DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
	This office action responds to the amendments filed on January 13, 2021 for application 15/316,043.  Claims 1-8 and 11-15 were amended, claim was cancelled, and claims 1-8 and 11-15 remain pending in the application.
Response to Arguments
	The Applicant’s arguments filed on January 13, 2021 have been fully considered, and the Examiner responds as provided below.
	Regarding the Applicant’s response at pages 8-11 of the Remarks that concerns the § 103 rejection of claims 1 and 2, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to the pending claims 1 and 2 because the arguments do not apply to some of the references currently used in the rejection of the aforementioned claims as detailed below.  The Examiner notes, however, that with respect to what is displayed on the first or second terminals (e.g., a “cancel” button), such decisions would generally be obvious to one skilled in the art unless some aspect of security was improved (as opposed to it being a choice with no real reasoning for its selection).
	Regarding the Applicant’s response at page 11 of the Remarks that concerns the § 103 rejection of claims 3 and 4, the Applicant’s arguments in conjunction with the 
Regarding the Applicant’s response at pages 11-12 of the Remarks that concerns the § 103 rejection of claims 5-7, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to the pending claims 5-7 because the arguments do not apply to some of the references currently used in the rejection of the aforementioned claims as detailed below.
	Regarding the Applicant’s response at page 12 of the Remarks that concerns the § 103 rejection of claim 12, the Applicant’s argument is meritorious and may provide an avenue to capturing allowable subject matter.  However, claim 8 is currently rejected under § 112(b), and consequently the exact scope of the claim is currently indefinite.  Furthermore, the Applicant references a “blacklist” in their argument, but this blacklist is not claimed.  This inclusion of this element as a claim limitation may further advance prosecution.  
	Regarding the Applicant’s response at page 12 of the Remarks that concerns the § 103 rejection of claims 11-13, the Applicant again argues that the first terminal does not “know” about the content of the notice when transmitted to the second terminal.  The Applicant references a man-in-the-browser, but this limitation is not found within the claims.  The failure of the claims to capture the Applicant’s intent precipitated the § 
Claim Objections
Claim 1 is objected to because of the following informalities: “inputs” should read “input.”  The Examiner notes that the Applicant contacted the Examiner about this typographic error, and this objection is made as a reminder for the Applicant to amend claim 1 accordingly.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 2, and therefore claims 7 and 8 that depend upon claim 2, are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.  Although the Applicant cites paragraphs [0163] and [0172] as without any option to confirm the transaction request on the second screen,” the Examiner is having difficulty correlating the amendment to the specification.  First, it is unclear as to whether the paragraphs cited are of the filed specification or the published application US 2017/0126690.  Second, the exact language employed in the claim is not found in the specification (although this is not required, it certainly makes the new-matter determination easier).  Third, when relevant terms are highlighted (e.g., cancel, option, confirm, etc.), no relationship between the terms that would support the amendment emerges.  Fourth, none of the figures seem to support the amendment.  The closest the specification appears to supporting the amendment is Fig. 17 and ¶¶ [0173]-[0178] of the published application, and here the disclosure here indicates the cancellation option is presented with confirmation options.  This rejection may be overcome by citing the relevant paragraphs and figures and providing a concise explanation for how the disclosure supports the amendment.
Claims 11 and 12 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.  At page 8 of the remarks, the Applicant states, “Amendments for claims 11 and 12 clarify that the content of the notice is not known to the first terminal and the MITB attacker.”  The claims themselves state, “without being known to the first terminal.”  The Applicant 
Claim 13 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.  At page 8 of the remarks, the Applicant states, “Amendments for claim 13 are supported by, for example, [0063], [0093], and [0094].  These paragraphs in both the published and filed specification seemingly have no relation to the amendments.  In ¶ [0042] of the published specification, it states, “a method may be adopted in which the server 121 encodes the notice content to codes such as a ciphered character string, a one-dimensional code and a two-dimensional code, to display on the screen of the first terminal 141.”  (emphasis added).  This does not support the limitation of “the server ciphers the notice for the second terminal, generates a character string code, a one-dimensional code, or a two-dimensional code associated with the ciphered notice.” 
