DETAILED ACTION
This is an office action on the merits in response to the communication filed on 4/06/2021.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims’ Status
Claim 1 has been amended and claim 4 is canceled.  Claims 1-3 are pending and are considered in this office action.

Response to Arguments/Comments
102/103 Rejection
With respect to claim 1, the argument is moot in light of a new art and the new grounds of rejection due to amended claims.
With respect to claims 2 & 3, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).  



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. 	Determining the scope and contents of the prior art.
2. 	Ascertaining the differences between the prior art and the claims at issue.
3. 	Resolving the level of ordinary skill in the pertinent art.
4. 	Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 1 is rejected under 35 U.S.C 103 as being obvious over Hurley (US20150095219A1; hereinafter: “Hurley”) in view of Hito et al. (US20110219427A1; hereinafter “Hito”).

With respect to claim 1
Hurley teaches the limitations of:
recording an identifier relating to sites, the security of which is expected, of the computer server SMa unique to the computer server SMa ([0058], Potential transaction data of step 608 may include any suitable data indicative of one or more characteristics of a potential financial transaction to occur between a user of device 100/100′ and a merchant of merchant subsystem 200, including, but not limited to, identification of device 100/100′, identification of the merchant, identification of the particular merchant resource being used (e.g., the particular merchant application 113 or website being accessed by device 100/100′),…..);
Examiner’s Note (Intended Use):  The portion of the limitation which recites “…..the security of which is expected….”, is merely a recited intended use of the identifier relating to sites.  This portion is given little to no patentable weight because the limitation, or portion thereof, does not claim the function(s) as being positively recited actions or functions, and/or it does not add any meaning or purpose to the associated manipulative step(s).  See  MPEP 2103 C and 2111.04.  Simply because the limitation recites something as being “for…. [performing a specific functionality]”, etc.  does not mean that the functions are required to be performed, or are actually performed.

Calculating and generating, at a trusted server, a key associated with the identifier ([0056], ……to associate a merchant key 157 with a merchant identifier or a merchant's resource (e.g., application 113 or website) of a particular merchant subsystem for enabling a secure commerce credential data communication (e.g., an online-based communication 668/672 of FIG. 1A) between device 100 and particular merchant subsystem 200 (e.g., through using that merchant resource); [0028], Either merchant subsystem 200 or commercial entity subsystem 400 may be responsible for management of merchant key 157, which may include the generation, exchange, storage, use, and replacement of such a key.);
Recording, on the computer server SMa, the key ([0028], No matter how or where such a merchant key 157 may be generated and/or managed, both merchant subsystem 200 and commercial entity subsystem 400 may store a version of merchant key 157 (e.g., in a respective secure element of merchant subsystem 200 and commercial entity subsystem 400). In some embodiments, such a merchant key 157 may be specifically associated with merchant application 113, while, in other embodiments, merchant key 157 may be specifically associated with a merchant of merchant subsystem 200 such that merchant key 157 may be associated with multiple third party applications operated by the same merchant of merchant subsystem 200.);
opening a secure communication session by the computer server SMa with the trusted server via the key that was allocated to computer server SMA by the trusted server ([0028], Moreover, in some embodiments, commercial entity subsystem 400 may generate or otherwise assign a merchant key 157 for application 113 and provide such a merchant key 157 to merchant subsystem 200 (e.g., via path 85).),

Hurley does not explicitly disclose, but Hito teaches:
recording, on a second connected terminal EBU1 of the same user U1, of an application demanding an automatic opening of a computer session with the trusted server when a code presented on the first connected terminal EAU1 is read ([0004], one aspect of the present invention provides authentication or verification utilizing a user's first device, such as a smart phone, a smart watch, personal digital assistant (PDA) or the like to respond to an acoustic signal, a visual display, such as a bar code, text, a picture, a sequence thereof, or the like produced by a second device, such as a personal computer, laptop, kiosk, vending machine or the like requiring authentication or verification of the user to conduct a session or transaction utilizing the second device to access a web site running on a web server.);
performing steps of validating information presented on the first connected terminal EAU1, comprising:
opening a first communication session by the first connected terminal EAU1 with the computer server SMa ([0012] & fig.1, In system 100, a web server 110 is shown connected to a personal computer 120 by a first Internet connection 112.…..);

