DETAILED ACTION
Acknowledgements
This office action is in response to the claim amendments filed on April 16, 2021.
Claims 2, 8 and 12 have been canceled.
Claims 1, 3-7, 9-11 and 13-19 have been examined.
Claims 1, 3-7, 9-11 and 13-19 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
With respect to Claim Rejections - 35 USC § 112 (b):
Applicant Arguments/Remarks (page 1):
“Applicant has amended the claims to remove the issue. As such, Applicant respectfully submits that the claims are clear and definite under the provisions of 35 U.S.C. § 112(b) and requests the rejection be withdrawn.”

Therefore, the claims 1, 3-7, 9-11 and 13-19 are not being rejected under 35 U.S.C. § 112(b) and 35 U.S.C. § 112(b) rejection is withdrawn.

With respect to Claim Rejections - 35 USC § 103
Applicant’s arguments with respect to claims 1, 3-7, 9-11 and 13-19 have been considered but are moot in view of new grounds of rejection initiated by applicant’s amendment to the claims.

Claim Rejections - 35 USC § 103
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3, 6, 7, 9-11, 13 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Meshkati (US 20160012432 A1) in view of Postrel (US 20110078010 A1) or alternatively in view of Kinney et al. (US 20160352524 A1).

Regarding claims 1, 11 and 19: Meshkati discloses: A payment interface apparatus configured to facilitate a transaction comprising [payment initiation request], the payment interface apparatus comprising:
a sensor that detects a presence of at least one of a mobile terminal (e.g., mobile device 200) and […] of the customer upon the at least one of the mobile terminal and the payment card being placed in proximity to the payment interface apparatus (see paragraphs [0040], [0044] and [0046]);
an input port that receives, from the at least one of the mobile device and the payment card, after the sensor detects the presence of the at least one of the mobile [payment initiation request], and (ii) a plurality of data fields including at least (a) a first authentication code (Meshkati [0080]-[0084], the examiner considers the authentication code to be the pre-authorization credential), and (b) encrypted transaction specific parameters (e.g., pre-authorized payment amount) that are unique to the transaction carrying the request (Meshkati [0095], “The payment initiation procedure 220 of the mobile device 200 determines the authorized communication mode from the received mode authorization code, requests the payment pre-authorization credential and the signed pre-authorized payment amount from the self-contained computing environment 210 (if not transmitted to the mobile device 200 at step S418), and provides the payment terminal 150 with the payment pre-authorization credential and the signed pre-authorized payment amount via the authorized communications mode, at step S420.”) and that form a basis upon which the request is determined to be genuine or non-genuine (See paragraphs [0095]-[0096], [0072], [0007], [0011] and Fig. 4b and related text, see also  [0040], [0044] and [0046]);
a processor (See paragraph(s) [0032], [0043] and [0053] and Fig. 1 and related text); and
at least one memory including computer program code (See paragraph(s) [0032], [0043] and [0053] and Fig. 1 and related text);
the at least one memory and the computer program code configured to, with the at least one processor, cause the payment interface apparatus at least to (See paragraph(s) [0032], [0043] and [0053] and Fig. 1 and related text):
decrypt the encrypted transaction specific parameters included in the received plurality of data fields using a session key (Meshkati [0076], “decrypt the cryptogram ARQC with the recovered session key”), wherein (i) the session key is different from the first [account number and the pre-authorized payment amount] (See paragraphs [0097], [0076], [0080] and [0105] and Fig. 4a and 4b and related text);
generate a second authentication code (e.g., compute a message authentication code) using the decrypted transaction specific parameters (Meshkati [0076], “the issuer server 400 may (i) recover the session key by applying the account number, transaction counter and the financial institution's cryptographic master key as inputs to a suitable cryptographic algorithm, (ii) decrypt the cryptogram ARQC with the recovered session key, (iii) compute a message authentication code from the Issuer Authorization Data, and (iv) compare the computed message authentication code against the decrypted cryptogram”), including at least the [account number and the pre-authorized payment amount] (See paragraphs [0076], [0073]-[0074], [0080]-[0081] and Fig. 4a and 4b and related text);
determine existence of a match between the generated second authentication code and the first authentication code included in the received plurality of data fields received from the mobile device and the payment card of the customer (See paragraphs [0076], [0080]-[0081] and [0105]-[0106] and Fig. 4a and 4b and related text, see also [0097]-[0098]);
in response to determining existence of the match between the generated second authentication code and the authentication code included in the received plurality of data fields, authenticate the request (See paragraphs [0076], [0080]-[0081] and [0105]-[0106] and Fig. 4a and 4b and related text, see also [0097]-[0098])
effect the update in the redemption points in the customer redemption account in response to successful authentication of the request (See paragraph(s) [0109] and Fig. 4b and related text).

