DETAILED ACTION
Status of Claims
Claims 7 and 14 have been cancelled.
Claims 1, 3-6, 8, 10-13, 15, and 17-21 have been amended.
Claims 1-6, 8-13, and 15-20 are currently pending and have been considered by the examiner.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 10 November 2020 and 19 January 2021 were considered by the examiner. 

Response to Arguments

101 Rejection:
	As indicated in the previously conducted interview, the present claims, while reciting the judicial exception of performing an economic transaction (categorized as Certain Methods for Organizing Human Activity), provide adequate practical application to overcome the currently applied 101 rejection. Specifically the newly presented claims recite the process of performing by a transaction terminal all transaction authentication and processing in an offline fashion. These recited additional elements provide benefit in the form locational flexibility in terms of transaction terminal placement without sacrificing transactional security. Therefore, as it has 

103 Rejection:
	Applicant’s arguments have been considered but are moot in view of new grounds of rejection.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder (a transaction terminal) that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
receiving, by a transaction terminal in a credit authorization system using near field communication (NFC), an offline payment request from a mobile computing device associated with a user account
sending, by the transaction terminal using the NFC, a public key certificate request to the mobile computing device to retrieve the public key certificate;
receiving, by the transaction terminal using the NFC, the public key certificate from the mobile computing device;
using, by the transaction terminal, a locally stored credit authorization public key to retrieve a public key corresponding to the private key from the public key certificate
generating, by the transaction terminal, payment information including a payment amount based on the offline payment request;
sending, by the transaction terminal using the NFC, the payment information to the mobile computing device;
receiving, by the transaction terminal using the NFC, a payment authorization encrypted by the private key based on asymmetric encryption from the mobile computing device;
using, by the transaction terminal, the public key corresponding to the private key to verify the payment authorization;
providing, by the transaction terminal, the product or service to the user;
generating, by the transaction terminal, an offline transaction log for collecting a payment from the user account according to the payment amount
in claims 1-20.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. The original disclosure provides corresponding structure for the “transaction terminal” performing the functions claimed in the above claim limitations (See Para. [0087] – “The transaction terminal 200 can be a bus gate, and the bus gate is a POS terminal used in a bus system or a subway system”).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 4-5, 8, 11-12, 15, and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Metral (US 20160267458 A1) in view of Tan (US 20100057579 A1) in further view of Sahota (US 20040268127 A1), Ono (US 20060047960 A1), and Ahn (US 20160140548 A1). 

In regards to Claims 1, 8 and 15, Metral  discloses:
(A non-transitory, computer-readable medium/A computer-implemented system configured to perform at least:) A computer-implemented method, comprising: receiving, by a transaction terminal in a credit authorization system using near field communication (NFC),a payment request from a mobile computing device associated with a user account (See Metral: Para. [0021] – “In general, mobile payment system 130A allows a user to perform a contactless payment or other type of mobile transaction by sending a payment token and/or other data to a , 
wherein the credit authorization system includes the transaction terminal and a server (See Metral: Fig 1: Terminal 192 and Server 120 are contained within an overall transaction authorization system connected via a network 104), 
wherein the payment request is for purchasing a product or service by a user (See Metral: Para. [0021] – “In general, mobile payment system 130A allows a user to perform a contactless payment or other type of mobile transaction by sending a payment token and/or other data to a near field communication (NFC) terminal 192 or other type of contactless terminals 192 from client machine 102A.” – It is understood by one of ordinary skill in the art that performing a transaction is, by definition, an exchange of monetary value for a good or service), and 
generating, by the transaction terminal, payment information including a payment amount based on the offline payment request (See Metral: Para. [0081] – “the computing device of the user receives a request for information from the NFC terminal 192 during a mobile transaction. In an example, terminal 192 requests one or more pieces of data from client machine 102A. For example, terminal 192 may request an account number, customer ID, loyalty card, coupon, promotion, discount, and/or other information associated with the user, the mobile transaction, payment information, or something else from client machine 102A.” – Information associated with the mobile transaction encompasses transaction amount); 
sending, by the transaction terminal using the NFC, the payment information to the mobile computing device (See Metral: Para. [0081] – “the computing device of the user receives a request for information from the NFC terminal 192 during a mobile transaction. In an example, terminal 192 requests one or more pieces of data from client machine 102A. For example, terminal 192 may request an account number, customer ID, loyalty card, coupon, promotion, ; 
in response to successfully verifying the payment authorization: providing, by the transaction terminal, the product or service to the user (See Metral: Para. [0083] – “In an example, a client machine 102A determines that terminal 192 is trusted. Client machine 102A then retrieves the information requested by terminal 192 and encrypts the requested information using the public key received for the associated merchant 190. Client machine 102A then provides the encrypted information to terminal 192, for example, to complete a mobile payment transaction or payment.” – Completion of a transaction includes transference of purchased goods or services); 

