-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`REMARKS
`
`Claims 21-31, 34-38, 41-58 and 62-64 were previously pending. Claims 1-20, 32-33, 39-
`
`40, 59-61 have been previously cancelled without disclaimer of or prejudice to the subject matter
`
`contained therein. Claims 21, 24, 26, 28, 34, 41, 46, 51, 56, 57 and 62 have been amended to
`
`more particularly describe the claimed invention. Claims 65-80 have been added to more
`
`particularly describe the claimed invention. Claims 21-31, 34-38, 41-58 and 62-80 remain
`
`pending.
`
`DOUBLE PATENTING
`
`The Office Action provisionally rejected claims 21-23, 26, 27, 30, 31, 34, 38, 41-44, 46-
`
`49, 51-54, 56-58 and 62-64 under the judicially created doctrine of obviousness-type double
`
`patenting as being unpatentable over co-pending claims 1, 12, 14, 21, 33, 34, 36, 37, 40, 41, 43,
`
`44, 51, 53-55, 58, 60-66, 69, 70, 73, 74, and 80 of co-pending application No. 12/210,926. Upon
`
`allowance of these claims in either application, the Applicants will timely file a terminal
`
`disclaimer, which will obviate this rejection.
`
`CLAIMS REMAIN PATENTABLE OVER FRANKLIN ET AL. AND FOX ET AL.
`
`TAKEN ALONE OR IN COMBINATION
`
`The Office Action rejected claims 21-31, 34-38, 41, 43-46, 48-52, 54-57, 62 and 64 under
`
`35 U.S.C. § 103(a) as being unpatentable over by U.S. Patent No. 5,883,810 A to Franklin et al.
`
`[hereinafter “Franklin et al.”] in view of U.S. Patent Publication No. 2002/0069174 A1 by Fox et
`
`al. [hereinafter “Fox et al.”]. Generally, the Office Action contends that Franklin et al. discloses
`
`all of the elements of the claims, except for certain missing features that it contends can be found
`
`-17-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`in Fox et al., and further contends that it would have been obvious to one of ordinary skill in the
`
`art to modify the system of Franklin et al. using these certain missing features from Fox et al. for
`
`various specified reasons. For example with regard to claim 21, the Office Action asserts that
`
`Franklin discloses all of the elements of the claim at issue, except for “receiving electronically an
`
`authentication request to authenticate the individual based on a user information and the dynamic
`
`code included in the authentication request” and “verifying an identity of the individual based on
`
`the user information and the dynamic code included in the authentication request.” The
`
`Applicants respectfully disagree with the Office Action’s characterization of these references vis-
`
`a—vis the claims at issue and respectfully request reconsideration and withdrawal of the rejection
`
`in light of the following remarks.
`
`Factual Inquiries Set Forth in Graham v. John Deere Show Non-Obviousness
`
`1. Determining Scope of Prior Art
`
`Franklin et al. teaches the use of a temporary transaction number to replace one’s actual
`
`credit card number to avoid exposing the actual credit card number to fraud. However, Franklin
`
`fails to teach any authentication method, since Franklin et al. relates merely to authorization of
`
`payment, which is not the same as authentication of the user. See Afi‘. Hosseinzadelz filed
`
`11/] 7/201 I,W7; Afi‘. Hewittfiled 11/] 7/201], WII; Afi‘. N.Kamranifiled 11/] 7/201], W6; Afi‘.
`
`K.Kamrani filed 11/] 7/201], W6.
`
`Fox et al. teaches using a digital signature as the basis for authentication because only a
`
`valid digitally signed certificate is used for authenticating the user. See Afi‘. Hosseinzadelz filed
`
`11/] 7/201 I,W9; Afi”. Hewittfiled 11/] 7/201], W13; Afi‘. N.Kamranifiled 11/] 7/201], W8; Afi‘.
`
`K.Kamranifiled 11/] 7/201], W8.
`
`-18-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`2. Ascertaining the Diflerences Between the Prior Art and Claims at Issue
`
`The Claims at issue include the limitations that the dynamic code is calculated during the
`
`transaction between the user and the EXtemal—Entity and that the so calculated dynamic code is
`
`included in an authentication request and then used to Verify the identity of the user. Franklin et
`
`al. does not authenticate a user based on any code generated during the transaction between the
`
`user and the merchant because there is no authentication being performed in Franklin et al. See
`
`Afi‘. Hosseinzadelz filed I/I8/2011, W9—I4; Afi‘. Laing filed I/II/2011, W9—I4; Afi‘. Hewitt filed
`
`1/] 8/201 I,W9—I4; Afi‘. N.Kamranifiled 1/] 8/201], WI 0-16; Afi‘. K.Kamranifiled 1/] 8/201], W9-
`
`14.
