DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This is a first office action on the merits, in response to the claims filed on Jan. 24, 2020.
Claims 1-22 are pending.
Claims 1-22 have been examined.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 1-10 are directed to a method, claims 11-21 are directed to a system comprising a memory and a processor and claim 22 is directed to a non-transitory computer-readable storage medium. Therefore, these claims fall within the four statutory categories of invention. 
Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because it describes a process for carrying out a commercial interaction between parties that involves communicating data needed to complete a transaction to the parties. Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject 
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of using a server, first device and second device to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of generating random numbers and authenticating a device. As discussed above, taking the claim elements separately, the server, first device and second device perform(s) the steps or functions of generating, at the first device, a first random number and encrypting the first random number based on a first key of a first private-public key pair; sending, by the first device, the encrypted first random number to the server; receiving, at the first device, a transaction identifier for the transaction, the first random number and a second random number from the server, wherein the transaction identifier, the first random number and the second random number are encrypted based on a 
Regarding dependent claims: 3, 5, 6, 7, 9, 10, 13, 15, 16, 17, 19 and 20 further describe the abstract idea of generating random numbers and authenticating a device. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible.
Regarding dependent claims: 2, 4, 8, 12, 14 and 18 further describe the abstract idea of generating random numbers and authenticating a device. The claims 2, 4, 8, 12, 14 and 18 recite additional elements such as verifying the digital signature of the message. Therefore, 

Claim Rejections - 35 USC § 103
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-9 and 11-19 are rejected under 35 U.S.C. 103 as being unpatentable over Liu Fuxin (CN105871920A) in view of Yu et al. (US 20190394053 A1) and further in view of BAIK et al. (US 20180068305 A1).

Regarding claims 1, 11, 21 and 22: Fuxin discloses: A computer-implemented method of performing authentication for a transaction between a first device and a second device, the method comprising:
generating, at the first device, a first random number and encrypting the first random number based on a first key of a first private-public key pair (Fuxin [0113], “when the terminal establishes communication with the cloud server, generate a first random number, encrypt the first random number”), [0014], “Preferably, the terminal is further configured to generate a first random number when establishing communication with the cloud server, and use a pre-stored cloud server public key to encrypt the first random number and the pre-stored terminal public key to generate The first ciphertext is sent to the cloud server;”, (see paragraphs [0014], [0017], [0057], [0106] and [0108] and Fig. 5 and related text);
sending, by the first device, the encrypted first random number to the server (Fuxin [0113], “when the terminal establishes communication with the cloud server, generate a first random number, encrypt the first random number, generate a first ciphertext, and send it to the cloud server”, [0017], “The first encryption module is used to generate a first random number when establishing communication with the cloud server, encrypt the first random number, generate a first ciphertext, and send it to the cloud server for the cloud server…”), (see paragraphs [0014], [0023], [0057], [0108], [0110] and [0114] and Fig. 5 and related text);
receiving, at the first device, [data] for the transaction, the first random number and a second random number from the server, wherein the [data], the first random number and the second random number are encrypted based on a first key of a second private-public key pair (Fuxin [0115], “the cloud server decrypts the first ciphertext to obtain first decryption information, encrypts the second random number generated by the cloud server and the first decryption information, generates a second ciphertext, and Sending the second ciphertext to the terminal” [0015], “The cloud server is further configured to decrypt the first ciphertext using a pre-stored cloud server private key to obtain first decryption information, and use the terminal key in the first decryption information to generate the The second random number is encrypted with the first random number in the first decryption information, a second ciphertext is generated, and the second ciphertext is sent to the terminal”), (see paragraphs [0017], [0058], [0110]-[0111], [0115]-[0116] and Fig. 5 and related text); 
decrypting, at the first device, the encrypted [data], the encrypted first random number and the encrypted second random number received based on a second key of the second private-public key pair (Fuxin [0117]-[0118], “the terminal decrypts the second ciphertext, obtains second decryption information, and authenticates the cloud server according to the second decryption information and the first random number. When receiving the second ciphertext, the terminal can decrypt the second ciphertext to obtain second decryption information. If the first ciphertext is successfully decrypted and the second ciphertext is also successfully decrypted, the second decryption information at this time is the first random number and the second random number, so the terminal will decrypt the second ciphertext obtained The second decryption information and the first random number are matched and verified to authenticate the cloud server.”), (see paragraphs [0018]-[0019], [0023], [0026], [0058], [0063], [0109] and [0117]-[0118] and Fig. 5 and related text);
verifying, at the first device, the first random number decrypted (Fuxin [0063], “When the terminal 10 receives the second ciphertext, it can decrypt the second ciphertext to obtain second decryption information. If the first ciphertext is successfully decrypted and the second ciphertext is successfully decrypted, the second decryption information at this time is the first random number and the second random number, so the terminal 10 will decrypt the second ciphertext to obtain The second decryption information of and the first random number are matched and verified”), (see paragraphs 
sending, by the first device, [data], and the second random number to the [device] via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number (Fuxin [0120], “After the terminal successfully authenticates the cloud server, it uses the first random number and the second random number to encrypt the preset response information to generate a third ciphertext, and the third ciphertext is Sent to the cloud server”), (see paragraphs [0120]-[0123] and Fig. 5 and related text).