Metral fails to explicitly disclose:
The transaction and payment request being performed specifically offline
wherein a public key certificate and a private key are stored on the mobile computing device; 
sending, by the transaction terminal using the NFC, a public key certificate request to the mobile computing device to retrieve the public key certificate; 
receiving, by the transaction terminal using the NFC, the public key certificate from the mobile computing device; 
using, by the transaction terminal, a locally stored credit authorization public key to retrieve a public key corresponding to the private key from the public key certificate;
receiving, by the transaction terminal using the NFC, a payment authorization encrypted by the private key based on asymmetric encryption from the mobile computing device; 
using, by the transaction terminal, the public key corresponding to the private key to verify the payment authorization; and
generating, by the transaction terminal, an offline transaction log for collecting a payment from the user account according to the payment amount, 
wherein the offline transaction log includes at least one of the payment amount, a payment log generation time, a payment collection device ID, a payment card number, an available balance, or a transaction authentication code (TAC).

However, in a similar field of endeavor, Tan discloses:
The transaction and payment request being performed specifically offline
generating, by the transaction terminal, an offline transaction log for collecting a payment from the user account according to the payment amount (See Tan: Para. [0040-0044] – “Typically, due to the possibility of discrepancies arising between the back-end and the customer smart card, the present invention includes the step of providing a counter on the customer smart card which is adapted for tracking any unsettled transfers of change between merchants and the customer. Typically, the counter may include a read/writable data file stored in the memory device of the smart card. The counter may include details of at least the following: (a) information identifying a merchant which has not yet effected settlement; (b) information detailing the amount of change that has not been settled by the merchant; (c) information detailing a cumulative amount of change that may be owed to the customer by merchant(s); (d) information detailing the balance of the customer's electronic purse” – Tan discloses a system maintaining a counter/log for a plurality of unsettled transactions when the terminal is not communicating with an external server/offline), 
wherein the offline transaction log includes at least one of the payment amount, a payment log generation time, a payment collection device ID, a payment card number, an available balance, or a transaction authentication code (TAC) (See Tan: Para. [0040-0044] – “The counter may include details of at least the following: (a) information identifying a merchant which has not yet effected settlement; (b) information detailing the amount of change that has not been settled by the merchant; (c) information detailing a cumulative amount of change that may be owed to the .

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to substitute the online transaction settlement process described by the combination of Metral for the delayed transaction settlement based on a maintained offline transaction log/counter as disclosed by Tan and perform said delayed transaction settlement in response to the verification process disclosed by the combination of Metral in order to improve the robustness and number of operational locations of the invention by allowing the machine to operate partially offline allowing the invention to function in locations without internet access.

However, the combination of Metral and Tan fails to explicitly disclose:
wherein a public key certificate and a private key are stored on the mobile computing device; 
sending, by the transaction terminal using the NFC, a public key certificate request to the mobile computing device to retrieve the public key certificate; 
receiving, by the transaction terminal using the NFC, the public key certificate from the mobile computing device; 
using, by the transaction terminal, a locally stored credit authorization public key to retrieve a public key corresponding to the private key from the public key certificate;
receiving, by the transaction terminal using the NFC, a payment authorization encrypted by the private key based on asymmetric encryption from the mobile computing device; 
using, by the transaction terminal, the public key corresponding to the private key to verify the payment authorization;

However, in a similar field of endeavor, Sahota discloses:
wherein a public key certificate and a private key are stored on the mobile computing device (See Sahota: Para. [0029] – “The computer-readable storage medium of the user device 102 may further contain a device public key certificate 202, depicted in FIG. 2, and a device private key 502, depicted in FIG. 5.” – Sahota discloses a user device storing a public key certificate and a private key);

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to substitute the public key certificate and private key stored in the mobile device disclosed by Sahota for the credentials stored in the mobile device of the combination of Metral and Tan, in order to increase the overall security of the system by locally storing the public key certificate and private key rather than accessing them through a network.

