DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Receipt of Applicant’s Amendment filed December 17, 2021 is acknowledged.

Response to Amendment
Claims 1, 3, 4, 6-8, 11, and 20 have been amended.  Claims 2, 5, 9, 10, 12-19, and 21 have been canceled.  Claims 22 and 23 are new.  Claims 1, 3, 4, 6-8, 11, 20, 22, and 23 are pending and are provided to be examined upon their merits.

Response to Arguments
Applicant’s arguments with respect to claims 1, 3, 4, 6-8, 11, 20, 22, and 23 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.  Nevertheless, a response is provided below in bold where appropriate.
Applicant argues 35 USC §101 Rejection, starting pg. 11 of Remarks:

Rejection under 35 U.S.C. § 101 

Claims 1-8, 11-13, 16, 17 and 19-21 stand rejected under 35 U.S.C. § 101 as being directed to an abstract idea without significantly more. This rejection is respectfully traversed. 

A complete discussion of the Examiner’s rejection is set forth in the Office Action, and is not being repeated here. 

Independent claim 1 now recites: 
A system for secure payment with an electronic money (e-money), comprising: 

at least one mobile device storing the e-money, wherein at least one mobile device is a non-secure mobile device, 

a plurality of payment terminals, and 

at least one server, 

wherein the e-money comprises a spend token TS for each individual terminal, 

wherein the spend token TS relates to good purchased/sold in response to a payment transaction between the mobile device and the individual payment terminal involved in the payment transaction, 

wherein the spend token TS is configured to contain only the information relating to the most current goods purchased/sold in response to the payment transaction between the at least one mobile device and the payment terminal, as well as the history of the older spend tokens TS as hash,

wherein the plurality of payment terminals comprise at least one secure element SEALS-SE, and the secure element SEALS-SE is a physical secure element which comprises a processor with cryptographic suitability which enables authentication of the mobile device and representation of the server in the plurality of terminals and is configured to locally enable a final settlement of the goods purchased in relation to the payment transaction,

wherein the at least one mobile device and the payment terminal that are offline, in which the at least one mobile device does not include the secure element SEALS-SE, and both the at least one mobile device and the payment terminal are not connected to the internet and are not connected to the at least one server at the time of goods purchased/sold in response to the payment transaction, and

wherein a communication between the at least one mobile device and the plurality of payment terminals is:

i) a short-distance radio connection, including at least one of radio-frequency identification, near field communication, short-range wireless interconnection , bluetooth low energy, and wireless fidelity;

iii) optical connection, including at least one of infrared, infrared data association, and near infrared; and/or
iv) acoustic connection.


Applicant respectfully disagrees with the Examiner’s rejection and submits that independent claim 1, as well as other independent claims, are directed to statutory subject matter for at least the following reasons.

(1) According to the 2019 Revised Patent Subject Matter Eligibility Guidance issued on January 7, 2019 (hereinafter “Revised Guidance’), the abstract idea exception includes the following grouping of subject matter, when recited in a claim limitation: a) mathematical concepts; b) certain methods of organizing human activity; and c) mental processes. The Revised Guidance states that claims that do not recite matter that falls within these enumerated groupings of abstract ideas should not be treated as reciting an abstract idea. Further, the Revised Guidance sets forth a procedure to determine whether a claim is “directed to” a judicial exception under § 101. Under the procedure, if a claim recites a judicial exception, it must then be analysed to determine whether the recited judicial exception is integrated into a practical application of that exception. If a claim as a whole integrates the recited judicial exception into a practical application of that exception, the claim is not “directed to” a judicial exception, and thus is patent eligible. The Revised Guidance instructs the Examiners to evaluate integration into a practical application by a) identifying whether there are any additional elements recited in the claim beyond the judicial exception(s); and b) evaluating those additional elements individually and in combination to determine whether they integrate the exception into a practical application, using one or more of the considerations laid out by the Supreme Court and the Federal Circuit. The Revised Guidance also notes that the revised Step 2A specifically excludes consideration of whether the additional elements represent well-understood, routine, conventional activities; instead, analysis of well-understood, routine, conventional activity is done in Step 2B.

Turning to the present case, claim 1 is directed to a system for secure payment with an electronic money, and such a system comprises the following elements:

- a non-secure mobile device,

o i.e. a mobile device without a secure element (paragraphs [0109] and [0110], including without a secure element SEALS-SE, based on claim 1);
 
- a plurality of payment terminals,



- a server,

o the server is not required for a final settlement of a payment transaction (see e.g., claim 1; i.e, the secure element SEALS-SE is configured to enable a final settlement, while the mobile device and the payment terminal are offline);

- e-money — stored on the device — comprising a spend token TS for each individual payment terminal,

o the spend token TS relates to goods purchased/sold in response to a payment transaction between the mobile device and the individual payment terminal involved in the payment transaction;

- wherein the communication between the mobile device and the plurality of payment terminals may be selected from a specific group, including RFID, NFC, USB, IR or acoustic connection, but not by internet.


The Examiner asserts that the claimed invention covers performance of the limitation as a fundamental economic practice or commercial interaction, and thus falls within the “Certain Methods of Organizing Human Activity” grouping of abstract idea. Applicant respectfully disagrees and submits that present claim 1 is directed to a system a system comprising not only a mobile device, payment terminal, physical secure element SEALS-SE — which all are specified — and a server, but also communication means between the mobile device and the payment terminal as well as the spend token TS being configured to contain information relating to goods purchased/sold in response to a payment transaction between the mobile device and payment terminal that is performed offline. It is noted that the essence of the claimed invention is the system as a whole in which several physical devices interacts with one another in order to achieve a final settlement between the mobile device and the payment terminal in an environment having no internet connection, which should clearly technical features in solving a technical problem of, e.g., how to facilitate a final settlement that is made without Internet connection without compromising on security. It is also noted that the solution provided by the claimed invention is technical, and resides in the technical improvement of how the mobile device, payment terminal, physical secure element SEALS-SE and server are interacting with one another as a whole system, rather than the alleged “economic practice or commercial interaction.” Further, Applicant notes that no matter whether the processor included in the physical secure element SEALS-SE is generic computer components as alleged by the Examiner during the interview, it is clear that the operations of authentication of the mobile device and representation of 

From Applicant’s specification (filed 5/29/2019, clean version):
“The present invention relates to a system for secure payment with electronic money using a mobile device, in particular using a non-secure mobile 15 device (2) without a suitable security element, to the electronic money, to a method for secure payment with electronic money as well as to the use of said method.” (pg. 1, lines 13-17)

Therefore the invention is about secure payment with electronic money.

Further, even if, assuming arguendo, the claim was deemed by the Examiner to recite an abstract idea, Applicant notes that the claim clearly integrates such an alleged abstract idea into a practical application which achieves a final settlement of a transaction between the mobile device and terminal that is made without Internet connection without compromising on security. In particular, claim 1 recites “the plurality of payment terminals comprise at least one secure element SEALS-SE, and the secure element SEALS-SE is a physical secure element which comprises a processor with cryptographic suitability which enables authentication of the mobile device and representation of the server in the plurality of terminals and is configured to locally enable a final settlement of the goods purchased in relation to the payment transaction, the at least one mobile device and the payment terminal that are offline, in which the at least one mobile device does not include the secure element SEALS-SE, and both the at least one mobile device and the payment terminal are not connected to the internet and are not connected to the at least one server at the time of goods purchased’ sold in response to the payment transaction.” Claim 1 further requires that “a communication between the at least one mobile device and the plurality of payment terminals is: i) a short-distance radio connection, including at least one of radio-frequency identification, near field communication, short-range wireless interconnection , bluetooth low energy, and wireless fidelity; i1) contact-based connection, including at least one of USB and firewire; iii) optical connection, including at least one of infrared, infrared data association, and near infrared; and/or iv) acoustic connection.” Applicant respectfully submits that even if claim 1 involves commercial interaction, the above identified features have clearly limited the claimed invention into a specific and practical application, including a useful improvement of the state of the art.

The above secure element is claimed and taught at a high level of generality.  

From Applicant’s specification:


“The secure element SEALS-SE (3) thus represents a type 3 secure element SE and, in addition to storing data, such as cryptographic keys, i.e. keys and information relating to the credit card (type 1) and storing e-money (type 2), additionally allows to transfer e-money (4) between means of payment, i.e. mobile device (2) and terminal, i.e. terminal (5), wherein only the means of payment or the device imperatively requires such a secure element SE.” (pg. 31, lines 2-7)

Therefore the improvement appears to be allows transfer of e-money between a mobile device and a terminal.  But this is just using existing technology to transfer money securely between devices.  The secure element itself and other technology is not improved.  The benefit appears to be mobile device is not required to have a secure element, but this would not be a technical improvement. 

Wireless communication between devices is also at a high level of generality and using existing technology.

Applicant respectfully emphasizes that the Revised Guidance also notes that the revised Step 2A specifically excludes consideration of whether the additional elements represent well- understood, routine, conventional activities; instead, analysis of well-understood, routine, conventional activity is done in Step 2B. Therefore, in the present case, contrary to the Examiner’s allegation, whether the recited processor and multiple physical devices are well- understood, routine and conventional is irrelevant when determining whether the recited judicial exception is integrated into a practical application of that exception. 

In view of the above, Applicant respectfully submits that claim 1 is not directed to the alleged exception according to the Revised Guidance.

The Examiner is looking for a technical explanation in the disclosure and claims that include the technology.  Using what appears to be an existing type 3 security in a payment terminal in order to not require mobile devices to have a security element is too high level.  The claim is even more general, just requiring some type of secure element in a payment terminal.

(2) Even if, assuming arguendo, the Step 2B of the USPTO’s Subject Matter Eligibility Guidance was necessary to be used in the present case in order to determine whether the claim is directed to a judicial exception, Applicant respectfully submits that as argued below, claim 1 now recites specific limitations other than what is well-understood, routine and conventional in the field which should be weighed in favor of eligibility. In particular, claim 1 further recites additional elements (i.e., “the plurality of payment terminals comprise at least one secure element SEALS-SE, and the secure element SEALS-SE is a physical secure element which comprises a processor with cryptographic suitability which enables authentication of the mobile device and representation of the server in 

From Applicant’s argument above…
>>“In particular, claim 1 further recites additional elements (i.e., “the plurality of payment terminals comprise at least one secure element SEALS-SE, and the secure element SEALS-SE is a physical secure element which comprises a processor with cryptographic suitability which enables authentication of the mobile device and representation of the server in the plurality of terminals and is configured to locally enable a final settlement of the goods purchased in relation to the payment transaction, the at least one mobile device and the payment terminal that are offline, in which the at least one mobile device does not include the secure element SEALS-SE, and both the at least one mobile device and the payment terminal are not connected to the internet and are not connected to the at least one server at the time of goods purchased/sold in response to the payment transaction...”<<

Applicant is arguing that a practical application is a physical secure element that comprises a processor with cryptographic suitability which enable authentication of the mobile device.  The secure element therefore is a processor with cryptographic ability to enable authentication.  Therefore, at best this is a processor performing at a high level by some type cryptographic suitability (?) function to enable authentication.

The above therefore is using, at a high level, existing technology by having a payment terminal processor with cryptographic suitability to enable authentication.  Applying existing computer and cryptographic technology at a high level to a payment scheme by allowing a payment terminal to communicate with an unsecured mobile device is not improving prior art systems themselves.    




