DETAILED ACTION
	This action is in response to the response dated 12/22/2020.
	Claims 1-18, 20 have been newly amended.
Claims 1-20 are currently pending and have been examined.


Response to Amendment
Applicant’s amendments dated 12/22/2020 have been fully considered.


Response to Arguments
	Applicant asserts that the limitations of “IDPKC protocol” is not unclear. Applicant asserts that “IDPKC protocol is based on public-key cryptography” and “IDPKC protocol is known to those skill in the art of cryptography”. However, applicant merely provides that the protocol is based on, and does not provide clarity as to what the protocol actually entails. Protocols change and may be specific to any number of usages and environments. Applicant has not provided any specific reference to a widely accepted protocol or set of rules or processes in the claims and does not provide any further evidence of such specifics in applicant’s arguments.  Therefore it is unclear as to what applicant intends to be the metes and bounds of such a limitations as “IDPKC protocol”. For the purposes of compact prosecution, the limitations is considered fulfilled by way of having a public/private key pair being used. 
	Applicant asserts that “Even if Lawrence, Dewan, Fu, and Immega, were modified based on Oren, at least the features of claim 1… would not have been achieved” However, applicant provides no rationale or evidence of such an assertion. Oren teaches that cards may be registered for transaction and that information may be encrypted. Lawrence, Dewan, Fu, and Immega teach that information that is communicated may be encrypted and double encrypted with a wide variety of keys as desired, e.g. private keys, public keys, symmetric keys. Therefore it would most certainly be in the realm of obviousness to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings and have the registration process also be encrypted with keys as desired and keys to be transmitted as such as well. 
Applicant’s remaining arguments have been fully considered but are moot in light of the current ground of rejection as necessitated by applicant’s amendments. 


	Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):



The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 1, 3, 4, 5, 8, 9, 10, 13, 15, 16, 17, 18, 20 recite the limitation “identity-based public key cryptography protocol” which is neither a term of art nor specified explicitly in applicant’s specifications. Applicant does not provide explicit requirements of such a “protocol” and there is no general protocol listing for such a process. 
	Claims 2-12, 14-19 depend on the claims above and are rejected as a result. 



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

Claims 1, 3, 8-10, 12-13, 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lawrence (US 8,548,868B1) in view of Fu (US 2011/0296171 A1), Dewan (US 2010/0169666 A1), Immega (US 2003/0140235 A1), and Oren (US 2008/0301057 A1).
Regarding Claims 1, 13, and 20:
Lawrence teaches An electronic payment method performed by an electronic device, the electronic payment method comprising:… encrypting payment information by using a public key of a payment device that is generated based on the IDPKC protocol,… receiving a response to the transaction request from the seller device.  (Col/Line: 33-40-34/50, “ The buyer's bank will then confirm or deny the verification request. If the buyer's bank denies the verification request then the Payment Processor forwards the denial to the seller's bank and the seller's bank will decline the transaction. The CCS will then ask the buyer for an alternative payment method. If the buyer's bank confirms the verification request, the Payment Processor forwards the confirmation to the seller's bank and the seller's bank will complete the transaction. The payment processor will then move the funds from the buyer's bank to the seller's bank…   The public key is used to encrypt the information that the CCS sends to the payment processor.” Received public keys are used to encrypt information that is sent and various confirmations are sent/stored for transactions.)
Lawrence does not disclose, but Fu, an analogous art of Lawrence and the current application, teaches receiving, from a key management service (KMS) server that stores personal information of a user, a private key of the user that is generated based on an Identity-based public key cryptography (IDPKC) protocol; (Paragraph 0014-0016, Claim 16, “When the method determines that the enrollment request includes a server-side key indicator, the method generates a key pair, including a private key and a public key for the digital certificate, encrypts the private key, and delivers the encrypted private key to the requester… request includes a server-side key indicator to generate a key pair, including a public key and a private key, for the digital certificate; and a server-side key generation engine, coupled to the certificate manager, to generate the key pair for the digital certificate when the certificate enrollment request includes the server-side key indicator, and to deliver the digital certificate and key pair to the requester.”)

