DETAILED ACTION
Acknowledgements
This office action is in response to the claim amendments filed on July 17, 2020.
Claims 2, 8 and 12 have been canceled.
Claims 1, 3-7, 9-11 and 13-19 have been examined.
Claims 1, 3-7, 9-11 and 13-19 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on Oct. 09, 2019 has been entered.

Response to Arguments
With respect to Claim Rejections - 35 USC § 101:
Applicant Arguments/Remarks (pages 11-14):

Applicant respectfully submits that the instant claims do not relate to any of the above. For example, page 5 of the October 2019 Update explains that the sub-groupings of "certain methods of organizing human activity" (i.e., fundamental economic principles or practices, commercial or legal interactions, managing personal behavior, and relationships or interactions between people) encompasses activity of a single person, activity that involves multiple people (e.g., commercial interaction), and certain activity between a person and a computer. Applicant respectfully submits that the claims are not directed toward the activity of a person or people. And, while the claims may involve a user placing his/her mobile device near a payment interface device (e.g., in order for the sensor to detect it), this is not the sole focus of the claims. Rather, any "interaction" in the claims involves the payment interface device and its interaction/communication with a mobile device/payment card. In particular, the present claims pertain to a message exchange sequence that occurs between, for example, a mobile device and a payment interface apparatus, and the ultimate authentication of a transaction including a request to update redemption points. According to the instant claims, the payment interface apparatus includes a sensor that detects a mobile device when the device is in close proximity. Once the mobile device is detected, the payment interface apparatus receives information from the mobile device. Specifically, it receives (1) a request to update redemption points, and (2) a plurality of data fields. Those data fields include an authentication code (MAC) and encrypted transaction specific parameters that are unique to the transaction carrying the request. The transaction specific parameters may have been encrypted, for example, by the mobile device, with a session key prior to transmitting the data fields to the payment interface apparatus.

Finally, the payment interface apparatus (1) compares the authentication code received from the mobile device/payment card in the plurality of data field with the authentication code it generated using the decrypted transaction specific parameters, and (2) determines whether there is a match. When a match exists between the generated authentication code and the received authentication code, the request is deemed to be authentic and the user's redemption points are updated. 
As such, Applicant respectfully submits that the claims are directed to so much more than "certain methods of organizing human activities." The claims are also not directed to a mental processes or a mathematical concept, nor are they alleged to be.”

Therefore, the claims 1, 3-7, 9-11 and 13-19 are not being rejected under 35 U.S.C. 101 and 35 U.S.C. 101 rejection is withdrawn.

With respect to Claim Rejections - 35 USC § 103
Applicant’s arguments with respect to claims 1, 3-7, 9-11 and 13-19 have been considered but are moot in view of new grounds of rejection initiated by applicant’s amendment to the claims.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1, 3-7, 9-11 and 13-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Claim 1, for example, recites “an input port that receives, from the at least one of the mobile device and the payment card… and (ii) a plurality of data fields including at least (a) an authentication code…” However, claim further recites in claim limitation “generate an authentication code using the decrypted transaction specific parameters”.  It is unclear to one of the ordinary skill in the art, if the generate an authentication code referring to the authentication code recited in the “an input port that receives…” step. Appropriate correction is required.

Claim Rejections - 35 USC § 103
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date 

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3, 6, 7, 9-11, 13 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Meshkati (US 20160012432 A1) in view of Postrel (US 20110078010 A1).

