DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of the Claims
The office action is being examined in response to the Request for Continued Examination submitted by the applicant on January 19, 2021.
Claims 1-14 are pending and have been examined. 
This action is made NON-FINAL.

Response to Applicant Remarks
The rejections under 35 USC § 101 are withdrawn due to Applicant’s amendments and remarks. The Examiner agrees with Applicant that the additional claim limitations including “[a] method of securing a transaction between a portable terminal and a transaction terminal, the method comprising: storing, by a portable terminal, a unique user identifier (UUID) in an operating system (OS) of the portable terminal, wherein the UUID is a unique serial number which is variably issued each time an application is downloaded from an app distribution server, the UUID being not stored in the application to prevent tampering of the application; is at least an improvement and is an improvement to security and speed in performing such transactions through communications with a server and a terminal as claimed, and imposes any meaningful limits on practicing the abstract idea. Accordingly, the Examiner withdraws the 101 rejections.
Moreover, Applicant’s additional amendments and remarks have been considered; however, Applicant's additional art arguments are considered moot due to the new grounds of rejection, as provided below.  


Claim Rejections - 35 USC §103

























































































































































































In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.












































The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. §103 are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 13-14, 2, 4, 6, and 9-12 are rejected under 35 U.S.C. §103 as being unpatentable over U.S. App. Pub. No. US 2017/0063975 A1 Prakash (hereinafter “Prakash”), in view of U.S. App. Pub. No. US 2014/0164241 A1 to Neuwirth (hereinafter “Neuwirth”), further in view of Darcey, titled "Learning Android Application Programming for the Kindle Fire - A Hands-on Guide to Building Your First Android Application" (July 2012).
(Changes to claim language in brackets; emphasized claim language in bold)
Regarding claim 1:
	Prakash teaches:
1. A method of securing a transaction between a portable terminal and a transaction terminal, the method comprising: storing, by a portable terminal, a unique user identifier (UUID) in an operating system (OS) of the portable terminal, {…} the UUID being not stored in the application to prevent tampering of the application; 
[No Patentable Weight] Given To Non-Functional Intended Use Language “the UUID being not stored in the application to prevent tampering of the application;” See also MPEP 2115; A claim is only limited by positively recited elements. Thus, "[i]nclusion of the material or article worked upon by a structure being claimed does not impart patentability to the claims." In re Otto, 312 F.2d 937, 136 USPQ 458, 459 (CCPA 1963); see also In re Young, 75 F.2d 996, 25 USPQ 69 (CCPA 1935).
Figs. 2-3; [0023] user request for a transaction made using payment device [0017] {portable terminal} e.g., mobile phone; Prakash [0049] Prior to carrying out the initialization process flow 300, a user of a communication device may download application 312 from an application store onto the communication device; [0051] {identifier, e.g., “application signature”}; [0052] The application signature may also include metadata associated with application 312 such as version number, source, etc. {serial number}. At step 360, the application signature is sent from SDK 320 to server 390…; Fig. 5; [0071] …In some embodiments, mobile application 514 may include on-device cloud-based transaction logic {that} performs functions to facilitate cloud-based transactions such as to take account parameters provided for use in payment transactions and deliver them to mobile operating system 522 {storing metadata e.g., a UUID in the mobile OS} for transmission over contactless interface 534 …” [Id.] …the transaction cryptogram key (e.g., a limited-use key} {e.g., user identifier} can be sent over to the transaction processing network 584 to obtain authorization for the payment transaction.
running, by the portable terminal, the application and extracting information for authentication, wherein the extracted information for authentication includes {…} 
Prakash [0023] authorization request sent for requesting authorization for a transaction; [0044] In some embodiments, application 112 can be an application that uses or processes sensitive information. For example, application 112 may use certain sensitive data assets such as encryption keys to perform cryptographic operations, or may access or use sensitive information such as personal or financial information {extracting information for authorization};
transferring, by the portable terminal, the information for authentication to a transaction server;
Prakash [0015] teaching, transfer of information for authentication; [0051] …At step 356, the device public key is sent to server 390 such that server 390 can authenticate information signed by the device private key; [0052] …In some embodiments, the application signature can be encrypted by the server public key retrieved from step 352, and sent to server 390 {transferring authentication information}.    
receiving from the transaction server, by the portable terminal, a result of authentication based on comparing the information for authentication, including the UUID, with authentication information previously stored in the transaction server; 
Prakash Fig. 3; [0053] at step 362, server 390 receives the application signature {information for authentication}, and verifies the application signature against a set of whitelisted application signatures..; [Id.] If the application signature from application 312 fails to match one of the approved whitelisted application signatures, server 390 may notify application 312 that application 312 is an unauthorized application and stop responding to application 312. If the application signature sent from application 312 matches one of the approved whitelisted application signatures, initialization of application 312 may continue.
based on the received result of authentication, receiving, by the portable terminal, transaction information for a transaction and transferring the transaction information to the transaction server; 
Prakash Fig. 3-4; [0053] at step “362-364,” server 390 receives the application signature, and verifies the application signature against a set of whitelisted application signatures. [Id.] …If the application signature sent from application 312 matches one of the approved whitelisted application signatures, initialization of application 312 may continue {e.g., Fig. 3, “362-364,“ e.g., [0037] A "nonce {authentication after app signature verification} may refer to a number, string, bit sequence, or other data value … [a] nonce can be used as a seed value to generate a key or other types of authentication data.”}; Fig. 3 element “372” {transferring transaction information to server 390};   
receiving from the transaction server, by the portable terminal, approval information including an approval number based on the transaction information; and
Prakash [0024] An authorization response message may be an electronic message reply to an authorization request message … {which} a credit card issuing bank returns {[Id.] {approval number} e.g., “authorization code”} in response to an authorization request message in an electronic message; [Id.] authorization may include, by way of example only, one or more of the following status indicators: Approval--transaction was approved; Decline- a-transaction was not approved; [0024] sending  e.g., transferring approval information including an “authorization code” {approval number}  