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 2, and therefore claims 7 and 8 that depend on claim 2, are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claims 1 and 2 in combination have two avenues for cancellation.  Claim 1 requires the user to input an answer to the first terminal, and the transaction is cancelled, as stated in claim 2, if the accepted answer and determined portion do not match each other.  Claim 2 involves a cancellation button that is displayed on the second unit, but in view of claim 1 that requires an input from the user, selecting the cancellation button seems contradictory (i.e., why input an answer in the first unit if the cancellation option will be selected?)  Or viewed alternatively, it appears claim 2 can cancel the transaction twice, but one cannot cancel a transaction twice – once it’s cancelled, it’s cancelled.  This rejection can be overcome by amending the claims to make clear that selecting the cancelation button is an alternative to inputting the answer into the first unit, or providing an explanation as to why the Examiner’s interpretation of claims 1 and 2 is incorrect.

Claims 11, 12 and 13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  The limitation at issue is “without being known to the first terminal.”  The claims are indefinite because a terminal cannot “know” something, and to the extent the Applicant is attempting to be their own lexicographer, “known” is seemingly not defined within the specification.  In the remarks, the Applicant suggests it is the man-in-the-browser who doesn’t know about the notice.  Thus, one possibility for overcoming the rejection is to amend the claims to state it is the authenticated user, as defined in claim 1, who is without knowledge of the notice. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)
A.	Claims 1-2, 12, and 14-15  are rejected under 35 U.S.C. 103 as being unpatentable over Skinner et al. (US 2013/0166449, “Skinner”) in view of Forget et al. (US 2016/0134424, “Forget”) and Niejadlik et al. (US 2010/0312645, “Niejadlik”), and further in view of Bender et al. (US 2014/0223185, “Bender”) and Alzomai et al. (Display Security for Online Transactions: SMS-Based Authentication Scheme, “Alzomai”).
Regarding Claim 1
Skinner discloses
A transaction system (Fig. 1, ¶¶ [0015]-[0018]) comprising a server (Fig. 1, ¶ [0017], the “server 104”), a first terminal (Fig. 1, ¶ [0016], i.e., the “first unit 102”), and a second terminal (Fig. 1, ¶ [0018], i.e., the “second unit 106”), 
wherein the server authenticates a user sending a login request to the server through the first terminal (¶ [0016], “The first unit 102 allows a user 108 to provide identification information such as a password and/or personal identification number to the server 104 to facilitate user authentication”), 
the first terminal obtains destination account information which is input by the authenticated user to the first terminal, (Fig. 4, ¶ [0023], “Referring also to FIG. 4, in the example where the user using the first unit 102 wishes to transfer money from their savings account to another entity and different account number in the amount of $125,000, this transaction information 136 a is entered/selected by the user via the web browser and …”), and 
sends a transaction request of transfer remittance from the authenticated user to a destination account associated with the obtained destination account information (Fig. 4, ¶ [0023], “… and provided by the first unit to the server 104 so that the server can begin processing the transaction.”), 
the server receives the transaction request from the first terminal,…1 (Fig. 4, ¶ [0023], “… and provided by the first unit to the server 104 so that the server can begin processing the transaction.”), 
said portion containing at least one part of the destination account information (Fig. 4, ¶ [0023], i.e., the account for “AnyCorp” that follows “To Account:”), 
2 …, 
the second terminal receives the transmitted notice from the server (¶ [0023], i.e., “The server 104 then sends the same transaction information 136 a to the second unit 106”), and 
displays, on a second screen of the second terminal, the details specified in the received notice (¶ [0024], i.e., “This transaction information (TI) ... 136 a ... are then provided through a user interface [comprising a second screen] to a user of the second unit.”), 
3 …, and 
4 …, and 
5 …, and 
6 ….
Skinner doesn’t disclose
1 …, determines randomly a portion of the transaction request,
2 generates a notice specifying details of the transaction request, said details comprising letters, with said determined portion hidden by replacing said determined portion with at least one symbol, and transmits the generated notice to the second terminal,
3 the first terminal prompts the authenticated user to compare the destination account information which is input by the authenticated user to the first terminal with the displayed details on the second screen, and 
4 inputs to the first terminal an answer that supplements the hidden portion in the displayed details, 
5 the server accepts the input answer from the first terminal, and
6 determines whether the transaction request is confirmed by the authenticated user based on whether the accepted answer and the determined portion match each other.