Regarding claims 1, 11 and 19: Meshkati discloses: A payment interface apparatus configured to facilitate a transaction comprising [payment initiation request], the payment interface apparatus comprising:
a sensor that detects a presence of at least one of a mobile terminal (e.g., mobile device 200) and […] of the customer upon the at least one of the mobile terminal and the payment card being placed in proximity to the payment interface apparatus (see paragraphs [0040], [0044] and [0046]);
an input port that receives, from the at least one of the mobile device and the payment card, after the sensor detects the presence of the at least one of the mobile terminal and the payment card, (i) the request to [payment initiation request], and (ii) a plurality of data fields including at least (a) an authentication code (Meshkati [0080]-[0084], the examiner considers the authentication code to be the pre-authorization credential), and (b) encrypted transaction specific parameters (e.g., pre-authorized payment amount) that are unique to the transaction carrying the request (Meshkati [0095], “The payment initiation procedure 220 of the mobile device 200 determines the authorized communication mode from the received mode authorization code, requests the payment pre-authorization credential and the signed pre-authorized payment amount from the self-contained computing environment 210 (if not transmitted to the mobile device 200 at step S418), and provides the payment terminal 150 with the payment pre-authorization credential and the signed pre-authorized payment amount via the authorized communications mode, at step S420.”) and that form a basis upon which the request is determined to be genuine or non-genuine (see paragraphs [0095]-[0096], [0072], [0007], [0011] and Fig. 4b and related text, see also  [0040], [0044] and [0046]);
a processor (See paragraph(s) [0032], [0043] and [0053] and Fig. 1 and related text); and
at least one memory including computer program code (See paragraph(s) [0032], [0043] and [0053] and Fig. 1 and related text);
the at least one memory and the computer program code configured to, with the at least one processor, cause the payment interface apparatus at least to (See paragraph(s) [0032], [0043] and [0053] and Fig. 1 and related text):
decrypt the encrypted transaction specific parameters included in the received plurality of data fields using a session key (see paragraph [0076], “decrypt the cryptogram ARQC with the recovered session key”), wherein the session key is different from the authentication code included in the plurality of data fields received from the mobile device and the payment card of the customer (See paragraphs [0097], [0076], [0080] and [0105] and Fig. 4a and 4b and related text);
generate an authentication code using the decrypted transaction specific parameters ([0076], “the issuer server 400 may (i) recover the session key by applying the account number, transaction counter and the financial institution's cryptographic master key as inputs to a suitable cryptographic algorithm, (ii) decrypt the cryptogram ARQC with the recovered session key, (iii) compute a message authentication code from the Issuer Authorization Data, and (iv) compare the computed message authentication code against the decrypted cryptogram”, see also (See paragraphs [0076], [0073]-[0074], [0080]-[0081] and and Fig. 4a and 4b and related text);
determine existence of a match between the generated authentication code and the authentication code included in the received plurality of data fields received from the mobile device and the payment card of the customer (See paragraphs [0076], [0080]-[0081] and [0105]-[0106] and Fig. 4a and 4b and related text, see also [0097]-[0098]);
in response to determining existence of the match between the generated authentication code and then authentication code included in the received plurality of data fields, authenticate the request (See paragraphs [0076], [0080]-[0081] and [0105]-[0106] and Fig. 4a and 4b and related text, see also [0097]-[0098]).
effect the update in the redemption points in the customer redemption account in response to successful authentication of the request (See paragraph(s) [0109] and Fig. 4b and related text).

Meshkati, does not expressly disclose, a transaction comprising a request to update redemption points in a customer redemption account and a payment card.

 Postrel discloses, a transaction comprising a request to update redemption points in a customer redemption account and a payment card.
an input port (e.g. web browser at merchant site) that receives, from the at least one of the mobile device (e.g. a user computer 40)  and the payment card (e.g. multi-function card), […] the presence of the at least one of the mobile terminal and the payment card, (i) the request to update redemption points (e.g. reward points) in the customer redemption account (reward / loyalty account), and (ii) a plurality of data fields including at least (a) an authentication code, and (b) encrypted transaction specific parameters (e.g. data fields/forms on a web browser to accept account/request information) that are unique to the transaction carrying the request and that form a basis upon which the request is determined to be genuine or non-genuine (See paragraph(s) [0002], [0011], [0062], [0076] and [0078] and Fig. 7 and related text).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Meshkati with Postrel to include a function such maintaining a customer redemption account to allow users to keep tract and manage of redemption points to enhance user experience.

Regarding claims 3 and 13:
Meshkati further discloses: The payment interface apparatus of claim 1, wherein the plurality of received data fields further includes encrypted customer [data], being encrypted from the customer [data] (See paragraph(s) [0045], [0067] and Fig. 4a and related text).

Meshkati, does not expressly disclose, redemption account data.
Postrel discloses, redemption account data (See paragraph(s) [0002], [0011], [0062], [0076] and [0078] and Fig. 7 and related text)

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Meshkati with Postrel to include a function such maintaining a customer redemption account to allow users to keep tract and manage of redemption points to enhance user experience.

