NOTICE OF ALLOWANCE

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims

Claims 1-2, 4-5, 8-14, 17, and 20-27, are presented for examination. Applicant filed a reply to non-final Office action on 11/15/2021 amending claims 1-2, 5-7, 10-17, and 19, and arguing against the previous § 101 rejection. In light of Applicant’s amendments and arguments and Examiner’s Amendment below, Examiner withdraws the previous § 101 rejection and finds instant claims allowable. Therefore, claims 1-2, 4-5, 8-14, 17, and 20-27, are ALLOWED. 

Examiner’s Amendment

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR § 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner’s amendment was given in a telephone interview with Attorney James Barta on 12/3/2021.

IN THE CLAIMS:

1.	(Currently Amended) A method for controlling data during a payment transaction to prevent fraud 
generating, by a point of sale (POS) terminal, a machine-readable code, wherein: 
the machine-readable code encrypts information comprising a merchant ID, merchant details, and a dynamic token, 
the dynamic token is representative of a certificate validation indicating that a customer device and the POS terminal are linked based on a pair of encryption keys, and
the POS terminal executes instructions changing the information encrypted within the dynamic token at pre-defined intervals resulting in generation of a new dynamic token at each given pre-defined interval;  
	displaying, by the POS terminal, the machine-readable code comprising the merchant ID, the merchant details, and a dynamic token to a customer;
	scanning, by an application in the customer device, a machine-readable code comprising the merchant ID, the merchant details, and the dynamic token, wherein: 
the application is associated with a default payment card of the customer, and 
the customer enters a transaction amount associated with the payment transaction in a field presented at an interface of the application;
	verifying, by the POS terminal, that the customer device scanning the machine-readable code is linked to the POS terminal on basis of validated pair of encryption keys;
sending, by the customer device, the scanned machine-readable code and the transaction amount to a payment server;
sending, by the payment server, a notification to a merchant device, wherein the notification includes the scanned machine-readable code and the transaction amount received from the customer device; 
verifying, by the merchant device, that the scanned machine-readable code received from the payment server matches the machine-readable code displayed to the customer;
based on the verified match of the scanned machine-readable code and the displayed machine-readable code, sending, by the merchant device, a purchase request to the payment server, wherein the purchase request includes a merchant defined transaction code and the transaction amount;
validating, by the payment server, the purchase request;
sending, by the payment server, a payment transaction request to an issue server, wherein the payment transaction request includes the transaction amount and merchant parameters; and
completing, by the issue server, the payment transaction by processing the payment transaction and crediting a merchant account with the transaction amount 

 
2.	(Currently Amended) The method as claimed in claim 1, :
	managing, by the payment server, the application; and
enabling, by the payment server, a payment option in the application 
 
3.	(Cancelled) 
 
4.	(Currently Amended) The method as claimed in claim 2, further comprising:
managing, by the payment server, a validated pair of encryption keys for linking the POS terminal and the customer device; and 
, by the payment server, a certificate for validating the pair of encryption keys.
  
5.	(Currently Amended) The method as claimed in claim 4, further comprising: 
validating, by the payment server, the payment transaction at the POS terminal by facilitating an interaction between the validated pair of encryption keys.  

6.	(Cancelled) 
 
7.	(Cancelled)
 
8.	(Currently Amended) The method as claimed in claim 1, wherein the machine-readable code is a quick response (QR) [[QR]] code and wherein the QR code is generated with a new pattern upon generating the new dynamic token at the given pre-defined interval.
  
9.	(Currently Amended) The method as claimed in claim 1, wherein the merchant defined transaction code indicates : an authentication transaction, a purchase transaction, a refund transaction, a void transaction, and a purchase with cashback transaction. 
 
