DETAILED ACTION
Claim Status
This Office Action is in response to claims filed on 01/05/2022.
Claims 1-9 are pending and have been examined.

Acknowledgements
The references (Flitcroft et al. (US 2003/0028481), Rajarethnam (US 2013/0282590) and Filipi-Martin et al. (US 2002/0112168)) relied upon as the prior art have been reviewed for complete support.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
With respect to rejection of claims, Applicant is of the opinion that the pending claims are in condition for allowance because Examiners are precluded from re-instating § 103 rejections reversed on appeal, based on new or additional art, without the prior authorization of the Director of the Technology Unit according to M.P.E.P, § 1214.06 and .04 and as such the Office Action does not demonstrate that the Director authorized the Examiner to conduct a new search or to initiate a new §103 claim rejection since after a Board's Decision on Appeal, reversed the § 103 rejections of all the pending claims as being allegedly unpatentable over combinations of Fitcroft, Rajarethnam, and Filipi-Martin, and only sustained the rejection of dependent claims 2, 3, and 5-11 under 35 U.S.C. § 112(b), Examiners may only take up prosecution of matters where the Board's decision brought those matters up for action on the merits.  Therefore, Applicant states, the Office Action was issued in contravention of Office policy since the Board’s Decision did net re-open the rejections of Applicant's claims under 35 U.S.C. § 103, and the Office Action does not demonstrate that the Director authorized the Examiner to conduct a new search or to initiate a new § 103 claim rejection even though independent claims 1 and 9 where amended by replacing “effecting completion’ with “initiating completion’, and independent claim 5 was amended by replacing “effect completion” with “initiate completion” as the response of 2021-05 did not alter the scope of the independent claims and the Board's reasoning expressed in the Decision on Appeal governs the allowability of the pending claims. 
Examiner fully considers Applicant’s position, but respectfully disagree because an amendment was submitted with a request for continued examination (RCE) under 37 CFR 1.114  and a fee set forth in 37 CFR 1.17(e) hence prosecution of the application reopened and the amendment entered as a statement provided Par. 5 of the Non-Final Rejection mailed 10/05/2021. (see M.P.E.P, § 1214.07) 

With respect to rejection of claims under 35 U.S.C. 103, Applicant is of the opinion that the Office fails to provide the substantial evidence required to substantiate this rejection, and the rejection should be withdrawn since the Office provides contradictory characterizations of the cited art, the basis for the claim rejection is unclear, contrary to 37 C.F.R. § 1.104.  as such in the Decision on Appeal, the Board confirmed that Flitcroft does not teach: a payment processing server... over one secure communications channel providing 4 mobile device with 4 credential comprising one cryptographic key of the cryptographic key pair[;] the payment processing server encrypting the single-use payment number with the another cryptographic key: [and] the mobile device .... (ii) establishing with the payment processing server another secure communications channel distinct from the one secure communications channel, (i) receiving the encrypted single- use payment number from the payment processing server over the another secure communications channel, {iv} generating a decrypted single-use payment number by decrypting the encrypted single-use payment number with the one cryptographic key, and (v} transmitting the decrypted single-use payment number to the payment terminal in response to the card number request.  Applicant further states, Barry does not teach a server providing a mobile device with a cryptographic key over one secure communication channel, and the mobile device establishing another secure communication channel with the server, receiving over the other secure communication channel a datum encrypted with that cryptographic key, and decrypting that datum with the cryptographic key.

