DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims


Claims 1-20 are presented for examination. Applicant filed a response to a non-final Office action on 01/11/2021 amending claims 1, 4, 8, 12, and 14. In light of Applicant’s amendments and arguments, Examiner withdraws the § 112(b) rejection of claims 4-5, 8, and 12-15; § 101 rejection of claims 1-20; and § 103 rejection of claims 1-20. Examiner has, however, established new § 101 rejection for claims 1-20 and new § 103 rejection for claims 1-20 in the instant Office action. 
 
Response to Arguments


§ 101 rejection: Applicant argues that instant claims are patent eligible under § 101 because: (1) Step 2A – Prong 1: “Applicant respectfully submits that at least these limitations cannot be examples of methods of organizing human activity at least because these limitations involve interaction between devices such as a server system associated with a payment network, a customer device, and a merchant device. Further, the interaction an inventive concept can be found in the non-conventional and non-generic arrangement of known, conventional pieces." (emphasis added). In the present Application, the inventive concept is found at least because the present Application provides "a technique that will make interception of POS related data from the terminal's data traffic difficult, thereby preventing and mitigating frauds." (Application, paragraph 0006, emphasis added). In particular, by eliminating the need for the customer device to exchange cardholder data with the merchant device and by ensuring that the merchant device provides a merchant defined transaction code, fraud with cardholder data is prevented by the present Application.” (Applicant’s Remarks: pages 14-15). Examiner respectfully disagrees.
(1) Step 2A – Prong 1: Apart from additional elements discussed separately below, limitations “facilitating the payment transaction upon receipt of the merchant defined transaction code from the merchant” (claims 1 and 10), and “displaying a machine-readable code for a customer to scan the machine-readable code using an application present in a customer device, the machine-readable code comprising information corresponding to a merchant and a dynamic token, the machine-readable code being valid for a pre-defined duration” (claim 17) under a broadest reasonable interpretation, recite steps focused on “commercial or business or transactional activities/interactions,”  or on a fundamental economic activity, or both. According to the 2019 Guidance, certain methods of organizing human activity that qualify as abstract ideas may include claims that relate to “fundamental economic principles or practices” and “commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations).”
(2) Step 2A – Prong 2: The Examiner disagrees with Applicant’s argument that the present claims an improvement to a field of technology. In this case, the Examiner concludes that the present claims do not recite an improvement to technology, but rather are improvements to a business or financial problem.
(3) Step 2B: The Federal Circuit Court, in Electric Power Group, distinguished the claims at issue from the claims in DDR Holdings explaining: “The claims at issue here do not require an arguable inventive device or technique for displaying information, unlike the claims at issue in DDR Holdings.” (10). Similarly here, the instant claims 1-20 do not require an arguable inventive device or technique for displaying information and, thus, they are distinguishable from DDR Holdings.” Therefore, the instant claims 1-20 are not patent eligible under 35 U.S.C. § 101in view of DDR Holdings.  

Further, the Federal Circuit Court, in Electric Power Group, distinguished the claims at issue from the claims in Bascom explaining: “Nor do the claims here require an arguably inventive distribution of functionality within a network, thus distinguishing the claims at issue from those in Bascom …The claims in this case specify what information in the power-grid field it is desirable to gather, analyze, and display, including in “real time”: but they do not include any requirement for performing the claimed functions of gathering, analyzing, and displaying in real time by use of anything but entirely conventional, generic technology.” (10-11). Similarly here, the instant claims 1-20 focus on gathering and displaying information, but do not use anything besides entirely conventional, generic technology in doing so. While the Federal Circuit Court in Bascom found non-conventional and non-generic arrangement of the additional elements, no such non-conventional and non-generic arrangement of the additional elements is present with the instant claims. Thus, instant claims 1-20 are not patentable under 35 U.S.C. § 101 in view of Bascom.      

§ 103 rejection: Examiner has carefully considered Applicant’s arguments directed to the previous § 103 rejection, but they are moot in view of new § 103 rejection Examiner has established for claims 1-20 in the instant Office action.    