Prakash does not explicitly teach but Neuwirth teaches:

receiving from the transaction server, by the portable terminal, approval information including an approval number based on the transaction information; and
Neuwirth Fig. 4; [0070] financial transaction server transferring approval information {token} to the portable terminal {[0047] client computing device}
transferring to a transaction terminal, by the portable terminal, the received approval information based on which the transaction is performed with the transaction terminal without entering personal information of a user of the portable terminal into the transaction terminal
Neuwirth [0065] a token {received approval information} is stored on the client computing device … the token can be used to request the processing of a payment; [0063] server system 101 will only return a token to client computing device 103 if the user of client computing device 103 has been authenticated; [0067] client computing device 103 submits the token to the service on server system 101 

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as authentication method and systems for financial transactions using a portable terminal, as taught in Neuwirth at Abstract Fig. 1 and [0002]. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.  Thus, there exist a need to facilitate a better, convenient, secure system and method to authenticate information for financial transactions. Neuwirth at Abstract.

Prakash does not explicitly teach but Darcey teaches:

wherein the UUID is a unique serial number which is variably issued each time an application is downloaded from an app distribution server,
{…} the UUID stored in the OS of the portable terminal;
Darcey at least at pg. 216 teaching where a UUID is variably created {randomly to track “usage and installations”}, and sent {downloaded e.g., stored} in the application "client" {not "in" the application}.

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as authentication method and systems using a portable terminal {e.g., an application client}, as taught in Darcey at least at pg. 216. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.  Thus, there exists a need to facilitate a better, convenient, secure system and method where a UUID is variable {randomly generated} for an application installation, transmitted and stored separately in the OS of the device, than within the application. See Darcey at least at pg. 216.

Regarding claim 2:
	Prakash teaches:
2. The method of claim 1, wherein the extracted information for authentication further includes a previously stored app serial number.  
Prakash Fig. 3; [0053] at step 362, server 390 receives the application signature, and verifies the application signature against a set of whitelisted application signatures. [Id.] If the application signature from application 312 fails to match one of the approved whitelisted application signatures {previously stored app serial number}, server 390 may notify application 312 that application 312 is an unauthorized application and stop responding to application 312. If the application signature sent from application 312 matches one of the approved whitelisted application signatures, initialization of application 312 may continue.


Regarding claim 4:
	Prakash and Neuwirth teach all limitations of claim 1
Neuwirth further teaches:
4. The method of claim 1, wherein the information for authentication includes at least one of signature information, facial recognition information, voice recognition information, iris recognition information, and fingerprint information.  
Neuwirth [0012] teaching, the present invention can be used in combination with methods for receiving a signature {signature information} … to authorize a transaction.

