DETAILED ACTION

The following FINAL Office action is in response to Amendment filed on December 22, 2021 for application 16655248.

Acknowledgements

Claims 1-2, 4-14, and 16-18, and 20-22 are pending.
Claims 1-2, 4-14, and 16-18, and 20-22 have been examined.


Notice of Pre-AIA  or AIA  Status

The present application, filed on or after December 13, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments

Examiner respectfully agrees with the Applicant’s arguments and are moot under new grounds of rejection.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-2, 4-14, and 16-18, and 20-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over Radu (US 2015/0254639 A1) in view of Castinado et al. (US 2017/0076286 A1)
Regarding Claims 1 and 13, Radu discloses a method for approving use of a card using a token ID, comprising steps of:
- a) registering, by an intermediary server, card registration information, which includes, [a card token ID corresponding to card information on a user, user identification information, a push token ID corresponding to an app installed on a user device of the user], and a public key of the user , in a blockchain database and managing, at the intermediary server, a blockchain transaction ID representing the card registration information registered in the blockchain database (¶0086, ¶0087)
- acquiring payment request information, which includes the user identification information and order data corresponding to the use of the card of the user, from a service-providing device, and in response to acquiring the payment request information (¶0125)
- obtaining, at the intermediary server, the card registration information from the blockchain database by using the blockchain transaction ID corresponding to the user identification information included in the payment request information, wherein the intermediary server includes one or more servers each corresponding to a node of the blockchain database (¶0140, ¶0184)
- obtaining, at the intermediary server, the push token ID included in the obtained card registration information (¶0140, ¶0184)
- transmitting, by the intermediary server, an authentication request for the order data to the user device corresponding to the obtained push token ID (¶0140, ¶0184)
- b) obtaining a user signature value from the user device, the user signature being order 2Application No. 16/655,248 Reply to Office Action of September 17, 2020 data signed with a private key of the user, in response to transmitting the authentication request for the order data (¶0082, ¶0141, ¶0142)
- confirming, at the intermediary server, whether the user signature value is valid by using the public key of the user included in the obtained card registration information, and in response to confirming that the user signature value is valid, registering, at the intermediary server, the order data in the blockchain database (¶0082, ¶0141, ¶0142)
- c) at the intermediary server, transmitting, approval request information, including the order data included in the payment request information and the card token ID included in the obtained card registration information, to at least one financial server, and verifying, at the financial server, the order data included in the approval request information by referring to the order data registered in the blockchain database, wherein the order data corresponds to the card token ID included in the approval request information; transmitting, by the financial server, approval result information corresponding to a verification result to the intermediary server and obtaining the approval result information from the financial server; and in response to obtaining the approval result information from the financial server, registering, at the intermediary server, the approval result information in the blockchain 3Application No. 16/655,248 Reply to Office Action of September 24, 2021 database and transmitting, by the intermediary server, the approval result information to at least one of the service-providing device and the user device (¶0082, ¶0145, ¶0146)
	Radu does not disclose database used to register and retrieve data is a blockchain database.
Castinado discloses: database used to register and retrieve data is a blockchain database (¶0027, ¶0053).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system/method of Radu to include database used to register and retrieve data is a blockchain database, as disclosed in Castinado, in order to control access to data (see Castinado ¶0006).

Regarding Claims 2 and 14, Radu discloses wherein the financial server includes a 1-st financial server and a 2-nd financial server, further comprising: 4Application No. 16/655,248 Reply to Office Action of September 17, 2020  verifying, at  the 1-st financial server, the order data included in the approval request information by referring to the order data registered in the blockchain database, wherein the order data corresponds to the card token ID included in the approval request information, and, transmitting, at  the 1-st financial server, an approval request for the order data to the 2-nd financial server; and in response to the approval result information being transmitted from the 2-nd financial server to the 1-st financial server, receiving the approval result information from the 1-st financial server (¶0140, ¶0184).
Radu does not disclose order data registered in the blockchain database.
Castinado however discloses order data registered in the blockchain database (¶0027, ¶0053).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to modify the system/method of Radu to include order data registered in the blockchain database, as disclosed in Castinado, in order to control access to data (see Castinado ¶0006).
Regarding Claims 4 and 16, Radu discloses transmitting, at the intermediary server, the user authentication request, wherein the user device generates the private key and the public key in response to the user authentication request, the user device transmits a setting request, for the user to set confirmation information, to the user, and the user device stores the confirmation information obtained from the user; and receiving the public key from the user device (¶0140, ¶0184).