`
`Fox et al. does not authenticate a user based on a code calculated during the transaction,
`
`but requires use of a digital key obtained offline to digitally sign a certificate, which is then used
`
`for authentication of the user. See Afi‘. Hosseinzadelz filed I 1/] 7/201], W10; Afi‘. Hewitt filed
`
`11/] 7/201], W14; Afi‘. N.Kamranifiled 11/] 7/201], W9; Afi‘. K.Kamranifiled 11/] 7/201], W9.
`
`Thus, neither reference generates a dynamic code during the transaction that is then used to
`
`Validate the identity of the user for the transaction. Without these features, the suggested
`
`combination fails to state a prima facie case of obViousness.
`
`Response to Office Action Remarks
`
`The Office Action’s argument includes several flaws in its logic. To show the presence
`
`of some claim elements in the prior art of Franklin et al., the Office Action equates the recited
`
`dynamic code to the temporary transaction number of Franklin et al. But then in a slight of hand,
`
`the Office Action equates the GRC of Fox et al. to the recited dynamic code for later claim steps.
`
`So, for certain claim steps, the Office Action uses the temporary transaction number of Franklin
`
`et al. as the recited dynamic code and for other claim steps the Office Action uses the GRC as the
`
`-19-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`recited dynamic code. A proper argument should use the same element in one reference for the
`
`same element throughout the claim. In short, the Office Action has not presented any prior art
`
`showing the use of a dynamic code in the manner recited and the differences between the prior
`
`art and the claims remain significant.
`
`Each of the temporary transaction number and the GRC include features that preclude
`
`their use in the claimed method.
`
`The second factual inquiry under the Graham v. John Deere C0. test requires ascertaining
`
`the differences between the prior art and the claims at issue. The first difference is that the same
`
`dynamic code requested during authentication of the individual is then calculated and sent to the
`
`user. The same dynamic code is then received as part of an authentication request and the user
`
`identity is validated based on the same dynamic code.
`
`The temporary transaction number of Franklin et al. cannot be used to verify the identity
`
`of the user because it is the same as a credit card number — which is never used to authenticate
`
`people. See Afi‘. Hosseinzadehfiled I/I8/2011, W944; Afi‘. Laingfiled I/II/20II,W9—I4; Afi‘.
`
`Hewitt filed I/I8/2011, W944; Afi‘. N.Kamrani filed I/I8/2011, WI 0-16; Afi‘. K.Kamrani filed
`
`1/] 8/201], W944.
`
`The GRC of Fox et al. is issued at the time of registration and such is not calculated
`
`during the transaction. Col. 9, lines 62-65, GUMP Method Registration Protocol. See Afi”.
`
`Hosseinzadehfiled II/I 7/20II,W9—20; Afi”. Hewittfiled 11/] 7/201], WI3—24; Afi‘. N.Kamranifiled
`
`I 1/] 7/201], W94 9; Afi‘. K.Kamrani filed I 1/] 7/201], W94 9. Moreover, the authentication
`
`process used in Fox et al. requires use of a public/private key combination that must be obtained
`
`out—of—band. See Afi”. Hosseinzadeh filed 11/] 7/201], W9—20; Afi‘. Hewittfiled 11/] 7/201], W13-
`
`24; Afi‘. N.Kamranifiled 11/] 7/201], W949; Afi‘. K.Kamranifiled 11/] 7/201], W9—I9.
`
`-20-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`Consequently, the GRC of Fox et al. cannot replace the temporary transaction number of
`
`Franklin et al. to arrive at the claimed invention because the GRC cannot be calculated during
`
`the transaction, and requires elements that must be obtained offline or at least outside the
`
`transaction between the user and the EXtemal—Entity, which is required in the claims at issue.
