DETAILED ACTION
The present application is being examined under the pre-AIA  first to invent provisions. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on September 1, 2021 has been entered.
 
Response to Amendment
Applicant amended claims 4, 8, 40, 43, 44, and 46.

Applicant cancelled claim 47 (as indicated by the submitted claims and the 2nd page of Applicant’s remarks.

Applicant previously cancelled claims 1-3, 5-7, 9-14, and 16-39

Claims 4, 8, 15, 40-46, 48, and 49 are pending and have been examined.

Response to Arguments
Applicant's arguments filed September 1, 2021 have been fully considered but they are not persuasive. 

Regarding 112 Rejections
Examiner initially rejected claims 4, 8, 15, and 40-49 under 35 USC 112(a) / 1st paragraph as failing to comply with the written description requirement. Applicant amended its claims to address these issues and presented arguments on how the claims overcome the rejection. In view of the amended claims and arguments, Examiner withdraws this rejection.

Examiner initially rejected claims 4, 8, 15, and 40-49 under 35 USC 112(b) / 2nd paragraph as being indefinite. Applicant amended its claims to address these issues and presented arguments on how the claims overcome the rejection. In view of the amended claims and arguments, Examiner withdraws this rejection.

Regarding 101 Rejections
Examiner initially rejected claims 4, 8, 15, and 40-49 under 35 USC 101 as being directed to non-statutory subject matter.
	Applicant argued that the claim amount to a practical application by improving technology. Upon further search and consideration; and in view of Applicant’s arguments that the claims improve technology by increasing the security of the transaction; Examiner withdraws this rejection. The claims contain an ordered 
Examiner withdraws this rejection

Regarding Prior Art Rejections
Examiner initially rejected claims 4, 8, 15, and 40-49 under 35 USC 103 as being unpatentable over the prior art. Applicant argued that the claims don not claim a transaction validation with a vendor/service provider, which is passed to a third party server for validation. Examiner does not find this argument persuasive. This aspect is present in the primary reference Dai. IN the claims, a transaction between a mobile device and a POS device passes along a transaction request to a third party validator (the Mobile Transaction Processing Agent Server or MTPA) for validation.

ADDITONAL ART).
Examiner maintains this rejection.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims  8 and 44 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding claims 8 and 44, these claims are indefinite for the following reason:
Claims 8 and 44 recite the limitation "the one-time use password" in the 1st/2nd line of the claim.  There is insufficient antecedent basis for this limitation in the claim.

Examiner Request
The Applicant is requested to indicate where in the specification there is support for amendments to claims should Applicant amend.  The purpose of this is to reduce potential 35 USC 112(a) or 35 USC 112 first paragraph issues that can arise when 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 4, 8, 15, 40-46, 48, and 49 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Dai, U.S. Patent Application Publication No., 2011/0191252 in view of Saxena, U.S. Patent Application Publication No., 2011/0321144.
Regarding claims 4 and 43
(Claim 43) A method for facilitating a transaction comprising: 
at least one processor compares geolocation Consumer information associated with a geolocation information associated with the Vendor or Services Provider; 
See Dai [0007], [0036] ‘the secured transaction description may further include the global positioning system (GPS) location 129 of the mobile client device”
“In one implementation, every mobile payment may be monitored by comparing the transaction location (for example GPS terminal location) against the location of the mobile client device”

and at least one computer readable hardware storage device storing a non-transitory storage media, the non- transitory storage media accepts geolocation information associated with a transaction validation, wherein the computer readable hardware storage device is not a transitory signal,
See Dai [0082] “Memory can be implemented within the processing unit or external to the processing unit. As used herein the term "memory" refers to any type of long term, short term, volatile, nonvolatile, or other storage devices and is not to be limited to any particular type of memory or number of memories, or type of media upon which memory is stored”
[0036] ‘the secured transaction description may further include the global positioning system (GPS) location 129 of the mobile client device”

the at least one processor determines whether a time-synchronized one-time use password generated by software on a handheld device is valid, 
See Dai [0040] “the secured transaction description is a scrambled multi-dimensional bit map 159 that includes information of issuer ID 123, account ID 124, user password 125, merchant ID 126, transaction amount 127, time stamp 128, and GPS location 129.”

