DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Status of Claims
This communication is in response to the applicant’s amendments and After Final Consideration filed on 12/29/2020. Claims 1-20 are currently pending and have been examined. Claims 1, 11, and 20 have been amended. Claims 6 and 16 have been cancelled.

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. CN201810917787.6 filed on 06/05/2020.

Allowable Subject Matter
Claims 1-5, 7-15, and 17-20 are allowed. As allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with.  See 37 CFR 1.111(b) and MPEP § 707.07(a).

The prior art of record:
Kylanpaa, U.S. publication No. 20170270518. 
Jang, U.S. publication No. 20150066778. 
Bowman, U.S. publication No.(20170053357.
 Soerensen, U.S. Patent No. US8949607.
Black, U.S. publication No. US8601588.

Kylanpaa generally discloses methods and systems for facilitating anonymous purchases. At least one embodiment takes the form of a method carried out by a merchant server. The merchant server receives, from a client device, an order message identifying an ordered product (the ordered product having a purchase price). The merchant server generates an order identifier associated with the ordered product and sends, to the client device, an order-response message that includes the generated order identifier. The merchant server receives, from the client device, an order-arranged message that includes a payment-arranged message and a delivery-arranged message. The payment-arranged message includes a payment amount, the order identifier, and a digital signature of a financial institution, and the delivery-arranged message includes delivery-plan data and a digital signature of a courier. The merchant server verifies the respective digital signatures of the financial institution and the courier and, in response to the verification, generates transfer instructions for the ordered product based at least in part on the delivery-plan data and outputs the generated transfer instructions.

Jang generally discloses a method, device and a system for a seller terminal configured to acquire a token from a purchaser terminal desiring to purchase a product and a card management server configured to store and manage one or more pieces of card information and one or more pieces of token information corresponding to the card information and, upon receipt of the token information and payment information for the product from the seller terminal, make payment for the product using card information corresponding to the received token.

Bowman generally discloses a method, a system and a computer-readable media for generating integrated data records by correlating source data records stored at different registry source data repositories. A set of source data records is retrieved based on execution of one or more search queries against a set of registry source data repositories. A data record matching 

Soerensen generally discloses a method for protecting a digital document and user data typed into a digital document is presented. The method comprises computation of an authentication tag when the document is sent from a server. A similar authentication tag is computed when the document is shown on a client. When another document referenced in the document is requested by the client from the server, the authentication tag computed by the client is attached to the request for that other document. The server receiving the request compares the authentication tag it computed with the one it received to verify if the request came from an authentic copy of the document. The method is suitable for protection of online banking, online investment, online shopping, and other electronic applications.

Black generally discloses a system and method directed to operating a data processing system to respond to potential use of a clone authenticator capable of mimicking behavior of a legitimate authenticator known to an authentication system of the data processing system. The method and system detect patterns of authentication operations that indicate the possible use of a clone authenticator, and include this information in controlling access to the system. The technique can be incorporated as an additional feature into systems using risk-based authentication to increase system data security accordingly.

Regarding the claimed terms, the Examiner notes that a “general term must be understood in the context in which the inventor presents it.” In re Glaug, 283 F.3d 1335, 1340, 62 USPQ2d 1151, 1154 (Fed. Cir. 2002).  Therefore the Examiner must interpret the claimed terms as found on pages 1-23 of the specification.  Clearly almost all the general terms in the claims may have multiple meanings.  So where a claim term “is susceptible to various meanings, the inventor’s lexicography must prevail . . . .” Id.  Using these definitions for the claims, the claimed invention was not reasonably found in the prior art.