Claim Rejections - 35 USC § 101





35 U.S.C. § 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 USC § 101 because they are directed to non-statutory subject matter. The rationale for this finding is explained below.  







The Supreme Court in Mayo laid out a framework for determining whether an applicant is seeking to patent a judicial exception itself or a patent-eligible application of the judicial exception. See Alice Corp., 134 S. Ct. at 2355,110 USPQ2d at 1981 (citing Mayo, 566 U.S. 66, 101 USPQ2d 1961). This framework, which is referred to as the Mayo test or the Alice/Mayo test (“the test”), is described in detail in Manual of Patent Examining Procedure (”MPEP”) (see MPEP § 2106(III) for further guidance). The step 1 of the test: It need to be determined whether the claims are directed to a patent eligible (i.e., statutory) subject matter under 35 USC § 101. Step 2A of the test: If the claims are found to be directed to a statutory subject matter, the next step is to determine whether the claims are directed to a judicial exception i.e., law of nature, natural phenomenon, and abstract idea (Prong 1). If the claims are found to be directed to an abstract idea, it needs to be determined whether the claims recite additional elements that integrate the judicial exception into a practical application (Prong 2). Step 2B of the test: If the claims are directed to a judicial exception, the next and final step is to determine whether the claims recite additional elements that amount to significantly more than the judicial exception.

Step 1 of the Test: 
When considering subject matter eligibility under 35 USC § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. Here, the claimed invention of claims 1-9 is a series of steps, which is method (i.e., a process) and, thus, one of the statutory categories of invention. Further, the claimed invention of claims 10-20 is a system, which is also one of the statutory categories of invention. 
Conclusion of Step 1 Analysis: Therefore, claims 1-20 are statutory under 35 USC § 101 in view of step 1 of the test.

Step 2A of the Test: 
Prong 1: Claims 1-20, however, recite an abstract idea of facilitating a payment transaction. The creation of facilitating a payment transaction, as recited in the independent claims 1, 10, and 17, belongs to certain methods of organizing human activity (i.e., commercial interactions – the instant claims describe a method and a system for facilitating a payment between a merchant and a customer) that are found by the courts to be abstract ideas. The limitations in independent claims 1, 10, and 17, which set forth or describe the recited abstract idea, are: “facilitating the payment transaction upon receipt of the merchant defined transaction code from the merchant” (claims 1 and 10), and “displaying a machine-readable code for a customer to scan the machine-readable code using an application present in a customer device, the machine-readable code comprising information corresponding to a merchant and a dynamic token, the machine-readable code being valid for a pre-defined duration” (claim 17) steps. 
Prong 2: In addition to abstract steps recited above in Prong 1, independent claims 1, 10, and 17, recite additional limitations: “a server system associated with a payment network” (claim 1), “a server system comprising a memory comprising: stored instructions and a processor configured to execute the stored instruction” (claim 10), “a customer device” (claims 1 and 10), “a merchant device” (claims 1 and 10), “a merchant terminal comprising: a memory comprising stored instructions and a processor executing the stored instructions” (claim 17), and “a payment network” (claim 17). These additional elements are recited at a high level of generality (i.e., as a generic processor performing a generic computer function of ranking information based on a determined amount of use) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Further, the combination of these additional elements is no more than mere instructions to apply the exception using a generic device. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Further, “receiving a machine-readable code comprising at least information corresponding to a merchant and a dynamic token representative of a certificate associated with a public key, the machine-readable code being valid for a pre-defined duration” (claim 1), “receiving a machine-readable code comprising at least information corresponding to a merchant and a dynamic token, the machine-readable code being valid for a pre-defined duration” (claim 10), “receiving a merchant defined transaction code from the merchant in response to receipt of the notification at the merchant, the merchant defined transaction code indicating a nature of the payment transaction” (claims 1 and 10), “displaying a machine-readable code for a customer to scan the machine-readable code using an application present in a customer device, the machine-readable code comprising information corresponding to a merchant and a dynamic token, the machine-readable code being valid for a pre-defined duration; receiving a notification associated with the machine-readable code from a server system associated with a payment network, wherein the server system sends the notification in response to receipt of the machine-readable code at the server system from the customer device upon scanning the machine-readable code by the customer device” (claim 17), and “receiving from an agent associated with the merchant, a merchant defined transaction code indicating a nature of a payment transaction intended at the merchant terminal” (claim 17) limitations recite insignificant extra solution activity (for example, data gathering). These additional limitations of independent claims 1, 10, and 17, here do not render improvements to the functioning of a computer or to any other technology or technical field (see MPEP § 2106.05(a)), nor do they integrate the abstract idea into a practical application under MPEP § 2106.05(b) (particular machine); MPEP § 2106.05(c) (particular transformations); or MPEP § 2106.05(e) (other meaningful limitations).  
Conclusion of Step 2A Analysis: Therefore, independent claims 1, 10, and 17, are non-statutory under 35 USC § 101 in view of step 2A of the test. 	










