DETAILED ACTION
This action is in response to communications filed on 12/18/2020.  Claim(s) 11, 18, 20 are amended; claim(s) 1-10 is/are cancelled; currently pending claims considered is/are claims 11-20. The application was filed 10/03/2016. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
The following is a quotation of pre-AIA  35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as 

Claim(s) 11-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lakshmanan (US 10,861,009) in view of Wong (US 10,846,694).

Regarding claim(s) 11, Lakshmanan discloses: A method for using a mobile device to implement offline payment authorization for financial transactions with non-repudiation assurance, the method comprising: 
receiving, at a payer mobile device, an indication of a positive identification of the payer mobile device for a user of the payer mobile device and a personal identifier for the user of the payer mobile device (i.e., wherein an indication of a positive identification corresponds to employing a “digital certificate”, a digital certificate being an object issued by a certificate authority, consistent with Applicant specification, ¶43, and a personal identifier corresponds to “Personal identification (21b) of the payer 920 … which in case the device is a smartphone, identification is made from the phone number through installation of the application”, consistent with Applicant’s specification, ¶43); [2:17-25: “allow[ing] a user to bind an identifier, uniquely associated with a mobile device or a customer [via association with the mobile device “phone number” as elucidated in 5:16-17 and further in 5:8-10], with a public key by creating a public key certificate”, providing a mechanism for “merchants to obtain a cryptographically signed message from the customer device which can be verified using the public key which is bound to the customer’s identity”, said public key certificate (for parties employing a public key infrastructure comprising asymmetric keys composed of private and public keys), “bound, via the issuance of a public key certificate, to the customer’s identity”, as elucidated in 5:60-67]

generating, at a payer mobile device, a first association between the indication of the positive identification of the payer mobile device and the personal identifier for the user that indicates the payer mobile device is authorized to generate payment orders for the user (i.e., wherein a first association corresponds to a payer device such as a mobile device user’s ability to provide or send a public key to a payment authorization server, an association prior to a demonstration of the device’s ability to cryptographically sign a message and send the message back to a payment server, to be able to later demonstrate that the device user is a certified as a bona fide authenticated user, wherein the first association is generated in response to the user accessing the payer mobile to input a numerical code that is provided within a text message received by the payer mobile device or a unique serial number or other identifying information, consistent with applicant specification, ¶43, and claim 13); [3:46-47: a customer device sends a “public key” to a “payment system”, and thereafter, based on this first association, as depicted in 5:4-10, “[t]he customer device 100 then receives the customer verification  message [from the payment system”], decrypts the number using the private key Ks 205 and sends back the original random number to the secure payment system 101”]

receiving, at a payer mobile device, an authentication credential from the user to be used for payment authorization (i.e., receiving authentication input from a mobile device user); [3:60-4:6: “Initially, a customer provides an authenticating input. This authenticating input is later provided by the customer during a transaction to verify that the customer is the same customer that previously provided the authenticating input. This is used to authorize transactions. In one example, the authenticating input is a personal identification number (PIN) entered by the customer. Other authenticating inputs may also be used, such as a password or passcode, biometric information (e.g., finger or eye scans), or any other information that may be reproducibly generated by the customer. For convenience throughout this disclosure, a PIN is used as an example of the customer identifying information, though any such suitable customer identifying information may be used”]

generating, at the payer mobile device, an asymmetric key pair having a private key and a public key for use in signing and verifying payment orders generated for the user; [3:46-49: “generating, via the mobile 45 application, a private-public key pair”, an asymmetric key pair, to “sign transaction authorization messages”]

storing the private key in a data store of the payer mobile device and restricting access to the private key with the authentication credential (i.e., storing a restricted or encrypted version of a private key on a customer device, customer authentication input needed to access said key); [3:57-63: “FIG. 2 is a block diagram illustrating one such embodiment of a method for generating a pair of private and public keys, and storing an encrypted version of the private key on the customer device 100. Initially, a customer provides an authenticating input. This authenticating input is later provided by the customer during a transaction to verify that the customer is the same customer that previously provided the authenticating input”]