The references Kylanpaa, Jang, Bowman, Soerensen, Black disclosed as previously discussed.  The references however do not teach at least: 
	Payment handling apparatus which is operable to effect payment from a purchaser to a vendor, the payment handling apparatus comprising: 
	a purchaser's mobile computing device running a purchaser program which is operable by the purchaser; 
	a vendor's point of sale computing apparatus running a vendor program which is operable by the vendor, the purchaser's mobile computing device and the vendor's point of sale computing apparatus in data communication with each other by way of a communication channel; 
	a purchaser's bank server in data communication with the purchaser's mobile computing device by way of a first computer network or a first mobile communication network; and 
	a vendor's bank server in data communication with the vendor's point of sale computing apparatus by way of a second computer network or a second mobile communication network, the vendor's bank server in data communication with the purchaser's bank server by way of a communications link, the payment handling apparatus operable to effect payment from the purchaser to the vendor despite: interruption of communication between the purchaser's bank server and the purchaser's mobile computing device; 
	or 
	interruption of communication between the vendor's bank server and the vendor's point of sale computing apparatus, 

	wherein the purchaser program: generates a first one-time password (OTP) by way of a first Time-based One-time Password (TOTP) algorithm
	the first TOTP algorithm combining a payment key with a payment timestamp to form the first OTP, the payment timestamp generated by the purchaser's mobile computing device at a time of generation of the first OTP and the payment key having been pre-shared between the purchaser program and the purchaser's bank server before the interruption of communication; 
	encrypts a payment message with the first OTP: and 
	conveys a payment request to the vendor program by way of the communication channel, the payment request comprising the encrypted payment message, wherein, and 
	when there is interruption of communication between the purchaser's bank server and the purchaser's mobile computing device, the payment request is received by the vendor's bank server from the vendor program by way of the second computer network or the second mobile communication network, and the payment request is then received by the purchaser's bank server from the vendor's bank server by way of the communications link 
or 
	when there is interruption of communication between the vendor's bank server and the vendor's point of sale computing apparatus, the payment request is received by the purchaser program from the vendor program by way of the communication channel, and the payment request is then received by the purchaser's bank server from the purchaser program by way of the first computer network or the first mobile communication network, 
	3Serial No.: 16/074,033 Docket No.: 1357/202wherein the encrypted payment message comprised in the payment request is decrypted by a second Time-based One-time Password (TOTP) algorithm running on the purchaser's bank server, the encrypted payment message not having been decrypted by the vendor program or by the vendor's bank server, wherein the purchaser's bank server in dependence on decryption of the encrypted payment message by the purchaser's bank server: generates a second one-time password (OTP) by way of the second  TOTP algorithm, the second TOTP algorithm combining a confirmation key with a confirmation timestamp to form the second OTP, the confirmation timestamp generated by the purchaser's bank server at the time of generation of the second OTP and the confirmation key comprising information comprised in the now decrypted payment message; encrypts a confirmation message with the second OTP; and forms a confirmation code, the confirmation code comprising the encrypted confirmation message, 
	wherein, and when there is interruption of communication between the purchaser's bank server and the purchaser's mobile computing device, the purchaser's bank server conveys the confirmation code to the vendor's bank server by way of the communications link, the vendor's bank server conveys the received confirmation code to the vendor program by way of the second computer network or the second mobile communication network, and the vendor program conveys the received confirmation code to the purchaser program by way of the communication channel  4Serial No.: 16/074,033 
Docket No.: 1357/202or 
	when there is interruption of communication between the vendor's bank server and the vendor's point of sale computing apparatus, the purchaser's bank server conveys the confirmation code to the purchaser program by way of the first computer network or the first mobile communication network, 
	wherein the purchaser program runs the first TOTP algorithm to decrypt the encrypted confirmation message comprised in the received confirmation code, the encrypted confirmation message decrypted in dependence on 
or 
	a time of receipt of the confirmation code by the purchaser program, the information comprised in the encrypted payment message being already known to the purchaser program, and 
	wherein decryption by the purchaser's bank server of the encrypted payment message comprises: 
	the payment request further comprises the time of generation of the first OTP, the encrypted payment message being decrypted by the purchaser's bank server in dependence on the pre-shared payment key and the time of generation of the first OTP comprised in the payment request;
or 
	Docket No.: 1357/202the vendor program determines a time of receipt of the payment request from the purchaser program and appends the determined time of receipt to the payment request before onward transmission of the payment request, the encrypted payment message being decrypted by the purchaser's bank server in dependence on the pre-shared payment key and the time of receipt of the payment request appended to the payment request.	
Therefore, the claims of the instant application are not obvious over Kylanpaa, Jang, Bowman, Soerensen, and Black for the reasons given above. Yet even if the missing claimed elements were found in a reasonable number of references, a person of ordinary skill in the art at the time the invention was made would not have been motivated to include these elements in Kylanpaa, Jang, Bowman, Soerensen, and Black because: Kylanpaa makes no suggestion of use of encryption or modification of its structure to include a vendor’s point of sale apparatus which is in communication with a vendor’s bank server. 
	Additionally, the combination Kylanpaa, Jang, Bowman, Soerensen, and Black clearly destroys the intent and purpose of Kylanpaa, taken alone and/or in view of Jang, Bowman, Soerensen, and Black use of, for example, according to Jang the payment confirmation message sent by the purchaser terminal 102 is not encrypted, and the subsequently generated payment confirmation request is encrypted by the card management server 106, sent to the payment confirmation module where it is decrypted. The combination does not specify that the purchaser program, i.e. the purchaser device, encrypts a payment message which is then sent as part of a payment request to the vendor program. Jang is deficient in two ways, first, encryption is not done according to [0074] in the purchaser terminal of Jang and also according to claims and 27 but in the card management server of Jang. Secondly, the encrypted payment confirmation request is sent from the card management server to the purchaser terminal according to Jang whereas according to the claims, a payment request comprising an encrypted payment message is sent from the purchaser’s device to the vendor’s device. According to Jang, the only involvement of the seller terminal (the vendor’s device) is disclosed in the second sentence of [0074], i.e. “when product information and payment information are received from the seller terminal 104 upon request of a card transaction”. This is a step apart and nothing to do with either the unencrypted payment confirmation message or the encrypted payment confirmation request of Jang.