Step 2B of the Test: The additional elements of independent claims 1, 10, and 17, (see above in Step 2A – Prong 2) are well-understood, routine, and conventional elements that amount to no more than implementing the abstract idea with a computerized system. The Applicant’s Specification describes these additional elements in following terms:
[0132] FIG. 11 is a simplified block diagram of a server system 1080 used for facilitating a payment transaction at a POS terminal, in accordance with one embodiment of the present disclosure. Examples of the server system 1100 include, but are not limited to, the acquirer server 116, the payment server 118 and the issuer server 114 illustrated in FIG. 2. The server system 1100 includes a computer system 1105 and a database 1108. 

[0133] The computer system 1105 includes at least one processor 1115 for executing instructions. Instructions may be stored in, for example, but not limited to, a memory 1120. The processor 1115 may include one or more processing units (e.g., in a multi-core configuration). 

[0134] The processor 1115 is operatively coupled to a communication interface 1125 such that computer system 1105 is capable of communicating with a remote device 1135 (such as the merchant device 112, the POS terminal 104 and/or the customer device 106) or communicating with any entity within the payment network 120. For example, the communication interface 1125 may receive the payment transaction request, where the payment transaction request is generated in response to purchase of products by a customer and scanning of the products at a checkout counter by an agent. 

[0135] The processor 1115 may also be operatively coupled to the database 1108. The database 1108 is any computer-operated hardware suitable for storing and/or retrieving data, such as, but not limited to, transaction data generated as part of sales activities conducted over the bankcard network including data relating to merchants, account holders or customers, and purchases. The database 1108 may also store information related to a plurality of user's issuer accounts. Each issuer account data includes at least one of a cardholder name, a cardholder address, an account number, MPIN, and other account identifier. The database 1108 may also store information of a plurality of merchants. The database 1108 may also store information associated with a regulatory body of issuers and regulations defined the regulatory body for carrying out payment transactions. The regulations may include rules of verifying/authenticating a user/card holder (such as the customer 102) initiating a payment transaction. The database 1108 may also include instructions for settling transactions including merchant bank account information. The database 1108 may include multiple storage units such as hard disks and/or solid-state disks in a redundant array of inexpensive disks (RAID) configuration. The database 1108 may include a storage area network (SAN) and/or a network attached storage (NAS) system. 

[0151] FIG. 13 is a simplified block diagram of a merchant device 1300 used for payment transactions, in accordance with one embodiment of the present disclosure. The merchant device 1300 as explained herein is only one example of the merchant device 112. In various embodiments, the merchant device 112 can be a merchant mobile phone, a kiosk, a PDA, a merchant facilitated e-commerce website interface running on a computing device and the like. The merchant device 1300 includes at least one processor 1305 communicably coupled to a memory 1310, an Input/Output (I/O) interface 1315, a communication interface 1320 and a memory 1325. The merchant device 1300 further comprises a merchant unique code database 1335 and a transaction records database 1340. The components of the merchant device 1300 provided herein may not be exhaustive, and that the merchant device 1300 may include more or fewer components than that of depicted in FIG. 13. Further, two or more components may be embodied in one single component, and/or one component may be configured using multiple sub-components to achieve the desired functionalities. Some components of the merchant device 1300 may be configured using hardware elements, software elements, firmware elements and/or a combination thereof.
 