Fuxin further discloses, a communication system between a terminal and a cloud server. And exchanging data (e.g., random numbers) and using public-private keys pairs to authenticate the terminal and the cloud server (see abstract and disclosed above).
Fuxin does not specifically disclose: exchanging a transaction identifier for a transaction between the terminal and cloud server.

However Yu discloses: receiving, at the first device, a transaction identifier for a transaction and first random number from the server (Yu [0253], “the OPS may further perform the following parts: The OPS generates a first random number and a transaction identifier (namely, a transaction ID). The OPS sends the first random number and the transaction identifier to the eUICC by using the LPA. The OPS receives third information sent by the eUICC by using the LPA.” [0257], “the eUICC receives a first random number and a transaction identifier;”), (see paragraphs [0253], [0202] and [0257]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Fuxin with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Fuxin further discloses, sending data (e.g., random numbers) to the cloud server for authenticating the first device (e.g., the terminal) (see abstract).
Fuxin does not specifically disclose: sending data (e.g., random numbers) to the second device for authenticating the first device.
However BAIK discloses:
sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number (BAIK [0022], “the 3-channel settlement authentication method using a quantum random number generator, first, a mobile terminal 100 requests a random number from a POS terminal 200 and a bank server 300 (S110, S111). Step S110 and step S111 may be sequentially performed or simultaneously performed.” [0027], “when a user requests settlement (S150), the mobile terminal 100 sends the second quantum random number QRN2, received from the bank server 300, to the POS terminal 200 (S160) and sends the first quantum random number QRN1, received from the POS terminal 200, to the bank server 300 (S161).”), (see paragraphs [0022]-[0030).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.

Regarding claims 2 and 12: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 1, wherein:
said receiving, at the first device, [data], the first random number and the second random number from the server comprises receiving a message comprising the transaction identifier and the first random number, and […], wherein the message is encrypted based on the first key of the second private-public key pair (see paragraphs [0017], [0058], [0110]-[0111], [0115]-[0116] and Fig. 5 and related text); and
said verifying further comprises verifying, at the first device, the […] of the message received based on the first key of the first private-public key pair (see paragraphs [0018]-[0019], [0023], [0026], [0058], [0063], [0109]-[0110] and [0117]-[0118] and Fig. 5 and related text).

Fuxin does not specifically disclose: exchanging a transaction identifier for a transaction between the terminal and cloud server.

