DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on December 2, 2021 has been entered.
 
Acknowledgements
Applicant’s amendment filed on October 8, 2021 is acknowledged. Accordingly claims 1, 6-7, 11, 16 and 17 remain pending and been examined.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6-7, 11, 16 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lakshmanan et al (hereinafter “Lakshmanan”) U.S. Patent Application Publication No. 2015/0310431 A1 in view of Hird et al (hereinafter “Hird”) U.S. Patent Application Publication No. 2015/0019442 A1 and/or Youn U.S. Patent Application Publication No. 2008/0019527 A1 and further in view of Jae KR 2012/0059474 A.

As per claim 1, 7, 11 and 17, Lakshmanan discloses a method for implementing non-repudiation of payment, the method being performed by a payment managing server, the method comprising:
receiving, from a user terminal, a terminal public key of a pair of asymmetric keys generated by the user terminal and user authentication information (0021, which discloses that “Initialization can also include generating, via the mobile application, a private-public key pair, wherein the public key is provided to the secure payment system 101 and the private key is used by the customer device 100 to sign transaction authorization messages which can be verified by the secure payment system 101 using the public key.”; 0022; 0025);

storing the received terminal public key in response to the validity of the user authentication information that is confirmed through a communication with the user authentication server (0024, which discloses that “The public key K.sub.P 206 is sent 211 to the secure payment system 101.  In this way, the authenticating input is used to generate a symmetric key that may be used to store and subsequently retrieve the private key. As described further below, when making a purchase, the user may enter the authenticating input, which is used to re-generate the symmetric key and decrypt the private key. In this way, the private key may only be decrypted and used to sign a purchase when the user provides the proper authenticating input.”; 0025);
the validity of the user authentication information being confirmed when the user authentication information received from the user terminal is the same as the user authentication information stored in the user authentication server (0039, which discloses that “Alternately, a salted hash can be derived from some combination of the private key K.sub.S 205, the symmetric key k.sub.a 203, and the PIN 209 to verify the PIN 209 entered by the user matches the PIN 209 originally entered by the user.”; 0041, which discloses that “The hashed salted credit card number h 307, which was received when the credit card number C 301 was originally initialized, is also loaded 505 from memory.  The secure payment system 101 checks 506 that the two hashes match.”);
receiving a payment request from the user terminal (0077, which discloses that “The customer device 100 will also include a current location along with its request for transaction details.  The secure payment system 101 can use the combination of location data and payment code to map the customer device's request to the correct transaction details.”);
receiving, from the user terminal, electronic signature information that has been encrypted with a terminal private key of the pair of asymmetric keys (see claim 21, which discloses that “The system of claim 20 further comprising digitally signing the cryptographically signed message authorizing the transaction to the merchant with an additional signature, wherein the additional signature is generated using an asymmetric private key known to the secure payment system.”); and
decrypting the electronic signature information using the stored terminal public key (0053, which discloses that “The decryption module 701 is used to decrypt the encrypted salted credit card number 312 when it is received from the customer device 100 during a transaction.”; 0054, which discloses that “In this embodiment, the public key K.sub.P 710 is used by the decryption module 701 to decode the signature to recover the hash.  The message portion of the signed transaction authorization message 410 is hashed with the hash module 700 to produce a second hash.  If and only if the signature is correct, then the decoded hash and the second hash will match exactly.”; 0056);