This is a description of general-purpose computing system performing its routine functions. Further, the additional elements of sending and receiving were considered insignificant extra-solution activity in Step 2A, Prong 2. Re-evaluating here in Step 2B, they are also determined to be well-understood, routine, and conventional activity in the field. Similarly to OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network), and buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network), the additional elements of independent claims 1, 10, and 17, receive or transmit data over a network in a merely generic manner.  Therefore, the additional elements of independent claims 1, 10, and 17, are well-understood, routine, and conventional. Further, taken as combination, the additional elements add nothing more than what is present when the elements are considered individually. There is no indication that the combination provides any effect regarding the functioning of the computer or any improvement to another technology. 
Conclusion of Step 2B Analysis: Therefore, independent claims 1, 10, and 17, are non-statutory under 35 USC § 101 in view of step 2B of the test. 


Dependent Claims: Dependent claims 2-9 depend on independent claim 1; dependent claims 11-16 depend on independent claim 10; and dependent claims 18-20 depend on independent claim 17. The elements in dependent claims 2-9, 11-16,and 18-20, which set forth or describe the abstract idea, are: “receiving the machine-readable code further comprises receiving the machine-readable code from an application available at the customer device, wherein the application is managed by the server system” (claim 2), “receiving the machine-readable code further comprises receiving the machine-readable code upon scanning of the machine-readable code by the customer device” (claim 3), “managing a validated pair of encryption keys for linking a merchant terminal and the customer device and a certificate for validating the pair of encryption keys” (claim 4), “facilitating interaction between the validated pair of encryption keys for validation of the payment transaction at the merchant terminal” (claim 5), “the notification includes machine-readable code received from the customer device” (claim 6), “facilitating the merchant device to verify the information corresponding to the merchant and the dynamic token upon receipt of the notification by comparing the dynamic token received from the server system with the dynamic token scanned by the customer device” (claim 7), “the machine-readable code is a QR code displayed at a merchant terminal, wherein the QR code is generated with new patterns upon changing the dynamic token at pre-defined intervals” (claim 8), “the merchant defined transaction code indicates the nature of the payment transaction to be at least one of an authentication transaction, a purchase transaction, a refund transaction, a void transaction and a purchase with cashback transaction” (claim 9), “the server system is caused to receive the machine-readable code from an application available at the customer device, wherein the application is managed by the server system” (claim 11), “the server system is further caused to manage a validated pair of encryption keys for linking a merchant terminal and the customer device and a certificate for validating the pair of encryption keys” (claim 12), “the server system is further caused to facilitate interaction between the validated pair of encryption keys for validation of the payment transaction at the merchant terminal” (claim 13), “the machine-readable code is a QR code displayed at a merchant terminal, wherein the QR code is generated with new patterns upon changing the dynamic token at pre-defined intervals” (claim 14), “the QR code comprises a merchant ID of the merchant, merchant details of the merchant and a dynamic token representative of a pair of encryption keys and a certificate for validation of the pair of encryption keys” (claim 15), “the notification includes machine-readable code received from the customer device” (claim 16), “the merchant terminal is further caused to generate machine-readable codes with new patterns upon changing the dynamic token at pre-defined intervals” (claim 18), “the merchant terminal is further caused to verify a customer device based on a relationship between a pair of encryption keys associated with the merchant terminal and the customer device, wherein the encryption keys are managed by the server system” (claim 19), and “the machine-readable code is a QR code, and the QR code comprises a merchant ID of the merchant, merchant details of the merchant and a dynamic token representative of a pair of encryption keys and a certificate for validation of the pair of encryption keys” (claim 20). 
Conclusion of Dependent Claims Analysis: Dependent claims 2-9, 11-16, and 18-20, do not correct the deficiencies of independent claims 1, 10, and 17, and they are, thus, rejected on the same basis.

Conclusion of the 35 USC § 101 Analysis: Therefore, claims 1-20 are rejected as directed to an abstract idea without “significantly more” under 35 USC § 101.

Claim Rejections - 35 USC § 103














The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in § 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 10-11, 14, and 16-18, are rejected under 35 U.S.C. § 103 as being unpatentable over Laracey (2017/0236118 A1) in view of Soundararajan (2016/0005023 A1).