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as authentication method and systems for financial transactions using a portable terminal, as taught in Neuwirth at Abstract Fig. 1 and [0002]. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.  Thus, there exist a need to facilitate a better, convenient, secure system and method to authenticate information for financial transactions. Neuwirth at Abstract.

Claims 5-8 are rejected under 35 U.S.C. §103 as being unpatentable over U.S. App. Pub. No. US 2017/0063975 A1 (hereinafter “Prakash”), in view of U.S. App. Pub. No. US 2014/0164241 A1 to Neuwirth (hereinafter “Neuwirth”), in view of Darcey, titled "Learning Android Application Programming for the Kindle Fire - A Hands-on Guide to Building Your First Android Application" (July 2012), and further in view of U.S. Pat. No. 9,600,981 B2 to Korala (hereinafter “Korala”).

(Changes to claim language in brackets; emphasized claim language in bold)
Regarding claim 5:
	Prakash and Neuwirth teach all limitations of claim 1
Prakash further teaches:
5. The method of claim 1, wherein the approval information including the approval number includes valid time information of the approval number.  
Prakash [0024] an authorization response message may be an electronic message reply to an authorization request message … {which} a credit card issuing bank returns {[Id.] {approval number} e.g., “authorization code”} in response to an authorization request message in an electronic message; 

Prakash does not explicitly teach but Korala teaches:

5. The method of claim 1, wherein the approval information including the approval number includes valid time information of the approval number.  
Korala [Col. 10:50-53]  In an alternative embodiment, the token 60 is for time limited use, and an expiry time (for example, 14.38) or expiry period (for example, 15 minutes) is printed on the token {valid time information}; [Col. 8:67-9:1-4] The token 60 in this case includes in human-readable form the current date, a merchant identifier number which identifies the merchant within whose premises the user terminal 2 is installed, and the amount of the approved cash withdrawal

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as financial transactions and methods and systems for approving financial transactions; See Korala at least at Abstract; [Col. 12:46-58]. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.   Thus, there exist a need to facilitate a better system and method to authenticate information for approving financial transactions. See Korala at least at Abstract


Regarding claim 6:
Prakash and Neuwirth teach all limitations of claim 5
	Prakash teaches:
6. The method of claim 5, wherein the valid time information of the approval number is set in advance by the user of the portable terminal or an administrator of the transaction server.  
Prakash [0089] The set of one or more limited-use thresholds to enforce can be determined, for example, by an issuer of the account or by CBP 580 that provides the cloud-based transaction services; [0074] teaching active account management capability generates the initial set of account parameters … account parameters may include … dynamic information to ensure the set of account parameters {e.g., limited use parameters, {time information}) have only a limited use once delivered to the device.

Prakash does not explicitly teach but Korala teaches:

6. The method of claim 5, wherein the valid time information {…}.
Korala [Col. 10:50-53]  In an alternative embodiment, the token 60 is for time limited use, and an expiry time (for example, 14.38) or expiry period (for example, 15 minutes) is printed on the token {valid time information}; [Col. 8:67-9:1-4] The token 60 in this case includes in human-readable form the current date, a merchant identifier number which identifies the merchant within whose premises the user terminal 2 is installed, and the amount of the approved cash withdrawal

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as financial transactions and methods and systems for approving financial transactions; See Korala at least at Abstract; [Col. 12:46-58]. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.   Thus, there exist a need to facilitate a better system and method to authenticate information for approving financial transactions. See Korala at least at Abstract
  
Regarding claim 7:
Prakash and Neuwirth teach all limitations of claim 1
Korala further teaches:
7. The method of claim 1, wherein the transaction terminal comprises an automated teller machine (ATM) or a point-of-sale (POS) terminal.  
Korala [Abstract]; [Col. 12:46-58] teaching, “…As the transaction is an ATM-type cash deposit transaction the merchant may be paid a small fee.”

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as financial transactions and methods and systems for approving financial transactions; See Korala at least at Abstract; [Col. 12:46-58]. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.   Thus, there exist a need to facilitate a better system and method to authenticate information for approving financial transactions. See Korala at least at Abstract

Regarding claim 8:
Prakash and Neuwirth teach all limitations of claim 1
Korala further teaches:
8. The method of claim 1, wherein the transaction includes a cash withdrawal, issuance of a gift certificate, or issuance of a lottery ticket.  
Korala [Col. 1:50-53] For example the agent may conduct a banking transaction, such as withdrawal of cash by a user, on behalf of the financial institution.