From Applicant’s background of prior art in their specification and the problem being solved…
“Different types of crypto currencies, such as Bitcoin, for example, have also been circulating for several years. These crypto currencies are not stored on a device, such as, for example, a mobile telephone - not least in order to meet high security demands - but in a decentralized network, in which – put simply - all subscribers of the network communicate with one another and establish consensus as to who has how much money at what time. In order to thus be able to pay with a crypto currency, a device involved in the payment must be online, i.e. must have a contact to at least one server. In order to ensure the security of the crypto currency, every transaction is thus verified and authorized by a plurality of further devices, with which payment can typically be made using the same crypto currency. Such a verification is extremely complex and currently takes approximately ten minutes or more, for example in the case of Bitcoin. In addition, each of these products, such as Bitcoin, forms its own, specific currency, wherein the exchange rate to country currencies can change as well. Depending on the current trust in the respective product, the exchange rate can fluctuate greatly within a short time. Due to the fact that the seller as well as the buyer generally want payment security and do not want to be part of currency speculation, such products are unsuitable in particular for paying small amounts. In addition, offline payments, in particular a transfer of e-money with final settlement without connection to the Internet at the time of the payment cannot take place with products, such as Bitcoin, due to the lack of mutual trust between buyer and/or seller.” (pg. 3, lines 5-26)

The above background teaches that mobile devices do not store crypto currencies because of security demands, but in a decentralized network.  Therefore presumably decentralized network computers have security for crypto currency.

The above also teaches problem of mutual trust between buyer and/or seller when offline.  

From Applicant’s disclosure:
“In another preferred embodiment, the security element SEALS-SE (3) represents a physical security element in the terminal (5) and advantageously comprises a processor with cryptographic suitability.” (pg. 32, lines 9-11)

“The term terminal (5) preferably comprises a processor, a memory and/or software. The terminal is preferably operated via a user interface and/or is controlled via a machine interface. The terminal (5) is typically also part of a cash register or is connected to a cash register.” (pg. 33, lines 23-26)

A processor with cryptographic suitability by itself is not improving computer or other technology.  

“II.	the terminal (5) comprises at least one security element SEALSSE (3), wherein the security element SEALS-SE (3) is suitable for keeping and transferring e-money (4, 4*) with final settlement even using a device (2) without security element SE and without Internet connection at the time of the payment transaction, and the terminal (5) and the device (2) do not need to be connected to the server (7) for a final settlement at the time of a payment transaction and may therefore be offline.” (pg. 10, lines 8-14)

Essentially, a processor (terminal) with cryptographic suitability (security) for authentication of a mobile device that lacks a secure element, is too high level and is not improving prior art systems themselves.  Based on the above response to Applicant’s arguments, the rejection is respectfully maintained but modified for the claim amendments.

Applicant argues 35 USC §103 Rejection, starting pg. 17 of Remarks:

Applicant’s amendments have resulted in a new prior art rejection, rendering their arguments moot.


Claim Objections
Claims 1 and 23 are objected to because of the following informalities: Claim 1 has “relates to good purchased/sold…” where “good” should probably be “goods.”  Claim 23 has a similar problem.  Claim 23 has “storing the e-money…spend token TS.” A period should be only at the end of the claim.  Claim 23 has “establishing a connection between… short-range wireless interconnection , bluetooth…” where the “,” should be next to the word (e.g. “interconnection,…”).  Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:



Claims 1, 3, 4, 6-8, 11, 20, 22, and 23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Claims 1, 3, 4, 6-8, 11, 20, 22, and 23 are directed to a system or method, which are statutory categories of invention.  (Step 1: YES).
The Examiner has identified system Claim 1, method Claim 11, and method Claim 23 as the claims that represent the claimed inventions for analysis.  
Regarding claims 1, 3, 4, 6-8, 20, and 22, independent Claim 1 recites the limitations of:
A system for secure payment with an electronic money (e-money), comprising:
at least one mobile device storing the e-money, wherein at least one mobile device is a non-secure mobile device,
a plurality of payment terminals, and
at least one server,
wherein the e-money comprises spend token TS for each individual terminal, wherein the spend token TS relates to good purchased/sold in response to a payment transaction between the mobile device and the individual payment terminal involved in the payment transaction,
wherein the spend token TS configured to contain only the information relating to the most current goods purchased/sold in response to the payment transaction between the at least one mobile device and the payment terminal, as well as the history of the older spend tokens TS as hash, 
wherein the plurality of payment terminals comprise at least one secure element SEALS-SE, and the secure element SEALS-SE is a physical secure element which comprises a processor with cryptographic suitability which enables authentication of the mobile device and representation of the server in the plurality of terminals and is configured to locally enable a final settlement of the goods purchased in relation to the payment transaction,
wherein the at least one mobile device and the payment terminal that are offline, in which the at least one mobile device does not include the secure element SEALS-SE, and both the at least one mobile device and the payment terminal are not connected to the internet and are not connected to the at least one server at the time of goods purchased/sold in response to the payment transaction, and
wherein a communication between the at least one mobile device and the plurality of payment terminals is:
i) a short-distance radio connection, including at least one of radio-frequency identification, near field communication, short-range wireless interconnection , bluetooth low energy, and wireless fidelity; ii) contact-based connection, including at least one of USB and firewire; iii) optical connection, including at least one of infrared, infrared data association, and near infrared; and/or iv) acoustic connection.

Step 2A-Prong 1: YES. The claims are abstract)
This judicial exception is not integrated into a practical application. In particular, the claims only recite: mobile device, payment terminal, server, security element SEALS-SE.   The computer hardware is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer component.  
See pp. 23-24 where suitable devices (e.g. mobile telephone, laptop) are commercially available and known to a person skilled in the art.  
The terminal can be various devices… “and the terminal, i.e. for example the point-of-sale (POS) at a cash register or a vending machine are offline at the time and/or at the location of the payment transaction” (pg. 12).   Also “The term terminal preferably comprises a processor, a memory and/or software.” (pg. 29, para. 3).  Therefore the terminal could be just a generic computer. 

The communication between at least one mobile device and the plurality of terminals is using various existing communication technologies (see pg. 24 of the specification).
The telegrams appear to be messages and could be just transaction telegrams (pg. 29).  
Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they  do not impose any meaningful limits on practicing the abstract idea. Therefore claim 1 is directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)

ep 2B: NO. The claims do not provide significantly more)  
Dependent claims 3, 4, 6-8, 20 and 22 further define the abstract idea that is present in their independent Claim 1 and thus correspond to Certain Methods of Organizing Human Activity and hence are abstract for the reasons presented above.  The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.  The smartcard in Claim 20 appears to use existing smartcard technology and is issued by trusted source…“In order to ensure the necessary security against counterfeiting and 

Regarding claim 11.  Claim 11 recites the limitations of:
A method for secure payment with e-money using the at least one mobile device with the system according to claim 1, the method comprises at least one of the following steps a) to d):
a) storing the e-money on the at least one mobile device or plurality of payment terminals, wherein the e-money comprises spend token TS for each individual terminal, wherein the spend token TS is configured to contain only the information relating to the most current goods purchased/sold in response to the payment transaction between the mobile device and the payment terminal involved in the payment transaction,
b) the at least one mobile device and payment terminal communicate with one another by i) a short-distance radio connection, including at least one of radio-frequency identification, near field communication, short-range wireless interconnection, bluetooth low energy, and wireless fidelity; ii) contact- based connection, at least one of USB and firewire; ii) optical connection, including at least one of infrared, infrared data association, and near infrared; and/or iv) acoustic connection,

wherein the mobile device and the payment terminal are not connected to the Internet at the time of the payment transaction to allow a payment transaction with final settlement without Internet connection, 
c) the payment terminal and the server or the server and the at least one payment terminal (5) exchange at least one telegram, wherein the exchange of the at least one telegram takes place via the at least one mobile device or a plurality of devices.
These above limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity.  The claim recites elements, highlighted in bold above, which covers performance of the limitation as a fundamental economic practice (e.g. current goods purchased/sold) and commercial interactions (e.g. paying with e-money).  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic practice or commercial interaction, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.  (Step 2A-Prong 1: YES. The claims are abstract)
This judicial exception is not integrated into a practical application. In particular, the claims only recite: mobile device, payment terminal, security element SEALS-SE, server.  The computer hardware is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than 
The payment terminal can be various devices… “and the terminal (5), i.e. for example the point-of-sale (POS) at a cash register or a vending machine are offline at the time and/or at the location of the payment transaction” (pg. 12).   Also “The term terminal (5) preferably comprises a processor, a memory and/or software.” (pg. 29, para. 3).  Therefore the terminal could be just a generic computer.  
The mobile device an payment terminal communicate using existing technology (e.g. pg. 24 of the specification).  A mobile device communicating with a payment terminal is not improving prior art technology.
The SEALS-SE is some type of physical safety element (e.g. pg. 11, last paragraph), and the security element appears to be of known types (e.g. “type 3”), Table D, pg. 25 and is taught and claimed at a high level of generality.  Also, the payment terminals comprise a SEALS-SE, but nothing is done with it.  Therefore, the security element SEALS-SE is just a processor on a terminal (computer component) doing with cryptographic suitability (capability) to enable authentication.  This is not improving security or cryptography itself, and is just using cryptography, at a high level, for authentication.
The telegrams appear to be messages and could be just transaction telegrams (pg. 29).  
Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a computer hardware amounts to no more than mere instructions to apply the exception using a generic computer component.  Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.  Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they  do not impose any meaningful limits on practicing the abstract idea.  Steps such as storing, exchange of telegram (receiving and transmitting) are steps that are considered insignificant extra solution activity and mere instructions to apply the exception using general computer components (see MPEP 2106.05(d), II). Thus claim 11 is not patent eligible. (Step 2B: NO. The claims do not provide significantly more)  
Thus, the claim 11 is not patent eligible.