Examiner fully considers Applicant’s position but respectfully disagree because Flitcroft discloses,
“The single use numbers are preferably stored in a secure form involving one or more encryption systems. It is proposed that a dual system will be employed using a standard protocol (e.g., DES or RSA encryption) and a specific system designed for credit cards as described below.” (Pars. 134, 141)
“The central processing station 1508 obtains the next available limited use number. (Step 1618). Once obtained, the limited use number, and the specified limitations, is entered into database 1502 such that the limited use number is associated with the user's information already in database 1502. (Step 1620). The limited use number is then transmitted to the RAD support server 1506 for issuance to the user via RAD 1504. (Step 1622). RAD software package 1504 displays the limited use number. The user can transfer this limited use number to a web site for initiating a transaction. Transferring this number to a web site can be achieved by dragging and dropping the number onto the web page, by software-simulated key-stroke entry, by “one-click” methods, or by other suitable methods known to one skilled in the art. (Par. 233)  Within the constraint of using a valid credit card format, the random allocation process used to generate lists of unique limited use numbers can involve allocation from a range of numbers in which either the entire number or portions of the account number are varied. (Par. 87)  
This database is a general-purpose database which stores information regarding customers' accounts, such as information regarding various conditions which apply to each customers' account. Further, this database 122 may store the mapping between a customer's fixed master credit card number and any outstanding associated limited use credit cards, using, for instance, some type of linked-list mechanism.  For instance, each limited use credit card number can be stored with a field, which identifies its master account, and various conditions regarding its use. (Par. 70)  
Secure storage of issued limited use credit/debit/charge card numbers until required by the user. These numbers can be stored in a variety of encrypted forms. An additional security step is to encrypt the number in the form a valid credit card number as previously described. (Par. 120) 
Remapping can be implemented by utilizing database look-up functions using existing industry-standard computer platforms. In addition, remapping may occur by replacing the limited use card number with the master account number. (Par. 218)  
The central processing system 1106 remaps the limited use credit card number with the master credit card or account number, the merchant ID with a central processing system ID and the merchant text description with a central processing text description (step 1304), and transmits this remapped information to issuer processing facility 1112 via switch 1116. (Step 1306.) The processing facility 1112 settles the transaction by payment, if appropriate, to the central processing system 1106. (Step 1308). The central processing system 1106 then remaps the master credit card or account number back to the original limited use credit card number, the central processing ID back to the merchant ID and the central processing text description back to the merchant text description, (step 1310) and transmits this information along with the payment, if appropriate, to the merchant acquirer 1102 via the switch 1116 and the network 1104 (step 1312). As with the authorization cycle, this settlement cycle ensures that settlement is obtained against the master credit card; that the card holder's billing statement reflects the limited use transaction, with the central processing ID, and that the payment for settlement is conducted through the central processing system 1106. (Par. 222)  
Mobile telephony interfaces can allow both WAP (Web Access Protocol) and i-mode interaction with servers providing the CPN capabilities. This provides for authentication by password or PIN and delivery of a CPN via a simple interface for display on the screen. CPN's can also be issued by SMS (Silicon Integrated Systems), which has the additional benefit of providing automatic storage of the number for later use. Review of statements is also possible via this interface. The core functionality for MOTO orders are very similar to Internet orders and so no major differences are required in terms of additional functionality, though the functionality is best limited in line with the small screens of current mobile telephones. This application would also be well suited to web-kiosk applications where users may not want to enter authentication credentials into public systems. There is currently increasing interest in “in-store” kiosks to provide additional product lines. This implementation of the web-kiosk is designed specifically for making purchases and the mobile CPN will ideally suit such a combined “clicks and mortar” transaction. (Par. 287)
In operation, a Bluetooth enabled WAP phone, of instance, would be used to retrieve a CPN. The following steps would take place: 1. The user would connect to the issuer's website using the WAP phone, and would log in and request a CPN.  2. The issuer's web server would communicate with the Orbiscom server, which would issue an CPN with the required controls and link to the users account (either set by the user at the time or using pre-determined default values).  3. The CPN would be returned to the user's WAP phone over the mobile network. (Pars. 316-319)
Therefore, given the broadest reasonable interpretation of the claim in light of the Applicant’s Specification, Flitcroft discloses the mobile device (i) receiving from a payment terminal a card number request requesting a card number from the mobile device, (iii) receiving the encrypted single-use payment number from the payment processing server over the another secure communications channel, (iv) generating a decrypted single-use payment number by decrypting the encrypted single-use payment number with the one cryptographic key, and (v) transmitting the decrypted single-use payment number to the payment terminal in response to the card number request.