transmitting the public key and the first association from the payer mobile device to a payment authorization server system (i.e., sending the public key to the payment system); [4:31-50: “A random number generator generates 204 a private public key pair. A private-public key pair comprises two encryption keys, a private key Ks 205 and a public key Kp 206. A private key cannot be derived from the public key. The private key-public key pair can be produced via the RSA cryptosystem, the Digital Signature Algorithm (DSA), or any other public-private key cryptosystem suitable for cryptographic signing. The private key Ks 205 is encrypted 218 with the symmetric key ka 203 to produce the encrypted private key E 207. The encrypted private key E 207 and the salt R 208 are stored 217 on the customer device 100. The public key Kp 206 is sent 211 to the secure payment system 101. In this way, the authenticating input is used to generate a symmetric key that may be used to store and subsequently retrieve the private key. As described further below, when making a purchase, the user may enter the authenticating input, which is used to re-generate the symmetric key and decrypt the private key. In this way, the private key may only be decrypted and used to sign a purchase when the user provides the proper authenticating input”]

recording a second association between the public key and the first association at the payment authorization server system (i.e., wherein a second association corresponds to a payment server having a knowledge of a customer device user’s public key, and  generating a verification association between a user’s device and a public key associated with the user’s device, after confirming that its knowledge is correct, consistent with Applicant’s specification, ¶43, which states that a “payment authorization server” “records the association between this device (DM) and the public key (52) of the holder (20) of the mobile device (DM). To perform this step, the payer’s device (DM) must be online”, in other words, the successful decryption of a message sent within devices operating within a public key infrastructure PKI establishes an association of non-repudiation associated with said keys and devices, this step requiring a user device to be online – an association that may be established by sending a user device a random code number and requesting the device user “inputs the code received to the application”, according to aforementioned applicant specification, ¶43, additionally, a payment server may associate restrictions to a transaction); [4:51-5:9: a public key “Kp” is “registered to a device ID”, said device ID “is an identifier unique to each customer device”, a payment authorization system, such as a “secure payment system” sending “a device verification message to the device [the customer device] using the push notification services built into the customer device 100 operating system”, the push notification providing a “one-time random number encrypted using the customer’s public key”. After the device successfully “decrypts the number using the private key”, the “secure payment system” then “deems the customer device” as “verified for the customer and associates the public key” with “the device”, as elucidated in 2:17-19, “bind an identifier uniquely associated with a mobile device or customer, with a public key by creating a public key certificate”; additionally, this process of verifying that a customer device is an authorized device for signing payment authorizations by use of the customer’s public key, may be seen in 5:1-10; additionally restrictions associated with a transaction may be captured by a payment server, as detailed in 18:55-56, and 19:1-2]

Regarding [g], while Lakshmanan discloses a payment server’s capture of transaction restrictions associated with restrictions such as location [18:55-56, and 19:1-2], it does not explicitly disclose the user’s setting of restrictions associated with a time of spend, location (i.e., limited-use key restriction parameters set by a user), as disclosed by Wong; [9:12-19, 9:51-65: parameters such as geographic “location”, and “transaction amount[s]”, which as detailed in 2:32-49, are set at a customer user device]