Forget, however, discloses
1 …, determines randomly a portion of the transaction request (Fig. 1b, ¶¶ [0103]-[0105], “Thus, at step S108, a derived version M′ of the message is created. M′ may be the whole of the message M or may be created from extracts of the information within the message M. Thus, for the example of FIG. 1 b, the highlighted fields 11 may be used to form M′.”  Since no apparent reason exists for why the “highlighted fields 11” within the depicted purchase order are selected, they are determine[d] randomly, with the “derived version M’” comprising a portion of the transaction request),
2 generates a notice specifying details of the transaction request, said details comprising letters,…a (Fig. 1b, ¶¶ [0103]-[0105], “Thus, at step S108, a derived version M′ of the message is created. M′ [that provides notice specifying details of the transaction request] may be the whole of the message M or may be created from extracts of the information within the message M.  Thus, for the example of FIG. 1 b, the highlighted fields 11 [that may be used to form M′.”), and transmits the generated notice to the second terminal (¶ [0104], “this is achieved by sending the message (or parts of it) to the Validation Device,” where the “Validation Device” of Forget is analogous to the “second unit 106” of Skinner),
Niejadlik, however, discloses
	a …, with said determined portion (of Forget) hidden by replacing said determined portion with at least one symbol (Fig. 20, ¶¶ [0175]-[0176], “To improve ,
6 determines whether the transaction request is confirmed by the authenticated user based on whether the accepted answer and the determined portion match each other (Fig. 20, ¶¶ [0175]-[0176], “the server (113) matches the portion obtained from the interchange (101) and the portion obtained from the user via the entry box (223) to determine whether to accept the request”).
Alzomai, however, discloses
3 the first terminal prompts the authenticated user to compare the destination account information which is input by the authenticated user to the first terminal with the displayed details on the second screen (Table 2 and Figs. 2-3, pages 4-5 of the pdf document, “Step 10” in Table 2 requests the user to make a compar[ison] to the input data of the transaction on the first terminal and the output data of the transaction on the second terminal, where the prompt on the first terminal comprises the “confirm,” “modify,” and “cancel” buttions; see also Bender below for the use of the first terminal to input … an answer), and
Bender, however, discloses
	4 inputs to the first terminal an answer that supplements the hidden portion (of Niejadlik) in the displayed details (Fig. 5, ¶ [0078], “At step 146, the user enters the user verification code [as an answer] into the webpage on the first user device 20,” noting that the “verification code” corresponds to the input of the hidden characters of the transaction that is input as an answer, i.e., the hidden portion that is deduced by the user acts as a “verification code” as disclosed by Bender; thus, inputting the “verification code” serves to supplement the hidden portion as disclosed by Niejadlik; and the first terminal within Bender overlaps with the first terminal as disclosed by Alzomai that includes a “confirm button” to submit the “verification code” that acts as an input … answer),
5 the server accepts the input answer from the first terminal (Fig. 5, ¶ [0078]), and
	Regarding the combination of Skinner and Forget, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the transaction-verification system of Skinner to have included the feature message extraction feature of Forget. One of ordinary skill in the art would have been motivated to incorporate the message extraction feature of Forget because 
	Regarding the combination of Skinner-Forget and Niejadlik, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the transaction-verification system of Skinner to have included the character security feature of Niejadlik.  One of ordinary skill in the art would have been motivated to incorporate the character hiding feature of Niejadlik because Niejadlik teaches that hiding characters and then requesting the user to input them as an authentication step is done “[t]o improve security.”  See Niejadlik at ¶ [0175].  
	Regarding the combination of Skinner-Forget-Niejadlik and Bender, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the transaction-verification system of Skinner to have included the transaction verification feature of Bender. One of ordinary skill in the art would have been motivated to incorporate the transaction verification feature of Bender because Bender teaches that such a technique “addresses the “man in the browser” attack,” see Bender ¶ [0022], thereby improving the security associated with a transaction. 