`
`The only reason that the digitally signed GRC of Fox et al. can be used for authentication
`
`purposes is because it employs a public/private key that is used to sign the GRC; as a result the
`
`GRC by itself is not used to authenticate the individual but rather the digitally signed GRC is
`
`used for authentication so that only a GRC that is properly signed is considered authentic. See
`
`Afi‘. Hosseinzadelz filed I 1/] 7/201], W9—20; Afi‘. Hewitt filed I 1/] 7/201], WI 3 -24; Afi‘. N.Kamrani
`
`filed 11/] 7/201], W949; Afi‘. K.Kamrani filed 11/] 7/201], W949. Without the digital signature,
`
`the GRC is not used for authentication and Fox et al. requires that the authentication is only valid
`
`if the signature is valid. Id.
`
`Furthermore, the temporary transaction number of Fox er al. is used to protect the actual
`
`credit card number from being exposed on the Internet during an online transaction. Combining
`
`Fox et al. with Franklin et al. would eliminate the need for the temporary transaction number.
`
`Because in Fox et al. the temporary transaction numbers or actual credit card numbers have no
`
`value without the user’s digital signature. See Fox et al., column 8, line 29-32 which states “If a
`
`digital signature and signature check were required on every credit card transaction, then the card
`
`number alone would have no value.”
`
`Moreover, one of ordinary skill in the art upon reading Fox et al. and Franklin er al.
`
`would not consider authenticating the individual using the temporary transaction number because
`
`Fox et al. teaches using a digital signature as the basis for authentication, which digital signature
`
`has a tremendous investment associated with it from obtaining the keys to perform the digital
`
`-21-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR00lUSO
`
`signature. Id.
`
`The Office Action equates the claimed “dynamic code” of the present invention with the
`
`GRC of Fox et al., which describes the GRC as follows:
`
`The Internet analog of an SOF is a Certified Public Signature Key
`
`(CPSK). The GUMP Registration Meta—Protocol (GRMP) is a
`
`framework for designing and implementing a financial institution's
`
`certification policies to produce a client's CPSK, packaged as a
`
`GUMP Relationship Certificate (GRC). The GRC, of course,
`
`is
`
`public information that can be sent with transaction packets, stored in
`online directories, and cached on distributed machines without
`
`concern that it might be accessed by unauthorized parties.
`
`W [0071]
`
`However, the GRC of Fox et al. is not used to authenticate the user. Rather the digital
`
`signature is used to authenticate the user. See Afi‘. Hosseinzadeh filed 11/] 7/201], W9—20; Afi‘.
`
`Hewittfiled 11/] 7/201], WI3—24; Afi‘. N.Kamranifiled 11/] 7/201], W9—I9; Afi‘. K.Kamram'filed
`
`11/] 7/201], W9—I9.
`
`The Office Action states “Fox discloses that a financial institution issues upon a request a
`
`certificate which includes a one—time secret (OTS) to the buyer, to conduct the electronic
`
`transaction with the seller where the GRC corresponds to the recited dynamic code because it is
`
`issued to the client for one electronic transaction and includes the OTS.” Yet one of skill in the
`
`art of user authentication and electronic transactions would understand that this statement is
`
`inaccurate. See Afi”. Hosseinzadehfiled II/I 7/20II,W2I—22; Afi”. Hewittfiled 11/] 7/201], W27-
`
`28; Afi‘. N.Kamranifiled 11/] 7/201], W2I—22; Afi‘. K.Kamranifiled 11/] 7/201], W2I—22.
`
`The OTS in the GRC is only used to tie the client’s public key to the GRC, and the OTS is an
`
`unsecret from the time the user receives digitally signed GRC certificate from the institution. Id.
`
`Fox et al. discloses that the institution digitally signs and sends back a GRC binding the client’s
`
`public signature key to the OTS. Id. From this point on, the OTS becomes an unsecret (Column
`
`-22-
`
`
`
`U.S. Patent Application No. 11/333,400
`
`Attorney Docket No. KAMR001USO
`
`3, line 1-7). Id. Fox et al. suggests that the OTS be derived from the user’s financial account
`
`numbers, which are static. Id. GRC does not correspond to recited dynamic code because GRC is
`
`public information and OTS is not a secret number from the time the user receives GRC from a
`
`financial institutions. Id.
`
`The statement from the Office Action “the GRC corresponds to the recited dynamic
`
`code” is inaccurate. Id.
`
`In Fox et al. a financial institution verifies the identity of the user by
`
`verifying user’s digital signature using user’s public key. Id. If a user does not digitally sign the
`
`GRC or any other document, the financial institution would not be able to verify the user and the
`
`d