Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Response to Amendment
Applicant’s “Amendment” filed on 04/04/2022 has been considered.
Claims 1, 2, 7-12, 14, 15, 19 and 20 are amended. Claims 1-20 remain pending in this application and an action on the merits follow.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2 and 6-10 are rejected under 35 U.S.C. 103 as being unpatentable over International Publication No. WO 2012/054786 to Bayer, in view of U.S. Patent Application Publication No. 2013/0266141 to Kim et al. 
With regard to claim 1, Bayer discloses a payment terminal, comprising: 
a main processor configured to: receive tagged secured payment information from a secure processor, wherein the tagged secured payment information comprises encrypted payment information and unsecured transaction-associated information (Fig. 15-16, paragraphs 86 and 110, the PoS client may generate a card authorization1 request, e.g., 1515, using the obtained transaction authorization input from the user2 wallet device, and/or product/checkout data.  Examiner notes that the merchant server can include a main process and the POS client can includes a secure processor to process transaction and transmit the card authorization request to the merchant server); 
extract the unsecured transaction-associated information from the tagged secured payment information, without decrypting the secured payment information (Fig. 15-16, paragraphs 58, 86 and 196, The FMS may2 include a selection engine that utilizes information gained from a payment gateway to3 get user behavior across different regions, age groups, locale, and applications (ecommerce websites, or sections of a website, or games). the FMS controller may be executing a PHP script implementing a Secure Sockets Layer ("SSL") socket server via the information server, which listens to incoming communications on a server port to which a client may send data, e.g., data encoded in JSON format. Upon identifying an incoming communication, the PHP script may read the incoming message from the client device, parse the received JSON-en coded text data to extract information from the JSON-encoded text data into PHP script variables, and store the data (e.g., client identifying information, etc.) and/or extracted information in a relational database accessible using the Structured Query Language ("SQL")); 
transmit the unsecured transaction-associated information to a remote system (paragraph 51, In addition to basic transactional information such as8 account number and name, the app may provide the user the ability to select to transfer9 medical records, health information, which may be provided to the medical provider,0 insurance company, as well as the transaction processor to reconcile payments between1 the parties.); 
 transmit the secured payment information to a payment gateway (paragraph 111,  The merchant server may forward the card authorization request to a MaaS server, e.g., 1504a, for routing the card authorization request to the appropriate payment network for payment processing. For example, the MaaS server may be able to select from payment networks, such as Visa, Mastercard, American Express, Paypal, etc., to process various types of transactions including, but not limited to: credit card, debit card, prepaid card, B2B and/or like transactions); 
 receive a payment response from the payment gateway, wherein the payment response is associated with the secured payment information (Fig. 15a-b, paragraph 118, the issuer server(s) may provide a funds authorization response, e.g., 1530, to the pay network server); 
in response to receiving the payment response, update a transaction resource of the main processor with the unsecured transaction-associated information (paragraph 119, For example, the pay network server may invoke a P2P social network marketing component to post a notification of the user's successful purchase of the product to a social profile of the user hosted by a social networking service. In some embodiments, the pay network server may also generate a transaction data record from the 1 authorization request and/or authorization response, and store the details of the transaction and authorization relating to the transaction in a transactions database); and 
expose the unsecured transaction-associated information to an application stored and executable by the main processor (paragraphs 39-40 and 119, In general, FMS may provide back-end services for the merchants, including inventory management, product search, advertisement placement, offer managements, consumer purchase incentives such as rewards or discounts, and/or the like. In some embodiments, the FMS may provide analytics for the merchant based on card transaction data obtained from users purchasing products from the merchant, e.g., 2o6f. In some embodiments, the FMS may also allow developers to develop third-party apps that may be provided by the FMS to merchants via an application service store for the merchants).  
However, Bayer does not disclose a secure processor included in the payment terminal, wherein a housing of the payment terminal houses both the main processor and the secure processor.