Lawrence does not disclose, but Dewan, an analogous art of Lawrence and the current application,  teaches and encrypting order information by using a public key of a seller device that is generated based on the IDPKC protocol; (Paragraph 0101, “The transaction information may be encrypted, such as with a public key of the merchant or card processor, and may be signed with a private key of the user. A hashing function may be applied to one or more of a monetary value of the transaction, a credit card number entered by the user, a transaction count, and merchant information, to generate a secure transaction value. The secure transaction value may be sent to the merchant or card processor.” Any desired information may be encrypted as wanted.)
It would have been obvious to one of ordinary skill in the art the time of applicant’s filing to combine the teachings of encrypting information as desired as disclosed by Dewan to the teachings of using keys for transactions as disclosed by the combination of Lawrence and Fu in order to increase security.
Lawrence does not specifically disclose, but Immega, an analogous art of Lawrence and the current application, teaches producing, based on the IDPKC protocol, a dual signature of the encrypted payment information and the encrypted order information by using the private key; transmitting a transaction request comprising the dual-signed payment information and the dual-signed order information to the seller device; and  (Paragraph 0027, 0071, “), double encrypt the centroids (with the private signature key of the Identity Server and the public keys of the users) and send the encrypted centroids to both of the users. [Alternatively, the Identity Server can extract the centroids (or other derived information about the FP feature sets) of the FP feature sets and then randomly modify the centroids and then double encrypt the centroids and send the encrypted centroids to both of the users.] The first user then receives and decrypts the centroid data of both users (by using the PKI private key of the first user and the public signature key of the Identity Server--thus verifying that the data originated from the proper Identity Server)… double encrypt centroids (with private signature key of Identity Server and PKI public keys of Users), and send the encrypted centroids to Users A and B (step 925). [Alternatively, the Identity Server can extract the centroids (or other 
It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings of dual encryption as disclosed by Immega to the teachings of encrypting payment information with keys for transactions as disclosed by the combination of Lawrence, Fu, and Dewan in order to increase security. 
Lawrence does not explicitly disclose …a registration request to register a card of the user..
However, Oren an analogous art of Lawrence and the current application, teaches …a registration request to register a card of the user.. (Paragraph 0014, “There is also provided for the system to enable a user to register at least one payment instrument to pay for purchases made on the application server, for the at least one payment instrument to be a debit card or a credit card, for the user to register the at least one payment instrument by entering on the mobile phone data relating to the payment instrument, together with a purchase PIN and the user's login name and password, for the proxy server to transfer the entered payment ins”)
It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings of sending a registration request as disclosed by Oren to the teachings of processing keys for transactions as disclosed by the combination of Lawrence, Fu,  Dewan, and Immega in order to keep information regarding transactions secure as well and ensure that the user is making a proper request before providing a key.
Lawrence does not explicitly disclose wherein the receiving of the private key comprises: encrypting based on the IDPKC protocol, [registration] by using a first symmetric key; and encrypting based on the IDPKC protocol, the first symmetric key by using a public key of the KMS server. However, the prior art does disclose that various data and communications may be encrypted using various keys. (Dewan Paragraph 0101, “The transaction information may be encrypted, such as with a public key of the merchant or card processor, and may be signed with a private key of the user. A hashing function may be applied to one or more of a monetary value of the transaction, a credit card number entered by the user, a transaction count, and merchant information, to generate a secure transaction value. The secure transaction value may be sent to the merchant or card processor.” Fu Paragraph 0022, 0025, 0039, “The TKS module may be 
Therefore it would have been an obvious variation to one of ordinary skill in the art at the time of applicant’s filing to have any communication be encrypted using any variety of keys as desired and having the keys in turn be encrypted by other keys for double encryption. 