The primary reference does not teach a time-synchronized one-time use password; see section TIME-SYNCHRONIZED below for further analysis. 

the at least one processor determines whether a unique identification (ID) of a Consumer and Vendor or Service Provider is valid, 
See Dai [0070] “With such a secured encoding, only the payee's bank can authenticate that the security stamp is created by the payee using the payee's user ID, and perform verification and acknowledgement of this secured transaction.” See also [0070-0072]

[0051], “In block 420, the MTPA server receives a payment request from a mobile payee device 404 (also referred to as the payee for short). Note that in this case, there is a transaction between the payer and payee, and the MTPA serves as a processing agent to facilitate the transaction. Prior to the transaction, both the payer and the payee have established accounts with the MTPA, and money may be deposited by the payer in its account with the MTPA. The payment request from the payee includes the payer information. In block 422, the MTPA verifies the payer account information in association with the payment request. In block 424, upon verifying the payer account information, the MTPA processes the payment request by sending a request for digital signature to the payer. In block 426, the MTPA receives a digital signature from the payer, which is used to authenticate the transaction. After authenticating the transaction with the received digital signature, the MTPA debits the payer's account and credits the payee's account with the transaction amount. In block 428, the MTPA sends a transaction receipt to both the payer and the payee, and concludes the transaction.”

at least one computer readable hardware storage device storing the non-transitory storage media that accepts time-synchronized one-time use password information associated transaction validation,
See Dai [0039], “The secured transaction description may be read from the mobile client device or be transmitted from the mobile client device in accordance with the function performed in block 118 of FIG. 1B.”
The primary reference does not teach a time-synchronized one-time use password; see section TIME-SYNCHRONIZED below for further analysis. 
wherein the computer readable hardware storage device that accepts time-synchronized one-time use password information associated with a transaction validation is not a transitory signal,
See Dai [0082], [0039],
 wherein a geolocation associated with the Consumer is within a service area of the Vendor or Service Provider 
See Dai [0036] ‘the secured transaction description may further include the global positioning system (GPS) location 129 of the mobile client device”
“In one implementation, every mobile payment may be monitored by comparing the transaction location (for example GPS terminal location) against the location of the mobile client device”

wherein the time-synchronized one-time use password periodically generated by an algorithm running on software on a handheld device of the Consumer is encrypted and encoded within a code generated by a handheld device 
See Dai [0031], “In block 116, based on the information preinstalled in the mobile device and the information entered by the user during the transaction, such as the pin number and the transaction amount, the mobile device generates a secured transaction description dynamically.” 
See also [0029], [0009], [0054]

The primary reference does not teach encrypted data; see section ENCRYPTED below for further analysis.
and displayed on the visual display consumer's handheld device 
See Dai [0054] “In block 520, the mobile client device 501 generates a bar code for a transaction. In block 522, the POS device 503 scans bar code displayed by the mobile client 501”

and read in by a Vendor or Service Provider device's camera, 
See Dai [0048], [0054] [0071] “the scanning may be performed using a phone camera, or using conventional scanner of a cash register.”
wherein a geolocation of the Consumer is encrypted and encoded within a code generated by a handheld device
See Dai [0040] “the secured transaction description is a scrambled multi-dimensional bit map 159 that includes information of issuer ID 123, account ID 124, user password 125, merchant ID 126, transaction amount 127, time stamp 128, and GPS location 129.”
See also [0031], [0029], [0009], [0054]
The primary reference does not teach encrypted data; see section ENCRYPTED below for further analysis.

and displayed on the visual display of the consumer's handheld device 
See Dai [0054] “In block 520, the mobile client device 501 generates a bar code for a transaction. In block 522, the POS device 503 scans bar code displayed by the mobile client 501”

and read in by a Vendor or Service Provider's device, 
See Dai [0054] “In block 520, the mobile client device 501 generates a bar code for a transaction. In block 522, the POS device 503 scans bar code displayed by the mobile client 501”

wherein the time-synchronized one-time use password periodically generated by an algorithm running on software on a handheld device generated by a handheld device of the Consumer is encrypted and encoded within a code and displayed on the visual display of the consumer's handheld device and read in by a Vendor or Service Provider's device is provided to the at least one processor and stored in the at least one storage device, 
See Dai [0054] “The transaction ID may include Issuer ID, Account ID, Merchant ID, time stamp, and transaction amount. In block 524, the POS device 503 sends the transaction ID to the acquirer server 502.”
See also [0007], [0033], [0050], [0034] 