As to claim 10, Laracey shows a memory comprising stored instructions and a processor configured to execute the stored instruction (Laracey: pages 1-2, ¶¶ 13-14) and thereby cause the server system to perform: receiving, from a customer device, a machine-readable code comprising at least information corresponding to a merchant and a dynamic token (Laracey: page 4, ¶ 30 and ¶¶ 33-34); sending a notification associated with the machine-readable code received from the customer device, to a merchant device for approval of the payment transaction (Laracey: pages 5-6, ¶ 38); receiving a merchant defined transaction code from the merchant device in response to receipt of the notification at the merchant device, the merchant defined transaction code indicating a nature of the payment transaction (Laracey: page 4, ¶ 28); and facilitating the payment transaction upon receipt of the merchant defined transaction code from the merchant device (Laracey: pages 5-6, ¶ 38). 
Laracey does not show the machine-readable code being valid for a pre-defined duration. Soundararajan shows the machine-readable code being valid for a pre-defined duration (Soundararajan: page 6, ¶ 66). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Laracey by the machine-readable code being valid for a pre-defined duration of Soundararajan in order to limit the financial account information (Soundararajan: pages 3-4, ¶ 28).

As to claim 11, Laracey in view of Soundararajan shows all the elements of claim 10. Laracey also shows receiving the machine-readable code from an application available at the customer device, wherein the application is managed by the server system (Laracey: page 2, ¶ 14). 

As to claim 14, Laracey in view of Soundararajan shows all the elements of claim 10.  Laracey also shows that the machine-readable code is a QR code displayed at a merchant terminal, wherein the QR code is generated with new patterns upon changing the dynamic token at pre-defined intervals (Laracey: page 4, ¶ 30 and ¶¶ 33-34; page 6, ¶ 42; and page 10, ¶ 70). 

As to claim 16, Laracey in view of Soundararajan shows all the elements of claims 1 and 10. Laracey also shows that the notification includes machine-readable code received from the customer device (Laracey: page 4, ¶ 30 and ¶ 33). 


As to claim 17, Laracey shows a memory comprising stored instructions and a processor executing the stored instructions (Laracey: pages 1-2, ¶¶ 13-14) and thereby causing the merchant terminal to perform: displaying a machine-readable code for a customer to scan the machine-readable code using an application present in a customer device, the machine-readable code comprising information corresponding to a merchant and a dynamic token (Laracey: page 2, ¶ 14; and page 4, ¶ 30 and ¶¶ 33-34); receiving a notification associated with the machine-readable code from a server system associated with a payment network, wherein the server system sends the notification in response to receipt of the machine-readable code at the server system from the customer device upon scanning the machine-readable code by the customer device (Laracey: pages 5-6, ¶ 38); receiving from an agent associated with the merchant, a merchant defined transaction code indicating a nature of a payment transaction intended at the merchant terminal (Laracey: page 4, ¶ 28); and sending a payment transaction request associated with the payment transaction intended at the merchant terminal to the server system through a payment network for processing of the payment transaction (Laracey: pages 5-6, ¶ 38). 
Laracey does not show the machine-readable code being valid for a pre-defined duration. Soundararajan shows the machine-readable code being valid for a pre-defined duration (Soundararajan: page 6, ¶ 66). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Laracey by the machine-readable code being valid for a pre-defined duration of Soundararajan in order to limit the financial account information (Soundararajan: pages 3-4, ¶ 28).

As to claim 18, Laracey in view of Soundararajan shows all the elements of claim 17. Laracey also shows that the merchant terminal is further caused to generate machine-readable codes with new patterns upon changing the dynamic token at pre-defined intervals (Laracey: page 10, ¶ 70). 

Claims 1-9, 12-13, 15, and 19-20, are rejected under 35 U.S.C. § 103 as being unpatentable over Laracey in view of Soundararajan, and further in view of Karpenko (2015/0052064 A1).

