DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Patrick Jewik on 10/29/2021

This listing of claims will replace all prior versions and listings of claims in the application:


IN THE CLAIMS:
1.	(Currently Amended) A method for performing a transaction, comprising:
receiving, by a server computer from a computing device, first data comprising at least a unique identifier associated with an access device in a transaction;
verifying, by the server computer, the first data utilizing the received unique identifier;
generating a session key;
generating encrypted data utilizing the session key;
transmitting second data comprising the encrypted data to the computing device;
receiving, from the access device, third data comprising the encrypted data;
generating decrypted data utilizing the encrypted data and the session key; 
verifying the decrypted data; and
in response to verifying the decrypted data, transmitting an authorization request message for the transaction comprising at least some portion of the third data and the decrypted data, 
wherein transmitting the second data comprising the encrypted data to the computing device causes the computing device to transmit, to the access device, sound data comprising at least the encrypted data, and wherein receiving, by the access device, the sound data causes the access device to transmit the third data comprising the encrypted data.
2.	(Original) The method of claim 1, further comprising:
generating the unique identifier associated with the access device during a registration process performed with the access device;
maintaining a mapping between the unique identifier and a terminal ID of the access device; and
transmitting the unique identifier to the access device.

4.	(Canceled) 
5.	(Original) The method of claim 1, wherein before receiving the first data from the computing device, the unique identifier was received by the computing device from the access device as sound. 
6.	(Original) The method of claim 1, wherein the encrypted data comprises an encrypted token. 
7.	(Original) The method of claim 1, wherein the third data comprises the unique identifier. 
8.	(Original) The method of claim 1, wherein the session key is a symmetric key.
9.	(Original) The method of claim 1, wherein verifying, by the server computer, the first data utilizing the received unique identifier, comprises verifying that the received unique identifier is the same as a unique identifier previously generated by the server computer and transmitted to the access device.
10.	(Currently Amended) A server computer comprising:
a processor; and
a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, to implement a method comprising
receiving, from a computing device, first data comprising at least a unique identifier associated with an access device for a transaction,
verifying the first data utilizing the received unique identifier,
generating a session key,
generating encrypted data utilizing the session key,

receiving, from the access device, third data comprising the encrypted data,
generating decrypted data utilizing the encrypted data and the session key, 
verifying the decrypted data, and
in response to verifying the decrypted data, transmitting an authorization request message for the transaction comprising at least some portion of the third data and the decrypted data, wherein transmitting the second data comprising the encrypted data to the computing device causes the computing device to transmit, to the access device, sound data comprising at least the encrypted data, and wherein receiving, by the access device, the sound data causes the access device to transmit the third data comprising the encrypted data. 

	11.	(Original) The server computer of claim 10, wherein the server computer is a service provider computer. 

	12.	(Original) The server computer of claim 10, wherein the session key is an AES session key. 

	13.	(Original) The server computer of claim 10, wherein the method further comprises, in response to verifying, generating a token request message comprising a credential of a user of the computing device and transmitting the token request message to a token provider computer. 

	14.	(Original) The server computer of claim 13, wherein the method further comprises:
	receiving token response message comprising a token and a cryptogram corresponding to the token from the token provider computer. 


receiving, by a server computer from a computing device, first data comprising at least a unique identifier associated with an access device, the first data being associated with a transaction being conducted between the computing device and the access device;
verifying, by the server computer, the first data utilizing the unique identifier received;
in response to verifying the first data, transmitting second data comprising encrypted data to the computing device, wherein receipt of the second data by the computing device causes the computing device to transmit the second data to the access device;
receiving, from the access device, third data comprising the encrypted data;
verifying the third data comprising the encrypted data at the server computer; and
when the third data comprising the encrypted data is verified, transmitting, by the server computer, an authorization request message for the transaction, 
wherein transmitting the second data comprising the encrypted data to the computing device causes the computing device to transmit, to the access device, sound data comprising at least the encrypted data, and wherein receiving, by the access device, the sound data causes the access device to transmit the third data comprising the encrypted data.
16.	(Original) The method of claim 15, wherein the first data further comprises one or more of: user verification data associated with a user of the computing device, device data associated with the computing device, an entity identifier associated with the access device, and/or an amount. 

17.	(Currently Amended) The method of claim 15, wherein the second data comprises at least one of: a token, [[the]] an amount, or a portion of an account identifier.



19.	(Original) The method of claim 15, wherein the third data comprises the unique identifier, which is a beacon ID, and an encrypted token.   

20.	(Original) The method of claim 19, wherein the method further comprises:
decrypting the encrypted token to obtain a token, and wherein the authorization request message comprises the token. 

21. - 25. (Canceled)

Allowable Subject Matter

The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure [see USPTO Notice of References Cited Form 892 (08/04/2021)]:
Roth et al. discloses a session negotiation using a session key. 
Mars et al discloses a reader device providing a buzzing sound if improper credentials are received. 
Claims 1-3, and 5-20 are allowed over the prior art made of record.
The following is an examiner's statement of reasons for allowance:
Interpreting the claims in light of the specification, Examiner finds the claimed invention is patentably distinct from the prior art of record, which sets forth in the following:
The prior art of record does not teach the combination of claimed elements including and under the broadest reasonable interpretation of the claimed limitation consistence with the Applicant's Specification. The prior art cited above fails to teach all of the Applicant’s claimed limitation. In particularly, the claimed invention advantageously provides a finer level of detail that includes “generating encrypted data utilizing the session key, transmitting second data comprising the encrypted data to the computing device and wherein transmitting the second data comprising the encrypted data to the computing device causes the computing device to “,  combination with the other limitations of the claims, was not disclosed by, would not have been obvious over, nor would have been fairly suggested by the prior art of record in context to the claims and the specification.
The dependent claims, being further limiting to the independent claims, definite and enabled by the Specification are also allowed.
The Examiner asserts that the claims overcome the prior art of record as describes above when the limitations are read in combination with the respective claimed limitations in their entirety. Thus, prior art of record neither render obvious nor anticipates the combination of claimed elements in light of the specification.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

	Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493