As previously explained extensively, Flitcroft discloses that the limited use numbers are encrypted and stored using an RSA system, however Flitcroft does not go in to details of how the encryption of the limited use numbers using RSA system is performed, as one of ordinary sill in the art knows that the RSA is old and well known in the art as an algorithm used by modern computers to encrypt and decrypt messages via an asymmetric cryptographic algorithm using two different keys (key pair).  One of the key pair is called public key, because it can be given to everyone while the other key must be kept private (private key).  With that, Flitcroft does not explicitly disclose generating an asymmetric cryptographic key pair, providing a mobile device with a one cryptographic key of the cryptographic key pair, uniquely associating the cryptographic key pair and the payment number by saving the another cryptographic key of the cryptographic key pair in a pending transaction database uniquely in association with the payment number and a financial account, encrypting the payment number with the another cryptographic key.
On the other hand, Rajarethnam disclose,
“At step 204, the payee may be asked whether there is an appropriate encryption key that can be registered with the payment service provider. If so, the encryption key can be uploaded to the payment service provider server. If not, an appropriate encryption key may be generated by the payment service provider and/or the payee's user device at step 206. In some embodiments, a public/private key pair may be generated using a suitable public-key cryptography algorithm such as the RSA algorithm, where the public key may be used as an encryption key. In other embodiments, a symmetric encryption/decryption key may be generated using a suitable symmetric key algorithm such as the AES or the 3DES algorithm. The generated and/or uploaded encryption key of the payee may be registered with the payment service provider at step 208, for example, by storing the public key of the payee with the account information 158 of the payee in user accounts 156 maintained by PSP server 150.  At step 210, a corresponding decryption key may be imported into a user device. For example, the private key of the payee may be installed in user device 110 as cryptographic key 118 to be used by cryptography application 116, so that data encrypted using the corresponding public key can be decrypted on user device 110. As noted above, the user of the user device may or may not be the same as the payee. If the payee is the user of the user device, the decryption key may already be held by the payee (when the payee uploaded the corresponding encryption key or when the keys were generated by the user device) or can be transmitted from the PSP server to the payee after the keys are generated at step 206. If the payee is different from the user of the user device, the payee may need to share the decryption key with the user. In some embodiments, distribution of the decryption key may be achieved by allowing authorized users to download the key from the PSP server. For example, when selecting a visual check payment at step 202, the payee may input the user IDs of those authorized to accept the visual check. Those authorized users may download the payee's decryption key from the PSP server and import it into their user devices. The key may also be distributed to appropriate users in any other secure way, for example, by transmitting the key over a secure channel, or passing a computer-readable medium storing the key to users in person.” (In at least Pars. 38-39)
Therefore, given the broadest reasonable interpretation of the claim in light of the Applicant’s Specification, Rajarethnam disclose a payment processing server generating an asymmetric cryptographic key pair, over one secure communications channel providing a mobile device with a credential comprising one cryptographic key of the cryptographic key pair, uniquely associating the cryptographic key pair and the payment by saving the another cryptographic key of the cryptographic key pair in a pending transaction database uniquely in association with the payment and a financial account, the cryptographic key pair and the single-use payment number each being uniquely associated with the financial account; the payment processing server encrypting the payment with the another cryptographic key (Figs. 1-3; Pars. 32-36, 38-44, 48).  Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the single use payment number encrypted using RSA encryption and sending it to the user device using SSL communication protocol and decrypting the single-use payment number for payment transaction (Pars. 134, 138-140, 153) of Flitcroft in view of a payment processing server generating an asymmetric cryptographic key pair, over one secure communications channel providing a mobile device with a credential comprising one cryptographic key of the cryptographic key pair, uniquely associating the cryptographic key pair and the payment by saving the another cryptographic key of the cryptographic key pair in a pending transaction database uniquely in association with the payment and a financial account, the cryptographic key pair and the single-use payment number each being uniquely associated with the financial account; the payment processing server encrypting the payment with the another cryptographic key (Figs. 1-3; Pars. 32-36, 38-44, 48) of Rajarethnam in order to securely store the single use payment number using RSA encryption as a standard protocol with a specific system designed for credit cards (Flitcroft, Par. 134) and to provide the payment credential securely to the appropriate user for purchase transaction (Rajarethnam, Pars. 39).  ("Express suggestion to substitute one equivalent technique for another need not be present to reader such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (BD. Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
Neither Flitcroft nor does Rajarethnam explicitly disclose a computer processing system establish with the mobile device another secure communications channel distinct from the one secure communications channel; the device establishing with the payment processing server another secure communications channel distinct from the one secure communications channel.  Barry disclose,
“As shown in FIG. 2, the aforesaid objects communicate data by establishing a secure TCP messaging session with one of the DMZ networkMCI Interact Web servers 24 via an Internet secure communications path 22 established, preferably, with a secure sockets SSL version of HTTPS. The DMZ networkMCI Interact Web servers 24 function to decrypt the client message, preferably via the SSL implementation, and unwrap the session key and verify the user’s session. After establishing that the request has come from a valid user and mapping the request to its associated session, the DMZ Web servers 24 will re-encrypt the request using symmetric encryption and forward it over a second secure socket connection 23 to the dispatch server 26 inside the enterprise Intranet.