However, Kim teaches a secure processor included in the payment terminal, wherein a housing of the payment terminal houses both the main processor and the secure processor (A handheld wireless communications device according to additional embodiments of the invention includes a data input device, which is configured to receive first input data provided by a user, and a security processor.  The security processor may also include a nonvolatile memory device, which is configured to store second personal identification information and financial transaction payment information therein.  The second processor may be configured to support a finite set of operations relating to secure transactions that cannot be modified by operations running on the first processor. This second processor may include an input interface and input processing block configured to extract second data relating to the secure transactions from the first data. The input interface and input processing block may be configured to support bidirectional communication of unencrypted data between the first processor and the data input device. The second processor further includes a data and control interface circuit, which is configured to transfer financial transaction information from the second processor to the first processor. FIG. 3 is a block diagram illustrating a mobile device according to example embodiments of the inventive concept. Referring to FIG. 3, a mobile device 400 includes a main processor 410, a modem 420, an external nonvolatile memory device 430, an input device 460 and a security processor 500. The security processor 500 may be coupled between the main processor 410 and the input device 460. The security processor 500 may receive the input data ID from the input device 460, and may selectively provide the input data ID to the main processor 410 according to an input mode of the mobile device 400. Examiner notes that the mobile device can be considered as POS payment device. Examiner notes that the main processor and the security processor are housing and constructed in the mobile device, which is considered as “a secure processor included in the payment terminal, wherein a housing of the payment terminal houses both the main processor and the secure processor”, Fig. 3, paragraphs 10, 12, 47, and 49-50).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention was made to modify Bayer to include, a secure processor included in the payment terminal, wherein a housing of the payment terminal houses both the main processor and the secure processor, as taught in Kim, in order to operate same to process electronic payments securely (Kim, paragraph 2).
With regard to claim 2, Bayer discloses a display electrically connected to the main processor, wherein the display is configured to display a display element (Fig. 1, pos terminals 102. POS terminals includes displays and are connected with merchant servers); and a secure input device electrically connected to the secure processor, wherein the secure processor generates the tagged secure payment information based on inputs received from the secure input device (paragraphs 86, 107-108, and 110, In some embodiments, upon authenticating the user for access to virtual wallet features, the user wallet device may provide a transaction authorization input, e.g., 1514, to a point-of-sale ("PoS") client, e.g., 1502).  
With regard to claim 6, Bayer discloses the application is a third party application, wherein the main processor is further configured to download the third party application (paragraphs 39-40).  
With regard to claim 7, Bayer discloses the main processor is configured to expose the unsecured transaction-associated information by: receiving a request from the third party application for the unsecured transaction-associated information; verifying the third party application with a public key certificate stored by the main processor; and in response to successfully verifying the third party application, providing the unsecured transaction-associated information to the third party application (paragraphs 39-41 and 51,  the FMS may also allow developers to develop third-party apps that may be provided by the FMS to merchants via an application service store for the merchants. the FMS may facilitate a Developer Console that provides role based permissions to allow users of different levels to access different parts of the platform. One such level may be a customer support representative who can gain access to user transaction data to assist them with any issues, but would not gain access to other information such as revenue reports. In some embodiments, the records may be sent in a Health Insurance2 Portability and Accountability Act (HIPAA)-compliant data format and encrypted, and3 only the recipients who are authorized to view such records may have appropriate4 decryption keys to decrypt and view the private user information. It’s well known that an ownership of an application is a public key certificate, which is an electronic document used to prove the ownership).  
With regard to claim 8, Bayer discloses the main processor is further configured to: update the third party application with an update downloaded to the main processor; in response to updating the third party application, prompt a merchant at the payment terminal to update a permission level for the third party application; receive an updated permission level for the third party application from the merchant; and restrict the unsecured transaction-associated information provided to the third party application based on the updated permission level (paragraphs 39-41 and 51).  