	wherein the method performed by the payment server further comprises:
generating a master key; and
sending the master key to the user terminal in response to a request for registering a payment means from the user terminal;
wherein the user terminal encrypts payment means information with the master key and then deletes the master key after the encryption of the payment means information;
wherein the method performed by the payment managing server further comprises:
;
wherein the user terminal decrypts the encrypted payment means information stored in the user terminal using the re-sent master key, uses the decrypted payment means information to perform the payment, and deletes the re-sent master key after the decryption of the encrypted payment means information;
wherein the method performed by the payment managing server further comprises:
performing the payment using the stored terminal public key and the re-sent master key in response to the payment request from the user terminal; and 
after performing the payment, generating a non-repudiation token and sending the non-repudiation token to at least one of a member shop server and the user terminal to implement the non-repudiation, the non-repudiation token including the electronic signature information, the payment related information, and the payment means information; and
wherein the user terminal manages access authority on the terminal private key using a pre-set access password by a user to encrypt the electronic signature information with the terminal private key for the payment request (0022, which discloses that “In one example, the authenticating input is a personal identification number (PIN) entered by the customer.  Other authenticating inputs may also be used, such as a password or passcode, biometric information (e.g., finger or eye scans), or any other information that may be reproducibly generated by the customer.”; 0023; 0054, which discloses that “In this embodiment, the public key K.sub.P 710 is used by the decryption module 701 to decode the signature to recover the hash.  The message portion of the signed transaction authorization message 410 is hashed with the hash module 700 to produce a second hash.  If and only if the signature is correct, then the decoded hash and the second hash will match exactly.”; 0056).
wherein the user terminal receives an access password and activates the terminal private key in response to the access password that is the same as the pre-set access password (0035, which discloses that “a device that supports operating system (OS)-managed encrypted non-volatile storage, may use the encrypted storage to store and recover the private key K.sub.s 205 directly, rather than reconstructing it using a PIN 209 or other authentication data.  However, even when storing K.sub.s 205 directly through the OS-managed encrypted storage, it might still be desirable to require the user to input a PIN 209, or comparable authentication input”; 0036; 0039, which discloses that “Alternately, a salted hash can be derived from some combination of the private key K.sub.S 205, the symmetric key k.sub.a 203, and the PIN 209 to verify the PIN 209 entered by the user matches the PIN 209 originally entered by the user.”).
wherein the terminal public key and the user authentication information are sent to the payment managing server after having been encrypted by the user terminal using a server public key provided by the payment managing server (0021, which discloses that “Initialization can also include generating, via the mobile application, a private-public key pair, wherein the public key is provided to the secure payment system 101 and the private key is used by the customer device 100 to sign transaction authorization messages which can be verified by the secure payment system 101 using the public key.”; 0022; 0025)
What Lakshmanan does not explicitly teach is:
the user authentication information having been generated by a user authentication server and transmitted to the user terminal;
wherein the method performed by the payment server further comprises:

wherein the user terminal encrypts payment means information with the master key and then deletes the master key after the encryption of the payment means information;
wherein the method performed by the payment managing server further comprises:
 re-sending the master key to the user terminal in response to the payment request from the user terminal;
wherein the user terminal decrypts the encrypted payment means information stored in the user terminal using the re-sent master key, uses the decrypted payment means information to perform the payment, and deletes the re-sent master key after the decryption of the encrypted payment means information;
after performing the payment, generating a non-repudiation token and sending the non-repudiation token to at least one of a member shop server and the user terminal to implement the non-repudiation, the non-repudiation token including the electronic signature information, the payment related information, and the payment means information;
Narasimhan discloses the method wherein the method performed by the payment managing server further comprises:
the user authentication information having been generated by a user authentication server and transmitted to the user terminal (0047, which discloses that “ Alternatively, in another embodiment of the present invention, the PIN pad ID as well as the master key is generated by payment institution 111 and directly attached to the Virtual PIN pad.”)
Hird and/or Youn discloses the method comprising:
wherein the method performed by the payment server further comprises:
(Hird: 0068, which discloses “For example, in some embodiments, a user may download card data for a card 110 including a master key onto a user terminal 100.  In other embodiments, a master key may be provided at a provisioning server operated by the card issuer.”; Youn: 0012, which discloses that “In a variation on this embodiment, the token is encrypted with the master key. This master key can be generated randomly by the key manager, or specified by an administrator.”);
wherein the user terminal encrypts payment means information with the master key and then deletes the master key after the encryption of the payment means information (Youn: 0037, which discloses that “After the client has completed all tasks that require the customer key, and has optionally used the customer key to perform cryptographic operations, the client can then delete the customer key and save the token. The token can subsequently be used to re-obtain the customer key from the key manager should the client require the customer key again.”);
wherein the method performed by the payment managing server further comprises:
 re-sending the master key to the user terminal in response to the payment request from the user terminal (Hird: 0069, which discloses “In some embodiments, the session keys may be pre-generated by, for example, a provisioning server operated by the card issuer 30, and subsequently provided to the user terminal 100.  Thus, the user terminal 100 need not actually generate the session keys, and the master key may not be stored on the user terminal 100, thereby increasing the security of the master key.”; Youn: 0107, which discloses that “If the client is the owner of the customer key, the customer key is sent to the client (step 816). The customer key is then used to encrypt/decrypt data at the client (step 818). Finally, the customer key can be deleted at the client (step 820).”);
(Hird: 0071, which discloses that “In some embodiments, no session keys may be stored on the user terminal and a user could connect to a provisioning server and acquire a session key as needed (either by receiving the master key temporarily, or by having the provisioning server generate the session key), and delete the session key  immediately afterward.”; 0107, which discloses that “The customer key is then used to encrypt/decrypt data at the client (step 818). Finally, the customer key can be deleted at the client (step 820).”), and 
deletes the re-sent master key after the decryption of the encrypted payment means information (Hird: see 0074, which discloses that “The user terminal then deletes the master key (block 308) if it was provided to the user terminal.”; Youn: 0107, which discloses that “If the client is the owner of the customer key, the customer key is sent to the client (step 816). The customer key is then used to encrypt/decrypt data at the client (step 818). Finally, the customer key can be deleted at the client (step 820).”);
Jae discloses the method comprising:
after performing the payment, generating a non-repudiation token and sending the non-repudiation token to at least one of a member shop server and the user terminal to implement the non-repudiation, the non-repudiation token including the electronic signature information, the payment related information, and the payment means information (According to the present invention, the token agent, when the financial transaction customer processes a predetermined financial transaction (payment and / or payment of bills, etc.) in connection with a predetermined financial transaction means, the predetermined financial transaction server 130 Generate a predetermined token code to ensure confidentiality, authentication, integrity and nonrepudiation for processing financial transactions (such as payment and / or payment of bills); Preferably, the token code is continuously changed at regular time intervals.”)
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of Lakshmanan and incorporate the method, wherein the method performed by the payment server further comprises: the user authentication information having been generated by a user authentication server and transmitted to the user terminal; wherein the method performed by the payment server further comprises: generating a master key; wherein the user terminal encrypts payment means information with the master key and then deletes the master key after the encryption of the payment means information; wherein the method performed by the payment managing server further comprises:  re-sending the master key to the user terminal in response to the payment request from the user terminal; wherein the user terminal decrypts the encrypted payment means information stored in the user terminal using the re-sent master key, uses the decrypted payment means information to perform the payment, and deletes the re-sent master key after the decryption of the encrypted payment means information; after performing the payment, generating a non-repudiation token and sending the non-repudiation token to at least one of a member shop server and the user terminal to implement the non-repudiation, the non-repudiation token including the electronic signature information, the payment related information, and the payment means information in view of the teachings of Hird, Youn and Jae respectively in order to further ensure adequate security of the transaction


As per claims 6 and 16, Lakshmanan further discloses the method, further comprising: 
generating log information relating to a payment process and sending the log information to a public electronic document storage server (see fig. 7 and associated text)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Charles C. Agwumezie whose number is (571) 272-6838. The examiner can normally be reached on Monday – Friday 8:00 am – 5:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Hayes can be reached on (571) 272 – 6708.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHINEDU C AGWUMEZIE/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        March 12, 2022