Regarding claim 23.  Claim 23 recites the limitations of:

at least one mobile device storing the e-money, wherein at least one mobile device is a non-secure mobile device,
a plurality of payment terminals, and
at least one server,
wherein the e-money comprises a spend token TS for each individual terminal, wherein the spend token TS relates to good purchased/sold in response to a payment transaction between the mobile device and the individual payment terminal involved in the payment transaction,
wherein the spend token TS is configured to contain only the information relating to the most current goods purchased/sold in response to the payment transaction between the at least one mobile device and the payment terminal, as well as the history of the older spend tokens TS as hash,
wherein the plurality of payment terminals comprise at least one secure element SEALS- SE, and the secure element SEALS-SE is a physical secure element which comprises a processor with cryptographic suitability which enables authentication of the mobile device and representation of the server in the plurality of terminals and is configured to locally enable a final settlement of the goods purchased in relation to the payment transaction, and 
	wherein the at least one mobile device and the payment terminal that are offline, in which the at least one mobile device does not include the secure element SEALS-SE, and both the at least one mobile device and the payment terminal are not connected to the internet and are not connected to the at least one server at the time of goods purchased/sold in response to the payment transaction, 
the method comprising the steps of: 
storing the e-money on the at least one of the at least one mobile devices and payment terminals, wherein the e-money further comprises at least one load token TL different from the spend token TS. 
performing a payment transaction with the e-money with a final settlement without Internet connection at the time of the payment transaction, comprising the sub-steps of: 
generating the spend token by the mobile device in response to the payment transaction using the at least one mobile device at the payment terminal; 
establishing a connection between the at least one mobile device and the payment terminal with bidirectional data exchange without connecting to the Internet, the connection between the at least one mobile device and the plurality of payment terminals being: i) a short-distance radio connection, including at least one of radio-frequency identification, near field communication, short-range wireless interconnection , bluetooth low energy, and wireless fidelity; ii) contact-based connection, including at least one of USB and firewire; iii) optical connection, including at least one of infrared, infrared data association, and near infrared; and/or iv) acoustic connection; 
transferring a copy of the spend token from the at least one mobile device to the payment terminal, the spend token comprises at least a value of the goods purchased/sold in response to the payment transaction; 
verifying and/or signing the spend token by the secure element SEALS-SE of the payment terminal; and 
exchanging at least one telegram between the at least one mobile device and the payment terminal at the time of the payment transaction; 
wherein the final settlement is defined that the payment transaction is legally valid and has been completed; 
exchanging the at least one telegram between the at least one mobile device and the server after the at least mobile device is no longer offline and is connected to the server; 
receiving a telegram with a receipt confirmation by the at least one mobile device from the server, and the at least one mobile device transmitting said telegram with the receipt confirmation to the payment terminal; and 
monitoring and detecting misuse in the system, comprising the sub-steps of: 
storing and processing the telegrams received from the mobile device, blocking one of at least one mobile device including irregularities, and transmitting other telegrams to the payment terminal via the at least one mobile device; 
the payment terminal verifying the spend tokens received from the at least one mobile device using the secure element SEALS-SE based on the received telegrams from the server, and blocking said one mobile device including irregularities for the system. 

Step 2A-Prong 1: YES. The claims are abstract)
This judicial exception is not integrated into a practical application. In particular, the claims only recite: mobile device, payment terminal, server, security element SEALS-SE.   The computer hardware is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer component.  Therefore, the security element SEALS-SE is just a processor on a terminal (computer component) doing with cryptographic suitability (capability) to enable authentication.  This is not improving security or cryptography itself, and is just using cryptography, at a high level, for authentication.
See pp. 23-24 where suitable devices (e.g. mobile telephone, laptop) are commercially available and known to a person skilled in the art.  
The terminal can be various devices… “and the terminal, i.e. for example the point-of-sale (POS) at a cash register or a vending machine are offline at the time 
The SEALS-SE is some type of physical safety element (e.g. pg. 11, last paragraph), and the security element appears to be of known types (e.g. “type 3”), Table D, pg. 25 and is taught and claimed at a high level of generality.  The “… SEALS-SE is a physical secure element which comprises a processor with cryptographic suitability which enable authentication…”  is claimed at a high level of generality (i.e. somehow authentication is enabled with a secure element).
The communication between at least one mobile device and the plurality of terminals is using various existing communication technologies (see pg. 24 of the specification).
The telegrams appear to be messages and could be just transaction telegrams (pg. 29).  
Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they  do not impose any meaningful limits on practicing the abstract idea. Therefore claim 1 is directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)

The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and ep 2B: NO. The claims do not provide significantly more)  
Thus, the claim 23 is not patent eligible.
	Therefore, claims 1, 3, 4, 6-8, 11, 20, 22, and 23 are not patent eligible.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claim 1 has “the individual payment terminal” in the step of “wherein the e-money comprises spend token TS for each individual terminal” where antecedence cannot be found for “the individual payment terminal.”  Claims 11 and 23 have a similar problem.
Claim 1 has “the information relating to…” in the step of “wherein the spend token TS configured to contain only the information…” where there is no antecedence for “the information.”  Claims 11 and 23 have a similar problem.
Claim 1 has “the most current goods purchased/sold…” in the step of “wherein the spend token TS configured to contain only the information” where there is no antecedence for “the most current goods purchased/sold.”  Claims 11 and 23 have a similar problem.
Claim 1 has “USB” where it is indefinite as to what USB is.  First use of an acronym in a claim should indicate what the initials stand for (e.g. universal serial bus (USB)).  Claims 7, 11, and 23 have a similar problem.
Claim 1 has “the time of goods purchased and sold” in the step of “wherein the at least one mobile device and the payment terminal..” where there is no antecedence for “the time.”  Claims 11 and 23 have a similar problem.
Claim 1 has “wherein a communication between the at least one mobile device and the plurality of payment terminals is: …” where it is indefinite as to communication Claim 23 has a similar problem.
Claim 11 has “the payment transaction” in the step of “storing the e-money…” where there is no antecedence for the payment transaction.  
Claim 11 has “storing the e-money on the at least one mobile device or plurality of payment terminals, wherein the e-money comprises spend token TS for each individual terminal,…” where it is indefinite as to e-money comprises spend token TS for each individual terminal and how this relates to storing e-money on either a mobile device or payment terminals (e.g. is the e-money coded with some type of individual terminal identifier, and how does spend token for each individual terminal relate to the mobile device?).  Also, is the individual terminal a payment terminal?  Claims 1 and 23 have a similar problem.
Claim 23 has “A method for secure payment with e-money using a system which comprises” where it is indefinite as to whether a method or system is being claimed.  Applicant claims system components but then later claims method steps.  The structure of the claim itself, therefore is a system claim performing method steps.  For examination purposes, this is interpreted as a system claim with components that perform the steps of a method.
Claim 23 has “storing the e-money… e-money comprises at least one load token TL different form spend token TS” where it is indefinite as to different as a token is either spent or not spent (i.e. the adjective load/spend denotes the two are different).
Claims 3, 4, 6-8, 20, and 22 are further rejected as they depend from their respective independent claim.

Examiner Request
The Applicant is requested to indicate where in the specification there is support for amendments to claims should Applicant amend.  The purpose of this is to reduce potential 35 U.S.C. §112(a) or §112 1st paragraph issues that can arise when claims are amended without support in the specification.  The Examiner thanks the Applicant in advance.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.

3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1, 3, 4, 6-8, 11, 20, 22, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over WO2005/008608 to Lehmann in view of Pub. No. US 2017/0293912 to Furche et al.
Regarding claim 1
A system for secure payment with an electronic money (e-money), comprising:

at least one mobile device storing the e-money, wherein at least one mobile device is a non-secure mobile device,

Lehmann teaches:
Mobile devices…
“The payment system also has two groups of terminals, a first group of terminals serving as merchant terminals, and a second group of VOH terminals serving as customer terminals, wherein a payment to the operator of a merchant terminal is initiated by the operator of a customer terminal. The term terminal can be seen widely and comprises passive devices with an electronic chip which is activated when contacting by an externally acting field in order to carry out a data exchange. Furthermore, a terminal can be understood to mean, for example, mobile radio devices with a SIM card for the identification thereof in a specific mobile radio network, mobile computers with radio network interfaces and network terminals with a network access to a remote data source.” (pg. 2, para. 7)

A first terminal (payment terminal) with control device for encrypting data…
“Advantageously, a terminal provided as a first terminal for such a transaction system has an interface to the background system and a further interface, in particular an output interface to the second terminal. In the simplest embodiment, the output interface to the second terminal can be designed in the form of a displayed Internet page with data to be transmitted by hand. However, interfaces that allow direct automatic transmission, in particular encrypted data, are preferred. The terminal also has a control device for receiving, processing and transmitting data and for encrypting the data with keys that cannot be accessed from the outside in a secure memory.” (pg. 3, para. 10)

Therefore the payment terminal has a control device for encrypting data.
A smart card (example of mobile device) can optionally have (therefore not required, and therefore non-secure) a cryptocoprocessor (security element)…
“The encryption takes place advantageously in each case in an encryption/control device which is independent of the interfaces for transmission and cannot be accessed from the outside. Advantageously, a smart card can optionally be used for this purpose with a cryptocoprocessor. For particularly good protection, the encryption device is assigned one or two individual key pairs which are used for securing the connection to the background system for the transmission of data from the background system. The keys, in particular the private key, are stored in a memory area which cannot be accessed from the outside and can only be accessed by the smart card.” (pg. 3, para. 3)

Therefore a mobile device without a cryptocoprocessor (secure element) for encrypting data with keys.

Another example of a mobile radio device that “can also be provided with a cryptocoprocessor, but not required (therefore known mobile device do not have this secure element)…
“In addition to equipping a known mobile radio device or mobile computer with such a functionality, in particular by installing a second processor as a second control device in addition to a known SIM card, simple devices can also be provided as a second terminal. It is thus also possible, for example, to use an SMS pad (SMS: Short Massage Service/Short message service) which, in contrast to the mobile radio telephone, does not have any voice functionality. The encryption device is also advantageously an independent chip in such a simple device, in particular with a cryptocoprocessor, which provides sufficient power for the complex encryption of the data. The installation of a dual-interface smart card known per se is preferred. The independent chip is provided in addition to a SIM card which is used to enable communication via the mobile radio networks. The use of the short message service offers the further advantage that short messages do not have to be transmitted via a permanently installed connection between the participating data end stations.” (pg. 3, para. 13)

Data stored by customers…
“The starting point is an electronic payment system with a background system which allows access to databases. In a conventional manner, the data required in the databases are stored by retailers and customers, as well as in particular bank accounts of these dealer and customer. Access from the outside to this data is blocked.” (pg. , col. 6)

Where the data is encrypted data that represents money (therefore e-money)…
a real money flow takes place only within the background system but not via the connections to the first or to the second terminal. No real money flow takes place between the two terminals, but rather only a transmission of encrypted data, which are then used after corresponding forwarding in the background system for triggering the actual financial transaction.” (pg. 3, col. 9)

a plurality of payment terminals, and

Merchant (payment) terminals (plural)…
“The payment system also has two groups of terminals, a first group of terminals serving as merchant terminals, and a second group of VOH terminals serving as customer terminals, wherein a payment to the operator of a merchant terminal is initiated by the operator of a customer terminal. The term terminal can be seen widely and comprises passive devices with an electronic chip which is activated when contacting by an externally acting field in order to carry out a data exchange. Furthermore, a terminal can be understood to mean, for example, mobile radio devices with a SIM card for the identification thereof in a specific mobile radio network, mobile computers with radio network interfaces and network terminals with a network access to a remote data source.” (pg. 2, para. 7)

at least one server,

Example of server and E-cash…
“An electronic payment system is known from WO 98/47116, which essentially corresponds to known methods from the range of credit card requests and the so-called E-cash and from the loading of electronic purses. In this method, customer terminal, merchant terminal and a server are connected to one another in the background system during the process, which is an online method. Reference is also made to the possibility of using encryption methods, wherein a specific description of the type of encryption is not given. However, it is disadvantageous that customer data are stored in the so-called SIM card (SIM: Subscriber Identification Module), in which the IMSI identifier (IMSI: International Mobile Subscriber Identity) uniquely assigned to the SIM card is also stored. The SIM card is protected against misuse by a 4-digit PIN, as long as the PIN is kept secret. In particular, the storage of customer data in the SIM card is disadvantageous.” (pg. 1, para. 8)

Another example of a server…
“The background system consists of an SMS host for sending and receiving SMS messages and a server which fulfills conventional clearing tasks and checks customers and retailers according to the known methods. In addition, it has the respective RSA keys for encryption and decryption of data records which are transmitted by SMS and or can be received.” (pg. 9, col. 5)