However, the combination of Metral, Tan, and Sahota fails to disclose:sending, by the transaction terminal using the NFC, a public key certificate request to the mobile computing device to retrieve the public key certificate; 
receiving, by the transaction terminal using the NFC, the public key certificate from the mobile computing device; 
using, by the transaction terminal, a locally stored credit authorization public key to retrieve a public key corresponding to the private key from the public key certificate;
receiving, by the transaction terminal using the NFC, a payment authorization encrypted by the private key based on asymmetric encryption from the mobile computing device; 
using, by the transaction terminal, the public key corresponding to the private key to verify the payment authorization;

However, in a similar field of endeavor, Ono discloses:
sending, by the transaction terminal using the NFC, a public key certificate request to the mobile computing device to retrieve the public key certificate (See Ono: Para. [0099] – “The session control servers 101-1 and 101-2 receive issuance requests or registration requests for location registration requests and public key certificates from the respective communication devices 102-1 and 102-2, and store location registration information and public key certificates.” – Ono discloses the process of requesting and receiving a public key certificate) 
receiving, by the transaction terminal using the NFC, the public key certificate from the mobile computing device; (See Ono: Para. [0099] – “The session control servers 101-1 and 101-2 receive issuance requests or registration requests for location registration requests and public key certificates from the respective communication devices 102-1 and 102-2, and store location registration information and public key certificates.” – Ono discloses the process of requesting and receiving a public key certificate);

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the public key certificate request and transmission as disclosed by Ono to be included within the payment request and payment request response disclosed by the combination of Metral, Tan, and Sahota in order to increase the overall security of the system by leveraging an additional layer of encryption security.

However, the combination of Metral, Tan, Sahota, and Ono fails to explicitly disclose:
using, by the transaction terminal, a locally stored credit authorization public key to retrieve a public key corresponding to the private key from the public key certificate;
receiving, by the transaction terminal using the NFC, a payment authorization encrypted by the private key based on asymmetric encryption from the mobile computing device; 
using, by the transaction terminal, the public key corresponding to the private key to verify the payment authorization;

However, in a similar field of endeavor, Weston discloses:
using, by the transaction terminal, a locally stored credit authorization public key to retrieve a public key corresponding to the private key from the public key certificate (See Weston: Claim 6 – “decrypt the first session key using a first private key associated with the first public key certificate, the first private key stored locally and securely at the first secure payment module; store the session key locally and securely at the first secure payment module;” – Weston discloses the process of retrieving data from a public key certificate using a locally stored credential)

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to substitute the data retrieval from a public key certificate process of Weston for the information retrieval from a payment request as disclosed by the combination of  Metral, Tan, Sahota, and Ono in order to increase overall security by leveraging the obfuscation capabilities of the public key certificate.

However, the combination of Metral, Tan, Sahota, Ono, and Weston fails to explicitly disclose:
receiving, by the transaction terminal using the NFC, a payment authorization encrypted by the private key based on asymmetric encryption from the mobile computing device; 
using, by the transaction terminal, the public key corresponding to the private key to verify the payment authorization;

However, in a similar field of endeavor, Ahn discloses:
receiving, by the transaction terminal using the NFC, a payment authorization encrypted by the private key based on asymmetric encryption from the mobile computing device (See Ahn: Abstract – “receiving a payment request from the user terminal, receiving, from the user ; 
using, by the transaction terminal, the public key corresponding to the private key to verify the payment authorization (See Ahn: Abstract – “receiving a payment request from the user terminal, receiving, from the user terminal, electronic signature information that has been encrypted with a terminal private key of the pair of asymmetric keys and decrypting the electronic signature information using the stored terminal public key, is provided.”);

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to substitute the asymmetric private key encryption and public key validation as disclosed by Ahn for the verification process disclosed by the combination of Metral, Tan, Sahota, Ono, and Weston in order to improve the security of the system by ensuring that transmitted data has not been altered.

In regards to Claims 4, 11, and 18, the combination of Metral, Tan, Sahota, Ono, and Weston discloses:
The computer-implemented method of claim 1, further comprising sending the offline transaction log to a server to deduct the payment amount from the available balance of the user account based on the offline transaction log (See Tan: Para. [0045] – “The access devices may further be programmed to effect settlement for any such detected unsettled transactions, if the predetermined threshold condition has been met (eg. if a cumulative amount of change exceeds a predetermined threshold amount). The merchant terminal may therefore transmit the appropriately formatted transaction log to the back-end server as described above, to settle the unsettled transactions.”).