Meshkati, does not expressly disclose, a transaction comprising a request to update redemption points in a customer redemption account and a payment card.

 Postrel discloses, a transaction comprising a request to update redemption points in a customer redemption account and a payment card.
an input port (e.g. web browser at merchant site) that receives, from the at least one of the mobile device (e.g. a user computer 40)  and the payment card (e.g. multi-function card), […] the presence of the at least one of the mobile terminal and the payment card, (i) the request to update redemption points (e.g. reward points) in the customer redemption account (reward / loyalty account), and (ii) a plurality of data fields including at least (a) an authentication code, and (b) encrypted transaction specific parameters (e.g. data fields/forms on a web browser to accept account/request information) that are unique to the transaction carrying the request and that form a basis upon which the request is determined to be genuine or non-genuine (See paragraph(s) [0002], [0011], [0062], [0076] and [0078] and Fig. 7 and related text).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Meshkati with Postrel to include a function such 

Meshkati discloses the decrypting transaction specific parameters includes [account number and the pre-authorized payment amount] and determining existence of the match between the generated second authentication code and the authentication code. Meshkati does not describe the transaction specific parameters includes transaction identifier and the date and time. However the Examiner interprets, the content of the transaction specific parameters as non-functional (See paragraphs [0076], [0073]-[0074], [0080]-[0081] and [0105]-[0106] and Fig. 4a and 4b and related text).

The Examiner further notes, that the following limitation(s) have been considered but are not given patentable weight because the limitations have been interpreted as non-functional limitations that are not positively claimed:
(ii) the decrypted transaction specific parameters includes at least a transaction identifier of the transaction and a timestamp of the transaction;    
generating, by the payment interface apparatus, a second authentication code using the decrypted transaction specific parameters including at least the transaction identifier and the timestamp of the transaction;

The noted above limitations are only found in the nonfunctional descriptive material and are not functionally involved in the steps recited. The decrypting, and generating, by the payment interface apparatus, the steps would be performed the same regardless of the 

Meshkati discloses the decrypting transaction specific parameters includes [account number and the pre-authorized payment amount] and determining existence of the match between the generated second authentication code and the authentication code (See paragraphs [0076], [0073]-[0074], [0080]-[0081] and [0105]-[0106] and Fig. 4a and 4b and related text).

Meshkati does not describe the transaction specific parameters includes transaction identifier and the date and time.

Alternatively, Kinney discloses:
(ii) the decrypted transaction specific parameters includes at least a transaction identifier of the transaction and a timestamp of the transaction (Kinney [0060], “the server-side signature may be generated to include the stored device identifier, the stored token code, and the timestamp. The processor 110 may first decrypt the encrypted portion of the request signature and compare the server-side signature with the decrypted portion of the request signature.”, [claim 7], “decrypting the encrypted signature to generate a decrypted version of the device identifier, the token code, and the timestamp; and comparing the server-side signature to the decrypted version of the device identifier, the token code, and the timestamp.”) (See abstract and paragraphs [0060], [0057] and [0052] and Fig. Fig. 4 and 8 related text, see also claim 8);    
generating, by the payment interface apparatus, a second authentication code using the decrypted transaction specific parameters including at least the transaction identifier and the timestamp of the transaction (See paragraphs [0052], [0056]-[0057] and [0053] and Fig. 8 related text, see also claim 5);

 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Meshkati and Postrel with Kinney to include a function of adding additional content to transaction specific parameters to enhance security.

Regarding claims 3 and 13: Meshkati, Postrel and Kinney, discloses as shown above.
Meshkati further discloses: The payment interface apparatus of claim 1, wherein the plurality of received data fields further includes encrypted customer [data], being encrypted from the customer [data] (See paragraph(s) [0045], [0067] and Fig. 4a and related text).