Regarding Claims 3 and 15:
Oren further teaches wherein the receiving of the private key comprises: generating a registration request comprising an identifier of a card…(Paragraph 0014, “There is also provided for the system to enable a user to register at least one payment instrument to pay for purchases made on the application server, for the at least one payment instrument to be a debit card or a credit card, for the user to register the at least one payment instrument by entering on the mobile phone data relating to the payment instrument, together with a purchase PIN and the user's login name and password, for the proxy server to transfer the entered payment ins”)
Lawrence and the other prior art further does not explicitly disclose transmitting the encrypted registration request and the encrypted first symmetric key to the KMS server; and subsequently receiving the private key. However, the prior art does disclose that various data and communications may be encrypted using various keys that can be sent/received. (Dewan Paragraph 0101, “The transaction information may be encrypted, such as with a public key of the merchant or card processor, and may be signed with a private key of the user. A hashing function may be applied to one or more of a monetary value 
Therefore it would have been an obvious variation to one of ordinary skill in the art at the time of applicant’s filing to have any communication be encrypted using any variety of keys as desired and having such keys be sent/received.

Regarding Claims 8 and 18:
Immega in view of the prior art further teaches wherein the personal key is cryptographically linked to a public identifier of the user and is then used to generate the dual signature of the encrypted payment information and the encrypted order information based on the IDPKC protocol. (Paragraph 0027, 0071, “ double encrypt the centroids (with the private signature key of the Identity Server and the public keys of the users) and send the encrypted centroids to both of the users. [Alternatively, the Identity Server can extract the centroids (or other derived information about the FP feature sets) of the FP feature sets and then randomly modify the centroids and then double encrypt the centroids and send the encrypted centroids to both of the users.] The first user then receives and decrypts the centroid data of both users (by using the PKI private key of the first user and the public signature key of the Identity Server--thus verifying that the data originated from the proper Identity Server)… double encrypt centroids (with private signature key of 

Regarding Claim 9:
Immega in view of the prior art further teaches wherein the producing the dual signature further comprises: generating the payment information and the order information; obtaining the public key of the payment device and the public key of the seller device based on a public identifier of the payment device and a public identifier of the seller device, respectively; encrypting, based on the IDPKC protocol, the payment information by using the public key of the payment device and encrypting, based on the IDPKC protocol, the order information by using the public key of the seller device; (Paragraph 0027, 0071, “ double encrypt the centroids (with the private signature key of the Identity Server and the public keys of the users) and send the encrypted centroids to both of the users. [Alternatively, the Identity Server can extract the centroids (or other derived information about the FP feature sets) of the FP feature sets and then randomly modify the centroids and then double encrypt the centroids and send the encrypted centroids to both of the users.] The first user then receives and decrypts the centroid data of both users (by using the PKI private key of the first user and the public signature key of the Identity Server--thus verifying that the data originated from the proper Identity Server)… double encrypt centroids (with private signature key of Identity Server and PKI public keys of Users), and send the encrypted centroids to Users A and B (step 925). [Alternatively, the Identity Server can extract the centroids (or other derived information subsets about the FP feature sets)…” data may be double encrypted with a combination of private and public keys after a user is associated with the keys.)

Regarding Claim 10:
Immega in view of the prior art further teaches wherein the encrypting of the payment information with the public key of the payment device further comprises encrypting, based on the IDPKC protocol, the payment information and an account identifier of an account associated with the card of the user by using a second symmetric key and encrypting, according to the IDPKC protocol, the second symmetric key by using the public key of the payment device, wherein the encrypted second symmetric key is included in the transaction request. (Paragraph 0027, 0071, “ double encrypt the centroids (with the private signature key of the Identity Server and the public keys of the users) and send the encrypted centroids to both of the users. [Alternatively, the Identity Server can extract the centroids (or other derived information about the FP feature sets) of the FP feature sets and then randomly modify the centroids and then double encrypt the centroids and send the encrypted centroids to both of the users.] The first user then receives and decrypts the centroid data of both users (by using the PKI private key of the first user and the public signature key of the Identity Server--thus verifying that the data originated from the proper Identity Server)… double encrypt centroids (with private signature key of Identity Server and PKI public keys of Users), and send the encrypted centroids to Users A and B (step 925). [Alternatively, the Identity Server can extract the centroids (or other derived information subsets about the FP feature sets)…” data may be double encrypted with a combination of private and public keys after a user is associated with the keys.)