The primary reference does not teach encrypted data; see section ENCRYPTED below for further analysis.
wherein a transaction validation from a third party is created and sent on behalf of the Consumer to a Vendor or Service Provider, 
See Dai [0033] “In block 120, upon verification and approval of the transaction by the MTPA servers, the mobile device receives an acknowledgement of the transaction from the MTPA servers.”

wherein the at least one processor sends confirmation of success to the Consumer, 
See Dai [0033], “In block 120, upon verification and approval of the transaction by the MTPA servers, the mobile device receives an acknowledgement of the transaction from the MTPA servers. The acknowledgement may include a confirmation number, transaction amount, time and date of the transaction, name of the seller, and remaining balance on the M-cash account. Similar to block 118, the mobile device may receive the acknowledgement wirelessly from the MTPA servers, or from the MTPA servers via the POS device”

wherein the at least one processor sends confirmation of success to the Vendor or Service Provider, 
See Dai [0033], “In block 120, upon verification and approval of the transaction by the MTPA servers, the mobile device receives an acknowledgement of the transaction from the MTPA servers. The acknowledgement may include a confirmation number, transaction amount, time and date of the transaction, name of the seller, and remaining balance on the M-cash account. Similar to block 118, the mobile device may receive the acknowledgement wirelessly from the MTPA servers, or from the MTPA servers via the POS device”

wherein a transaction validation from the third party is created on behalf of the Consumer and sent to the Vendor or the Service Provider 
See Dai [0033], “In block 120, upon verification and approval of the transaction by the MTPA servers, the mobile device receives an acknowledgement of the transaction from the MTPA servers. The acknowledgement may include a confirmation number, transaction amount, time and date of the transaction, name of the seller, and remaining balance on the M-cash account. Similar to block 118, the mobile device may receive the acknowledgement wirelessly from the MTPA servers, or from the MTPA servers via the POS device”

and wherein the creation of a transaction validation from the third party comprises the steps of: a. transmitting a request for a transaction validation to the third party, wherein a request is transmitted over a network;
See Dai [0050], “In block 410, the MTPA server 400 (also referred to as MTPA for short) receives a payment request from a mobile payer device 402” See also Figure 4A

b. the third party server receiving the request, wherein the third party server is on a network; 
See Dai [0050], “In block 410, the MTPA server 400 (also referred to as MTPA for short) receives a payment request from a mobile payer device 402” See also Figure 4A

c. the third party generating a transaction validation, wherein a transaction validation is generated based upon the received request; 
See Dai [0050], “In block 412, the MTPA server 400 verifies the payer account information in association with the payment request.” See also Figure 4A

d. a third party transmitting a transaction validation to the vendor, wherein a transaction validation is transmitted over a network.
See Dai [0050], “In block 414, upon verifying the payer account information, the MTPA acknowledges the payment request by sending an acknowledgement to the payer.” See also Figure 4A

TIME SYNCHRONIZED
The combined references, in the business of passwords, teach one-time use passwords.  They do not teach wherein the one-time use password is time- synchronized.

Saxena, in the business of passwords, teaches a one-time, time-synchronized password:
See Saxena [0004] “Given enough time for attempts, it's relatively easy for unauthorized intruders to crack a static password. Unlike static passwords, a one-time password changes each time user logs in with the password being generated either by time-synchronized or counter-synchronized methods that typically requires the user to carry a small piece of hardware.”

It would have been obvious to one of ordinary skill in the art to include in the one-time use passwords of the combined references, the ability to have the one-time use passwords be time-synchronized as taught by Saxena, since the claimed invention is merely a combination of old elements, and in the combination, each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  Additional motivation includes allowing the password to be time-synchronized increases the security of the password.

ENCRYPTED
The combined references, in the business of passwords, teach encoding data within a code.  They do not teach encrypting this data.

DAI, in the business of passwords, teaches the ability to encrypt data, albeit different data than the claimed data:
See Dai [0055-0061] “DUKPT allows the processing of the encryption to be moved away from the devices that hold the shared secret. The encryption is done with a derived key, which is not re-used after the transaction. DUKPT is used to encrypt electronic commerce transactions. While it can be used to protect information between two companies or banks, it is typically used to encrypt PIN information acquired by Point-Of-Sale (POS) devices.”
[0048] “an encryption engine 304”
See also [0009-0011]

It would have been obvious to one of ordinary skill in the art to substitute in the code generation of the combined references, the ability to have the information included in the code be encrypted as taught by Dai, since the claimed invention is merely a combination of old elements, and in the combination, each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  The act of encrypting data is not dependent on the data being encrypted. Therefore, one of ordinary skill in the art would be able to take the teaching of encrypting the transaction data as taught by Dai and apply that teaching to encrypting the specifically claimed data in Applicant’s claims. Additional motivation includes allowing for encrypting the data increases the security of the code.