With regard to claim 9, Bayer discloses the main processor is configured to expose the unsecured transaction-associated information by: extracting a payment status from the payment response; storing the payment status in association with the unsecured transaction- associated information at the transaction resource; and exposing the payment status and the unsecured transaction-associated information stored by the transaction resource to the application (paragraphs 39-40 and 119).  
With regard to claim 10, Bayer discloses the unsecured transaction-associated information comprises order information; wherein the main processor is configured to extract the unsecured transaction- associated information by: determining a product identifier and an order quantity from the order information, and caching the product identifier and the order quantity; wherein updating the transaction resource comprises, in response to the payment status indicating payment information verification, storing the cached product identifier and the order quantity at the transaction resource; wherein exposing the unsecured transaction-associated information to the third party application comprises: providing the product identifier and the order quantity to the third party application (paragraphs 39-40, 85, 119, and 121, the merchant server may extract product data (e.g., product identifiers), as well as available PoS client data, from the checkout request. In some embodiments, using the product data, the merchant server may query, e.g., 914, a merchant/acquirer ("merchant") database, e.g., 903b, to obtain product data, e.g., 915, such as product information, product pricing, sales tax, offers, discounts, rewards, and/or other information to process the purchase transaction and/or provide value- added services for the user. In some embodiments, the server may also generate a purchase receipt, e.g., 1533, and provide the purchase receipt to the client, e.g., 1535).  
Claims 3-5 are rejected under 35 U.S.C. 103 as being unpatentable over International Publication No. WO 2012/054786 to Bayer, in view of U.S. Patent Application Publication No. 2013/0266141 to Kim et al., and further in view of U.S. Patent Application Publication No. 2016/0020906 to Nolte et al. 
With regard to claim 3, the combination of references substantially discloses the claimed invention, however, the combination of references does not disclose the main processor is further configured to switch the secure processor between a secured mode and an unsecured mode.  
However, Nolte teaches the main processor is further configured to switch the secure processor between a secured mode and an unsecured mode (claim 15, paragraphs 9 and 38).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention was made to modify the combination of references to include, the main processor is further configured to switch the secure processor between a secured mode and an unsecured mode, as taught in Nolte, in order to enter a PIN on a pos terminal to enable a financial transition (Nolte, paragraph 2).
With regard to claim 4, the combination of references substantially discloses the claimed invention, however, the combination of references does not disclose the main processor is configured to switch the secure processor from the unsecured mode to the secured mode in response to receiving a payment request.  
However, Nolte teaches the main processor is configured to switch the secure processor from the unsecured mode to the secured mode in response to receiving a payment request ( In a possible embodiment the Security-Box is configured to verify the signature or cryptogram of the application interacting with the Security-Box before allowing switching into “Secure Mode”. Only if the application is authenticated before the Security-Box the Security-Box changes into “Secure Mode”. wherein a payment application is running on the operating system switching the Security Box into “Secure Mode” and displaying the virtual PIN-pad, claim 15, paragraphs 9 and 38).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention was made to modify the combination of references to include, the main processor is configured to switch the secure processor from the unsecured mode to the secured mode in response to receiving a payment request, as taught in Nolte, in order to enter a PIN on a pos terminal to enable a financial transition (Nolte, paragraph 2).
With regard to claim 5, the combination of references substantially discloses the claimed invention, however, the combination of references does not disclose the secure processor is configured to receive and forward the inputs to the main processor in the unsecured mode.  
However, Nolte teaches the secure processor is configured to receive and forward the inputs to the main processor in the unsecured mode (when running in “Clear Text Mode” the touch coordinates are transmitted to the processors. After successful authentication the SB is transferred into Clear Text Mode which allows the submission of touch events, paragraphs 19 and 221).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention was made to modify the combination of references to include, the secure processor is configured to receive and forward the inputs to the main processor in the unsecured mode, as taught in Nolte, in order to enter a PIN on a pos terminal to enable a financial transition (Nolte, paragraph 2).