Lakshmanan does not explicitly disclose, as disclosed by Wong:
in response to receiving, at a payee data transfer device, a payment order for a transaction for the user that is signed with a digital signature using the private key, transmitting the payment order from the payee data transfer device to the payment authorization server system (i.e., in response to receiving a payment order such as a transaction information from a customer device user such as a communication device using a bar code mechanism to provide a sales terminal such as an access device for said receiving, routing, by the access device to a payment server represented by an issuer, requesting authorization of the transaction after the user has been granted access to a good or service, based on the transaction information being authenticated as signed by a private key of the user, consistent with Applicant specification, in which “payment (PG) orders1”, represent an agreement by a customer that a transaction or order should proceed, or payment authorization from a customer device, is received by the sales device, the payee, through a bar code mechanism of the payer, the customer device; it should be noted that subsequently, the payee sends the customer’s authorization, or payment order, to an entity to authorize and settle the payment order (PG) with said entity, as elucidated in Applicant specification, ¶¶46-47); [29: 4-10: “[a]t a later time (e.g., when access device [a merchant sales device] 260 establishes network connectivity) after the user has been granted access to a good or service based on authentication of the signature, access device 260 may route the authorization request message to request authorization of the transaction from the issuer”, 28:3-12: “[u]sing the issuer public key obtained above and the communication device [a customer device]   public key exponent and remainder information, access device 260 can decipher the communication device public key certificate to obtain a communication device public key from the communication device public key certificate. In some embodiments, the communication device public key is the public key corresponding to the private signature key, and can be used to authenticate a signature generated with the signature key” related to “transaction processing information” that is “being sent from the portable communication device [a customer device]” as elucidated in 27:11-13, said transaction information being provided to an access device, a sales device through “QR codes” or “bar codes” presented by a portable communication device, a customer device, to the access device’s contactless reader, as depicted in 19:60-67, providing an offline mechanism, one that as depicted in 1:60-65, “lack[s] constant network connectivity”, since problems arise preventing an issuer from “obtain[ing] authorization of a transaction from an issuer at the time of transaction” based on said connectivity]

verifying authenticity and integrity of the payment order by using the public key to validate the digital signature at the payment authorization server system (i.e., the use of a public key to authenticate transactions provided to an access device, a sales terminal device); [28:3-12: “[u]sing the issuer public key obtained above and the communication device public key exponent and remainder information, access device 260 can decipher the communication device public key certificate to obtain a communication device public key from the communication device public key certificate. In some embodiments, the communication device [a customer device] public key is the public key corresponding to the private signature key, and can be used to authenticate a signature generated with the signature key”]


upon verification of the payment order, processing the transaction for the user at the payment authorization server system (i.e., based on authentication of the authentication of the signature of the device user, processing or routing an authorization request message associated with a transaction); [29:7-10: “based on authentication of the signature, access device 260 may route the authorization request message to request authorization of the transaction from the issuer”]



wherein the payment order is generated at the payer mobile device, being offline and disconnected from a payment authorization network, and transferred to the payee data transfer device from the payer mobile device without utilizing an online connection between the payee data transfer device and the payer mobile device (i.e., using a bar code mechanism of a customer device which can be completely offline, with a bar code for sending an authorization request, consistent with applicant specification, ¶48); [As elucidated in 27:11-13, transaction information being provided to an access device, a sales device through “QR codes” or “bar codes” presented by a portable communication device, a customer device, to the access device’s contactless reader, as depicted in 19:60-67, based on, as depicted in 1:60-65: providing an offline mechanism, one that “lack[s] constant network connectivity”, since problems arise preventing an issuer from “obtain[ing] authorization of a transaction from an issuer at the time of transaction” based on said connectivity]
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to have modified Lakshmanan to include the aforesaid mechanism(s) [g], and [h]-[k] as taught by Wong. One of ordinary skill would have been so motivated to include said mechanism(s) to improve payment ecosystems to include a robust Public Key Infrastructure comprising certificate authorities, private key, and public mechanisms to offload financial security from a legacy system based on stored tokens to systems that not only are more resistant to data breaches, but a system that is more robust to network connectivity problems and obedient to the restrictions preferred by a customer user of a device, including the value and geographic restrictions governing authorizations of goods and services prior to presentment of an authorization request, allowing goods and services to be provided to a user who meets pre-established limited-use key limitations, allowing authorization to occur at a later time than when the goods or services are provided to the user. [1:60-65, FIG 9, COL 7:29-67, 9:51-65, 29:1-17]

Regarding claim(s) 12, Lakshmanan discloses: The method of claim 11, further comprising generating the payment order for the transaction at the payer mobile device in response to receiving an authorization request from the user to process payment for the transaction through use of the first association (i.e., generating a transaction authorization message associated with an authentication user). [7:32-41: “digitally sign[ing] a transaction authorization message” associated with a received user’s PIN associated with authenticated]