One example of goods and services between merchant (payment) terminals and customer terminals (mobile devices) for payment…
“There are a multiplicity of electronic payment systems for paying services or goods or else for the other transmission of money. In general, a payment system having a background system with access to databases in which data is stored for retailers and potential customers, in particular bank customers with bank accounts, is known. The payment system also has a first group of terminals which are available as merchant terminals at point of sale or service points. Furthermore, the payment system has a second group of terminals as customer terminals, wherein the customer terminals are operated by users who wish to make a payment to the merchant terminal or to a merchant terminal. In general, it is also known to use a simple encryption system in order not to transmit the data as unencrypted plain text. The payment system thus serves to carry out a monetary transaction by transmitting data between a specific first terminal of the first group of terminals and a specific second terminal of the second group of terminals.” (pg. 1, para. 3)

	Encrypted data as example of e-money…
“Advantageously, a real money flow takes place only within the background system but not via the connections to the first or to the second terminal. No real money flow takes place between the two terminals, but rather only a transmission of encrypted data, which are then used after corresponding forwarding in the background system for triggering the actual financial transaction.” (pg. 3, para. 9)

See Token below.

wherein the spend token TS configured to contain only the information relating to the most current goods purchased/sold in response to the payment transaction between the at least one mobile device and the payment terminal, as well as the history of the older spend tokens TS as hash, 

Where current time is provided with transaction number for current transaction process…
“According to a particularly preferred embodiment, current time data are also provided as time information T from the system clock and used as separate data T or as an integrated component of the transaction number TAN for the current transaction process.” (pg. 5, para. 13)

Time stamp and merchant and customer database for storing merchant and customer data…
background system 30 has a timer or a clock for outputting a time information or time stamp T in order to have a current reference time available at each point in time. For intermediate processing, the background system 30 expediently also has a memory, in particular a temporary memory M. A merchant database 34 is provided for storing data of the merchant terminals 10 and the merchant data or operators of the merchant terminals 10. Accordingly, data from customer terminals 20 or operators of the customer terminals are stored in a customer database 35.” (pg. 4, col. 14)

	See Token below.

wherein the plurality of payment terminals comprise at least one secure element SEALS-SE, and the secure element SEALS-SE is a physical secure element which comprises a processor with cryptographic suitability which enables authentication of the mobile device and representation of the server in the plurality of terminals and is configured to locally enable a final settlement of the goods purchased in relation to the payment transaction,

Terminal cryptocoprocessor (security element that is a processor with cryptographic suitability) for merchant (payment) terminal…
“For encrypting, the public key OSH of the background system merchant key pair OSH, PSH is used by the merchant terminal 10 or its control device or by a special chip C, in particular a cryptocoprocessor. The public key OSH is stored in the memory M or in the special chip C from the outside in a nonreadable manner. The key pair is expediently OSH, PSH, in order to form a key pair for a so-called RSA encryption or a comparable secure encryption principle.” (pg. 5, para. 10)

“The merchant terminal is preferably a conventional POS (point of sale/sales) terminal, supplemented by an interface according to ISO 14443, an internet shop, or a GSM terminal supplemented by an interface according to ISO 14443.” (pg. 9, para. 6)

One example of authentication of customer where customer is authenticated by mobile radio number (therefore mobile  device is authenticated)…
“The transmission of the data to the background system, which were entered in the merchant terminal, can take place in different ways. In order to transmit the data, telephone connections with special protocols of the data transmission, such as for example payment traffic terminals (ZVT), are customary. The use of mobile radio devices is also known, wherein the advantage is used that the customer is known to the mobile radio operator and said customer has the permission to draw amounts together with the mobile radio calculation as an the customer is authenticated by the transmission of the mobile radio number of its mobile radio device serving as a customer terminal or, in the best case, ensures additional protection by the input of a further PIN or comparable identification.” (pg. 1, para. 6)

wherein the at least one mobile device and the payment terminal that are offline, in which the at least one mobile device does not include the secure element SEALS-SE, and both the at least one mobile device and the payment terminal are not connected to the internet and are not connected to the at least one server at the time of goods purchased/sold in response to the payment transaction, and

Payment transmitted independently of Internet connection (therefore offline)…
“The present method is intended to close this gap. The combination of highly encrypted data sets in conjunction with GSM/UMTS radio as independent data transmission can be ensured. The impregnation data, in particular those in which the sensitive data of the customer who makes the payment are transmitted, is carried out independently of the terminal of the merchant or even an Internet connection, that is to say on a completely separate path which cannot be controlled by the dealer. The data are encrypted and signed with an RSA key. In this case, both a system of uniform keys and a customer-specific key can be used. The encryption of the sensitive data is realized by a microprocessor chip card, possibly also with a cryptocoprocessor. This stores the keys securely. In addition, the authentication of the payment authorized person can be additionally secured by means of a PIN. This PIN can be stored both on the map and in the background system or only in the background system. The microprocessor chip card operates in conjunction with a device according to GSM and or UMTS standard, which secures the transmission and reception of SMS, optionally supports GPRS and data call. Further functions are optional. The transfer of the required data of the merchant to the customer (price, merchant number, TAN, payment possibilities of the merchant, among other things) can be inter alia by means of an interface according to ISO 14443 if the latter is supported by the chip card or the device. Other interfaces are conceivable, since these data are not sensitive. The path that encrypted data is transferred to the merchant terminal is also not critical, since they are then present in encrypted form.” (pg. 9, para. 9)

wherein a communication between the at least one mobile device and the plurality of payment terminals is:

i) a short-distance radio connection, including at least one of radio-frequency identification, near field communication, short-range wireless interconnection , bluetooth low energy, and wireless fidelity;

ii) contact-based connection, including at least one of USB and firewire;

iii) optical connection, including at least one of infrared, infrared data association, and near infrared; and/or

iv) acoustic connection.

Transmission of data between merchant terminal and customer terminal…
“A method for carrying out cashless financial transactions is known from DE 199 03 363 C2, in which, during the transmission of the data between the merchant terminal and the customer terminal, essentially an infrared interface is used. Such an infrared interface is configured in a standardized manner in conventional mobile radio devices, notebooks and the like. The disadvantage of such infrared interfaces, however, is a great uncertainty due to the large scattering angle, since all data can be read, copied and also generated by a separate device in the vicinity of the transmitting terminal by means of the simplest and unobtrusive technique. Safety for money transactions is thus not ensured. In addition, data are directly exchanged between the customer and the dealer in this method. In this way, manipulations of a wide variety of ways are made possible, in particular manipulation with credit card data in unserous retailers. In addition, the anonymity of the customer is not guaranteed with respect to the dealer. The method also comprises a background system having a background method for checking the authenticity, checking the authorization, etc. This procedure essentially corresponds to the standard methods of conventional online payments as in the use of an EC card (EC: European) in conjunction with a PIN input.” (pg. 1, para. 7)

Transmission (communicate) using Bluetooth, infrared…
“Transmission systems which prevent the transmitted data from co-cutting or intercepting the transmitted data are preferably used for the transmission via the third transmission path 43. Accordingly, an interface according to ISO 14443 is preferred, wherein other systems, for example Bluetooth, infrared interface, can also be used as interface systems.” (pg. 6, para. 7)

Token
Lehmann teaches encrypted cash or money (e-money).  They also teach purchase (spend) and time stamp for transactions.  They do not teach spend token with history and hash.

Furche et al. also in the business of encrypting teaches:

Signing tokens…
“In the above examples, the apparatus may further include a data repository storing statuses of issued tokens, the data repository in communication with the processor, wherein the processor is further configured to, as part of validating the previously issued Value Token, to check the data repository to confirm the status of the previously issued signing the newly issued Value Token, to cause the data repository to be updated to indicate that the previously issued Value Token is no longer a valid token.” [0015]

Example of creates (generates) token…
“A further extension of digital currency with digital signatures is the use of the so-called “blind signature” approach. This approach allows for a secure system where a user, not the issuer, creates unsigned ‘proto digital currency tokens’, which are then provided to the issuer to sign (in what may be termed a ‘withdrawal’ transaction). At the times digital currency tokens are signed by the issuer, the issuer does not see their serial numbers, nor is the issuer able to determine them.” [0007]

Token with audit trail for transactions (therefore history)…
“Example: Final (Indelible) transaction In some embodiments, as a token transaction always results in a token swap, a write once ledger may provide an indelible audit trail for such transactions. For example, the state of the system may be modified by appending transactions to a ledger so as to create an indelible record for those transactions. This record may be written to write-once media to preserve the state of the system and the transaction history across a system failure. For example, this may employ one or more cryptographic techniques to establish the veracity and irrefutable unique state of such a record. For example, a blockchain, Merkel Tree and/or other hash arrangements or digital signatures may be used. For example, once a token has been decrypted by redeeming Mint, e.g., by its intrinsic token verification unit, the token is added to at least one appropriate and accessible spent token list. Even when the transaction fails because some tokens have already been spent at the time of the request, the particular failure is caused by that combination of tokens and unspent tokens and the transaction should be recorded and the unspent tokens will be marked as spent (or actually cancelled).” [0422]

Example of unspent tokens…
“In some embodiments, when a User sends a Payment Message that contains tokens some of which are spent and others are not, the Mint creates a Coded Value Token for the unspent tokens allowing them to be cancelled only (for example, cancel “In Escrow” state). The User sending the tokens for exchange receives a permanent failure.” [0406]  Inherent with an unspent token is a token different than a spend token.

Signature of token validated…
“In 556, ownership related checks for the Value Token may be made. For example, the identity of the requester of the swap may be checked. In some variants, the Value Token includes a digital signature of the original recipient, which may be a random blinding factor under a blind signature protocol. This signature may be validated to verify the Value Token's ownership. In 560, if any of the preceding validity checks for the Value Token and requested swap have failed, the procedure may proceed to 562, otherwise it may continue with 576.” [0202]

Token with audit trail for transactions (therefore history)…
“Example: Final (Indelible) transaction In some embodiments, as a token transaction always results in a token swap, a write once ledger may provide an indelible audit trail for such transactions. For example, the state of the system may be modified by appending transactions to a ledger so as to create an indelible record for those transactions. This record may be written to write-once media to preserve the state of the system and the transaction history across a system failure. For example, this may employ one or more cryptographic techniques to establish the veracity and irrefutable unique state of such a record. For example, a blockchain, Merkel Tree and/or other hash arrangements or digital signatures may be used. For example, once a token has been decrypted by redeeming Mint, e.g., by its intrinsic token verification unit, the token is added to at least one appropriate and accessible spent token list. Even when the transaction fails because some tokens have already been spent at the time of the request, the particular failure is caused by that combination of tokens and unspent tokens and the transaction should be recorded and the unspent tokens will be marked as spent (or actually cancelled).” [0422]

Hash for spent token…
“Example: Final (Indelible) transaction In some embodiments, as a token transaction always results in a token swap, a write once ledger may provide an indelible audit trail for such transactions. For example, the state of the system may be modified by appending transactions to a ledger so as to create an indelible record for those transactions. This record may be written to write-once media to preserve the state of the system and the transaction history across a system failure. For example, this may employ one or more cryptographic techniques to establish the veracity and irrefutable unique state of such a record. For example, a blockchain, Merkel Tree and/or other hash arrangements or digital signatures may be used. For example, once a token has been decrypted by redeeming Mint, e.g., by its intrinsic token verification unit, the token is added to at least one appropriate and accessible spent token list. Even when the transaction fails because some tokens have already been spent at the time of the request, the particular failure is caused by that combination of tokens and unspent tokens and the transaction should be recorded and the unspent tokens will be marked as spent (or actually cancelled).” [0422]

It would have been obvious to one of ordinary skill in the art at the time of filing to include in the method and system of Lehmann the ability to have audit trails (history) for spent tokens with hash as taught by Furche et al. since the claimed invention is merely a combination of old elements and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  Further motivation is provided by Furche et al. who teaches the advantages of security and using hash with blockchain enhances security and use of e-money.  The combined references also have a financial benefit by using audit for tracking transaction history of spent tokens as a way to track expenses.