Regarding the combination of Skinner-Forget-Niejadlik-Bender and Alzomai, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified transaction-verification system of Skinner to have included the prompting feature of Alzomai. One of ordinary skill in the art would 
Regarding Claim 2
Skinner in view of Forget and Niejadlik, and further in view of Alzomai and Bender (“Skinner-Forget-Niejadlik-Alzomai-Bender”) discloses the transaction system according to claim 1, and Alzomai further discloses
wherein the second terminal displays a cancellation option with the details and without any option to confirm the transaction request on the second screen (Table 2, Figs. 3-4, p. 5, i.e., after the personal digital assistant (PDA) captures the transaction image on the first terminal screen, the “PDA compares the transaction data from photo and from server” (step 8), and then the “PDA signals the success/failure of the comparison to the user (step 9); noting that a “cancel” button is shown in Fig. 3, it would be obvious to one skilled in the art to show a “cancel” button without any option to confirm the transaction request on the second screen of the PDA for convenience once the PDA has determined a “failure” to match the photo and server data, as it would make no sense to also have a “confirm” button on the PDA under such circumstances; See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the , 
wherein when the displayed cancellation option is selected in the second terminal, the server cancels the transaction request (Table 2, Figs. 3-4, p. 5, i.e., selecting the “cancel” button as shown in Fig. 3 leads to cancel[ling] the transaction), and 
Niejadlik further discloses
wherein when the accepted answer and the determined portion contradict, the server cancels the transaction request (¶¶ [0175]-[0176], “the server (113) matches the portion obtained from the interchange (101) and the portion obtained from the user via the entry box (223) to determine whether to accept the request,” i.e., if not “accept[ed],” it cancels the transaction request).
Regarding the rationale to combine Alzomai and Skinner, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the transaction-verification system of Skinner to have included the cancellation feature of Alzomai. Under the doctrine of obviousness established by KSR, see MPEP § 2141(III), it would be “obvious to try” to implement the cancellation button on a second unit in addition to the first unit, as their only two possibilities for submitting a desire to cancel a transaction.  Alzomai discloses a cancellation button on the first terminal, and it is obvious to one skilled in the art to feature the cancellation button on the first or second terminal or on both terminals (as a matter of convenience).

Regarding Claim 12
Skinner-Forget-Niejadlik-Bender discloses the transaction system according to claim 1, and Skinner further discloses 
wherein the server pushes the notice to the second terminal (¶ [0022], i.e., “the second unit 106 receives a transaction confirmation request for the transaction and transaction information 136 from the server 104 via a back channel…,” which means that server initiates, or “pushes,” the notice to the second terminal as the second terminal would have no way of recognizing a notice was awaiting to be transferred from the server to itself), and 
the notice is thereby transmitted to the second terminal from the server (¶ [0022]) without being known to the first terminal (noting the § 112(b) rejection concerning the limitation of “known,” it would be obvious to one skilled in the art for the first terminal to “know” about the transmission of the notice; see MPEP § 2141(III)). 
Regarding Claims 14 and 15
With respect to independent claims 14 and 15, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of 
B.	Claims 3 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Skinner in view of Forget, Niejadlik, Bender, and Alzomai, and further in view of Carlson et al. (US 2013/0160098, “Carlson”) and Utsch et al. (US 2009/0047928, “Utsch”).
Regarding Claim 3
Skinner-Forget-Niejadlik-Alzomai-Bender discloses the transaction system according to claim 1, and Skinner further discloses  
wherein the server…1 (Fig. 1, ¶ [0017])
2 …,
3 …, 
4 …, and 
5 …, 
6 ….