Regarding claim(s) 13, Lakshmanan discloses: The method of claim 11, wherein 
the positive identification of the payer mobile device for the user of the payer mobile device is obtained via a digital certificate (i.e., issuing a public key certificate, issued by a certificate authority), on-site validation, a notary office, or a credit service or other financial institution; [claim 6: “issu[ing] a public key certificate”, a digital certificate – the public certificate issued by a “certificate authority” as elucidated in 6:9-10]

wherein the personal identifier for the user includes at least one of an email address for the user, a tax identification number for the user, a device identifier for the payer mobile device for the user, a telephone number for the user, and a mailing address for the user; [clam 5: “requiring the user to input at least one of a social security number” or a “portion” thereof]

wherein the first association is generated in response to the user accessing the payer mobile to input a numerical code that is provided within a text message received by the payer mobile device or a unique serial number or other identifying information (i.e., providing a one-time random password number encrypted using a mobile device public key, the password sent as a text message to mobile phone); [5:1-10]

wherein the authentication credential is a security code or a biometric feature for the user (i.e., providing a PIN or biometric feature);[3:65-67: “PIN”; 4:1-2: providing “biometric information”]

Regarding claim(s) 14, Lakshmanan discloses:  The method of claim 11, wherein 
generation of the asymmetric key pair, storage of the private key in the data store of the payer mobile device, restriction of access to the private key with the authentication credential, [3:46-49: “generating, via the mobile 45 application, a private-public key pair”, an asymmetric key pair, to “sign transaction authorization messages”, wherein, as depicted in 3:57-63: “FIG. 2 is a block diagram illustrating one such embodiment of a method for generating a pair of private and public keys, and storing an encrypted version of the private key on the customer device 100. Initially, a customer provides an authenticating input. This authenticating input is later provided by the customer during a transaction to verify that the customer is the same customer that previously provided the authenticating input”] and

transmission of the public key and the first association to the payment authorization server system is performed by the payer mobile device in response to generation of the first association (i.e., sending the public key to the payment system); [4:31-50: “A random number generator generates 204 a private public key pair. A private-public key pair comprises two encryption keys, a private key Ks 205 and a public key Kp 206. A private key cannot be derived from the public key. The private key-public key pair can be produced via the RSA cryptosystem, the Digital Signature Algorithm (DSA), or any other public-private key cryptosystem suitable for cryptographic signing. The private key Ks 205 is encrypted 218 with the symmetric key ka 203 to produce the encrypted private key E 207. The encrypted private key E 207 and the salt R 208 are stored 217 on the customer device 100. The public key Kp 206 is sent 211 to the secure payment system 101. In this way, the authenticating input is used to generate a symmetric key that may be used to store and subsequently retrieve the private key. As described further below, when making a purchase, the user may enter the authenticating input, which is used to re-generate the symmetric key and decrypt the private key. In this way, the private key may only be decrypted and used to sign a purchase when the user provides the proper authenticating input”]

Regarding claim(s) 15, Lakshmanan discloses:  The method of claim 11, wherein 
generation of the asymmetric key pair is implemented using an RSA algorithm or any other type of asymmetric cryptographic algorithm that is suitable to ensure a desired security level (i.e., generating an asymmetric private-public key pair by employing an RSA cryptosystem), [4:35-36]