The client session object also provides a session, where a customer logs on to the system at the start of the session, and if successfully authenticated, is authorized to use the system until the session ends. The client session object at the same time provides a capability to maintain session-specific information for the life/duration of the session. Generally, communications to and from the client takes place over HTTPS which uses the HTTP protocols over an SSL encrypted channel. Each HTTP request/reply is a separate TCP/IP connection, completely independent of all previous or future connections between the same server and client. Because HTTP is stateless, meaning that each connection consists of a single request from the client which is answered by a single reply by a server, a novel method is provided to associate a given HTTP request with the logical session to which it belongs.
When a user is authenticated at login via the system administrative server, the client session object is given a “cookie,” a unique server-generated key which identifies a session. The session key is typically encapsulated in a class COWebCookie, “public COWebCookie (int value).”, where value represents a given cookie's value. The client session object holds this key and returns it to the server as part of the subsequent HTTP request. The Web server maintains a “cookie jar” which is resident on the dispatch server and which maps these keys to the associated session. This form of session management also functions as an additional authentication of each HTTPS request, adding security to the overall process. In the preferred embodiment, a single cookie typically suffices for the entire session. Alternatively, a new cookie may be generated on each transaction for added security. Moreover, the cookie jar may be shared between the multiple physical servers in case of a failure of one server. This mechanism prevents sessions being dropped on a server failure.
As previously described, the customer access mechanism is a client workstation 20 employing a Web browser 14 for providing the access to the networkMCI Interact system via the public Internet 15. When a subscriber connects to the networkMCI Interact Web site by entering the appropriate URL, a secure TCP/IP communications link 22 is established to one of several Web servers 24 located inside a first firewall 25 a in the DMZ 17. Preferably at least two web servers are provided for redundancy and failover capability. In the preferred embodiment of the invention, the system employs SSL encryption so that communications in both directions between the subscriber and the networkMCI Interact system are secure.” (In at least Fig. 2; Col. 10, Lines 15-57; Col. 137, Line 35-Col. 139, Line 42)
Given the broadest reasonable interpretation of the claim in light of the Applicant’s Specification which provides the terms of “one secure communications channel” and “another secure communications channel” as a secure communication channel that is based on an encrypted communication channel using a session token to identify each of the communication session between the payment processing server and the user device and authenticating the user device each time using the session token, the prior art of Barry disclose a computer processing system establish with the mobile device another secure communications channel distinct from the one secure communications channel; the device establishing with the payment processing server another secure communications channel distinct from the one secure communications channel (Figs. 2, 51; Col. 10, Lines 15-57; Col. 112, Lines 41-58; Col. 137, Line 35-Col. 139, Line 42).  That is, as it is old and well known in the art that SSL version of HTTPS stands for Secure Sockets Layer and it's the standard technology for keeping an internet connection secure safeguarding any sensitive data that is being sent back and forth between two systems in a session-based communication differentiating one securely encrypted communications session that is distinct from another hence the prior art of Barry as cited meets the boundary of the claim limitation given their broadest reasonable interpretation.
Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the secure socket layer (SSL) encryption communication protocol that is old and well-known industry standard security protocols for communication between devices on the internet (Pars. 0232, 0243) of Flitcroft, Rajarethnam in view of a computer processing system that establish with the mobile device another secure communications channel distinct from the one secure communications channel; the device establishing with the payment processing server another secure communications channel distinct from the one secure communications channel (Figs. 2, 51; Col. 10, Lines 15-57; Col. 112, Lines 41-58; Col. 137, Line 35-Col. 139, Line 42) of Barry in order to secure communication between card issuing organization or agreed agent system and the software package of the user device for the transmission of information regarding credit card payment transactions information sessions (Flitcroft, Par. 125-126) and to maintain a secure and distinct transaction communication session for every transaction conducts between the user device and the transaction system (Barry, Col. 112, Lines 1-30; Col. 135, Lines 24-46).  ("Express suggestion to substitute one equivalent technique for another need not be present to reader such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (BD. Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
The rationale to support a conclusion that the claim would have been obvious is that all the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination yielded nothing more than predictable results to one of ordinary skill in the art. (KSR. 550 U.S. at 416, 82 USPQ2d at 1395; Sakraida v. AG Pro, Inc., 425 U.S. 273, 282, 189 USPQ 449, 453 (1876); See MPEP 2143 I A) 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-6 and 8-9 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Flitcroft et al. (US 2003/0028481), Rajarethnam (US 2013/0282590) in view of Barry et al. (US 7,225,249).
With respect to claims 1, 5, and 9, Flitcroft discloses wherein a method of cloud-based electronic payment processing and payment processing server (Figs. 1, 11-12, 15-16; Pars. 69, 219, 205, 230-233), the method comprising:
a non-transient computer-readable medium carrying computer processing instructions stored thereon which, when executed by a computer, cause the computer to perform a sequence comprising (Abstract; Pars. 68, 73):
a computer processing system comprising a pending transaction database and configured to (Fig. 15; Pars. 231, 233):
 generating a unique single-use payment number (Figs. 1, 16, Items 1618; Pars. 72, 87), and
uniquely associating the single-use payment number with a financial account by saving in a pending transaction database uniquely in association with the single-use payment number and a financial account (Figs. 1, 4; Pars. 186, 229, 233);
encrypting the single-use payment number and providing the mobile device with the encrypted single-use payment number over another secure communications channel distinct from the one secure communications channel (Fig. 16, 1622; Par. 153, 233, 240, 242-243, 316-319),
transmitting the encrypted single-use payment number to the mobile device over the another secure communications channel (Pars. 127, 148, 203, 206, 233-234, 239), 
the encrypting the single-use payment number comprising (by) confirming that the encrypted single-use payment number does not identify the financial account (Par. 55, 63, 72, 85, 120, 134, 136, 141, 217, 153);
the mobile device 
(i) receiving from a payment terminal a card number request requesting a card number from the mobile device (Pars. 127, 148, 203, 206, 233-234, 239),
(iii) receiving the encrypted single-use payment number from the payment processing server over the another secure communications channel (Fig. 16; Pars. 233, 240, 242-243),
(iv) generating a decrypted single-use payment number by decrypting the encrypted single-use payment number with the one cryptographic key (Pars. 141, 240), and
(v) transmitting the decrypted single-use payment number to the payment terminal in response to the card number request (Fig. 12; Pars. 127, 131, 220, 322, 240);
the payment terminal being configured to 
provide the payment processing server with a payment completion request requesting completion of the financial transaction (Figs. 11, 12, 13; Pars. 205, 207, 220-222, 234-235),
the payment processing server 
receiving from a payment terminal a payment completion request requesting completion of a financial transaction (Figs. 8-9, 11-13; Pars. 190, 185, 205, 220-222),
the encrypting the single-use payment number (by) comprising confirming that the encrypted single-use payment number does not identify the financial account (Figs. 12, 13; Pars. 138-143, 220-222, 234-235, 240); and
identifying the financial account associated with the (unique) decrypted single-use payment number by querying the pending transaction database with the decrypted single-use payment number (Fig. 7, 8, 13; Pars. 168, 185-186, 218, 221-222, 233), and
initiating completion of the financial transaction by one of transferring funds from, and obtaining authorization for a charge to, the identified financial account in an amount equal to the transaction amount (Figs. 7, 8, 12-13; Pars. 221-223).