Regarding Claims 5 and 17, Radu discloses wherein the financial server includes a 1-st financial server and a 2-nd financial server, further comprising: 5Application No. 16/655,248 Reply to Office Action of September 17, 2020 transmitting, by the intermediary server, a verification request for the card information, wherein the 1-st financial server transmits the verification request for the card information to the 2-nd financial server and determining whether the verification result includes a card index key corresponding to the card information being transmitted from the 2-nd financial server to the 1-st financial server, in response to the verification result including the card index key corresponding to the card information being transmitted from the 2-nd financial server to the 1-st financial server, receiving the verification result from the 1-st financial server¶0140, ¶0184).

Regarding Claims 6 and 18, Radu discloses obtaining acquisition request information including acquisition data from the service-providing device wherein the acquisition data includes at least one piece of the order data which is requested for acquisition by the service-providing device among the order data registered in the blockchain database after being approved, and in response to obtaining the acquisition request information including acquisition data determining, at the intermediary server, whether the acquisition data is valid, transmitting a validation result of determining whether the acquisition data is valid to the service-providing device, and, registering, the acquisition data in the blockchain database; transmitting the acquisition request information including the acquisition data to the financial server, and determining, at  the financial server whether the acquisition data is valid and transmitting, by the financial server,  acquisition result information to the intermediary server; and  registering, the acquisition result information in the blockchain database and transmitting, the acquisition result information to the service-providing device (¶0082, ¶0145, ¶0146)

Regarding Claims 7 and 19, Radu discloses transmitting, by the intermediary server, the acquisition request information to the financial server, and determining, at the financial server whether the acquisition data included in the acquisition request information is registered in the blockchain database, and, determining, at the financial server, the acquisition data as valid (¶0082, ¶0145, ¶0146).

Regarding Claims 8 and 20, Radu discloses wherein the financial server includes a 1-st financial server and a 2-nd financial server, further comprising: transmitting, by the intermediary server, the acquisition request information to the financial server, wherein the 1-st financial server determines whether the 7Application No. 16/655,248 Reply to Office Action of September 17, 2020 acquisition data included in the acquisition request information is registered in the blockchain database, the 1-st financial server determines whether the acquisition data is valid, and in response to the acquisition data being determined as valid, transmitting, by the 1-st financial server, an acquisition request for the acquisition data to the 2-nd financial server; and, receiving, at the 2-nd financial server, the acquisition result information from the 1-st financial server (¶0082, ¶0145, ¶0146)

Regarding Claim 9, Radu discloses wherein the user identification information includes at least one of a user ID, an SSN, an ID of the user device, an IP address of the user device, a MAC address of the user device, and a phone number, as information unique to each user for identifying the user (¶0086, ¶0087).

Regarding Claim 10, Radu discloses extracting, by the intermediary server, the order data from the user signature value by using the public key of the user registered in the blockchain database; and determining whether the user signature value is valid by confirming whether the order data extracted from the user signature value corresponds to the order data included in the payment request information (¶0082, ¶0141, ¶0142).

Regarding Claim 11, Radu discloses transmitting, by the intermediary server, a confirmation request for the confirmation information to the user in response to the authentication request for the order data, wherein the user device determines whether the confirmation information obtained from the user corresponds to preset confirmation information, and in response to the confirmation information obtained from the user corresponding to the preset confirmation information, transmitting, by the user device, the user signature value created by signing the order data with the private key of the user (¶0082, ¶0141, ¶0142).

Regarding Claim 12, Radu discloses wherein, the confirmation information includes at least one of (i) a password, (ii) a PIN code, (iii) fingerprint information of the user, and (iv) biometric information of the user (¶0086, ¶0087).

Regarding Claim 21, Radu discloses 
- obtaining card registration request information which includes personal information on the user, the user identification information, the card information, and the push token ID being obtained from the user device, and transmitting a verification request for the card information from the intermediary server to the financial server; obtaining a verification result including a card index key corresponding to the card information from the financial server, and generating, at the intermediary server, a card token ID corresponding to the card index key and transmitting, by the intermediary server, a user authentication request for a user authentication to the user device corresponding to the push token ID; and obtaining the public key of the user corresponding to the user authentication from the user device, and in response to obtaining the public key of the user from the user device, 15Application No. 16/655,248 Reply to Office Action of September 17, 2020 registering, by the intermediary server, in the blockchain database, the card token ID, the user identification information, the push token ID, and the public key and obtaining the blockchain transaction ID corresponding to the registration process; and transmitting, by the intermediary server, the card token ID and the card index key to the financial server, and in response to the transmitting, generating, by the financial server, mapping relation between the card information and the card token ID (¶0086, ¶0087).

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZEHRA RAZA whose telephone number is (571)272-8128. The examiner can normally be reached 10AM-6:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ZEHRA RAZA/Examiner, Art Unit 3685       

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685