wherein access to the private key in the data store of the payer mobile device is restricted using a symmetric encryption algorithm such that the private key can only be decrypted using the authentication credential (i.e., wherein the private key is encrypted and stored on a customer user’s device and can only be accessed upon decryption upon receipt of authenticating input from the customer device user),  [4:35-50: “[t]he private key-public key pair can be produced via the RSA cryptosystem, the Digital Signature Algorithm (DSA), or any other public-private key cryptosystem suitable for cryptographic signing. The private key Ks 205 is encrypted 218 with the symmetric key ka 203 to produce the encrypted private key E 207. The encrypted private key E 207 and the salt R 208 are stored 217 on the customer device 100. The public key Kp 206 is sent 211 to the secure payment system 101. In this way, the authenticating input is used to generate a symmetric key that may be used to store and subsequently retrieve the private key. As described further below, when making a purchase, the user may enter the authenticating input, which is used to re-generate the symmetric key and decrypt the private key. In this way, the private key may only be decrypted and used to sign a purchase when the user provides the proper authenticating input”]

wherein, upon recording the second association between the public key and the first association, the payment authorization server system implements an authentication process to verify the second association (i.e., a payment authorization server employing public key infrastructure mechanisms including using the public key signature with the device to verify that the user is authorized to generate payment orders, based on the user’s response to verification information sent to the user, wherein the payment system signs a message including an original number, with a public key of the customer’s device and requests that the mobile device user send back the original number, to the payment server), [5:1-6]

wherein, upon verifying the second association, the payment authorization server system registers an indication that the payer mobile device is authorized to generate payment orders for the user (i.e., wherein upon the mobile device user’s successful sending back of the original number, encrypted by the payment server, using the user’s public key, the user has then verified that the association of the user with the public key earlier sent to the payment server is bona fide, having been signed by the private key of the user – proven by the user’s decryption of the encrypted message sent by the payment server), [5:5-6: when the customer device “decrypts the number using the private key” and “sends back the original random number to the payment system”, the payment system “then deems the customer device 100 as verified for the customer and associates the public key Kp 206 with the device ID”]


Lakshmanan does not disclose, as disclosed by Wong:
wherein the payment authorization server system is operable to associate use restrictions for payment orders defined by the user with the indication that the payer mobile device is authorized to generate payment orders for the user (i.e., deeming a customer device as a verified device), [9:12-19, 9:51-65: parameters such as geographic “location”, and “transaction amount[s]”, which as detailed in 2:32-49, are set at a customer user device] and 

wherein the payment authorization server system is operable to, in response to a deactivation request from the user, delete the recording of the public key to prevent processing of payment orders generated for the user by the payer mobile device (i.e., consumer-initiated suspension or deletion of limited-use keys in association with a lost or stolen customer device such as a communication device or an associated card by the consumer). [15:48-58]
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to have modified Lakshmanan to include the aforesaid mechanism(s) [e]-[f] as taught by Wong. One of ordinary skill would have been so motivated to include said mechanism(s) to improve payment ecosystems to include a robust Public Key Infrastructure comprising certificate authorities, private key, and public mechanisms to offload financial security from a legacy system based on stored tokens to systems that not only are more resistant to data breaches, but a system that is more robust to network connectivity problems and obedient to the restrictions preferred by a customer user of a device, including the value and geographic restrictions governing authorizations of goods and services prior to presentment of an authorization request, allowing goods and services to be provided to a user who meets pre-established limited-use key limitations, allowing authorization to occur at a later time than when the goods or services are provided to the user, as well as the life events associated with a user, such as loss or theft of a customer user’s device or associated payment tokens [1:60-65, FIG 9, COL 7:29-67, 9:51-65, 15:48-58].