Regarding claims 8 and 44;
(Claim 44) The method of claim 43, wherein the one-time use password periodically generated by an algorithm running on software on a handheld device of the Consumer is communicated to the Vendor or Service Provider via encoding within a matrix barcode, a barcode, an image, or a number, and through Internet, cellular or Near Field Communication (NFC) data channels.  
See Dai [0039] “In screen 158, a secured transaction description is generated by the mobile client device, which corresponds to the function performed in block 116 of FIG. 1B. The secured transaction description may be read from the mobile client device or be transmitted from the mobile client device in accordance with the function performed in block 118 of FIG. 1B.” 
[0040] “In this implementation, the secured transaction description is a scrambled multi-dimensional bit map 159”

Regarding claims 15 and 45;
(Claim 45) The method of claim 43, wherein the geolocation information employed includes at least one of Global Positioning System (GPS) coordinates, cell-phone radio tower triangulation, an IP address, street address data, or a manual location entry.  
Se Dai [0036] “In yet another embodiment of the present invention, the secured transaction description may further include the global positioning system (GPS) location 129 of the mobile client device, which further contributes to the security of the transaction”

Regarding claims 40 and 46;
(Claim 46) The method of claim 43, wherein a counter-synchronized one-time use password is used instead of the time-synchronized one-time use password.  
The combined references, in the business of passwords, teach one-time use passwords.  They do not teach wherein a counter-synchronized one-time use password is used instead of the time-synchronized one-time use password.

Saxena, in the business of passwords, teaches a one-time, counter-synchronized password:
See Saxena [0004] “Given enough time for attempts, it's relatively easy for unauthorized intruders to crack a static password. Unlike static passwords, a one-time password changes each time user logs in with the password being generated either by time-synchronized or counter-synchronized methods that typically requires the user to carry a small piece of hardware.”

It would have been obvious to one of ordinary skill in the art to include in the one-time use passwords of the combined references, the ability to have the one-time use passwords be counter-synchronized as taught by Saxena, since the claimed invention is merely a combination of old elements, and in the combination, each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  Additional motivation includes allowing the password to be counter-synchronized increases the security of the password.



Regarding claims 42 and 48;
(Claim 48) The method of claim 43, wherein the unique consumer identification of the Consumer is encrypted and encoded within a code generated by a handheld device
See Dai [0039] “In screen 158, a secured transaction description is generated by the mobile client device, which corresponds to the function performed in block 116 of FIG. 1B. The secured transaction description may be read from the mobile client device or be transmitted from the mobile client device in accordance with the function performed in block 118 of FIG. 1B.” 
[0055-0061] “DUKPT allows the processing of the encryption to be moved away from the devices that hold the shared secret. The encryption is done with a derived key, which is not re-used after the transaction. DUKPT is used to encrypt electronic commerce transactions. While it can be used to protect information between two companies or banks, it is typically used to encrypt PIN information acquired by Point-Of-Sale (POS) devices.”
[0048] “an encryption engine 304”
See also [0009-0011]

The primary reference does not teach encrypted data; see section ENCRYPTED below for further analysis.
and displayed on the visual display of the consumer's handheld device and read in by a Vendor or Service Provider's device.  
See Dai [0048] “As discussed above in association with FIG. 1A, a POS device can be configured to receive information from a mobile client, and send that mobile client information along with other information provided by the merchant to a mobile transaction processing agent located remotely. As shown in FIG. 3, POS device 300 includes an optical scanner or near field communication (NFC) device 302, an encryption engine 304, and a wireless transceiver 306.”
See also [0054]

ENCRYPTED
The combined references, in the business of passwords, teach encoding data within a code.  They do not teach encrypting this data.