Flitcroft does not explicitly disclose a payment processing server generating an asymmetric cryptographic key pair, over one secure communications channel providing a mobile device with a credential comprising one cryptographic key of the cryptographic key pair, uniquely associating the cryptographic key pair and the payment by saving the another cryptographic key of the cryptographic key pair in a pending transaction database uniquely in association with the payment and a financial account, the cryptographic key pair and the single-use payment number each being uniquely associated with the financial account; the payment processing server encrypting the payment with the another cryptographic key.  However, Rajarethnam disclose a payment processing server generating an asymmetric cryptographic key pair, over one secure communications channel providing a mobile device with a credential comprising one cryptographic key of the cryptographic key pair, uniquely associating the cryptographic key pair and the payment by saving the another cryptographic key of the cryptographic key pair in a pending transaction database uniquely in association with the payment and a financial account, the cryptographic key pair and the single-use payment number each being uniquely associated with the financial account; the payment processing server encrypting the payment with the another cryptographic key (Figs. 1-3; Pars. 32-36, 38-44, 48).  Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the single use payment number encrypted using RSA encryption and sending it to the user device using SSL communication protocol and decrypting the single-use payment number for payment transaction (Pars. 134, 138-140, 153) of Flitcroft in view of a payment processing server generating an asymmetric cryptographic key pair, over one secure communications channel providing a mobile device with a credential comprising one cryptographic key of the cryptographic key pair, uniquely associating the cryptographic key pair and the payment by saving the another cryptographic key of the cryptographic key pair in a pending transaction database uniquely in association with the payment and a financial account, the cryptographic key pair and the single-use payment number each being uniquely associated with the financial account; the payment processing server encrypting the payment with the another cryptographic key (Figs. 1-3; Pars. 32-36, 38-44, 48) of Rajarethnam in order to securely store the single use payment number using RSA encryption as a standard protocol with a specific system designed for credit cards (Flitcroft, Par. 134) and to provide the payment credential securely to the appropriate user for purchase transaction (Rajarethnam, Pars. 39).  ("Express suggestion to substitute one equivalent technique for another need not be present to reader such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (BD. Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
Neither Flitcroft nor does Rajarethnam explicitly disclose a computer processing system establish with the mobile device another secure communications channel distinct from the one secure communications channel; the device establishing with the payment processing server another secure communications channel distinct from the one secure communications channel.  However, Barry disclose a computer processing system establish with the mobile device another secure communications channel distinct from the one secure communications channel; the device establishing with the payment processing server another secure communications channel distinct from the one secure communications channel (Figs. 2, 51; Col. 10, Lines 15-57; Col. 112, Lines 41-58; Col. 137, Line 35-Col. 139, Line 42).  Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the secure socket layer (SSL) encryption communication protocol that is old and well-known industry standard security protocols for communication between devices on the internet (Pars. 0232, 0243) of Flitcroft, Rajarethnam in view of a computer processing system establish with the mobile device another secure communications channel distinct from the one secure communications channel; the device establishing with the payment processing server another secure communications channel distinct from the one secure communications channel (Figs. 2, 51; Col. 10, Lines 15-57; Col. 112, Lines 41-58; Col. 137, Line 35-Col. 139, Line 42) of Barry in order secure communication between card issuing organization or agreed agent system and the software package of the user device for the transmission of information regarding credit card transactions sessions (Flitcroft, Par. 125-126) and to maintain a secure and distinct transaction communication session for every transaction conducts between the user device and the transaction system (Barry, Col. 112, Lines 1-30; Col. 135, Lines 24-46).  ("Express suggestion to substitute one equivalent technique for another need not be present to reader such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (BD. Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
With respect to claims 2 and 6, Flitcroft, Rajarethnam in view of Barry discloses all the limitation as described above.  Additionally, Flitcroft discloses wherein the single use payment number has a life-time period, and the effecting completion of the financial transaction comprises the payment processing server confirming non-expiry of the life time period and effecting the completion of the financial transaction after confirming the non-expiry of the life-time period (Figs. 7, 8, 12, 13; Pars. 45, 56-57, 202, 208, 221-222).