Regarding claim(s) 16, Lakshmanan does not disclose, as disclosed by Wong: The method of claim 12, wherein generating the payment order for the transaction at the payer mobile device comprises 
receiving information input by the user for the transaction indicating a payable amount for the transaction, the payment authorization server system (i.e., receiving limited-use key parameter information for use by an issuer, a payment server, in evaluating), [2:32-48]
a currency or type for the payable amount (wherein a limited-use key include transaction currency), [37:36] 
a payment source for the user from which the payable amount is to be drawn (i.e., selecting a card or account for payment), [46:5] 
an identification of a purchase for which the payment order is being made (i.e., receiving transaction data associated with a transaction between a customer user device and a merchant sales terminal device), [claim 1: receiving transaction data] 
an identification of a payee for the transaction (i.e., identification of a merchant such as a merchant identifier), [6:17] 
any use restrictions specific to the payment order, [9:12-19, 9:51-65: parameters such as geographic “location”, and “transaction amount[s]”, which as detailed in 2:32-49, are set at a customer user device]
validity of the payment order, one or more codes for each item or service being purchased, and/or other access credentials (i.e., a time validity period associated with a limited-use key). [7:59-65: a “time-to-live”]
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to have modified Lakshmanan to include the aforesaid mechanism(s) [a]-[g] as taught by Wong. One of ordinary skill would have been so motivated to include said mechanism(s) to improve payment ecosystems to include a robust Public Key Infrastructure comprising certificate authorities, private key, and public mechanisms to offload financial security from a legacy system based on stored tokens to systems that not only are more resistant to data breaches, but a system that is more robust to network connectivity problems and obedient to the restrictions preferred by a customer user of a device, including the value and geographic restrictions governing authorizations of goods and services prior to presentment of an authorization request, allowing goods and services to be provided to a user who meets pre-established limited-use key limitations, allowing authorization to occur at a later time than when the goods or services are provided to the user. [1:60-65, FIG 9, COL 7:29-67, 9:51-65, 29:1-17]

Regarding claim(s) 17, Lakshmanan does not explicitly disclose, as disclosed by Wong: The method of claim 16, 
wherein generating the payment order for the transaction at the payer mobile device further comprises preparing a grouping of data that includes the first association, unique identification information for the payment order, and an appropriate set of the information input by the user for the transaction to the payer mobile device (i.e., wherein public key information is used is in a manner that facilitates offline data authentication); [11:56-12: “[t]o facilitate the offline data authentication, a signature key provisioned to a communication device [a customer device] can be used to generate a signature. The signature is transmitted to the access device [a merchant terminal device] along with any necessary certificates and public key information to authenticate the signature”, using identification provided to the payer, the customer device, as depicted in 2:32-48]

Lakshmanan discloses:
utilizing the authentication credential included in the information input by the user for the transaction to access the private key (i.e., employing a symmetric key); [4:35-50: “[t]he private key-public key pair can be produced via the RSA cryptosystem, the Digital Signature Algorithm (DSA), or any other public-private key cryptosystem suitable for cryptographic signing. The private key Ks 205 is encrypted 218 with the symmetric key ka 203 to produce the encrypted private key E 207. The encrypted private key E 207 and the salt R 208 are stored 217 on the customer device 100. The public key Kp 206 is sent 211 to the secure payment system 101. In this way, the authenticating input is used to generate a symmetric key that may be used to store and subsequently retrieve the private key. As described further below, when making a purchase, the user may enter the authenticating input, which is used to re-generate the symmetric key and decrypt the private key. In this way, the private key may only be decrypted and used to sign a purchase when the user provides the proper authenticating input”]and 

Lakshmanan does not explicitly disclose, as disclosed by Wong:
using the private key to create a digital signature for the grouping of data (i.e., using a customer user’s device’s private key in generating a signature associated with a transaction(s) ); [28:1-12]

wherein the payment order is transferred to the payee data transfer device from the payer mobile device as the grouping of data signed with the digital signature in an offline manner (i.e., wherein transfer of information between a customer device and merchant device is implemented using a QR or bar code mechanism and in such a manner that a good or service is provided to the customer based on a previous authentication provided prior to verification authorization of a transaction); [As elucidated in 27:11-13, transaction information being provided to an access device, a sales device through “QR codes” or “bar codes” presented by a portable communication device, a customer device, to the access device’s contactless reader, as depicted in 19:60-67, based on, as depicted in 1:60-65: providing an offline mechanism, one that “lack[s] constant network connectivity”, since problems arise preventing an issuer from “obtain[ing] authorization of a transaction from an issuer at the time of transaction” based on said connectivity, based on “authentication prior to verification of a transaction” as detailed in 2:32-48]and 