However Yu discloses: receiving, at the first device, a transaction identifier for a transaction and first random number from the server (see paragraphs [0253], [0202] and [0257]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Fuxin does not specifically disclose, verifying the digital signature of the message.
However Yu discloses:
said verifying further comprises verifying, at the first device, the digital signature of the message received based on the first key of the first private-public key pair (see paragraphs [0169]-[0170], [0200]-[0201] and [0206]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Regarding claims 3 and 13: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 2, further comprising: 
receiving, at the first device, [random number] associated with the [device] from the [device] via the communication channel, (see paragraphs [0033] and [0059]); and
sending, by the first device, the third random number to the server for authenticating the [device] for the transaction based on the third random number (Fuxin [0033]-[0034], “After the terminal successfully authenticates the cloud server, it uses the first random number and the second random number to encrypt the preset response information, generates a third ciphertext, and sends the third ciphertext to all The cloud server.” [0034], “The cloud server decrypts the third ciphertext to authenticate the terminal, and establishes a communication link with the terminal after the authentication succeeds”), (see paragraphs [0033] and [0060]).

Fuxin further discloses, sending data (e.g., random numbers) to the cloud server for authenticating the first device (e.g., the terminal) (see abstract).
Fuxin does not specifically disclose: authenticating the second device for the transaction based on the third random number.

However BAIK discloses:
sending, by the first device, the third random number to the server for authenticating the second device for the transaction based on the third random number (see paragraphs [0022]-[0030).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.

The Examiner would like to direct the Applicant’s attention that Mere duplication of parts has no patentable significance unless new and unexpected result is produced (see MPEP §2144.04 VI (B)). For example, claim 1 “recites sending, by the first device, the encrypted first random number to the server”. Claim 1 further recites “and sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number.”. Therefore, the Examiner submits that the third random, has no patentable significance because the random number and the second random number produces predictable results as produced by the third random.

Regarding claims 4 and 14: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 3, further comprising sending, by the first device, […] the third random number generated based on the second key of the second private-public key pair to the server for authenticating the [device] for the transaction further based on the […] third random number (see paragraphs [0033], [0060], [0066], [0067], [0075] and [0077]-[0078]).

Fuxin does not specifically disclose, authenticating the second device based on the digital signature of the message.
However Yu discloses: authenticating the second device based on the digital signature of the message (see paragraphs [0023] and [0046]-[0047]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Fuxin does not specifically disclose: authenticating the second device for the transaction.
However BAIK discloses:
authenticating the second device for the transaction (see paragraphs [0022]-[0030]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.

Regarding claims 5 and 15: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 1, further comprising:
receiving, at the [device], the [random number] associated with the [device] from the server, wherein the third random number is encrypted based on a first key of a third private-public key pair (see paragraphs [0017], [0058], [0110]-[0111], [0115]-[0116] and Fig. 5 and related text); and 
sending, by the [device], the [random number] received from the [device] to the server for authenticating the first device for the transaction based on the second random number, the [random number] being associated with the first device (see paragraphs [0014], [0023], [0057], [0108] and [0114] and Fig. 5 and related text).

Fuxin does not specifically disclose: a second device performing similar functions as the first device, as disclosed above.
However BAIK discloses:
receiving, at the second device, a first identifier associated with the first device from the first device (see paragraph [0025]);
sending, by the second device, the transaction identifier and the first identifier to the server (see paragraph [0027]);
receiving, at the second device, the third random number associated with the second device from the server, wherein the third random number is encrypted based on a first key of a third private-public key pair (see paragraph [0025]); and 
sending, by the second device, the second random number received from the first device to the server for authenticating the first device for the transaction based on 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.

The Examiner would like to direct the Applicant’s attention that Mere duplication of parts has no patentable significance unless new and unexpected result is produced (see MPEP §2144.04 VI (B)). For example, claim 1 recites: recites sending, by the first device, the encrypted first random number to the server; receiving, at the first device, a transaction identifier for the transaction, the first random number and a second random number from the server; and sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number. Therefore, the Examiner submits that the functions performed by the second device and the second random and third random, has no patentable significance because the second device and the second random and third random produces predictable results as produced by the first device.