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as financial transactions and methods and systems for approving financial transactions; See Korala at least at Abstract; [Col. 12:46-58]. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.   Thus, there exist a need to facilitate a better system and method to authenticate information for approving financial transactions. See Korala at least at Abstract

Regarding claim 9:
	Prakash and Neuwirth teach all limitations of claim 1
	Prakash teaches:
9. The method of claim 1, wherein the transaction server includes a service provider server configured to perform the authentication and an institution server configured to approve the transaction.  
Prakash [0018] server computers may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers; [Id.] server computers may comprise one or more computational apparatuses and may use any of a variety of computing structures, arrangements, and compilations for servicing the requests {authentication, transaction approval} from one or more client computers.

Regarding claim 10:
	Prakash and Neuwirth teach all limitations of claim 1
	Prakash further teaches:
10. The method of claim 1, wherein performing the transaction comprises: executing the application of the portable terminal and transferring authentication information of the application to the transaction server; 
Prakash Figs. 2-3; [0023] user request for a transaction made using payment device {[0017] portable terminal e.g., mobile phone}; [0023] authorization request sent for requesting authorization for a transaction; [0044] In some embodiments, application 112 can be an application that uses or processes sensitive information. For example, application 112 may use certain sensitive data assets such as encryption keys to perform cryptographic operations, or may access or use sensitive information such as personal or financial information {extracting information for authorization};
receiving a result of authentication from the transaction server based on comparing the received authentication information with previously stored membership information to authenticate the application and transmitting a result of the authentication to the portable terminal; and 
Prakash Fig. 3; [0053] at step 362, server 390 receives the application signature {information for authentication}, and verifies the application signature against a set of whitelisted application signatures..; [Id.] If the application signature from application 312 fails to match one of the approved whitelisted application signatures, server 390 may notify application 312 that application 312 is an unauthorized application and stop responding to application 312. If the application signature sent from application 312 matches one of the approved whitelisted application signatures, initialization of application 312 may continue.
based on the result of the authentication received from the transaction server, transferring the approval number to the transaction terminal to proceed with the transaction. 
Prakash Fig. 3-4; [0053] at step “362-364,” server 390 receives the application signature, and verifies the application signature against a set of whitelisted application signatures. [Id.] …If the application signature sent from application 312 matches one of the approved whitelisted application signatures, initialization of application 312 may continue {e.g., Fig. 3, “362-364,“ e.g., [0037] A "nonce {authentication after app signature verification} may refer to a number, string, bit sequence, or other data value … [a] nonce can be used as a seed value to generate a key or other types of authentication data.”}; Fig. 3 element “372” {transferring transaction information to server 390};

Prakash does not explicitly teach but Neuwirth teaches:

based on the result of the authentication received from the transaction server, transferring the approval number to the transaction terminal to proceed with the transaction. 
Neuwirth Fig. 4; [0070] financial transaction server transferring approval information {token} to the portable terminal {[0047] client computing device}

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as authentication method and systems for financial transactions using a portable terminal, as taught in Neuwirth at Abstract Fig. 1 and [0002]. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.  Thus, there exist a need to facilitate a better, convenient, secure system and method to authenticate information for financial transactions. Neuwirth at Abstract.

Regarding claim 11:
Prakash and Neuwirth teach all limitations of claim 1
Prakash further teaches:
11. The method of claim 1, wherein the transferring of the approval number to the transaction terminal comprises transferring the approval number to the transaction terminal through near field communication (NFC), a barcode, a quick response (QR) code, or a numeric code.  
Prakash [0065] a token {received approval information} is stored on the client computing device … the token can be used to request the processing of a payment; [0063] server system 101 will only return a token to client computing device 103 if the user of client computing device 103 has been authenticated; [0067] client computing device 103 submits the token {numeric code} to the server system 101

Regarding claim 12:
Prakash and Neuwirth teach all limitations of claim 1
Prakash teaches:
12. The method of claim 1, wherein the transaction information for the transaction includes a secret number which is input to the portable terminal by handwriting.  
Prakash [0027] A token may include a substitute identifier for some information. For example, a payment token may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN); [Id.] …may be used in place of a PAN to initiate, authorize, settle or resolve a payment transaction.

Prakash does not explicitly teach but Neuwirth teaches:

12. The method of claim 1, wherein the transaction information for the transaction includes a secret number which is input to the portable terminal by handwriting.
Neuwirth [0012] the present invention can be used in combination with methods for receiving a signature (or other type of verification or confirmation) from a remote user to authorize a transaction; [0008] Mobile devices enable users … using e.g., a smart phone.