Claims 11-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2016/0020906 to Nolte et al., in view of U.S. Patent Application Publication No. 2013/0266141 to Kim et al., and further in view of International Publication No. WO 2012/054786 to Bayer.
With regard to claim 11, Nolte discloses a payment terminal, comprising: a processor operable between a secured mode and an unsecured mode, wherein in the secured mode, the processor is configured to (paragraph 9, In a possible embodiment the Security-Box is configured to verify the signature or cryptogram of the application interacting with the Security-Box before allowing switching into “Secure Mode”. Only if the application is authenticated before the Security-Box the Security-Box changes into “Secure Mode”): 
interpret payment information based on inputs collected at the payment terminal (paragraphs 13 and 38, the secure user information is a PIN or a password to have access to personal account information and/or physical items. In this configuration the “Secure Mode” is a “PIN Entry Mode”.);
encrypt the payment information to generate secured payment information (paragraph 38, In a possible embodiment a virtual pin-pad is displayed on the touch screen the Security-Box switches to “PIN-Entry-Mode” and is configured to interpret the user touch as PIN, and to encrypt the PIN to forward the information together with credit card information to an associate service center/bank over a network controller); 
wherein in the unsecured mode, the processor is configured to: forward the inputs to a main processor for interpretation (paragraph 19, when running in “Clear Text Mode” the touch coordinates are transmitted to the processors).  
However, Nolte does not disclose a main processor in the payment terminal, wherein a housing of the payment terminal houses both the main processor and the processor operable between the secured mode and the unsecured mode; tag the secured payment information with unsecured transaction-associated information to generate tagged secured payment information; and transmit the tagged secured payment information.
However, Kim teaches a main processor in the payment terminal, wherein a housing of the payment terminal houses both the main processor and the processor operable between the secured mode and the unsecured mode (A handheld wireless communications device according to additional embodiments of the invention includes a data input device, which is configured to receive first input data provided by a user, and a security processor.  The security processor may also include a nonvolatile memory device, which is configured to store second personal identification information and financial transaction payment information therein. The second processor further includes a data and control interface circuit, which is configured to transfer financial transaction information from the second processor to the first processor. FIG. 3 is a block diagram illustrating a mobile device according to example embodiments of the inventive concept. Referring to FIG. 3, a mobile device 400 includes a main processor 410, a modem 420, an external nonvolatile memory device 430, an input device 460 and a security processor 500. The security processor 500 may be coupled between the main processor 410 and the input device 460. The security processor 500 may receive the input data ID from the input device 460, and may selectively provide the input data ID to the main processor 410 according to an input mode of the mobile device 400. The input interface 510 may selectively output the input data ID to the main processor 410 according to whether the input mode is a normal input mode or a secure input mode.  Examiner notes that a main process in the mobile device can be considered as “a main processor in the payment terminal”. Examiner notes that the main processor and the security processor are housing and constructed in the mobile device to be operated in a normal input mode or a secure input mode, which is considered as “a housing of the payment terminal houses both the main processor and the processor operable between the secured mode and the unsecured mode”, Fig. 3, paragraphs 10, 12, 47, and 49-50).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention was made to modify Bayer to include, a main processor in the payment terminal, wherein a housing of the payment terminal houses both the main processor and the processor operable between the secured mode and the unsecured mode, as taught in Kim, in order to operate same to process electronic payments securely (Kim, paragraph 2).
However, Bayer teaches tag the secured payment information with unsecured transaction-associated information to generate tagged secured payment information; and transmit the tagged secured payment information (the merchant server may embed a URL specific to the transaction into the checkout data.  The URL may point to a webpage, data file, executable script, etc., stored on the merchant's server dedicated to the transaction that is the subject of the card authorization request. For example, the object pointed to by the URL may include details on the purchase transaction, e.g., products being purchased, purchase cost, time expiry, status of order processing, and/or the like. Thus, the merchant server may provide to the payment network the details of the transaction by passing the URL of the webpage to the payment network. , paragraph 86).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention was made to modify Nolte to include, tag the secured payment information with unsecured transaction-associated information to generate tagged secured payment information; and transmit the tagged secured payment information, as taught in Bayer, in order to facilitate an expedited shopping experience (Bayer, paragraph 33).