Regarding claim 3
The system according to claim 1, wherein the at least one mobile device and the server communicate with one another by a data network connection such as a radio data connection.

Lehmann teaches:
Example of radio data connection with customer (mobile device) and background system (server)…
“The transmission of the data to the background system, which were entered in the merchant terminal, can take place in different ways. In order to transmit the data, telephone connections with special protocols of the data transmission, such as for example payment traffic terminals (ZVT), are customary. The use of mobile radio devices is also known, wherein the advantage is used that the customer is known to the mobile radio operator and said customer has the permission to draw amounts together with the mobile radio calculation as an Insosogesellschaft. In addition, the advantage is that that the customer is authenticated by the transmission of the mobile radio number of its mobile radio device serving as a customer terminal or, in the best case, ensures additional protection by the input of a further PIN or comparable identification.” (pg. 1, para. 6)

Regarding claim 4
The system according to claim 1, wherein the at least one mobile device is a mobile telephone, smartphone, tablet, notebook, laptop, smart wearables and/or mobile device specifically provided for the system.

Lehmann teaches:
Example of phone…
“In the known methods of payment using a mobile radio device, no additional PIN is required, as a result of which the theft of a switched-on mobile phone allows misuse.” (pg. 2, para. 3)

Another example…
“The customer terminal 20 shown by way of example is an SMS pad which is substantially comparable to a mobile radio telephone without a voice
transmission function. The customer terminal 20 has, in particular, an integrated first interface device 21 for establishing a transmission path 43 to the
interface device 12 of the merchant terminal 10.” (pg. 4, para. 11)

Regarding claim 6
The system according to claim 1, wherein the at least one mobile device comprises at least one of:

a processor,
a memory,

Lehmann teaches:
Data stored by customers…
“The starting point is an electronic payment system with a background system which allows access to databases. In a conventional manner, the data required in the databases are stored by retailers and customers, as well as in particular bank accounts of these dealer and customer. Access from the outside to this data is blocked.” (pg. , col. 6)

a power supply,
a display with input field,
a mobile radio transceiver, WLAN transceiver and/or a sending/receiving unit for making contact with the server,
a connection for the data transfer between the at least one mobile device and the at least one payment terminal, in particular a short-distance radio transceiver, a contact- based connection, an optical connection, an acoustic connection and/or a data network connection.

Another example of Bluetooth (short-distance)…
“Transmission systems which prevent the transmitted data from co-cutting or intercepting the transmitted data are preferably used for the transmission via the third transmission path 43. Accordingly, an interface according to ISO 14443 is preferred, wherein other systems, for example Bluetooth, infrared interface, can also be used as interface systems.” (pg. 6, para. 7)

Regarding claim 7
The system according to claim 1, wherein the at least one payment terminal comprises at least:

a processor,

Lehmann teaches:
Cryptocoprocessor…
“For encrypting, the public key OSH of the background system merchant key pair OSH, PSH is used by the merchant terminal 10 or its control device or by a special chip C, in particular a cryptocoprocessor. The public key OSH is stored 

a memory,
a power supply,
a user interface such as a touch display, and/or a machine interface, such as a USB connection,
a short distance radio transceiver, a contact-based connection, an optical connection, an acoustic connection and/or a data network connection for the data transfer between the at least one mobile device and the at least one payment terminal,
the secure element SEALS-SE.

Regarding claim 8
The system according to claim 1, wherein at least one payment terminal is a device, wherein the device comprises the at least one mobile device, which is enhanced with the secure element SEALS-SE and software and/or hardware.

Lehmann teaches:
Cryptocoprocessor…
“For encrypting, the public key OSH of the background system merchant key pair OSH, PSH is used by the merchant terminal 10 or its control device or by a special chip C, in particular a cryptocoprocessor. The public key OSH is stored in the memory M or in the special chip C from the outside in a nonreadable manner. The key pair is expediently OSH, PSH, in order to form a key pair for a so-called RSA encryption or a comparable secure encryption principle.” (pg. 5, para. 10)

Where terminals can be mobile devices…
“The payment system also has two groups of terminals, a first group of terminals serving as merchant terminals, and a second group of VOH terminals serving as customer terminals, wherein a payment to the operator of a merchant terminal is initiated by the operator of a customer terminal. The term terminal can be seen widely and comprises passive devices with an electronic chip which is activated when contacting by an externally acting field in order to carry out a data exchange. Furthermore, a terminal can be understood to mean, for example, mobile radio devices with a SIM card for the identification thereof in a specific mobile radio network, mobile computers with radio network interfaces and network terminals with a network access to a remote data source.” (pg. 2, para. 7)

Example of equipping known mobile devices with cryptoprocessor for complex encryption of data (secure element, therefore known mobile device do not have this secure element)…
equipping a known mobile radio device or mobile computer with such a functionality, in particular by installing a second processor as a second control device in addition to a known SIM card, simple devices can also be provided as a second terminal. It is thus also possible, for example, to use an SMS pad (SMS: Short Massage Service/Short message service) which, in contrast to the mobile radio telephone, does not have any voice functionality. The encryption device is also advantageously an independent chip in such a simple device, in particular with a cryptocoprocessor, which provides sufficient power for the complex encryption of the data. The installation of a dual-interface smart card known per se is preferred. The independent chip is provided in addition to a SIM card which is used to enable communication via the mobile radio networks. The use of the short message service offers the further advantage that short messages do not have to be transmitted via a permanently installed connection between the participating data end stations.” (pg. 3, para. 13)

Regarding claim 20
The system according to claim 1, wherein the system further comprises at least one smartcard storing the e-money, wherein the e- money is kept on the smartcard.

Lehmann teaches:
Example of smart card…
“An interface for short distances is advantageously used for the transmission between the first terminal and the second terminal in order to avoid the disadvantages of widely varying interfaces. In particular, this can be an interface according to ISO 14443, which can also communicate directly with the smart card if this is designed as a dual interface smart card with such an interface.” (pg. 3, col. 4)

Regarding claim 22
The system according to claim 1, wherein the secure element SEALS-SE is configured to enable authentication of the mobile device and representation of the server in the terminal by verifying and/or signing the spend tokens and load tokens, detecting fraud attempts at the terminal, generating and verifying signatures, buffering the load tokens TL and/or the spend tokens TS, generating new e-money tokens, preventing manipulation and fraud attempts, monitoring an amount of the e-money that is transferred from the device to the terminal and providing tools for telegram encryption.

	The above combined references:

Spend and load tokens.

Signing and verifying signatures and tokens.

Encrypting (generating) e-money.

Using computers and communication between computers for tokens, where buffering data is inherent.

Audit and blockhain for transaction (monitoring amount of money transferred)

SMS encryption (telegram encryption).

Lehmann teaches:
System using encryption to prevent fraud and theft..
“The transmission of sensitive data during the transmission of data sets in the case of cashless payment always represents a considerable safety risk. In particular in the Internet, however, even in the case of the methods customary today for payment with the EC card in the offline method (ELV: Electronic Loading Method), manipulations, fraud and data theft are on the order of day. The use of the GSM technology and the future UMTS method for payment transactions is therefore always judged to be insufficiently safe.” (pg. 9, para. 8)

Regarding claim 11
A method for secure payment with e-money using the at least one mobile device with the system according to claim 1, the method comprises at least one of the following steps a) to d):

a) storing the e-money on the at least one mobile device or plurality of payment terminals, wherein the e-money comprises spend token TS for each individual terminal, wherein the spend token TS is configured to contain only the information relating to the most current goods purchased/sold in response to the payment transaction between the mobile device and the payment terminal involved in the payment transaction,

Lehmann teaches:
Merchant terminal or customer terminal and memory for storing data, where there are a plurality of devices for payment via electronic paths…
“As basic system components, the payment system shown has a first terminal as a merchant terminal 10, a second terminal as a customer terminal 20 and a background system 30 which exchange data or data sets with one another via transmission links 41-43. The terminals 10, 20 are representative of a plurality of different devices and devices which are suitable for the purpose of payment via electronic paths. By way of example, the merchant terminal is a cash register 11 which transmits data, in particular a price indication, to an interface device 12. In order to control the operation, the merchant terminal also has a control device C. Data are stored in a memory M which can be a component of an independent storage device in the merchant terminal 10 or a component of a processor of the control device.” (pg. 4, para. 10)

Where money is encrypted data, therefore e-money…
a real money flow takes place only within the background system but not via the connections to the first or to the second terminal. No real money flow takes place between the two terminals, but rather only a transmission of encrypted data, which are then used after corresponding forwarding in the background system for triggering the actual financial transaction.” (pg. 3, para. 9)

“There are a multiplicity of electronic payment systems for paying services or goods or else for the other transmission of money. In general, a payment system having a background system with access to databases in which data is stored for retailers and potential customers, in particular bank customers with bank accounts, is known. The payment system also has a first group of terminals which are available as merchant terminals at point of sale or service points. Furthermore, the payment system has a second group of terminals as customer terminals, wherein the customer terminals are operated by users who wish to make a payment to the merchant terminal or to a merchant terminal. In general, it is also known to use a simple encryption system in order not to transmit the data as unencrypted plain text. The payment system thus serves to carry out a monetary transaction by transmitting data between a specific first terminal of the first group of terminals and a specific second terminal of the second group of terminals.” (pg. 1, para. 3)

See Token below.

b) the at least one mobile device and payment terminal communicate with one another by i) a short-distance radio connection, including at least one of radio-frequency identification, near field communication, short-range wireless interconnection, bluetooth low energy, and wireless fidelity; ii) contact- based connection, at least one of USB and firewire; ii) optical connection, including at least one of infrared, infrared data association, and near infrared; and/or iv) acoustic connection,

Transmission of data between merchant terminal and customer terminal…
“A method for carrying out cashless financial transactions is known from DE 199 03 363 C2, in which, during the transmission of the data between the merchant terminal and the customer terminal, essentially an infrared interface is used. Such an infrared interface is configured in a standardized manner in conventional mobile radio devices, notebooks and the like. The disadvantage of such infrared interfaces, however, is a great uncertainty due to the large scattering angle, since all data can be read, copied and also generated by a separate device in the vicinity of the transmitting terminal by means of the simplest and unobtrusive technique. Safety for money transactions is thus not ensured. In addition, data are directly exchanged between the customer and the dealer in this method. In this way, manipulations of a wide variety of ways are made possible, in particular manipulation with credit card data in unserous retailers. In addition, the anonymity of the customer is not guaranteed with respect to the dealer. The method also comprises a background system having a 

Transmission (communicate) using Bluetooth, infrared…
“Transmission systems which prevent the transmitted data from co-cutting or intercepting the transmitted data are preferably used for the transmission via the third transmission path 43. Accordingly, an interface according to ISO 14443 is preferred, wherein other systems, for example Bluetooth, infrared interface, can also be used as interface systems.” (pg. 6, para. 7)

wherein the plurality of payment terminals comprise at least one physical secure element SEALS-SE, and the secure element SEALS-SE is a physical secure element which comprises a processor with cryptographic suitability,

“The aim of the invention is to further develop a payment system for electronically carrying out a financial transaction, terminals for such a payment system and a method for carrying out an electronic payment process.” (pg. 2, para. 4)

“This problem is solved by a payment system having the features of claim 1, terminals for such a payment system having the features of claims 23 and 24, or a method having the features of claim 28. Advantageous embodiments are the subject matter of dependent claims.” (pg. 2, para. 5)

Claim 23, with a control device for encrypting data…
“23. The invention relates to a terminal as a first terminal (10, 10') for a payment system according to any preceding claim, comprising an interface (13) to the background system (30) and a further interface, in particular an output interface (12, 12', 14', 12 *), and a control device (C) for receiving, processing and transmitting data and for encrypting the data and having a memory for keys that cannot be accessed from the outside.” 