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as authentication method and systems for financial transactions using a portable terminal, as taught in Neuwirth at Abstract Fig. 1 and [0002]. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.  Thus, there exist a need to facilitate a better, convenient, secure system and method to authenticate information for financial transactions. Neuwirth at Abstract.

Regarding claim 13:
	Prakash teaches:
13. A system for securing a transaction between a portable terminal and a transaction terminal, comprising: a portable terminal configured to: 
Prakash Figs. 2-3; [0023] user request for a transaction made using payment device {[0017] portable terminal e.g., mobile phone};
storing a unique user identifier (UUID) in an operating system (OS) of the portable terminal, {…}, the UUID being not stored in the application to prevent tampering of the application; 
[No Patentable Weight] Given To Non-Functional Intended Use Language “the UUID being not stored in the application to prevent tampering of the application;” See also MPEP 2115; A claim is only limited by positively recited elements. Thus, "[i]nclusion of the material or article worked upon by a structure being claimed does not impart patentability to the claims." In re Otto, 312 F.2d 937, 136 USPQ 458, 459 (CCPA 1963); see also In re Young, 75 F.2d 996, 25 USPQ 69 (CCPA 1935).
Prakash Figs. 2-3; [0023] user request for a transaction made using payment device [0017] {portable terminal} e.g., mobile phone; Prakash [0049] Prior to carrying out the initialization process flow 300, a user of a communication device may download application 312 from an application store onto the communication device; [0051] {identifier, e.g., “application signature”}; [0052] The application signature may also include metadata associated with application 312 such as version number, source, etc. {serial number}. At step 360, the application signature is sent from SDK 320 to server 390…; Fig. 5; [0071] …In some embodiments, mobile application 514 may include on-device cloud-based transaction logic {that} performs functions to facilitate cloud-based transactions such as to take account parameters provided for use in payment transactions and deliver them to mobile operating system 522 {storing metadata e.g., a UUID in the mobile OS} for transmission over contactless interface 534 …” [Id.] …the transaction cryptogram key (e.g., a limited-use key} {e.g., user identifier} can be sent over to the transaction processing network 584 to obtain authorization for the payment transaction.
execute the application and extract information for authentication, wherein the extracted information for authentication includes {…};
Prakash [0023] authorization request sent for requesting authorization for a transaction; [0044] In some embodiments, application 112 can be an application that uses or processes sensitive information. For example, application 112 may use certain sensitive data assets such as encryption keys to perform cryptographic operations, or may access or use sensitive information such as personal or financial information {extracting information for authorization};
transfer information for authenticating the application and transaction information to a transaction server, and 
Prakash Figs. 2-3; [0023] user request for a transaction made using payment device {[0017] portable terminal e.g., mobile phone}; [0023] authorization request sent for requesting authorization for a transaction; [0044] In some embodiments, application 112 can be an application that uses or processes sensitive information. For example, application 112 may use certain sensitive data assets such as encryption keys to perform cryptographic operations, or may access or use sensitive information such as personal or financial information {extracting information for authorization};
receive and transfer, based on a result of authentication of the application, approval information {…} the transaction server configured to receive the information for authenticating the application from the portable terminal, 
Prakash Fig. 2-3; [0024] An authorization response message may be an electronic message reply to an authorization request message … {which} a credit card issuing bank returns {[Id.] {approval number} e.g., “authorization code”} in response to an authorization request message in an electronic message; [Id.] authorization may include, by way of example only, one or more of the following status indicators: Approval--transaction was approved; Decline- a-transaction was not approved; [0024] sending  e.g., transferring approval information including an “authorization code” {approval number}
compare the received information with corresponding previously stored information, transmit the result of authentication to the portable terminal, compare the transaction information with corresponding previously stored information, {…} and 
Prakash Fig. 3; [0053] at step 362, server 390 receives the application signature {information for authentication}, and verifies the application signature against a set of whitelisted application signatures..; [Id.] If the application signature from application 312 fails to match one of the approved whitelisted application signatures, server 390 may notify application 312 that application 312 is an unauthorized application and stop responding to application 312. If the application signature sent from application 312 matches one of the approved whitelisted application signatures, initialization of application 312 may continue.
the transaction terminal configured to check, based on the approval information received from the portable terminal, the approval information and perform the transaction. 
Prakash Fig. 3-4; [0053] at step “362-364,” server 390 receives the application signature, and verifies the application signature against a set of whitelisted application signatures. [Id.] …If the application signature sent from application 312 matches one of the approved whitelisted application signatures, initialization of application 312 may continue {e.g., Fig. 3, “362-364,“ e.g., [0037] A "nonce {authentication after app signature verification} may refer to a number, string, bit sequence, or other data value … [a] nonce can be used as a seed value to generate a key or other types of authentication data.”}; Fig. 3 element “372” {transferring transaction information to server 390};