With regard to claim 12, Nolte discloses the processor is configured to switch from the unsecured mode to the secured mode prior to interpreting the payment information; and wherein in the secured mode the processor is further configured to: o provide a display element to a display electrically connected to the processor; and collect the payment information from a secure input device electrically connected to the processor (paragraph 9, 13, and 38).  
With regard to claim 13, Nolte discloses the processor is configured to automatically switch from the secured mode to the unsecured mode responsive to verification of the payment information (claim 15, paragraphs 9 and 38).  
With regard to claim 14, the combination of references discloses the main processor is configured to: extract the unsecured transaction-associated information from the tagged secure payment information, without decrypting the secured payment information; and transmit the secured payment information to a payment gateway (Bayer, Fig. 15-16, paragraphs 51, 58, 86 and 19).  
With regard to claim 15, the combination of references discloses the main processor is further configured to: in response to receiving a payment response from the payment gateway, update a transaction resource with the unsecured transaction-associated information; and expose the unsecured transaction-associated information to a first application of a set of third party applications; wherein the first application is stored and executable by the main processor (Bayer, paragraphs 39-40 and 119).  
With regard to claim 16, the combination of references discloses exposing the unsecured transaction- associated information is based on a first permission level, wherein the main processor Page 65 of 68POYN-Po2-US4 is further configured to restrict the unsecured transaction-associated information provided to a second application of the set of third party applications based on a second permission level, wherein the second application is stored and executable by the processor (Bayer, paragraphs 39-41 and 51).  
With regard to claim 17, the combination of references discloses the unsecured transaction-associated information comprises customer information, and wherein restricting the unsecured transaction-associated information comprises restricting provision of the customer information to the second application (Bayer, paragraphs 39-41 and 51).  
With regard to claim 18, the combination of references discloses exposing the unsecured transaction- associated information to the first and second applications, respectively, is in response to the first and second applications requesting the unsecured transaction-association information (Bayer, paragraphs 39-41 and 51).  
With regard to claim 19, the combination of references discloses transmitting the secured payment information to the payment gateway comprises: transmitting the tagged secured payment information from the main processor to a remote system; and transmitting the secured payment information from the remote system to the payment gateway; Page 66 of 68POYN-Po2-US4 wherein the remote system extracts the unsecured transaction-associated information in response to receiving the tagged secured payment information (Bayer, paragraphs 51, 111, and 119).  
With regard to claim 20, the combination of references discloses the processor is further operable to: receive a payment response notification associated with a payment response from the remote system, wherein the payment response is associated with the secured payment information, wherein the remote system extracts a payment status from the payment response; and store the payment status, received from the remote system, in association with the unsecured transaction-association information at a transaction resource (Bayer, paragraphs 39-40 and 119, the pay network server may obtain the funds authorization response including a notification of successful authorization, and parse the message to extract authorization details).

	
Response to Arguments
Applicants' arguments filed on 04/04/2022 have been fully considered but they are not fully persuasive especially in light of the new art used in the rejections. 
Applicants remark that “Bayer and Nolte does not disclose a secure processor included in the payment terminal, wherein a housing of the payment terminal houses both the main processor and the secure processor; a main processor in the payment terminal, wherein a housing of the payment terminal houses both the main processor and the processor operable between the secured mode and the unsecured mode”.
Examiner directs Applicants' attention to the office action above.
Conclusion
Please refer to form 892 for cited references.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication from the examiner should be directed to Ariel Yu whose telephone number is 571-270-3312. The examiner can normally be reached on Monday-Friday 9:00am-5:00pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nathan Uber can be reached on 571-270-3923.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ARIEL J YU/Primary Examiner, Art Unit 3687