Regarding Claims 12 and 19:
Lawrence further teaches wherein the receiving of the response to the transaction request further comprises displaying the received response. (Col/Line: 33-40-34/50, “The buyer's bank will then confirm or deny the verification request. If the buyer's bank denies the verification request then the Payment Processor forwards the denial to the seller's bank and the seller's bank will decline the transaction. The CCS will then ask the buyer for an alternative payment method. If the buyer's bank confirms the verification request, the Payment Processor forwards the confirmation to the seller's bank and the seller's bank will complete the transaction. The payment processor will then move the funds from the buyer's bank to the seller's bank…   The public key is used to encrypt the information that the CCS sends to the payment processor.” Received public keys are used to encrypt information that is sent and various confirmations are sent/stored for transactions.)


11 is rejected under 35 U.S.C. 103 as being unpatentable over Lawrence (US 8,548,868B1) in view of Fu (US 2011/0296171 A1), Dewan (US 2010/0169666 A1), Immega (US 2003/0140235 A1), and Oren (US 2008/0301057 A1) as applied above in further view of Bohannon (US 2009/0228340 A1).
Regarding Claim 11:
Bohannon, an analogous art of Lawrence and the current application, teaches wherein the obtaining the public key of the payment device and the public key of the seller device further comprises: transmitting an initialization request for initializing a secure transaction; receiving the public identifier of the payment device and the public identifier of the seller device; determining whether a format of the public identifier of the payment device and a format of the public identifier of the seller device match  an expected format for a payment device identifier and an expected format for a seller device identifier respectively; (Paragraph 0118, “Further, if the format of an order identifier does not match an expected format (with the expectation derived from multiple previous examples), then the identifier may be rejected as likely to have been made up, i.e., fraudulent….”)
It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings of comparing formats as disclosed by Bohannon to the teachings of using keys for transactions as disclosed by the combination of Lawrence, Fu, Dewan, Immega, and Oren in order to increase security.
Lawrence further teaches and obtaining the public key of the payment device and the public key of the seller device that correspond to the format of public identifier of the payment device and the format of the public identifier of the seller device, respectively, that are determined to match the expected format for the payment device identifier and the expected format for the seller device identifier, respectively.(Col/Line: 33-40-34/50, “  The public key is used to encrypt the information that the CCS sends to the payment processor.” Received public keys are used to encrypt information that is sent and various confirmations are sent/stored for transactions.)

Claims 2 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Lawrence (US 8,548,868B1) in view of Fu (US 2011/0296171 A1), Dewan (US 2010/0169666 A1), Immega (US 
Regarding Claim 2 and 14:
Weinstein teaches wherein the receiving of the private key further comprises: receiving a KMS server certificate from the KMS server; authenticating the KMS server by using the KMS server certificate; and receiving the private key from the authenticated KMS server, and wherein the KMS server certificate comprises a master public key of the KMS server, a unique resource identifier (URI) of the KMS server, and a validity period of the master public key. (Col/Line: 13/20-14/25, “When a SSL client and server first start communicating, they agree on a protocol version, select cryptographic algorithms, optionally authenticate each other, and use public -key encryption techniques to generate shared secrets. These processes are performed in the handshake protocol” various checks and authentications may be performed for communication sessions with the use of a variety of data. )
It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings of authenticating devices in communication with each other as disclosed by Weinstein to the teachings of sending and utilizing keys for transactions as disclosed by the combination of Lawrence, Fu, Dewan, Immega, and Oren in order to increase security.
Applicant is reminded that the descriptions of data manipulates neither the system nor process being performed and therefore does not move to distinguish over prior art. 




Allowable Subject Matter
Claims 4-7, 16-17 would be allowable if rewritten to overcome the rejections under 35 U.S.C. 112 set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Chen (US 5590197) and Stanton (US 6,246,771 B1) and Aggarwal (US 6,873,977 B1) also disclose transactions with the use of public keys
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHANN Y CHOO whose telephone number is (571)270-0453.  The examiner can normally be reached on 7-4.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick MacAtee can be reached on (571) 272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JOHANN Y CHOO/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        01/29/2021