Prakash does not explicitly teach but Neuwirth teaches:

receive and transfer, {approval information} including an approval number for a transaction to a transaction terminal {…} 
Neuwirth Fig. 4; [0070] financial transaction server transferring approval information {token} to the portable terminal {[0047] client computing device}
compare the received information {…} and transfer the approval information including the approval number to the portable terminal;
Neuwirth Fig. 4; [0070] financial transaction server transferring approval information {token} to the portable terminal {[0047] client computing device}; Neuwirth [0065] a token {received approval information} is stored on the client computing device … the token can be used to request the processing of a payment; [0063] server system 101 will only return a token to client computing device 103 if the user of client computing device 103 has been authenticated; [0067] client computing device 103 submits the token to the service on server system 101

Prakash does not explicitly teach but Darcey teaches:

wherein the UUID is a unique serial number which is variably issued each time an application is downloaded from an app distribution server
{…} the UUID stored in the OS of the portable terminal;
Darcey at least at pg. 216 teaching where a UUID is variably created {randomly to track “usage and installations”}, and sent {downloaded e.g., stored} in the application "client" {not "in" the application}.

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as authentication method and systems using a portable terminal {e.g., an application client}, as taught in Darcey at least at pg. 216. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.  Thus, there exists a need to facilitate a better, convenient, secure system and method where a UUID is variable {randomly generated} for an application installation, transmitted and stored separately in the OS of the device, than within the application. See Darcey at least at pg. 216.

Regarding claim 14:
	Prakash teaches:
14. A portable terminal comprising: a storage configured to store an application; at least one memory configured to store instructions; at least one processor configured to access the at least one memory, read the instructions, and operate according to the instructions, the instructions comprising: instructions to 
Prakash [0005] In some embodiments, a communication device may include a processor and a memory coupled to the processor. The memory may store instructions, which when executed by the processor, causes the communication device to perform operations for securely binding an application to the communication device.
store a unique user identifier (UUID) in an operating system (OS) of the portable terminal, {…} the UUID being not stored in the application to prevent tampering of the application; instructions to 
[No Patentable Weight] Given To Non-Functional Descriptive Language “the UUID being not stored in the application to prevent tampering of the application;” See also MPEP 2115; A claim is only limited by positively recited elements. Thus, "[i]nclusion of the material or article worked upon by a structure being claimed does not impart patentability to the claims." In re Otto, 312 F.2d 937, 136 USPQ 458, 459 (CCPA 1963); see also In re Young, 75 F.2d 996, 25 USPQ 69 (CCPA 1935).
Prakash Figs. 2-3; [0023] user request for a transaction made using payment device [0017] {portable terminal} e.g., mobile phone; Prakash [0049] Prior to carrying out the initialization process flow 300, a user of a communication device may download application 312 from an application store onto the communication device; [0051] {identifier, e.g., “application signature”}; [0052] The application signature may also include metadata associated with application 312 such as version number, source, etc. {serial number}. At step 360, the application signature is sent from SDK 320 to server 390…; Fig. 5; [0071] …In some embodiments, mobile application 514 may include on-device cloud-based transaction logic {that} performs functions to facilitate cloud-based transactions such as to take account parameters provided for use in payment transactions and deliver them to mobile operating system 522 {storing metadata e.g., a UUID in the mobile OS} for transmission over contactless interface 534 …” [Id.] …the transaction cryptogram key (e.g., a limited-use key} {e.g., user identifier} can be sent over to the transaction processing network 584 to obtain authorization for the payment transaction.
execute the application and extracting information for authentication, wherein the extracted information for authentication includes {…} 
Prakash [0023] authorization request sent for requesting authorization for a transaction; [0044] In some embodiments, application 112 can be an application that uses or processes sensitive information. For example, application 112 may use certain sensitive data assets such as encryption keys to perform cryptographic operations, or may access or use sensitive information such as personal or financial information {extracting information for authorization};
instructions to transfer the information for authentication to a transaction server; instructions to receive, from the transaction server, a result of authentication based on comparing the information for authentication, including the UUID, with authentication information previously stored in the transaction server; instructions to, 
Prakash [0015] teaching, transfer of information for authentication; [0051] …At step 356, the device public key is sent to server 390 such that server 390 can authenticate information signed by the device private key; [0053] {comparison of the information for authentication}; [0052] …In some embodiments, the application signature can be encrypted by the server public key retrieved from step 352, and sent to server 390 {transferring authentication information}.
based on the received result of authentication, receive transaction information for a transaction and transfer the transaction information to the transaction server; instructions to 
Prakash Fig. 3-4; [0053] at step “362-364,” server 390 receives the application signature, and verifies the application signature against a set of whitelisted application signatures. [Id.] …If the application signature sent from application 312 matches one of the approved whitelisted application signatures, initialization of application 312 may continue {e.g., Fig. 3, “362-364,“ e.g., [0037] A "nonce {authentication after app signature verification} may refer to a number, string, bit sequence, or other data value … [a] nonce can be used as a seed value to generate a key or other types of authentication data.”}; Fig. 3 element “372” {transferring transaction information to server 390};
receive, from the transaction server, approval information including an approval number based on the transaction information; and instructions to 
Prakash [0024] An authorization response message may be an electronic message reply to an authorization request message … {which} a credit card issuing bank returns {[Id.] {approval number} e.g., “authorization code”} in response to an authorization request message in an electronic message; [Id.] authorization may include, by way of example only, one or more of the following status indicators: Approval--transaction was approved; Decline- a-transaction was not approved; [0024] sending  e.g., transferring approval information including an “authorization code” {approval number}