Regarding claims 6 and 16: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 5, further comprising:
generating, at the server, the second random number associated with the first device and the third random number associated with the [device] (see paragraph [0078]);
encrypting, at the server, the second random number and the third random number based on the first key of the second private-public key pair and the first key of the third private-public key pair, respectively (see paragraph [0078]); 

Fuxin does not specifically disclose: a second device performing similar functions of first device, as disclosed above.
However BAIK discloses:
receiving, at the server, the transaction identifier and the first identifier from the second device (see paragraph [0027] and [0049] and Fig. 1 and related text]);
sending, at the server, the encrypted second random number and the encrypted third random number to the first device and the second device, respectively (see paragraph [0025] and Fig. 1 and related text); and
receiving, at the server, the second random number and the third random number from the second device and the first device, respectively, for authenticating the first device and the second device for the transaction based on the second random number and the third random number (see paragraph [0027]-[0030] and Fig. 1 and related text).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.

The Examiner would like to direct the Applicant’s attention that Mere duplication of parts has no patentable significance unless new and unexpected result is produced (see MPEP §2144.04 VI (B)). For example, claim 1 recites: generating, at the first device, a first random number and encrypting the first random number based on a first key of a first private-public key pair; sending, by the first device, the encrypted first random number to the server; receiving, at the first device, a transaction identifier for the transaction, the first random number and a second random number from the server, wherein the transaction identifier, the first random number and the second random number are encrypted based on a first key of a second private-public key pair. Therefore, the Examiner submits that generating random numbers and encrypting the generated random numbers by the server, has no patentable significance because the server generating random numbers and encrypting the generated random numbers produces predictable results as produced by the first device.

Regarding claims 7 and 17: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 1, wherein the communication channel in which the first and [device] communicate data with each other is based on a two-way wireless communication channel (see paragraphs [0056], [0060]).

Regarding claims 8 and 18: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 1, wherein:
said receiving, at the first device, the transaction identifier, the first random number and the second random number from the server comprises receiving a message comprising the transaction identifier, the first random number and the second random number, and […] of the message generated based on a second key of the first private-public key pair, wherein the message is encrypted based on the first key of the second private- public key pair (see paragraphs [0017], [0058], [0110]-[0111], [0115]-[0116] and Fig. 5 and related text); and
said verifying further comprises verifying, at the first device, the […] of the message received based on the first key of the first private-public key pair (see paragraphs [0018]-[0019], [0023], [0026], [0058], [0063], [0109] and [0117]-[0118] and Fig. 5 and related text).

Fuxin does not specifically disclose, verifying the digital signature of the message.
However Yu discloses:
verifying further comprises verifying, at the first device, the digital signature of the message received based on the first key of the first private-public key pair (see paragraphs [0169]-[0170], [0200]-[0201] and [0206]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include 

Regarding claims 9 and 19: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 8, further comprising:
sending, by the [device], the […] and the second random number to the server for authenticating the first device for the transaction based on the second random number (see paragraphs [0034]-[0035], [0043], [0060] and [0069]).

Fuxin does not specifically disclose: exchanging a transaction identifier for a transaction between the terminal and cloud server.
However Yu discloses: exchanging a transaction identifier for a transaction between the terminal and cloud server (see paragraphs [0253], [0202] and [0257]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Fuxin does not specifically disclose: the second device.
However BAIK discloses:
sending, by the second device, the transaction identifier and the second random number to the server for authenticating the first device (see paragraphs [0022]-[0030).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Liu Fuxin (CN105871920A) in view of Yu et al. (US 20190394053 A1) further in view of BAIK et al. (US 20180068305 A1) and further in view of Basmajian et al. (US 20130110607 A1).

Regarding claims 10 and 20: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 1, wherein the communication channel in which the first device communicates data to the second device is based on a [Wifi] communication channel (see paragraph [0056]).

Fuxin does not specifically disclose: a one-way visual communication channel such as a QR code.
However Basmajian discloses: first device communicates data to the second device is based on a one-way visual communication channel such as QR code (see abstract, paragraph [0023], [0030] and [0037] and fig 1 and related text):
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin, Yu and BAIK with Basmajian to include a well-known feature such as QR code to enhance user experience.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAHED ALI whose telephone number is (571)270-1085.  The examiner can normally be reached on 8:00 - 5:00 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/JAMES D NIGH/Senior Examiner, Art Unit 3685