wherein the unique identification information for the payment order includes at least one of an identification of an account for the payee, a universal identifier for the payment, a mobile device identifier, and a timestamp for generation of the payment order (i.e., including a merchant identifier); [6:16]
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to have modified Lakshmanan to include the aforesaid mechanism(s) [a], [c]-[e] as taught by Wong. One of ordinary skill would have been so motivated to include said mechanism(s) to improve payment ecosystems to include a robust Public Key Infrastructure comprising certificate authorities, private key, and public mechanisms to offload financial security from a legacy system based on stored tokens to systems that not only are more resistant to data breaches, but a system that is more robust to network connectivity problems and obedient to the restrictions preferred by a customer user of a device, including the value and geographic restrictions governing authorizations of goods and services prior to presentment of an authorization request, allowing goods and services to be provided to a user who meets pre-established limited-use key limitations, allowing authorization to occur at a later time than when the goods or services are provided to the user. [1:60-65, FIG 9, COL 7:29-67, 9:51-65, 29:1-17]


Regarding claim(s) 18, Lakshmanan does not explicitly disclose, as disclosed by Wong: The method of claim 17, wherein verification of the payment order at the payment authorization server system further comprises 
the payment authorization server system, upon receiving the payment order from the payee data transfer device, validating the transaction first by verifying the integrity of the payment order digital signature using the associated public key and then by confirming that each use restriction associated with the indication that the payer mobile device is authorized to generate payment orders for the user and each use restriction specific to the payment order that is indicated within the grouping of data is satisfied and confirming that the payment source indicated within the grouping of data has a sufficient available balance to cover the payable amount for the transaction indicated within the grouping of data (i.e., wherein transaction information associated with a limited-time key demonstrates that the cumulative transactions is within the bounds established by said key); [32:3-15: “cumulative transaction amount over all transactions that were conducted” has not “exhausted the on-device set of one or more limited use thresholds”, employing the public key of the communication device, a customer device, as depicted in 28:9-12]

wherein the currency or type for the payable amount indicated within the grouping of data specifies that the payable amount for the transaction is one of a monetary value, reward program points, a voucher, a bonus, a product, or a ticket (i.e., a monetary value limit as represented by a “transaction amount”); [32:3] 

wherein if the currency or type for the payable amount specifies that the payable amount for the transaction is a monetary value, processing the transaction for the user comprises transferring the payable amount from the payment source to an account for the payee (i.e., processing transaction that meet a limited-time key including transaction values, geographic restrictions, etcetera); [2:32-48]

Lakshmanan discloses:
wherein if the currency or type for the payable amount specifies that the payable amount for the transaction is reward program points, a voucher, a bonus, a product, or a ticket, processing the transaction for the user comprises effecting an indication within the payment source that the payable amount has been used for the transaction (i.e., wherein if a gift card is provided as payment information in a transaction, this information is incorporated within a transaction’s information); [3:97-40]

Lakshmanan does not explicitly disclose, as disclosed by Wong:
wherein the payment authorization server system, upon processing the transaction for the user, transmits a notification that the transaction has been processed to the payee data transfer device (i.e., after concluding a transaction wherein a good or service has already been granted to a customer, and based on authentication of a customer’s device, generating a transaction authorization); [29:1-17]

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to have modified Lakshmanan to include the aforesaid mechanism(s) [a]-[c], [e] as taught by Wong. One of ordinary skill would have been so motivated to include said mechanism(s) to improve payment ecosystems to include a robust Public Key Infrastructure comprising certificate authorities, private key, and public mechanisms to offload financial security from a legacy system based on stored tokens to systems that not only are more resistant to data breaches, but a system that is more robust to network connectivity problems and obedient to the restrictions preferred by a customer user of a device, including the value and geographic restrictions governing authorizations of goods and services prior to presentment of an authorization request, allowing goods and services to be provided to a user who meets pre-established limited-use key limitations, allowing authorization to occur at a later time than when the goods or services are provided to the user. [1:60-65, FIG 9, COL 7:29-67, 9:51-65, 29:1-17]