Claim 24…
“24. Terminal as a second terminal (20, 20 *) for a payment system according to one of claims 1 to 22 with an interface (22;25) to the background system”

Claim 28…
“28. Method for carrying out an electronic payment process, in particular with a payment system according to one of Claims 1 to 22 and/or with a terminal according to one of Claims 23 to 27, in which-data from a first terminal (10, 10'), in particular a merchant terminal, from a first group of terminals” 

Terminal cryptocoprocessor (security element)…
For encrypting, the public key OSH of the background system merchant key pair OSH, PSH is used by the merchant terminal 10 or its control device or by a special chip C, in particular a cryptocoprocessor. The public key OSH is stored in the memory M or in the special chip C from the outside in a nonreadable manner. The key pair is expediently OSH, PSH, in order to form a key pair for a so-called RSA encryption or a comparable secure encryption principle.” (pg. 5, para. 10)

“The merchant terminal is preferably a conventional POS (point of sale/sales) terminal, supplemented by an interface according to ISO 14443, an internet shop, or a GSM terminal supplemented by an interface according to ISO 14443.” (pg. 9, para. 6)

wherein the mobile device and the payment terminal are not connected to the Internet at the time of the payment transaction to allow a payment transaction with final settlement without Internet connection,

Payment transmitted independently of Internet connection…
“The present method is intended to close this gap. The combination of highly encrypted data sets in conjunction with GSM/UMTS radio as independent data transmission can be ensured. The impregnation data, in particular those in which the sensitive data of the customer who makes the payment are transmitted, is carried out independently of the terminal of the merchant or even an Internet connection, that is to say on a completely separate path which cannot be controlled by the dealer. The data are encrypted and signed with an RSA key. In this case, both a system of uniform keys and a customer-specific key can be used. The encryption of the sensitive data is realized by a microprocessor chip card, possibly also with a cryptocoprocessor. This stores the keys securely. In addition, the authentication of the payment authorized person can be additionally secured by means of a PIN. This PIN can be stored both on the map and in the background system or only in the background system. The microprocessor chip card operates in conjunction with a device according to GSM and or UMTS standard, which secures the transmission and reception of SMS, optionally supports GPRS and data call. Further functions are optional. The transfer of the required data of the merchant to the customer (price, merchant number, TAN, payment possibilities of the merchant, among other things) can be inter alia by means of an interface according to ISO 14443 if the latter is supported by the chip card or the device. Other interfaces are conceivable, since these data are not sensitive. The path that encrypted data is transferred to the merchant terminal is also not critical, since they are then present in encrypted form.” (pg. 9, para. 9)

c) the payment terminal and the server or the server and the at least one payment terminal (5) exchange at least one telegram, wherein the exchange of the at least one telegram takes place via the at least one mobile device or a plurality of devices.

Use of a server and SMS (telegram) for sending/receiving (exchange) SMS (telegram) with merchant (terminal) and customer (mobile device)…
“The background system consists of an SMS host for sending and receiving SMS messages and a server which fulfills conventional clearing tasks and checks customers and retailers according to the known methods. In addition, it has the respective RSA keys for encryption and decryption of data records which are transmitted by SMS and or can be received.” (pg. 9, para. 5)

Token
Lehmann teaches encrypted cash or money (e-money).  They also teach purchase (spend) and time stamp for transactions.  They do not teach spend token.

Furche et al. also in the business of encrypting teaches:
Token with audit trail for transactions (therefore history)…
“Example: Final (Indelible) transaction In some embodiments, as a token transaction always results in a token swap, a write once ledger may provide an indelible audit trail for such transactions. For example, the state of the system may be modified by appending transactions to a ledger so as to create an indelible record for those transactions. This record may be written to write-once media to preserve the state of the system and the transaction history across a system failure. For example, this may employ one or more cryptographic techniques to establish the veracity and irrefutable unique state of such a record. For example, a blockchain, Merkel Tree and/or other hash arrangements or digital signatures may be used. For example, once a token has been decrypted by redeeming Mint, e.g., by its intrinsic token verification unit, the token is added to at least one appropriate and accessible spent token list. Even when the transaction fails because some tokens have already been spent at the time of the request, the particular failure is caused by that combination of tokens and unspent tokens and the transaction should be recorded and the unspent tokens will be marked as spent (or actually cancelled).” [0422]

Hash for spent token…
“Example: Final (Indelible) transaction In some embodiments, as a token transaction always results in a token swap, a write once ledger may provide an indelible audit trail for such transactions. For example, the state of the system may be modified by appending transactions to a ledger so as to create an indelible record for those transactions. This record may be written to write-once media to preserve the state of the system and the transaction history across a system failure. For example, this may employ one or more cryptographic techniques to establish the veracity and irrefutable unique state of such a record. For example, a blockchain, Merkel Tree and/or other hash arrangements or digital signatures may be used. For example, once a token has been decrypted by spent token list. Even when the transaction fails because some tokens have already been spent at the time of the request, the particular failure is caused by that combination of tokens and unspent tokens and the transaction should be recorded and the unspent tokens will be marked as spent (or actually cancelled).” [0422]

It would have been obvious to one of ordinary skill in the art at the time of filing to include in the method and system of Lehmann the ability to have audit trails (history) for spent tokens with hash as taught by Furche et al. since the claimed invention is merely a combination of old elements and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  Further motivation is provided by Furche et al. who teaches the advantages of security and using hash with blockchain enhances security and use of e-money.  The combined references also have a financial benefit by using audit for tracking transaction history of spent tokens as a way to track expenses.

Regarding claim 23
A method for secure payment with e-money using a system which comprises:

at least one mobile device storing the e-money, wherein at least one mobile device is a non-secure mobile device,

Lehmann teaches:
Mobile devices…
“The payment system also has two groups of terminals, a first group of terminals serving as merchant terminals, and a second group of VOH terminals serving as customer terminals, wherein a payment to the operator of a merchant terminal is initiated by the operator of a customer terminal. The term terminal can be seen widely and comprises passive devices with an electronic chip which is activated when contacting by an externally acting field in order to carry out a data exchange. Furthermore, a terminal can be understood to mean, for example, mobile radio devices with a SIM card for the identification thereof in a specific mobile radio network, mobile computers with radio network interfaces and network terminals with a network access to a remote data source.” (pg. 2, para. 7)

A first terminal (payment terminal) with control device for encrypting data…
“Advantageously, a terminal provided as a first terminal for such a transaction system has an interface to the background system and a further interface, in particular an output interface to the second terminal. In the simplest embodiment, the output interface to the second terminal can be designed in the The terminal also has a control device for receiving, processing and transmitting data and for encrypting the data with keys that cannot be accessed from the outside in a secure memory.” (pg. 3, para. 10)

Therefore the payment terminal has a control device for encrypting data.
A smart card (example of mobile device) can optionally have (therefore not required, and therefore non-secure) a cryptocoprocessor (security element)…
“The encryption takes place advantageously in each case in an encryption/control device which is independent of the interfaces for transmission and cannot be accessed from the outside. Advantageously, a smart card can optionally be used for this purpose with a cryptocoprocessor. For particularly good protection, the encryption device is assigned one or two individual key pairs which are used for securing the connection to the background system for the transmission of data from the background system. The keys, in particular the private key, are stored in a memory area which cannot be accessed from the outside and can only be accessed by the smart card.” (pg. 3, para. 3)

Therefore a mobile device without a cryptocoprocessor (secure element) for encrypting data with keys.

Another example of a mobile radio device that “can also be provided with a cryptocoprocessor, but not required (therefore known mobile device do not have this secure element)…
“In addition to equipping a known mobile radio device or mobile computer with such a functionality, in particular by installing a second processor as a second control device in addition to a known SIM card, simple devices can also be provided as a second terminal. It is thus also possible, for example, to use an SMS pad (SMS: Short Massage Service/Short message service) which, in contrast to the mobile radio telephone, does not have any voice functionality. The encryption device is also advantageously an independent chip in such a simple device, in particular with a cryptocoprocessor, which provides sufficient power for the complex encryption of the data. The installation of a dual-interface smart card known per se is preferred. The independent chip is provided in addition to a SIM card which is used to enable communication via the mobile radio networks. The use of the short message service offers the further advantage that short messages do not have to be transmitted via a permanently installed connection between the participating data end stations.” (pg. 3, para. 13)

Merchant terminal or customer terminal and memory for storing data, where there are a plurality of devices for payment via electronic paths…
the payment system shown has a first terminal as a merchant terminal 10, a second terminal as a customer terminal 20 and a background system 30 which exchange data or data sets with one another via transmission links 41-43. The terminals 10, 20 are representative of a plurality of different devices and devices which are suitable for the purpose of payment via electronic paths. By way of example, the merchant terminal is a cash register 11 which transmits data, in particular a price indication, to an interface device 12. In order to control the operation, the merchant terminal also has a control device C. Data are stored in a memory M which can be a component of an independent storage device in the merchant terminal 10 or a component of a processor of the control device.” (pg. 4, para. 10)

Where money is encrypted data, therefore e-money…
“Advantageously, a real money flow takes place only within the background system but not via the connections to the first or to the second terminal. No real money flow takes place between the two terminals, but rather only a transmission of encrypted data, which are then used after corresponding forwarding in the background system for triggering the actual financial transaction.” (pg. 3, para. 9)