Prakash does not explicitly teach but Neuwirth teaches:

receive, from the transaction server, approval information including an approval number based on the transaction information; and instructions to 
Neuwirth Fig. 4; [0070] financial transaction server transferring approval information {token} to the portable terminal {[0047] client computing device}
transfer to a transaction terminal the received approval information based on which the transaction is performed with the transaction terminal. 
Neuwirth [0065] a token {received approval information} is stored on the client computing device … the token can be used to request the processing of a payment; [0063] server system 101 will only return a token to client computing device 103 if the user of client computing device 103 has been authenticated; [0067] client computing device 103 submits the token to the service on server system 101

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as authentication method and systems for financial transactions using a portable terminal, as taught in Neuwirth at Abstract Fig. 1 and [0002]. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.  Thus, there exist a need to facilitate a better, convenient, secure system and method to authenticate information for financial transactions. Neuwirth at Abstract.

Prakash does not explicitly teach but Darcey teaches:

wherein the UUID is a unique serial number which is variably issued each time the application is downloaded from an app distribution server
{…} the UUID stored in the OS of the portable terminal;
Darcey at least at pg. 216 teaching where a UUID is variably created {randomly to track “usage and installations”}, and sent {downloaded e.g., stored} in the application "client" {not "in" the application}.

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as authentication method and systems using a portable terminal {e.g., an application client}, as taught in Darcey at least at pg. 216. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.  Thus, there exists a need to facilitate a better, convenient, secure system and method where a UUID is variable {randomly generated} for an application installation, transmitted and stored separately in the OS of the device, than within the application. See Darcey at least at pg. 216.

Claim 3 is rejected under 35 U.S.C. §103 as being unpatentable over U.S. App. Pub. No. US 2017/0063975 A1 (hereinafter “Prakash”), in view of U.S. App. Pub. No. US 2014/0164241 A1 to Neuwirth (hereinafter “Neuwirth”), in view of Darcey, titled "Learning Android Application Programming for the Kindle Fire - A Hands-on Guide to Building Your First Android Application" (July 2012), and further in view of U.S. Pat. No. US 7634280 B2 to Modeo (hereinafter “Modeo”).
(Changes to claim language in brackets; emphasized claim language in bold)
Regarding claim 3:
	Prakash teaches:
receiving, by the portable terminal of the user, the extracted telephone number from the service server. 
Prakash [0022], [0024] an “authorization response message” may be an electronic message reply to an authorization request message; [0081] …Acquirer 574 then sends the authorization response message to the merchant computer and/or access device 560. The authorization response results may be displayed by access device 560, or may be printed out on a physical receipt. Alternately, if the transaction is an online transaction, the merchant may provide a web page or other indication of the authorization response message as a virtual receipt.