Regarding claim(s) 19, Lakshmanan may not explicitly disclosed by Wong: The method of claim 18, wherein each of one or more of the use restrictions specifies one of (i.e., restrictions specifies one or more of the following below)
a location from which the payment order is received (i.e., wherein restrictions such as a geographical location of a merchant), [6:17] 
a type of product for the purchase for which the payment order is being made (i.e., wherein a restrictions include a product type), [22:41] 
a type of service for the purchase for which the payment order is being made (i.e., wherein a restrictions include a product type), [22:41], and 
a time period during which the payment order is received that must be satisfied for the payment authorization server system to process the transaction for the user (wherein restrictions a “time-to-live”, associated with a duration of time for which a limited-use-key associated with a transaction, is valid); [8:62]
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to have modified Lakshmanan to include the aforesaid mechanism(s) [a], [b], [c], or [d] as taught by Wong. One of ordinary skill would have been so motivated to include said mechanism(s) to improve payment ecosystems to include a robust Public Key Infrastructure comprising certificate authorities to incorporate said restrictions within said infrastructure, private key, and public mechanisms to offload financial security from a legacy system based on stored tokens to systems that not only are more resistant to data breaches, but a system that is more robust to network connectivity problems [1:60-65, FIG 9, COL 7:29-67].

Regarding claim(s) 20, Lakshmanan may not explicitly disclosed by Wong [a]: as The method of claim 17, wherein the payment order is transferred to the payee data transfer device from the payer mobile device using one of a bar code, visual signals, near-field communication, and sound waves (i.e., using a bar code mechanism of a customer device which can be completely offline, with a bar code for sending an authorization request, consistent with applicant specification, ¶48).  [As elucidated in 27:11-13, transaction information being provided to an access device, a sales device through “QR codes” or “bar codes” presented by a portable communication device, a customer device, to the access device’s contactless reader, as depicted in 19:60-67, based on, as depicted in 1:60-65: providing an offline mechanism, one that “lack[s] constant network connectivity”, since problems arise preventing an issuer from “obtain[ing] authorization of a transaction from an issuer at the time of transaction” based on said connectivity]
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to have modified Lakshmanan to include the aforesaid mechanism(s) [a] as taught by Wong. One of ordinary skill would have been so motivated to include said mechanism(s) to improve payment ecosystems to include a robust Public Key Infrastructure comprising certificate authorities, private key, and public mechanisms to offload financial security from a legacy system based on stored tokens to systems that not only are more resistant to data breaches, but a system that is more robust to network connectivity problems [1:60-65, FIG 9, COL 7:29-67].



Response to Applicant Remarks
On page(s) 7-14, the Applicant’s contentions regarding claim(s) 11-20, has/have been fully considered.
Applicant’s 103 Arguments
On page(s) 7-14, the Applicant’s asserts that prior art does not teach the aforementioned claims. With regard to Applicant’s contention(s) associated with Applicant claim amendments, said contentions are moot in view of updated Office Action’s change of grounds of rejection over Lakshmanan (US 10,861,009) in view of Wong (US 10,846,694). 

Conclusion
The prior art made of record and NOT relied upon is considered pertinent to applicant's disclosure: NPL, Public Key Infrastructure, Lopez, 2007: relevant to claim 11, in association public key infrastructure mechanisms including private, public key mechanism and certificate authorities, Grassadonia (US 10,049,349): Offline Payment technologies, associated with claim 11.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL EZEWOKO whose telephone number is 571 272 7850. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, WASEEM ASHRAF can be reached on 571 270 3948. The fax phone number for the organization where this application or proceeding is assigned is 571-273-7850.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL I EZEWOKO/Examiner, Art Unit 3682                                                                                                                                                                                                        


    
        
            
        
            
    

    
        1 It should be noted that consistent with the Applicant’s specification, ¶41, 46-47, “PG” or  “payment orders” represent an agreement by a customer to pay an amount and not an authorization by a card issuer or payment authorization server