“There are a multiplicity of electronic payment systems for paying services or goods or else for the other transmission of money. In general, a payment system having a background system with access to databases in which data is stored for retailers and potential customers, in particular bank customers with bank accounts, is known. The payment system also has a first group of terminals which are available as merchant terminals at point of sale or service points. Furthermore, the payment system has a second group of terminals as customer terminals, wherein the customer terminals are operated by users who wish to make a payment to the merchant terminal or to a merchant terminal. In general, it is also known to use a simple encryption system in order not to transmit the data as unencrypted plain text. The payment system thus serves to carry out a monetary transaction by transmitting data between a specific first terminal of the first group of terminals and a specific second terminal of the second group of terminals.” (pg. 1, para. 3)

a plurality of payment terminals, and

Merchant (payment) terminals (plural)…
“The payment system also has two groups of terminals, a first group of terminals serving as merchant terminals, and a second group of VOH terminals serving as customer terminals, wherein a payment to the operator of a merchant terminal is initiated by the operator of a customer terminal. The term terminal can be seen widely and comprises passive devices with an electronic chip which is activated when contacting by an externally acting field in order to carry out a data exchange. Furthermore, a terminal can be understood to mean, 

at least one server,

Example of server…
“An electronic payment system is known from WO 98/47116, which essentially corresponds to known methods from the range of credit card requests and the so-called E-cash and from the loading of electronic purses. In this method, customer terminal, merchant terminal and a server are connected to one another in the background system during the process, which is an online method. Reference is also made to the possibility of using encryption methods, wherein a specific description of the type of encryption is not given. However, it is disadvantageous that customer data are stored in the so-called SIM card (SIM: Subscriber Identification Module), in which the IMSI identifier (IMSI: International Mobile Subscriber Identity) uniquely assigned to the SIM card is also stored. The SIM card is protected against misuse by a 4-digit PIN, as long as the PIN is kept secret. In particular, the storage of customer data in the SIM card is disadvantageous.” (pg. 1, para. 8)

Another example of a server…
“The background system consists of an SMS host for sending and receiving SMS messages and a server which fulfills conventional clearing tasks and checks customers and retailers according to the known methods. In addition, it has the respective RSA keys for encryption and decryption of data records which are transmitted by SMS and or can be received.” (pg. 9, col. 5)

wherein the e-money comprises a spend token TS for each individual terminal, wherein the spend token TS relates to good purchased/sold in response to a payment transaction between the mobile device and the individual payment terminal involved in the payment transaction,

One example of goods and services between merchant (payment) terminals and customer terminals (mobile devices) for payment…
“There are a multiplicity of electronic payment systems for paying services or goods or else for the other transmission of money. In general, a payment system having a background system with access to databases in which data is stored for retailers and potential customers, in particular bank customers with bank accounts, is known. The payment system also has a first group of terminals which are available as merchant terminals at point of sale or service points. Furthermore, the payment system has a second group of terminals as customer terminals, wherein the customer terminals are operated by users who wish to make a payment to the merchant terminal or to a merchant terminal. In general, it is also known to use a simple encryption system in order not to transmit the data as unencrypted plain text. The payment system thus serves to carry out a monetary transaction by transmitting data between a specific first terminal of the first group of terminals and a specific second terminal of the second group of terminals.” (pg. 1, para. 3)


	See Token below.

wherein the spend token TS is configured to contain only the information relating to the most current goods purchased/sold in response to the payment transaction between the at least one mobile device and the payment terminal, as well as the history of the older spend tokens TS as hash,

Where current time is provided with transaction number for current transaction process…
“According to a particularly preferred embodiment, current time data are also provided as time information T from the system clock and used as separate data T or as an integrated component of the transaction number TAN for the current transaction process.” (pg. 5, para. 13)

Time stamp and merchant and customer database for storing merchant and customer data…
“The host 31 of the background system 30 expediently has a central control device C for controlling the own operating sequence and for providing and processing data to be transmitted or transmitted. In addition, the background system 30 has a timer or a clock for outputting a time information or time stamp T in order to have a current reference time available at each point in time. For intermediate processing, the background system 30 expediently also has a memory, in particular a temporary memory M. A merchant database 34 is provided for storing data of the merchant terminals 10 and the merchant data or operators of the merchant terminals 10. Accordingly, data from customer terminals 20 or operators of the customer terminals are stored in a customer database 35.” (pg. 4, col. 14)

See Token below.

wherein the plurality of payment terminals comprise at least one secure element SEALS- SE, and the secure element SEALS-SE is a physical secure element which comprises a processor with cryptographic suitability which enables authentication of the mobile device and representation of the server in the plurality of terminals and is configured to locally enable a final settlement of the goods purchased in relation to the payment transaction, and 

Terminal cryptocoprocessor (security element that is a processor with cryptographic suitability) for merchant (payment) terminal…
For encrypting, the public key OSH of the background system merchant key pair OSH, PSH is used by the merchant terminal 10 or its control device or by a special chip C, in particular a cryptocoprocessor. The public key OSH is stored in the memory M or in the special chip C from the outside in a nonreadable manner. The key pair is expediently OSH, PSH, in order to form a key pair for a so-called RSA encryption or a comparable secure encryption principle.” (pg. 5, para. 10)

“The merchant terminal is preferably a conventional POS (point of sale/sales) terminal, supplemented by an interface according to ISO 14443, an internet shop, or a GSM terminal supplemented by an interface according to ISO 14443.” (pg. 9, para. 6)

One example of authentication of customer where customer is authenticated by mobile radio number (therefore mobile  device is authenticated)…
“The transmission of the data to the background system, which were entered in the merchant terminal, can take place in different ways. In order to transmit the data, telephone connections with special protocols of the data transmission, such as for example payment traffic terminals (ZVT), are customary. The use of mobile radio devices is also known, wherein the advantage is used that the customer is known to the mobile radio operator and said customer has the permission to draw amounts together with the mobile radio calculation as an Insosogesellschaft. In addition, the advantage is that that the customer is authenticated by the transmission of the mobile radio number of its mobile radio device serving as a customer terminal or, in the best case, ensures additional protection by the input of a further PIN or comparable identification.” (pg. 1, para. 6)

wherein the at least one mobile device and the payment terminal that are offline, in which the at least one mobile device does not include the secure element SEALS-SE, and both the at least one mobile device and the payment terminal are not connected to the internet and are not connected to the at least one server at the time of goods purchased/sold in response to the payment transaction, 

Payment transmitted independently of Internet connection (therefore offline)…
“The present method is intended to close this gap. The combination of highly encrypted data sets in conjunction with GSM/UMTS radio as independent data transmission can be ensured. The impregnation data, in particular those in which the sensitive data of the customer who makes the payment are transmitted, is carried out independently of the terminal of the merchant or even an Internet connection, that is to say on a completely separate path which cannot be controlled by the dealer. The data are encrypted and signed with an RSA key. In this case, both a system of uniform keys and a customer-specific key can be used. The encryption of the sensitive data is realized by a microprocessor chip card, possibly also with a cryptocoprocessor. This stores the keys securely. In addition, the authentication of the payment authorized person can be additionally secured by means of a PIN. This PIN can be stored both on the map and in the background system or only in the background system. The microprocessor chip card operates in conjunction with a device according to GSM and or UMTS standard, which secures the transmission and reception of SMS, optionally supports GPRS and data call. Further functions are optional. The transfer of the required data of the merchant to the customer (price, merchant number, TAN, payment possibilities of the merchant, among other things) can be inter alia by means of an interface according to ISO 14443 if the latter is supported by the chip card or the device. Other interfaces are conceivable, since these data are not sensitive. The path that encrypted data is transferred to the merchant terminal is also not critical, since they are then present in encrypted form.” (pg. 9, para. 9)

the method comprising the steps of: 

storing the e-money on the at least one of the at least one mobile devices and payment terminals, wherein the e-money further comprises at least one load token TL different from the spend token TS. 

Data stored by retailers and customers…
“The starting point is an electronic payment system with a background system which allows access to databases. In a conventional manner, the data required in the databases are stored by retailers and customers, as well as in particular bank accounts of these dealer and customer. Access from the outside to this data is blocked.” (pg. , col. 6)

	See Token below.

performing a payment transaction with the e-money with a final settlement without Internet connection at the time of the payment transaction, comprising the sub-steps of: 

Payment transmitted independently of Internet connection (therefore offline)…
“The present method is intended to close this gap. The combination of highly encrypted data sets in conjunction with GSM/UMTS radio as independent data transmission can be ensured. The impregnation data, in particular those in which the sensitive data of the customer who makes the payment are transmitted, is carried out independently of the terminal of the merchant or even an Internet connection, that is to say on a completely separate path which cannot be controlled by the dealer. The data are encrypted and signed with an RSA key. In this case, both a system of uniform keys and a customer-specific key can be used. The encryption of the sensitive data is realized by a microprocessor chip card, possibly also with a cryptocoprocessor. This stores the keys securely. In addition, the authentication of the payment Other interfaces are conceivable, since these data are not sensitive. The path that encrypted data is transferred to the merchant terminal is also not critical, since they are then present in encrypted form.” (pg. 9, para. 9)

generating the spend token by the mobile device in response to the payment transaction using the at least one mobile device at the payment terminal; 

Generate encrypted SMS message from encrypted data (includes e-money) at customer terminal (mobile device)…
“All data are processed and encrypted by the chip card C accordingly. A short message text or SMS text is then generated from the encrypted data record and transferred to the GSM part of the customer terminal 20. The GSM part of the customer terminal in turn consists of the SIM card SIM or comprises said SIM card as a further essential component.” (pg. 7, para. 11)

	See Token below.	

establishing a connection between the at least one mobile device and the payment terminal with bidirectional data exchange without connecting to the Internet, the connection between the at least one mobile device and the plurality of payment terminals being: i) a short-distance radio connection, including at least one of radio-frequency identification, near field communication, short-range wireless interconnection , bluetooth low energy, and wireless fidelity; ii) contact-based connection, including at least one of USB and firewire; iii) optical connection, including at least one of infrared, infrared data association, and near infrared; and/or iv) acoustic connection; 

Problem of payment when offline…
“The problem with the known methods is the transmission of sensitive data during the transmission of data or data sets in the case of cashless payment, since this represents a considerable safety risk. In particular in the case of payments over the Internet, but also in the currently customary methods for payment with EC card in the offline method, ie an electronic load writing method (ELV), manipulations, fraud and data theft are an everyday problem. The use of the mobile radio technology using the GSM (GSM: Global System for Mobile Communications) or UMTS (UMTS: Universal Mobile Telecommunications System) offers, for example, authentication of the owner of the SIM card in the customer terminal used, but prevents data 

“This problem is solved by a payment system having the features of claim 1, terminals for such a payment system having the features of claims 23 and 24, or a method having the features of claim 28. Advantageous embodiments are the subject matter of dependent claims.” (pg. 2, para. 5)

Claim 23, with a first (merchant) terminal control device for encrypting data…
“23. The invention relates to a terminal as a first terminal (10, 10') for a payment system according to any preceding claim, comprising an interface (13) to the background system (30) and a further interface, in particular an output interface (12, 12', 14', 12 *), and a control device (C) for receiving, processing and transmitting data and for encrypting the data and having a memory for keys that cannot be accessed from the outside.” 

Externally acting field (initiating a connection) and  initiate payment by customer terminal (mobile device) with merchant terminal for payment…
“The payment system also has two groups of terminals, a first group of terminals serving as merchant terminals, and a second group of VOH terminals serving as customer terminals, wherein a payment to the operator of a merchant terminal is initiated by the operator of a customer terminal. The term terminal can be seen widely and comprises passive devices with an electronic chip which is activated when contacting by an externally acting field in order to carry out a data exchange. Furthermore, a terminal can be understood to mean, for example, mobile radio devices with a SIM card for the identification thereof in a specific mobile radio network, mobile computers with radio network interfaces and network terminals with a network access to a remote data source.” (pg. 2, col. 7)  Inherent with the above is no connection to the Internet.
	