Prakash does not explicitly teach but Neuwirth teaches:

3. The method of claim 1, wherein the extracted information for authentication further includes a telephone number of the portable terminal, and wherein extracting of the telephone number of the portable terminal comprises:
Neuwirth [0079], [0080] User interface 800 also includes fields 802, 803 for receiving a mobile phone number or an email address for the user. 
transmitting a short message service (SMS) message including a server authentication number from the portable terminal of the user to an SMS server; 
Neuwirth [0080] the signature request sent to the client computing device can be in any format capable of including a hyperlink as described below. For example, the signature request can be a text message, an email, an instant message, or a social networking (e.g. Twitter, Facebook, Google+, etc.) message. Some or all of the information input into fields 801 can also be included in the request sent to server system 101.
extracting, by the SMS server, the telephone number of the portable terminal of the user and the server authentication number from the SMS message and transmitting the telephone number and the server authentication number to a service server; 
Neuwirth [0079] User interface 800 represents an embodiment where the merchant is attempting to receive a … [0080] mobile phone number {telephone number} for {authentication} 

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as authentication method and systems for financial transactions using a portable terminal, as taught in Neuwirth at Abstract Fig. 1 and [0002]. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.  Thus, there exist a need to facilitate a better, convenient, secure system and method to authenticate information for financial transactions. Neuwirth at Abstract.

Prakash doesn’t explicitly teach but Modeo teaches:

storing, by the service server, the received telephone number of the portable terminal of the user and the server authentication number; 
Modeo [Col. 8:48-51] SMS message 400 is received by the SMS message receiver module … [Col. 8:51-55] extracting the PIN {server authentication number} … and the mobile telephone {received telephone number} number of user 110 a. [Col. 8:57-60] teaching, user 110 authenticated by looking at the respective entry in a database 250 {storage} (exploiting, for example, the cellular phone number, or the PIN) {storing telephone number and server authorization code “PIN”}
transmitting the server authentication number from the portable terminal of the user to the service server to request the telephone number of the portable terminal of the user; 
Modeo [Col. 8:24-29] teaching user transmitting from the mobile device {portable terminal} an SMS {e.g., SMS includes the authentication number “PIN”} message signature {requesting} … [Col. 8:57-60] the cellular phone number stored in database 250 for authenticating [Id.] teaching, database 250 storing a telephone number and server authorization code “PIN;” [Col. 8:60-65] to verify the PIN and cellular phone number;
comparing, by the service server, the stored server authentication number with the server authentication number received from the portable terminal of the user and extracting the telephone number of the portable terminal of the user stored together with the server authentication number; and 
Modeo [Col. 8:24-29] SMS received from user includes the authentication number “PIN”}; [Col. 8:60-65] teaching verifying the PIN and cellular phone number; [Col. 8:60-61] checking whether the provided PIN PINa is correct {comparing the received PIN with that stored in database 250} and that it is associated with the cellular phone number; [Col. 8:57-60] teaching cellular phone number and PIN stored in database 250 for comparison [Id.] database 250 storing the telephone number and server authorization code “PIN” 

It would have been obvious to one having ordinary skill in the art just before the effective filing date of the claimed invention to modify the system taught by Prakash, being in the same art as authentication methods and systems in a communications system using a user device {portable terminal}, as taught in Modeo at Abstract. The combination amounts at least to combining prior art elements according to known methods to yield predictable results.   Thus, there exist a need to facilitate a better, convenient, secure system and method to authenticate information for communication systems. Modeo at Abstract




Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
(1) U.S. Patent Application Publication US 20120197743 A1 to Grigg. 
(2) U.S. Patent Application Publication US 20140101044 A1 to Blackhurst.
(3) U.S. Patent Application Publication US 20140279444 A1 to Kassemi.
(4) U.S. Patent No. US 8844012 B1 to Chan.
(5) U.S. Patent Application Publication US 20160246958 A1 to Zhang.
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to XAVIER BENNETT whose telephone number is (303) 297-4316.  The examiner can normally be reached on 10:00AM to 6:00PM (MT).
	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, BENNETT SIGMOND can be reached at (303) 297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/X.M.B./Examiner, Art Unit 3694

/BENNETT M SIGMOND/Supervisory Patent Examiner, Art Unit 3694