With respect to claims 4, and 8, Flitcroft, Rajarethnam in view of Barry discloses all the limitation as described above.  Additionally, Rajarethnam discloses wherein the one cryptographic key comprises a public cryptographic key, and the another cryptographic key comprise a private cryptographic key (Pars. 8, 25, 29, 35, 38-39, 44).

Claims 3 and 7 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Flitcroft et al. (US 2003/0028481), Rajarethnam (US 2013/0282590), Barry et al. (US 7,225,249) in view of Filipi-Martin et al. (US 2002/0112168). 
With respect to claims 3 and 7, Flitcroft, Rajarethnam in view of Barry discloses all the limitation as described above.  Additionally Flitcroft discloses wherein the effecting completion of the financial transaction comprises identifying the financial account associated with the decrypted single-use payment number (Figs. 11-13; Pars. 205, 220-222).
Neither Flitcroft, Rajarethnam nor Barry specifically disclose server purging the asymmetric cryptographic key pair and the association from the pending database after the identifying the associated with decrypted.  Filipi-Martin disclose server purging the asymmetric cryptographic key pair and the association from the pending database after the identifying the associated with decrypted (Figs. 2, 4B; Paras 12-13, 38, 41).  Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the deleting/discarding of single use credential from the encrypted list once it has been accessed (Par. 89, 90, 140, 149) of Flitcroft, Rajarethnam, Barry in view of disclose server purging the asymmetric cryptographic key pair and the association from the pending database after the identifying the associated with decrypted (Figs. 2, 4B; Paras 12-13, 38, 41) of Filipi-Martin in order to prevent malicious users from learning a key and thus compromising the security of the system (Flitcroft, Par. 149) and to delete, erase, remove, trim encryption key pair and associated data upon expiration of the time (Filipi-Martin, Par. 12).  ("Express suggestion to substitute one equivalent technique for another need not be present to reader such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (BD. Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
PGPub Ronda et al. (US 2011/0265159): Hsu discloses a computer processing system establish with the mobile device another secure communications channel distinct from the one secure communications channel; the device establishing with the payment processing server another secure communications channel distinct from the one secure communications channel (Figs. 1-9; Pars. 95, 124, 128, 169).
PGPub Karandikar et al. (US 7,543,146): Karandikar discloses a computer processing system establish with the mobile device another secure communications channel distinct from the one secure communications channel; the device establishing with the payment processing server another secure communications channel distinct from the one secure communications channel using SSL communication protocol (Figs. 1-2).
PGPub Greenfield (US 6,748,528): Greenfield discloses a computer processing system establish with the mobile device another secure communications channel distinct from the one secure communications channel; the device establishing with the payment processing server another secure communications channel distinct from the one secure communications channel using SSL communication protocol via user authentication (Figs. 2-5).
PGPub Collinge et al. (US 2013/0262317): Collinge discloses providing the user device with at list one RSA key pair or a key and a payment credential for one-time use using mutual authentication with SSL/TLS communication to authenticate the remote system to the mobile device of the user, and an authentication code that is based on a session identifier, to authenticate the mobile device of the user to the remote system. (Figs. 2-5; Pars. 61-62, 67, 124).

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WODAJO GETACHEW whose telephone number is (469)295-9069. The examiner can normally be reached M-F 8:00-6:00 CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/WODAJO GETACHEW/Examiner, Art Unit 3685                                                                                                                                                                                                        
/Mohammad A. Nilforoush/Primary Examiner, Art Unit 3685