and calculating a time-stamped code CXa associated with the key by the trusted server; (see fig.1 & [0036], The authentication provider will present the user with an authentication request containing an alphanumeric QR code with the authentication challenge through the client application.  This QR code will encode a string “A|V|AN|ID|TS|NONCE”, where:; [0041], TS: A time stamp, in the format key generation and registration 515 is employed to generate a new public/private key pair for the authentication.);
transmitting, via the computer server SMa, digital information including a representation of the time-stamped code CXa to the first connected terminal EAU1 ([0014], Substantially simultaneously, the web site instructs the personal computer 120 through the web server 110 (computer server SMa) to produce a QR code 126, an output or signal, for example, emitting an acoustic signal, such as the acoustic signal 122 of FIG. 1, that is detectable by the smart phone 130 (first connected terminal EAU1).);
acquiring by the second connected terminal EBU1 the representation of the time-stamped code CXa presented by the first connected terminal EAU1 (fig.1 & [0028], a mobile device owned by the user that can run custom applications and that has a camera that can be used to capture QR codes, such as the QR code 126 displayed on the display 125, for example);
displaying the representation of the time-stamped code CXa on the first connected terminal EAU1 ([0028], a mobile device owned by the user that can run custom applications and that has a camera that can be used to capture QR codes, such as the QR code 126 displayed on the display 125, for example. One example of a mobile device is mobile device 330 of FIG. 3.);
opening a second communication session, via the second connected terminal EBU1, with the trusted server by means of the previously loaded application and transmitting the acquired representation of the time-stamped code CXa ([0031], A secondary channel is setup between the user's device that stores his/her public/private keys, and the authentication provider. An example of a secondary channel is channel 360 connecting mobile 320. This channel 360 is used by the device to verify the user's identity to the authentication provider; [0122], The above specified authentication process 400 has some properties that make it an interesting option to more traditional authentication systems used on the web. First, its use helps prevent phishing attacks. Because the proposed authentication protocol uses a secondary ;
checking the conformity of the representation of the time-stamped code CXa with the time-stamped code CXa ([0089], After the application on the user's device has scanned the QR code with the provisioning request and decoded it, key generation and registration 515 is employed to generate a new public/private key pair for the authentication. The choice of RSA/DSA keys is left to the user/application. The application should verify that both the provisioning and authentication URLS (PURL/AURL) specify the use of secure channels (HTTPS) for SSL/TLS., see also [0069-0071]);
transmitting to the second connected terminal EBU1 via the trusted server a digital validation message MVa comprising an indicator of conformity of the representation of time-stamped code CXa with the time-stamped code CXa and information Iva relating to the computer server SMa associated with the time-stamped code CXa (see [0076-0078] and fig.4.)

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hurley with the teaching of Hito as they relate to a system/method of system/method of initiating digital information transfer between the payment electronic device and a merchant subsystem.  The claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  Hito offers the embodiment of the opening first/second communication sessions between either the computer server SMa, trusted server, first connected terminal EAU1, second 


Claims 2-3 are rejected under 35 U.S.C 103 as being obvious over Hurley (US20150095219A1; hereinafter: “Hurley”) in view of Hito et al. (US20110219427A1; hereinafter “Hito”), and further in view Pereira et al. (US20130282582A1; hereinafter: “Pereira”).
With respect to claim 2
The combination of Hurley and Hito teaches the limitations of claim 1.  The combination does not explicitly disclose, but Pereira teaches:
the digital validation message MVa further comprises a link for opening a secure session to a third-party server, the address of which is calculated by the trusted server according to the recorded identifier associated with the computer server SMa ([0028], The vendor then sends a request for validation (Step 5) 18 to the system payment server 6, the request including, but not limited to, transaction information (e.g., amount of the transaction, shipping address, last four digits of credit card, type of credit card) and the transaction token; see also [0022] on explaining how “the address of which is calculated by the trusted server according to the recorded identifier associated with the computer server SMa”.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hurley/Hito with the teaching of Pereira as they relate to a system/method of system/method of initiating digital information transfer between the payment electronic device and a merchant subsystem.  The claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did 

With respect to claim 3
The combination of Hurley, Hito and Pereira teaches the limitations of claim 2.  Pereira further teaches:
the address of the third-party server is calculated by the trusted server according to recorded information associated with the computer server SMa, is a payment server SMp distinct from the computer server SMa (see [0028] & fig.2, The vendor then sends a request for validation (Step 5) 18 to the system payment server 6, the request including, but not limited to, transaction information (e.g., amount of the transaction, shipping address, last four digits of credit card, type of credit card) and the transaction token. The payment server 6 forwards the transaction token and transaction information (Step 6) 20 to the system application server 8 for validation.)

Conclusion
THIS ACTION IS MADE Non-FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YIN Y CHOI whose telephone number is (571)272-1094 or yin.choi@uspto.gov.  The examiner can normally be reached on M-F 7:30 - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/YIN CHOI/           Examiner, Art Unit 3685                                                                                                                                                           	9/13/2021

/JAMES D NIGH/               Senior Examiner, Art Unit 3685