	Examiner further made use of Soerensen to teach “Time stamp: A string containing information about date and/or time of day”, and “In one embodiment of the present invention, a key generator IV is derived from a time stamp”. These disclosures and the content of the numbered paragraphs do not constitute clear direction to the person of ordinary skill. It is therefore submitted that Soerensen should not be relied upon and should be set aside. Even if the lack of clear disclosure is ignored, Soerensen falls short of disclosing use of one-time passwords according to the claims as amended in which a time stamp is used to encrypt a payment message and another time stamp is used to encrypt a confirmation message in dependence on decryption of the payment message whereby a transaction can be completed despite interruption of communication between one of the purchaser’s mobile computing device and the vendor’s point of sale computing apparatus and the respective bank server in payment handling apparatus.
	Examiner further made use of Black to teach “a time of receipt of the payment request from the purchaser program, time of generation of the OTP being taken as being the time of receipt of the payment request, the vendor program being further operative to append the time of receipt of the payment request to the payment request before its onward transmission.” Black addresses a problem of use of cloned authenticators. Black does not disclose encryption of data with an OTP. According to Black an OTP is generated by an authenticator and the OTP is sent to 
	Furthermore, Black relies on the monotonically increasing nature of time to determine the authenticity of a series of authentication requests. Black is therefore uninterested in time per se with interest restricted to the monotonically increasing nature of time. In contrast, according to the claims, time is combined with a key to form an OTP with the time of receipt of the OTP encrypted payment message by the vendor’s device being used by the purchaser’s bank server to decrypt the encrypted payment message. This approach provides for security of data and recovery of the data in the event of interruption of communication and later restoration of communication as discussed above. Therefore, the Claims make use of time per se and not just time as a quantity that increases monotonically as per Black.
	Accordingly, the present invention is also distinguishable over Kylanpaa, taken alone and/or in view of Jang, Bowman, Soerensen, and Black

Therefore, the limitations lacking in the prior art, in combination with the other limitations clearly claimed for patent, are novel and unobvious.

Foreign prior art and NPL search was conducted however no relevant prior art was found.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “comments on statement of reasons for allowance”. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TERRY N MURRAY whose telephone number is (313)446-6556.  The examiner can normally be reached on Monday-Thursday 6 AM-4 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3685