DAI, in the business of passwords, teaches the ability to encrypt data, albeit different data than the claimed data:
See Dai [0055-0061] “DUKPT allows the processing of the encryption to be moved away from the devices that hold the shared secret. The encryption is done with a derived key, which is not re-used after the transaction. DUKPT is used to encrypt electronic commerce transactions. While it can be used to protect information between two companies or banks, it is typically used to encrypt PIN information acquired by Point-Of-Sale (POS) devices.”
[0048] “an encryption engine 304”
See also [0009-0011]

It would have been obvious to one of ordinary skill in the art to substitute in the code generation of the combined references, the ability to have the information included in the code be encrypted as taught by Dai, since the claimed invention is merely a combination of old elements, and in the combination, each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  The act of encrypting data is not dependent on the data being encrypted. Therefore, one of ordinary skill in the art would be able to take the teaching of encrypting the transaction data as taught by Dai and apply that teaching to encrypting the specifically claimed data in Applicant’s claims. Additional motivation includes allowing for encrypting the data increases the security of the code.

Regarding claims 41 and 49;
(Claim 49) The method of claim 43, wherein a timestamp is encrypted and encoded within a code generated by a handheld device 
See Dai [0039] “In screen 158, a secured transaction description is generated by the mobile client device, which corresponds to the function performed in block 116 of FIG. 1B. The secured transaction description may be read from the mobile client device or be transmitted from the mobile client device in accordance with the function performed in block 118 of FIG. 1B.” 
[0055-0061] “DUKPT allows the processing of the encryption to be moved away from the devices that hold the shared secret. The encryption is done with a derived key, which is not re-used after the transaction. DUKPT is used to encrypt electronic commerce transactions. While it can be used to protect information between two companies or banks, it is typically used to encrypt PIN information acquired by Point-Of-Sale (POS) devices.”
[0048] “an encryption engine 304”
See also [0009-0011]

The primary reference does not teach encrypted data; see section ENCRYPTED below for further analysis.
and displayed on the visual display of the consumer's handheld device and read in by a Vendor or Service Provider's device.
See Dai [0048] “As discussed above in association with FIG. 1A, a POS device can be configured to receive information from a mobile client, and send that mobile client information along with other information provided by the merchant to a mobile transaction processing agent located remotely. As shown in FIG. 3, POS device 300 includes an optical scanner or near field communication (NFC) device 302, an encryption engine 304, and a wireless transceiver 306.”
See also [0054]

ENCRYPTED
The combined references, in the business of passwords, teach encoding data within a code.  They do not teach encrypting this data.

DAI, in the business of passwords, teaches the ability to encrypt data, albeit different data than the claimed data:
See Dai [0055-0061] “DUKPT allows the processing of the encryption to be moved away from the devices that hold the shared secret. The encryption is done with a derived key, which is not re-used after the transaction. DUKPT is used to encrypt electronic commerce transactions. While it can be used to protect information between two companies or banks, it is typically used to encrypt PIN information acquired by Point-Of-Sale (POS) devices.”
[0048] “an encryption engine 304”
See also [0009-0011]

It would have been obvious to one of ordinary skill in the art to substitute in the code generation of the combined references, the ability to have the information included in the code be encrypted as taught by Dai, since the claimed invention is merely a combination of old elements, and in the combination, each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  The act of encrypting data is not dependent on the data being encrypted. Therefore, one of ordinary skill in the art would be able to take the teaching of encrypting the transaction data as taught by Dai and apply that teaching to encrypting the specifically claimed data in Applicant’s claims. Additional motivation includes allowing for encrypting the data increases the security of the code.

ADDITIONAL ART
Examiner would like to cite but not rely upon the following references which also teach the aspect of a third party validating a transaction between a merchant/consumer.

US 20120089481 A1		Iozzia; Salvatore F. et al.
US 20090222383 A1		TATO; Charles et al.

US 20080183590 A1		Drudis; Antoni et al.
US 20080011820 A1		Brown; Peggy et al.
US 20060276171 A1		POUSTI M
US 20040100363 A1		Lane, Kathleen  et al.
US 20030225590 A1		Weber, Philippe Jean
US 20020026365 A1		Natanzon, Rony

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J WARDEN whose telephone number is (571)272-9602. The examiner can normally be reached M-F; 9-6 CDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shahid Merchant can be reached on 5712701360. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-

/MICHAEL J. WARDEN/
Examiner
Art Unit 3693





/Shahid Merchant/Supervisory Patent Examiner, Art Unit 3693