10.	(Currently Amended) A payment server for controlling data during a payment transaction to prevent fraud 

a processor configured to execute the stored instruction and thereby cause the payment server to 
receive a scanned machine-readable code and a transaction amount from a customer device, wherein:
a point of sale (POS) terminal generates a machine-readable code by encrypting information comprising a merchant ID, merchant details, and a dynamic token, 
the dynamic token is representative of a certificate validation indicating that the customer device and the POS terminal are linked based on a pair of encryption keys, 
the POS terminal executes instructions changing the information encrypted within the dynamic token at pre-defined intervals resulting in generation of a new dynamic token at each given pre-defined interval,
the POS terminal displays the machine-readable code to a customer, and an application in the customer device scans the displayed machine readable code, and
the application is associated with a default payment card of a customer, and the customer enters the transaction amount associated with the payment transaction in a field presented at an interface of the application; 
send a notification to a merchant device, wherein the notification includes the scanned machine-readable code and the transaction amount received from the customer device; and 
receive a purchase request from the merchant device, wherein:
the purchase request includes a merchant defined transaction code and the transaction amount, and
the merchant device has verified that the scanned machine-readable code received from the payment server matches the machine-readable code displayed to the customer;
validate the purchase request; and 
send a payment transaction request to an issuer server, wherein:
the payment transaction request includes the transaction amount and merchant parameters, and
after receiving the payment transaction request, the issue server completes the payment transaction by processing the payment transaction and crediting a merchant account with the transaction amount


11.	(Currently Amended) The payment server as claimed in claim 10, wherein the payment server is further caused to:
manage the application; and 
enable a payment option in the application.  

12.	(Currently Amended) The payment server as claimed in claim 11, wherein the payment server is further caused to: 
manage a validated pair of encryption keys for linking the POS terminal and the customer device; and 
manage a certificate for validating the pair of encryption keys. 
 
13.	(Currently Amended) The payment server as claimed in claim 12, wherein the payment server is further caused to: 
validate the payment transaction at the POS terminal by facilitating an 
 
quick response (QR) [[QR]] code and wherein the QR code is generated with a new pattern upon generating the new dynamic token at the given pre-defined interval.  

15.	(Cancelled) 

16.	(Cancelled) 

17.	(Currently Amended) A a point of sale (POS) terminal for controlling data during a payment transaction to prevent fraud POS terminal comprising: 
a memory comprising stored instructions; and 
a processor executing the stored instructions and thereby causing the POS terminal to 
generate a machine-readable code, wherein: 
the machine-readable code encrypts information comprising a merchant ID, merchant details, and a dynamic token, and 
the dynamic token is representative of a certificate validation indicating that a customer device and the POS terminal are linked based on a pair of encryption keys;
execute instructions changing the information encrypted within the dynamic token at pre-defined intervals resulting in generation of a new dynamic token at each given pre-defined interval; and  
display the machine-readable code to a customer, wherein:
the machine-readable code is scanned by an application in the customer device,
the application is associated with a default payment card of the customer, and the customer enters a transaction amount associated with the payment transaction in a field presented at an interface of the application,
the customer device sends the scanned machine-readable code and the transaction amount to a payment server,
 the payment server sends a notification that includes the scanned machine-readable code and the transaction amount received from the customer device to a merchant device,
the merchant device verifies that the scanned machine-readable code received from the payment server matches the machine-readable code displayed to the customer,
based on the verified match of the scanned machine-readable code and the displayed machine-readable code, the merchant device sends a purchase request including a merchant defined transaction code and the transaction amount to the payment server,
the payment server validates the purchase request and sends a payment transaction request including the transaction amount and merchant parameters to an issue server, and
the issue server completes the payment transaction by processing the payment transaction and crediting a merchant account with the transaction amount 


18.	(Cancelled)  

19.	(Cancelled) 
 
20.	(Currently Amended) The POS terminal as claimed in claim 17, wherein the machine-readable code is a quick response (QR) [[QR]] code, and wherein the QR code is generated with a new pattern upon generating the new dynamic token at the given pre-defined interval. 

21.	(New) The payment server as claimed in claim 10, wherein the POS terminal verifies that the customer device scanning the machine-readable code is linked to the POS terminal on basis of a validated pair of encryption keys. 