In regards to Claims 5, 12, and 19, the combination of Metral, Tan, Sahota, Ono, and Weston discloses:
The computer-implemented method of claim 1, wherein the offline payment request includes at least one of a payment account identifier, available balance of the payment account, a service entrance registration, or a service exit registration (See Metral: Para. [0083] – “At block 518, the computing device of the user provides the requested information encrypted using the public key to the NFC terminal when the merchant is trusted. In an example, a client machine 102A determines that terminal 192 is trusted. Client machine 102A then retrieves the information requested by terminal 192 and encrypts the requested information using the public key received for the associated merchant 190. Client machine 102A then provides the encrypted information to terminal 192, for example, to complete a mobile payment transaction or payment.” – The requested information includesat least a payment card number (See: Metral [0081])).

Claim 2, 9, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Metral, in view of Tan, in further view of Sahota, Ono, Weston, and Yang (US 20150254637 A1).

In regards to Claims 2, 9, and 16, the combination of Metral, Tan, Sahota, Ono, and Weston discloses the method of claim 1 but fails to explicitly disclose:
wherein the payment authorization includes the payment information encrypted by the private key and the TAC.

However, in a similar field of endeavor, Yang discloses:
wherein the payment authorization includes the payment information encrypted by the private key and the TAC (See Yang: Para. [0064] – “the payment card 22 generates a transaction authentication code (TAC) based on the to-be-authenticated data received from the mobile .

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to combine the TAC of Yang with the additional security information included in the payment authorization disclosed by the combination of Metral, Tan, Sahota, Ono, and Weston in order to increase the security of the system by including additional security measures through the use of a TAC.

Claim 3, 10, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Metral, in view of Tan, in further view of Sahota, Ono, Weston, and Rogers et al. (US 20140372743 A1).

In regards to Claim 3, 10, and 17, the combination of Metral, Tan, Sahota, Ono, Weston, and Yang discloses the method of claim 2 but fails to explicitly disclose:
wherein the private key is stored in an embedded secure element (eSE) of the mobile computing device and the TAC is generated based on the payment information and the offline payment request by using a TAC sub-key that is pre-generated and stored on the eSE.

However, in a similar field of endeavor, Rogers discloses:
wherein the private key is stored in an embedded secure element (eSE) of the mobile computing device and the TAC is generated based on the payment information and the offline payment request by using a TAC sub-key that is pre-generated and stored on the eSE (See Rogers: Para. [0066] – “In order to address the problem of another device attempting to spoof the identity, there may be an identity having a private key associated with it (e.g., embedded in a secure element) so that it is not possible for another device to impersonate that identity.”).

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date to substitute the embedded secure element private key storage of Rogers for the standard unencrypted private key data storage disclosed by the combination of Metral, Tan, Sahota, Ono, Weston, and Yang in order to increase the security of the system by ensuring spoofing of the device is much more difficult.

Claim 6, 13, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Metral, in view of Tan, in further view of Sahota, Ono, Weston, and Mobini (US 20150149365 A1).

In regards to Claims 6, 13, and 20, the combination of Metral, Tan, Sahota, Ono, and Weston discloses the method of claim 1 but fails to explicitly disclose:
wherein the payment information includes the payment amount and at least one of a date and time of the offline payment request, a service entrance registration, a service exit registration, or station information associated with the offline payment request.

However, in a similar field of endeavor, Mobini discloses:
wherein the payment information includes the payment amount and at least one of a date and time of the offline payment request, a service entrance registration, a service exit registration, or station information associated with the offline payment request (See Mobini: Para. [0179] – “the first merchant system stores the first transaction. For example, the first merchant system stores the date, time, the total amount for the first transaction, identifying information for the user, account information for the payment card, etc.”).

Mobini to record the time of transaction for the transaction disclosed by the combination of Metral, Tan, Sahota, Ono, and Weston in order to improve the security of the issue by providing an additional value for transaction verification ensuring that transactions are more likely to be legitimate based on time stamp analysis.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS K PHAN whose telephone number is (571)272-6748.  The examiner can normally be reached on M-F 8 am-5 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NICHOLAS K PHAN/Examiner, Art Unit 3685                                                                                                                                                                                                        
/JAY HUANG/Primary Examiner, Art Unit 3685