Regarding claim 6 and 16: Meshkati and Postrel, discloses as shown above.
Meshkati further discloses: The payment interface apparatus of claim 2, wherein the generation of the authentication code at the payment interface apparatus further comprises performing a cryptographic checksum operation on the transaction specific parameters (See paragraphs [0059], [0072]-[0078] and Fig. 4a and 4b and related text).

Regarding claims 7 and 17:
Meshkati further discloses: The payment interface apparatus of claim 1, wherein one or more of the data fields in support of the request are generated by the payment interface apparatus (See paragraph(s) [0039] and [0041]).

Regarding claim 9: Meshkati and Postrel, discloses as shown above.
Meshkati further discloses: The payment interface apparatus of claim 1, wherein the payment interface apparatus comprises a payment terminal or the payment terminal coupled to a point of sale (POS) terminal (See paragraph(s) [0041] and Fig. 4A and related text).

Regarding claim 10: Meshkati and Postrel, discloses as shown above.
Meshkati further discloses: The payment interface apparatus of claim 9, wherein the payment terminal acts as a bypass to forward the received request and the data fields to the POS terminal for processing the authentication of the request (See paragraph(s) [0041] and Fig. 4B and related text).

Regarding claims 18: Meshkati and Postrel, discloses as shown above.
Meshkati further discloses: The method of claim 11, wherein the payment interface apparatus receives the request from the at least one of the mobile terminal and the payment card placed in proximity to a sensor of the payment interface apparatus (see paragraphs [0040], [0044] and [0046]).

Claims 4-5 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Meshkati in view of Postrel further in view of Tang (US 20150143116 A1).

Regarding claims 4 and 14: Meshkati and Postrel, discloses as shown above.
Meshkati, does not disclose: The payment interface apparatus of claim 1, wherein the transaction specific parameters include a concatenation of any one or more of a date and time the transaction is made at the payment interface apparatus; a transaction identifier of the transaction; and a random number generated in accordance with a universally unique identifier (UUID) RFC 4122 standard.

Postrel discloses: The payment interface apparatus of claim 1, wherein the transaction specific parameters comprise a concatenation of any one or more of a date and time the transaction (e.g. a certain time period) is made at the payment interface apparatus; a transaction identifier (product identifier) of the transaction; and a […] (See paragraph(s) [0059] and [062] and Fig. 3 and related text).

Tang discloses: The payment interface apparatus of claim 1, wherein the transaction specific parameters comprise […]; and a random number generated in accordance with a universally unique identifier (UUID) RFC 4122 standard (See paragraph(s) [0052] [0085-0086]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Meshkati and Postrel with Tang to 

Regarding claims 5 and 15: Meshkati, Postrel and Tang, discloses as shown above.
Meshkati further discloses: The payment interface apparatus of claim 2, wherein the payment interface apparatus is further configured to receive, through the input […], a session key used in the decryption to obtain the transaction specific parameters from the received data fields (See paragraph(s) [0074], [0076], [0078], [0080], [0083] and [0105]).

Meshkati, does not expressly disclose, the payment interface apparatus is further configured to receive, through the input port, a session key.

However Tang discloses: The payment interface apparatus of claim 2, wherein the payment interface apparatus is further configured to receive, through the input port, a session key used in the decryption to obtain the transaction specific parameters from the received data fields (See paragraph(s) [0007-0009], [0022] and [0031]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Meshkati and Postrel with Tang to include security function such as encrypting / decrypting using session keys to make sensitive data more secure and less likely to be intercepted and accessed by unauthorized users.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Bellovin (US 20010056409 A1) discloses the subject matter of claim 1, for example, decrypt the encrypted transaction specific parameters included in the received plurality of data fields using a session key, generate an authentication code using the decrypted transaction specific parameters; determine existence of a match between the generated authentication code and the authentication code included in the received plurality of data fields received from the mobile device and the payment card of the customer; in response to determining existence of the match between the generated authentication code and then authentication code included in the received plurality of data fields, authenticate the request (see abstract and paragraphs [0005], [0016] and [0022]-[0023] and Fig. 3a-3b and Fig. 4a-4b and related text).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAHED ALI whose telephone number is (571)270-1085.  The examiner can normally be reached on 8:00 - 5:00 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JAHED ALI/ Examiner, Art Unit 3685


/MAMON OBEID/Primary Examiner, Art Unit 3685