22.	(New) The payment server as claimed in claim 10, wherein the merchant defined transaction code indicates the payment transaction to be at least one of: an authentication transaction, a purchase transaction, a refund transaction, a void transaction, and a purchase with cashback transaction.


verify that the customer device scanning the machine-readable code is linked to the POS terminal on basis of a validated pair of encryption keys. 

24.	(New) The POS terminal as claimed in claim 17, wherein the payment server manages the application, and wherein the payment server enables a payment option in the application.  

25.	(New) The POS terminal as claimed in claim 23, wherein the payment server manages the validated pair of encryption keys for linking the POS terminal and the customer device, and wherein the payment server manages a certificate for validating the pair of encryption keys.

26.	(New) The POS terminal as claimed in claim 17, wherein the payment server validates the payment transaction at the POS terminal by facilitating an interaction between a validated pair of encryption keys.

27.	(New) The POS terminal as claimed in claim 17, wherein the merchant defined transaction code indicates the payment transaction to be at least one of: an authentication transaction, a purchase transaction, a refund transaction, a void transaction, and a purchase with cashback transaction.

Allowable Subject Matter

Claims 1-2, 4-5, 8-14, 17, and 20-27, are allowed. The following is a statement of reasons for the indication of allowable subject matter:  

The claimed invention is directed to a method and a system for controlling data during a payment transaction.

35 USC § 101: The newly amended claims 1, 3, 5-9, 12, 15, 17, and 21-28, overcome the previous § 101 because the following limitations integrate the abstract idea into practical application: “generating, by dynamic machine-readable code settings of the POS terminal, a machine-readable code, wherein the machine-readable code encrypts information comprising a merchant ID, merchant details, and a dynamic token, wherein the dynamic token is representative of a certificate validation indicating that the user device and the POS terminal are linked based on a pair of encryption keys, and wherein the POS terminal executes instructions to change the information encrypted within the dynamic token at pre-defined intervals and generates new dynamic tokens; and displaying, by the POS terminal, the machine-readable code comprising the merchant ID, the merchant details, and a dynamic token, wherein the POS terminal executes instructions to change the information encrypted within the dynamic token at pre-defined intervals and displays new dynamic tokens at the POS terminal.” Here, the generated dynamic token changes at pre-defined intervals thus mitigating fraud and creating a safer method for payment transactions – the 

35 USC § 102 and § 103: The prior art of record, Laracey (2017/0236118 A1) teaches generally a method and a system for controlling data during a payment transaction. The prior art, however, fails to teach a structure where the flow of the process proceeds in a following manner: A user device scans and sends a machine-readable code and a transaction amount to a payment server; the payment server sends the machine-readable code, the transaction amount, and a notification to a merchant device; the merchant device verifies the machine-readable code and sends a purchase request including a merchant defined transaction code to the payment server; the payment server validates the purchase request and send a payment transaction request to an issue server; and the issuer server completes the payment transaction by processing the payment transaction and crediting a merchant account with the transaction amount. This structure and process flow appear in independent claims 1, 10, and 17. Independent claims 1, 10, and 17, are thus novel under § 102 and unobvious under § 103. Dependent claims 2, 4-5, 8-9, 11-14, and 20-27, are novel under § 102 and unobvious under § 103 based on their dependency. 

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Triplett (WO 2010/008766 A3) discloses: “The methods and systems identify a plurality of fraud reduction tools and determine segmentation metrics associated with the plurality of fraud reduction tools. One or more segments are determined based on the segmentation metrics using fraud data and the best candidates of the one or more segments is identified. One or more fraud reduction tools is selected that target the best candidates.”

V. Malathi, B. Balamurugan and S. Eshwar, "Achieving Privacy and Security Using QR Code by Means of Encryption Technique in ATM," 2017 Second International Conference on Recent Trends and Challenges in Computational Models (ICRTCCM), 2017, pp. 281-285, doi: 10.1109/ICRTCCM.2017.36.






Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRPI H. KANERVO whose telephone number is 571-272-9818. The examiner can normally be reached on Monday – Friday, 10 am – 6 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander G. Kalinowski can be reached on 571-272-6771. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRPI H KANERVO/Primary Examiner, Art Unit 3619