As to claim 1, Laracey shows a memory comprising stored instructions and a processor configured to execute the stored instruction (Laracey: pages 1-2, ¶¶ 13-14) and thereby cause the server system to perform: receiving, from a customer device, a machine-readable code comprising at least information corresponding to a merchant and a dynamic token (Laracey: page 4, ¶ 30 and ¶¶ 33-34); sending a notification associated with the machine-readable code received from the customer device, to a merchant device for approval of the payment transaction (Laracey: pages 5-6, ¶ 38); receiving a merchant defined transaction code from the merchant device in response to receipt of the notification at the merchant device, the merchant defined transaction code indicating a nature of the payment transaction (Laracey: page 4, ¶ 28); and facilitating the payment transaction upon receipt of the merchant defined transaction code from the merchant device (Laracey: pages 5-6, ¶ 38). 
Laracey does not show the machine-readable code being valid for a pre-defined duration. Soundararajan shows the machine-readable code being valid for a pre-defined duration (Soundararajan: page 6, ¶ 66). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Laracey by the machine-readable code being valid for a pre-defined duration of Soundararajan in order to limit the financial account information (Soundararajan: pages 3-4, ¶ 28).
Laracey in view of Soundararajan does not show a dynamic token representative of a certificate associated with a public key. Karpenko shows a dynamic token representative of a certificate associated with a public key (Karpenko: Page 3, ¶¶ 26-27). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Laracey in view of Soundararajan by a dynamic token representative of a certificate associated with a public key of Karpenko in order to increase the security of remote transactions initiated from mobile devices (Karpenko: page 1, ¶ 6).

As to claim 2, Laracey in view of Soundararajan, and further in view of Karpenko, shows all the elements of claim 1. Laracey also shows receiving the machine-readable code from an application available at the customer device, wherein the application is managed by the server system (Laracey: page 2, ¶ 14). 




As to claim 3, Laracey in view of Soundararajan, and further in view of Karpenko, shows all the elements of claim 2. Laracey also shows that receiving the machine-readable code further comprises receiving the machine-readable code upon scanning of the machine-readable code by the customer device (Laracey: page 4, ¶ 30 and ¶¶ 33-34). 

As to claim 4, Laracey in view of Soundararajan, and further in view of Karpenko, shows all the elements of claim 2. Laracey in view of Soundararajan does not show managing a validated pair of encryption keys for linking a merchant terminal and the customer device and a certificate for validating the pair of encryption keys. Karpenko shows managing a validated pair of encryption keys for linking a merchant terminal and the customer device and a certificate for validating the pair of encryption keys (Karpenko: Page 3, ¶¶ 26-27). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Laracey in view of Soundararajan by managing a validated pair of encryption keys for linking the merchant terminal and the customer device and a certificate for validating the pair of encryption keys of Karpenko in order to increase the security of remote transactions initiated from mobile devices (Karpenko: page 1, ¶ 6).

As to claim 5, Laracey in view of Soundararajan, and further in view of Karpenko, shows all the elements of claim 4. Laracey in view of Soundararajan does not show facilitating interaction between the validated pair of encryption keys for validation of the payment transaction at the merchant terminal. Karpenko shows facilitating interaction between the validated pair of encryption keys for validation of the payment transaction at the merchant terminal (Karpenko: Page 3, ¶¶ 26-27). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Laracey in view of Soundararajan by facilitating interaction between the validated pair of encryption keys for validation of the payment transaction at the merchant terminal of Karpenko in order to increase the security of remote transactions initiated from mobile devices (Karpenko: page 1, ¶ 6).

As to claim 6, Laracey in view of Soundararajan, and further in view of Karpenko, shows all the elements of claim 1. Laracey also shows that the notification includes machine-readable code received from the customer device (Laracey: page 4, ¶ 30 and ¶ 33). 

As to claim 7, Laracey in view of Soundararajan, and further in view of Karpenko, shows all the elements of claim 1. Laracey also shows facilitating the merchant device to verify the information corresponding to the merchant and the dynamic token upon receipt of the notification by comparing the dynamic token received from the server system with the dynamic token scanned by the customer device (Laracey: page 5, ¶ 36). 