Meshkati, does not expressly disclose, redemption account data.
Postrel discloses, redemption account data (See paragraph(s) [0002], [0011], [0062], [0076] and [0078] and Fig. 7 and related text)

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Meshkati and Kinney with Postrel 

Regarding claim 6 and 16: Meshkati, Postrel and Kinney, discloses as shown above.
Meshkati further discloses: The payment interface apparatus of claim 2, wherein the generation of the second authentication code at the payment interface apparatus further comprises performing a cryptographic checksum operation on the transaction specific parameters (See paragraphs [0059], [0072]-[0078] and Fig. 4a and 4b and related text).

Regarding claims 7 and 17: Meshkati, Postrel and Kinney, discloses as shown above.
Meshkati further discloses: The payment interface apparatus of claim 1, wherein one or more of the data fields in support of the request are generated by the payment interface apparatus (See paragraph(s) [0039] and [0041]).

Regarding claim 9: Meshkati, Postrel and Kinney, discloses as shown above.
Meshkati further discloses: The payment interface apparatus of claim 1, wherein the payment interface apparatus comprises a payment terminal or the payment terminal coupled to a point of sale (POS) terminal (See paragraph(s) [0041] and Fig. 4A and related text).

Regarding claim 10: Meshkati, Postrel and Kinney, discloses as shown above.
Meshkati further discloses: The payment interface apparatus of claim 9, wherein the payment terminal acts as a bypass to forward the received request and the data fields to the (See paragraph(s) [0041] and Fig. 4B and related text).

Regarding claims 18: Meshkati, Postrel and Kinney, discloses as shown above.
Meshkati further discloses: The method of claim 11, wherein the payment interface apparatus receives the request from the at least one of the mobile terminal and the payment card placed in proximity to a sensor of the payment interface apparatus (see paragraphs [0040], [0044] and [0046]).

Claims 4-5 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Meshkati in view of Postrel further in view of Tang (US 20150143116 A1) or alternatively in view of Kinney et al. (US 20160352524 A1).

Regarding claims 4 and 14: Meshkati, Postrel and Kinney, discloses as shown above.
Meshkati, does not disclose: The payment interface apparatus of claim 1, wherein the transaction specific parameters further include a random number generated in accordance with a universally unique identifier (UUID) RFC 4122 standard.

Postrel discloses: The payment interface apparatus of claim 1, wherein the transaction specific parameters comprise a concatenation of any one or more of a date and time the transaction (e.g. a certain time period) is made at the payment interface apparatus; a […] (See paragraph(s) [0059] and [062] and Fig. 3 and related text).

Tang discloses: The payment interface apparatus of claim 1, wherein the transaction specific parameters comprise […]; and a random number generated in accordance with a universally unique identifier (UUID) RFC 4122 standard (See paragraph(s) [0052] [0085-0086]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Meshkati, Postrel and Kinney with Tang to include security function such as encrypting / decrypting using session keys to make sensitive data more secure and to generate a random number in accordance with a universally unique identifier to enhance communication by near certainty that the identifier does not duplicate.

Regarding claims 5 and 15: Meshkati, Postrel, Kinney and Tang, discloses as shown above.
Meshkati further discloses: The payment interface apparatus of claim 2, wherein the payment interface apparatus is further configured to receive, through the input […], a session key used in the decryption to obtain the transaction specific parameters from the received data fields (See paragraph(s) [0074], [0076], [0078], [0080], [0083] and [0105]).

Meshkati, does not expressly disclose, the payment interface apparatus is further configured to receive, through the input port, a session key.

However Tang discloses: The payment interface apparatus of claim 2, wherein the payment interface apparatus is further configured to receive, through the input port, a session key used in the decryption to obtain the transaction specific parameters from the received data fields (See paragraph(s) [0007-0009], [0022] and [0031]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Meshkati, Postrel and Kinney with Tang to include security function such as encrypting / decrypting using session keys to make sensitive data more secure and less likely to be intercepted and accessed by unauthorized users.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Bellovin (US 20010056409 A1) discloses the subject matter of claim 1, for example, decrypt the encrypted transaction specific parameters included in the received plurality of data fields using a session key, generate an authentication code using the decrypted transaction specific parameters; determine existence of a match between the generated authentication code and the authentication code included in the received plurality of data fields received from the mobile device and the payment card of the customer; in response to determining existence (see abstract and paragraphs [0005], [0016] and [0022]-[0023] and Fig. 3a-3b and Fig. 4a-4b and related text).

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAHED ALI whose telephone number is (571)270-1085.  The examiner can normally be reached on 8:00 - 5:00 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JAHED ALI/Examiner, Art Unit 3685

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685