Bender further discloses
4 wherein the first terminal prompts the user to input, to the first terminal, any of the respective confirmation codes (of Carlson/Utsch) displayed on the second screen (Fig. 5, ¶ [0078], “At step 146, the user enters the user verification code [as the respective confirmation code[]] into the webpage on the first user device 20”),
5 wherein when the input confirmation code (of Carlson/Utsch) as the input answer by the user to the first terminal is related to the correct answer (Fig. 5, ¶ [0078], the correct answer, which serves as an obvious underpinning for the approval of the transaction)
Niejadlik further discloses
6 the server determines that the request is confirmed by the authenticated user (Fig. 20, ¶¶ [0175]-[0176], “the server (113) matches the portion obtained from the interchange (101) and the portion obtained from the user via the entry box (223) to determine whether to accept the request”)
Skinner-Forget-Niejadlik-Alzomai-Bender doesn’t disclose
1 generates multiple answers including a correct answer that matches with the determined portion, and at least one incorrect answer that contradicts the determined portion, 
2 generates respective confirmation codes related to the multiple answers, and includes the generated multiple answers and respective confirmation codes into the generated notice, 
3 wherein the second terminal displays a message containing the multiple answers and respective confirmation codes included in the received notice,
Carlson, however, discloses
	1 generates multiple answers including a correct answer that matches with the determined portion, and at least one incorrect answer that contradicts the determined portion (Fig. 8C, ¶ [0139], “…the challenge question 810C is ‘what are the last four digits of the user's account number.’ The challenge message 820C includes a challenge item (‘3528’) as well as seven false challenges [or incorrect answer[s]] that are ,
Utsch, however, discloses
2 generates respective confirmation codes related to the multiple answers (Fig. 3, ¶¶ [0027]-[0030], e.g., the “3” is a respective confirmation code[] related to the [single] answer[] of “pink”), and includes the generated multiple answers and respective confirmation codes into the generated notice (Fig. 3, i.e., the illustrated screen shot comprises a generated notice that corresponds to the generated notice as disclosed by Forget),
3 wherein the second terminal displays a message containing the multiple answers and respective confirmation codes included in the received notice (Figs. 1 & 3, i.e., the mobile device pictured in Fig. 1 with the message shown in Fig. 3, where the mobile device acts as the second terminal (as similarly disclosed in Skinner)),
Regarding the combination of Skinner and Bender, the rationale to combine Skinner and Bender is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 3.
Regarding the combination of Skinner and Niejadlik, the rationale to combine Skinner and Niejadlik is the same as provided for claim 2 due to the overlapping subject matter between claims 2 and 3 (i.e., the complementary relationship between canceling and confirming a transaction).
Regarding the combination of Skinner-Forget-Niejadlik-Alzomai-Bender and Carlson, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the transaction-verification 
Regarding the combination of Skinner-Forget-Niejadlik-Alzomai-Bender-Carlson and Utsch, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the transaction-verification system of Skinner-Forget-Niejadlik-Alzomai-Bender-Carlson to have included the confirmation-code feature of Utsch. One of ordinary skill in the art would have been motivated to incorporate the confirmation-code feature of Utsch because Utsch teaches that “[t]he user only needs to send a reply message with the integer corresponding to his/her choice in the body of the message, increasing ease of use by limiting typing by the user to one keystroke,” see Utsch ¶ [0008], which has served as the basis of multiple-choice tests for a significant period of time (i.e., the confirmation code of claim 3 is merely adopting the approach of a multiple choice examination).
Regarding Independent Claim 4
With respect to independent claim 4, a corresponding reasoning as given earlier for claims 1 and 3 applies, mutatis mutandis, to the subject matter of claim 4.  Claim 4 is a combination of claims 1 and 3, except that claim 4 is narrower than claim 1 because claim 4 doesn’t claim the determination of random portions.  Thus, claim 4 is rejected, for similar reasons, under the grounds set forth for claims 1 and 3. 
C.	Claims 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Skinner in view of Forget, Niejadlik, Bender, Alzomai, Carlson, and Utsch and further in view of Kwok et al. (US 6,829,711, “Kwok”).
Regarding Claim 5
Skinner-Forget-Niejadlik-Alzomai-Bender-Carlson-Utsch discloses the transaction system according to any one of claims 3 or 4, and Carlson further discloses
wherein the at least one incorrect answer…1 (Fig. 8C, ¶ [0139])
Skinner-Forget-Niejadlik-Alzomai-Bender-Carlson-Utsch doesn’t disclose
1 …is formed by randomly replacing letters in the correct answer.
Kwok, however, discloses
1 …is formed by randomly replacing letters in the correct answer (Col. 1:15-51, “Before the data is encrypted, the data is often [randomly] scrambled or rearranged for further security,” further noting that replacing letters is an old technique within the computer arts, as suggested by publication date of Kwok).
Regarding the combination of Skinner and Carlson, the rationale to combine is the same as provided for claim 3 due to the overlapping subject matter between claims 3 and 5.