As to claim 8, Laracey in view of Soundararajan, and further in view of Karpenko, shows all the elements of claim 1.  Laracey also shows that the machine-readable code is a QR code displayed at a merchant terminal, wherein the QR code is generated with new patterns upon changing the dynamic token at pre-defined intervals (Laracey: page 4, ¶ 30 and ¶¶ 33-34; page 6, ¶ 42; and page 10, ¶ 70). 

As to claim 9, Laracey in view of Soundararajan, and further in view of Karpenko, shows all the elements of claim 1. Laracey also shows that the merchant defined transaction code indicates the nature of the payment transaction to be at least one of an authentication transaction, a purchase transaction, a refund transaction, a void transaction and a purchase with cashback transaction (Laracey: page 4, ¶ 28). 

As to claim 12, Laracey in view of Soundararajan shows all the elements of claim 11. Laracey in view of Soundararajan does not show managing a validated pair of encryption keys for linking a merchant terminal and the customer device and a certificate for validating the pair of encryption keys. Karpenko shows managing a validated pair of encryption keys for linking a merchant terminal and the customer device and a certificate for validating the pair of encryption keys (Karpenko: Page 3, ¶¶ 26-27). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Laracey in view of Soundararajan by managing a validated pair of encryption keys for linking the merchant terminal and the customer device and a certificate for validating the pair of encryption keys of Karpenko in order to increase the security of remote transactions initiated from mobile devices (Karpenko: page 1, ¶ 6).

As to claim 13, Laracey in view of Soundararajan, and further in view of Karpenko, shows all the elements of claim 12. Laracey in view of Soundararajan does not show facilitating interaction between the validated pair of encryption keys for validation of the payment transaction at the merchant terminal. Karpenko shows facilitating interaction between the validated pair of encryption keys for validation of the payment transaction at the merchant terminal (Karpenko: Page 3, ¶¶ 26-27). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Laracey in view of Soundararajan by facilitating interaction between the validated pair of encryption keys for validation of the payment transaction at the merchant terminal of Karpenko in order to increase the security of remote transactions initiated from mobile devices (Karpenko: page 1, ¶ 6).

As to claim 19, Laracey in view of Soundararajan shows all the elements of claim 17. Laracey in view of Soundararajan does not show that the merchant terminal is further caused to verify a customer device based on a relationship between a pair of encryption keys associated with the merchant terminal and the customer device, wherein the encryption keys are managed by the server system. Karpenko shows that the merchant terminal is further caused to verify a customer device based on a relationship between a pair of encryption keys associated with the merchant terminal and the customer device, wherein the encryption keys are managed by the server system (Karpenko: Page 3, ¶¶ 26-27). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Laracey in view of Soundararajan by the merchant terminal being further caused to verify a customer device based on a relationship between a pair of encryption keys associated with the merchant terminal and the customer device, wherein the encryption keys are managed by the server system of Karpenko in order to increase the security of remote transactions initiated from mobile devices (Karpenko: page 1, ¶ 6).

As to claims 15 and 20, Laracey in view of Soundararajan shows all the elements of claims 14 and 17. Laracey also shows that the machine-readable code is a QR code (Laracey: page 6, ¶ 42), and the QR code comprises a merchant ID of the merchant, merchant details of the merchant and a dynamic token (Laracey: page 4, ¶ 28; page 5, ¶ 35; and page 8, ¶ 53). Laracey in view of Soundararajan does not show that a dynamic token is representative of a pair of encryption keys and a certificate for validation of the pair of encryption keys. Karpenko shows that a dynamic token is representative of a pair of encryption keys and a certificate for validation of the pair of encryption keys (Karpenko: Page 3, ¶¶ 26-27). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Laracey in view of Soundararajan by a dynamic token being representative of a pair of encryption keys and a certificate for validation of the pair of encryption keys of Karpenko in order to increase the security of remote transactions initiated from mobile devices (Karpenko: page 1, ¶ 6).

Conclusion































Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRPI H. KANERVO whose telephone number is 571-272-9818. The examiner can normally be reached on Monday – Friday, 10 am – 6 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander G. Kalinowski can be reached on 571-272-6771. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRPI H KANERVO/Primary Examiner, Art Unit 3619