Transmission of data between merchant terminal and customer terminal…
“A method for carrying out cashless financial transactions is known from DE 199 03 363 C2, in which, during the transmission of the data between the merchant terminal and the customer terminal, essentially an infrared interface is used. Such an infrared interface is configured in a standardized manner in conventional mobile radio devices, notebooks and the like. The disadvantage of such infrared interfaces, however, is a great uncertainty due to the large scattering angle, since all data can be read, copied and also generated by a separate device in the vicinity of the transmitting terminal by means of the simplest and unobtrusive technique. Safety for money transactions is thus not ensured. In addition, data are directly exchanged between the customer and the dealer in this method. In this way, manipulations of a wide variety of ways are made possible, in particular manipulation with credit card data in unserous retailers. In addition, the anonymity of the customer is not guaranteed with 

Transmission (communicate) using Bluetooth, infrared…
“Transmission systems which prevent the transmitted data from co-cutting or intercepting the transmitted data are preferably used for the transmission via the third transmission path 43. Accordingly, an interface according to ISO 14443 is preferred, wherein other systems, for example Bluetooth, infrared interface, can also be used as interface systems.” (pg. 6, para. 7)

transferring a copy of the spend token from the at least one mobile device to the payment terminal, the spend token comprises at least a value of the goods purchased/sold in response to the payment transaction; 

Payment from customer terminal (mobile device) to merchant (payment) terminal (therefore transferring payment)…
“The payment system also has two groups of terminals, a first group of terminals serving as merchant terminals, and a second group of VOH terminals serving as customer terminals, wherein a payment to the operator of a merchant terminal is initiated by the operator of a customer terminal. The term terminal can be seen widely and comprises passive devices with an electronic chip which is activated when contacting by an externally acting field in order to carry out a data exchange. Furthermore, a terminal can be understood to mean, for example, mobile radio devices with a SIM card for the identification thereof in a specific mobile radio network, mobile computers with radio network interfaces and network terminals with a network access to a remote data source.” (pg. 2, col. 7)

verifying and/or signing the spend token by the secure element SEALS-SE of the payment terminal; and 

Decrypting (verifying) at the receiver (payment terminal)…
“In order to increase security, an encryption system is used for encrypting the data between the first terminal, the second terminal and/or the background system, which encryption system provides unique key pairs each with a public key and a private key. The public key serves to allow data or data records to be encrypted by a foreign device before the data are transmitted. On the receiver side, the encrypted data are then decrypted with the private key. An encryption system with, for example, a so-called RSA key pair is thus used.” (pg. 2, para. 9)

Claim 23, with a control device for encrypting data…
a terminal as a first terminal (10, 10') for a payment system according to any preceding claim, comprising an interface (13) to the background system (30) and a further interface, in particular an output interface (12, 12', 14', 12 *), and a control device (C) for receiving, processing and transmitting data and for encrypting the data and having a memory for keys that cannot be accessed from the outside.” 

exchanging at least one telegram between the at least one mobile device and the payment terminal at the time of the payment transaction; 

Example of transmission (exchanging) SMS (telegram) from customer terminal (mobile device)…
“In principle, the data provided in this way can be transmitted selectively via the third transmission point 43 and the merchant terminal 10 as an intermediate device and from the latter further via the first transmission path 41 to the background system 30. However, in a fifth step 5, the transmission of the encrypted data from the customer terminal 20 via the second interface device 22 is preferred directly to the background system 30 or to the interface device 32 thereof. The short message service SMS is preferably used for this transmission, other types of transmission paths and transmission systems also being usable in principle. For the transmission with the aid of the short message service SMS, the customer terminal 20 has the SIM card SIM, which controls the transmission via the second transmission link 42 or provides data which are required for the transmission with the aid of the short message service SMS.” (pg. 6, para. 6)

Another example of SMS message between merchant terminal and customer terminal…
“In these alternatives, too, the background system 30 can cause a transaction on the basis of a secure transaction request and transmit confirmation messages in parallel or subsequently in a sixth step 6.1, 6.2 as in the preceding exemplary embodiments. While the transmission of a corresponding confirmation to the merchant terminal 10 ′ is directly possible, a corresponding confirmation message in the form of a short message SMS is temporarily stored in the short message service router via the second transmission link 42 until the customer terminal 20 * establishes a communication connection to the short message service router and the transaction confirmation can be received in a time-offset manner.” (pg. 9, para. 1)

wherein the final settlement is defined that the payment transaction is legally valid and has been completed; 

Payment acknowledgements (therefore settlement), where the payment happened (therefore legally valid)…
“If all data or inputs are in order, as in the first exemplary embodiment, payment acknowledgements are sent to the customer terminal 20 or the
merchant terminal 10 ′ in the sixth step 6.1, 6.2, wherein the merchant terminal 10 ′ in the present case is preferably a computer for handling chewings
and for causing the delivery of requested items or the instigation of requested services.” (pg. 7, para. 13)  Inherent with confirmation and payment acknowledgments is legally valid payment completed.


exchanging the at least one telegram between the at least one mobile device and the server after the at least mobile device is no longer offline and is connected to the server; 

Sending and receiving messages using customer (mobile device) and server…
“The background system consists of an SMS host for sending and receiving SMS messages and a server which fulfills conventional clearing tasks and checks customers and retailers according to the known methods. In addition, it has the respective RSA keys for encryption and decryption of data records which are transmitted by SMS and or can be received.” (pg. 9, para. 5)

receiving a telegram with a receipt confirmation by the at least one mobile device from the server, and the at least one mobile device transmitting said telegram with the receipt confirmation to the payment terminal; and 

Example of clearing servers and SMS capable device (therefore mobile device)…
“The development in the background system differs from the known methods in particular in clearing servers by storing the RSA keys, decrypting the data records, checking the decrypted PIN, possibly checking the SIM card number and vice versa in the encryption of sensitive data records to the SMS-capable device, the inclusion of the GSM/UMTS time stamp in the security query and optionally a random number. When using different and carddependent keys for transmitting and receiving data, the "click" of such a system for the. Out-of-view future.” (pg. 9, para. 11)

monitoring and detecting misuse in the system, comprising the sub-steps of: 

storing and processing the telegrams received from the mobile device, blocking one of at least one mobile device including irregularities, and transmitting other telegrams to the payment terminal via the at least one mobile device; 

Storing data and blocking outside data…
“The starting point is an electronic payment system with a background system which allows access to databases. In a conventional manner, the data required in the databases are stored by retailers and customers, as well as in particular bank accounts of these dealer and customer. Access from the outside to this data is blocked.” (pg. 2, para. 6)

Decrypting (processing) data, which would include SMS (telegrams)…
“The development in the background system differs from the known methods in particular in clearing servers by storing the RSA keys, decrypting the data records, checking the decrypted PIN, possibly checking the SIM card number and vice versa in the encryption of sensitive data records to the SMS-capable device, the inclusion of the GSM/UMTS time stamp in the security query and optionally a random number. When using different and carddependent keys for transmitting and receiving data, the "click" of such a system for the. Out-of-view future.” (pg. 9, para. 11)

the payment terminal verifying the spend tokens received from the at least one mobile device using the secure element SEALS-SE based on the received telegrams from the server, and blocking said one mobile device including irregularities for the system. 

One example from Claim 23, with a control device for encrypting data…
“23. The invention relates to a terminal as a first terminal (10, 10') for a payment system according to any preceding claim, comprising an interface (13) to the background system (30) and a further interface, in particular an output interface (12, 12', 14', 12 *), and a control device (C) for receiving, processing and transmitting data and for encrypting the data and having a memory for keys that cannot be accessed from the outside.”  Inherent with encrypting data is blocking irregularities for the system.

Token
Lehmann teaches encrypted cash or money (e-money).  They also teach purchase (spend) and time stamp for transactions.  They do not teach spend and load token with history and hash.

Furche et al. also in the business of encrypting teaches:

Token stored on user’s devices…
“In some electronic digital currency token based systems value may be stored in electronic form on user's devices, much like holding a banknote, coin, or share certificate in printed or minted form. A transaction may include sending, normally though one or more electronic transmission channels digital currency from a payer to a payee. In some prior systems, a server may maintain a record of valid serial numbers for digital currency tokens, and the exchange value associated with them. When such a digital currency token is provided back to the issuer for ‘deposit’ (also referred to as ‘redemption’), it may be marked as ‘invalid’ on the server records and the exchange value provided to the user in return. An early example of such a system was called Netcash (Medvinski 1993).” [0005]

Example of creates (generates) token…
“A further extension of digital currency with digital signatures is the use of the so-called “blind signature” approach. This approach allows for a a user, not the issuer, creates unsigned ‘proto digital currency tokens’, which are then provided to the issuer to sign (in what may be termed a ‘withdrawal’ transaction). At the times digital currency tokens are signed by the issuer, the issuer does not see their serial numbers, nor is the issuer able to determine them.” [0007]

Token with audit trail for transactions (therefore history)…
“Example: Final (Indelible) transaction In some embodiments, as a token transaction always results in a token swap, a write once ledger may provide an indelible audit trail for such transactions. For example, the state of the system may be modified by appending transactions to a ledger so as to create an indelible record for those transactions. This record may be written to write-once media to preserve the state of the system and the transaction history across a system failure. For example, this may employ one or more cryptographic techniques to establish the veracity and irrefutable unique state of such a record. For example, a blockchain, Merkel Tree and/or other hash arrangements or digital signatures may be used. For example, once a token has been decrypted by redeeming Mint, e.g., by its intrinsic token verification unit, the token is added to at least one appropriate and accessible spent token list. Even when the transaction fails because some tokens have already been spent at the time of the request, the particular failure is caused by that combination of tokens and unspent tokens and the transaction should be recorded and the unspent tokens will be marked as spent (or actually cancelled).” [0422]

Example of unspent tokens…
“In some embodiments, when a User sends a Payment Message that contains tokens some of which are spent and others are not, the Mint creates a Coded Value Token for the unspent tokens allowing them to be cancelled only (for example, cancel “In Escrow” state). The User sending the tokens for exchange receives a permanent failure.” [0406]  Inherent with an unspent token is a token different than a spend token.

Hash for spent token…
“Example: Final (Indelible) transaction In some embodiments, as a token transaction always results in a token swap, a write once ledger may provide an indelible audit trail for such transactions. For example, the state of the system may be modified by appending transactions to a ledger so as to create an indelible record for those transactions. This record may be written to write-once media to preserve the state of the system and the transaction history across a system failure. For example, this may employ one or more cryptographic techniques to establish the veracity and irrefutable unique state of such a record. For example, a blockchain, Merkel Tree and/or other hash arrangements or digital signatures may be used. For example, once a token has been decrypted by spent token list. Even when the transaction fails because some tokens have already been spent at the time of the request, the particular failure is caused by that combination of tokens and unspent tokens and the transaction should be recorded and the unspent tokens will be marked as spent (or actually cancelled).” [0422]

It would have been obvious to one of ordinary skill in the art at the time of filing to include in the method and system of Lehmann the ability to have audit trails (history) for spent tokens with hash as well as unspent tokens taught by Furche et al. since the claimed invention is merely a combination of old elements and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  Further motivation is provided by Furche et al. who teaches the advantages of security and using hash with blockchain enhances security and use of e-money.  The combined references also have a financial benefit by using audit for tracking transaction history of spent tokens as a way to track expenses.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENNETH BARTLEY whose telephone number is (571)272-5230. The examiner can normally be reached Mon-Fri: 7:30 - 4:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHAHID MERCHANT can be reached on (571) 270-1360. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/KENNETH BARTLEY/Primary Examiner, Art Unit 3693