Regarding the combination of Skinner-Forget-Niejadlik-Alzomai-Bender-Carlson-Utsch and Kwok, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified transaction-verification system of Skinner-Forget-Niejadlik-Alzomai-Bender-Carlson-Utsch to have included the scrambling feature of Kwok. One of ordinary skill in the art would have been motivated 
Regarding Claim 6
Skinner-Forget-Niejadlik-Alzomai-Bender-Carlson-Utsch-Kwok discloses the transaction system according to claim 5, and Utsch further discloses
wherein the respective confirmation codes are configured from a predefined set of letters which are easier to input to the first terminal (of Skinner/Bender) than the multiple answers (Fig. 3, ¶¶ [0027]-[0030], i.e., the numbers 1-5 shown on the mobile device, which act as confirmation codes, are easier to input to the first terminal than retyping the characters of the multiple answers as shown on the mobile device).
Regarding the combination of Skinner and Utsch, the rationale to combine is the same as provided for claim 3 due to the overlapping subject matter between claims 3 and 6.
D.	Claims 7 is rejected under 35 U.S.C. 103 as being unpatentable over Skinner in view of Forget, Niejadlik, Alzomai and Bender, and further in view of Collins et al. (US 2008/0288384, “Collins”).
Regarding Claim 7
Skinner-Forget-Niejadlik-Alzomai-Bender discloses the transaction system according to claim 2, and Alzomai further discloses
wherein when the cancellation option is selected in the second terminal,…1 (Table 2, Figs. 3-4, p. 5) 
Skinner-Forget-Niejadlik-Alzomai-Bender doesn’t disclose
1 …the server notifies an administrator of the cancelled transaction request.
Collins, however, discloses
1 …the server notifies an administrator of the cancelled transaction request (Fig. 4 and ¶ [0022], i.e., Collins notifies a  credit card holder, who acts as an “administrator” of their account, in preventing fraud of a potentially fraudulent financial event).
Regarding the combination of Skinner and Alzomai, the rationale to combine for claim 7 is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 7.
Regarding the combination of Skinner-Forget-Niejadlik-Alzomai-Bender and Collins, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the financial verification system of Skinner-Forget-Niejadlik-Alzomai-Bender to have included the event notification system of Collins.  One of ordinary skill in the art would have been motivated to incorporate the event notification system of Collins because “delays [in addressing fraudulent events without event notification] can result in a greater degree of illegal activity and financial loss (see Collins ¶ [0003]).
E.	Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Skinner in view of Forget, Niejadlik, Alzomai and Bender, and further in view of Collins.
Regarding Claim 11
Skinner-Forget-Niejadlik-Alzomai-Bender disclose the transaction system according to claim 1, and Skinner further discloses
	wherein the server …1 (Fig. 1, ¶ [0017]), and 
.  
Skinner-Forget-Niejadlik-Bender doesn’t disclose
1 wherein the server transmits the notice to the second terminal by e-mail, and 
the notice is thereby transmitted from the server to the second terminal without being known to the first terminal.
Collins, however, discloses
1 …transmits the notice to the second terminal by e-mail (¶¶ [0005]-[0006], [0022], i.e., a notification of a transaction is e-mailed to the user), and 
the notice is thereby transmitted from the server to the second terminal (¶¶ [0005]-[0006], [0022], i.e., this second limitation in the claim is merely restating a result of the above first limitation in the claim) without being known to the first terminal (noting the § 112(b) rejection concerning the limitation of “known,” it would be obvious to one skilled in the art for the first terminal to “know” about the transmission of the notice; see MPEP § 2141(III))
Regarding the combination of Skinner-Forget-Niejadlik-Alzomai-Bender and Collins, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the financial verification system of Skinner-Forget-Niejadlik-Alzomai-Bender to have included the event notification system of Collins.  One of ordinary skill in the art would have been motivated to incorporate the event notification system of Collins because “delays [in addressing fraudulent events without event notification] can result in a greater degree of illegal activity and financial loss (see Collins ¶ [0003]).
F.	Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Skinner in view of Forget, Niejadlik, Alzomai, and Bender, and further in view of Lyons et al. (US 2013/0179336, “Lyons”).
Regarding Claim 13 
Skinner-Forget-Niejadlik-Alzomai-Bender discloses the transaction system according to any one of claims 1 or 4, but Skinner-Forget-Niejadlik-Alzomai-Bender doesn’t disclose 3App. No. 15/316,043Patent Response to Office Action0815883.00041 
wherein the server…1(Fig. 1, ¶ [0017])
Forget further discloses
a … ciphers the notice for the second terminal (¶ [0041], “For example, said validation challenge may be generated by symmetric encryption…,” i.e., the cipher[ing] is achieved by the use of asymmetric or symmetric keys)
b …, deciphers the notice from the captured code,…(¶ [0041], i.e., the deciphering is achieved through the use of a symmetric key shared between the parties an asymmetric key pair)
Skinner-Forget-Niejadlik-Alzomai-Bender doesn’t disclose
1 …a, generates a character string code, a one-dimensional code, or a two-dimensional code associated with the ciphered notice, and 
presents the character string code, the one-dimensional code or the two-dimensional code to the user through a first screen of the first terminal, and 
wherein the second terminal captures the character string code, the one-dimensional code, or the two-dimensional code from the first screen, deciphers the notice from the captured code, and 
the notice is thereby transmitted to the second terminal from the server without being known to the first terminal.
Lyons, however, discloses
1 …a, generates a character string code, a one-dimensional code, or a two-dimensional code associated with the ciphered notice (Fig. 4 and ¶¶ [0047], [0081]-[0082], i.e., transaction details may be received and stored by the pay code server 50, with the transaction data that is ultimately converted into a pay code that may be a matrix barcode (or two-dimensional code), with the notice ciphered according to Forget) and 
presents the character string code, the one-dimensional code or the two-dimensional code to the user through a first screen of the first terminal (Fig. 4 and ¶ [0081], i.e., As an example, a consumer may use a payer device 10A (or other computing platform), and from Fig. 4, the QRCode Data 410 is displayed on the eCommerce Website, where the eCommerce Website is on a other computing platform and different from the payer device 10A), and 
wherein the second terminal captures the character string code, the one-dimensional code, or the two-dimensional code from the first screen,…b (Fig. 4 and ¶¶ [0082], [0083] where payer device 10A may scan the pay code and the payer device 10A may optionally display the (e.g., present) the transaction details), and 
the notice is thereby transmitted to the second terminal from the server (Fig. 4 and ¶¶ [0082], [0083], i.e., the limitation merely restates the result of the previous limitation) without being known to the first terminal (noting the § 112(b) rejection . 
Lyons, however, doesn’t disclose
	… the server generates…
Lyons, however, discloses
… the server sends as the notice …
	Regarding the combination of Skinner and Forget, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the transaction-verification system of Skinner to have included the encryption feature of Forget. One of ordinary skill in the art would have been motivated to incorporate the encryption feature of Forget because Forget teaches that the use of the ”challenge is preferably generated…[through a] shared secret,” see ¶ [0041], with the shared secret involving encryption keys providing an additional layer of security. 
Regarding the combination of Skinner-Forget-Niejadlik-Alzomai-Bender and Lyons, Lyons is analogous art, as both Skinner and Lyons address secure financial transactions, and the problem within Lyons of securely transmitting transaction information through codes is reasonably pertinent to the problem within Skinner of creating a secure financial system with transaction verification. 
First, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the financial verification system of Skinner-Niejadlik-Hedgcoth to have included transaction coding system of Lyons.  One of ordinary skill in the art would have been motivated to incorporate the 
Second, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have the server generate the two-dimensional code as opposed to the eCommerce Website (see Fig. 4).  KSR establishes that a rationale for obviousness is proven by a showing of a “simple substitution of one known element for another to obtain predicable results.” See MPEP § 2143(I)(B).
Here: 1) Lyons differs from the claimed invention by the substitution of an element, and more specifically the claimed invention has a server generate a two-dimensional code while Lyons has the eCommerce Webstie generate the two-dimensional code; 2) servers were known to be able to generate two-dimensional codes in the prior art; 3) one of ordinary skill in the art could substitute a server for the eCommerce Website for generating the two-dimensional code, and the result would have been predictable.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405.  The examiner can normally be reached on Monday-Friday 8:00-5:00 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491