DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	This is in reply to communication filed on 02/08/2022.
	Claims 1, 3, 6, 8, 10, 13, 15, 17 and 20 have been amended. 
	Claims 1-20 are currently pending and have been examined. 


Response to Arguments
	Applicant’s arguments with respect to claims 1-20, filled on 02/08/2022, have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.



Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


	Claims 1-4, 6-11, 13-18 and 20 are rejected under 35 U.S.C 103 as being unpatentable over US Pat. Pub. No. 2015/0066778 to JANG et al. (“JANG”) in view of US. Pat. Pub. No. 2008/0223918 to Williams et al. further in view of US. Pat. No. 8769279 to von Mueller et al. (“von Mueller”).

		Regarding claims 1, 8 and 15. JANG teaches a computer-implemented method, comprising: 
		scanning, by a point-of-sale (POS) machine while offline (JANG, Fig. 1. [0057]; “The seller terminal 104 … a point of sale (POS) terminal”. [0005]; “[0005] A digital card system is a mobile payment technology for using a mobile device ... offline”), a two-dimensional code presented on a mobile computing device ([0058]; “the seller terminal 104 may acquire the token from the purchaser terminal 102 by scanning a code (for example, a visually recognizable code such as a barcode or QR code) that is displayed on a screen of the purchaser terminal 102” Fig. 6; “recognize 2D code 606”)); 
		parsing, by the POS machine while offline, the two-dimensional code to identify a credit payment code for making a payment (JANG, [0055]; “The term "token" used herein means a character string that is generated and managed according to card information of a user”) associated with the credit payment code (JANG, [0058]; “The seller terminal 104 acquires a token from the purchaser terminal 102 which desires to purchase a product and transmits the acquired token and payment information on the desired product to the card management server 106 to request payment of the product”); 
		decrypting, by the POS machine while offline, the credit payment code based on asymmetric key decryption (JANG, [0061]; “message communication between the purchaser terminal 102 and the card management server 106 may be encrypted by an ID-based public-key encryption/decryption algorithm”) to obtain a credit payment token (JANG, Fig. 6; “convert recognized 2D code to token 608”. [0096]; “message communication between the purchaser terminal 102 and the card management server 106 may be encrypted by an ID-based public-key encryption/decryption algorithm”)), wherein at least part of the credit payment token (JANG, [0055]; “token is generated corresponding to one piece of card information, and is stored and managed to be matched with the card information”) private key is generated for an user account (JANG, [0012]; “decrypt the reception message using a client-side private key generated from the identification information of the purchaser terminal”. [0061]; “the purchaser terminal 102 may generate … private key based on its phone number),  and wherein the credit payment token comprises user identity information that is encrypted using a public key (JANG, [0063]; “the card management server 106 may encrypt the generated token with an encryption algorithm that uses a client-side identifier corresponding to the purchaser terminal 102 as a public key … the client-side identifier may be a phone number”); 
		connecting, by the POS machine, to a server for verification and execution of the payment by the server at a predetermined time (JANG, Fig. 6, [0097-0100]; “the seller terminal 104 encrypts the token along with the product information and the payment information and transmits a message including the encrypted token, product information, and payment information to a card management server 106 (610) …  When the payment confirmation message is normally received, the card management server 106 transmits an approval completion message to the purchaser terminal 102”. [0029]; “a payment confirmation message is received from the purchaser terminal in a predetermined time”).

		JANG substantially discloses the claimed invention; however, JANG fails to explicitly disclose the token “is signed by”. However, Williams teaches: is signed by a private key (Williams, [0033]; “the token is digitally signed by the issuing bank's private key”).
		Therefore, it would have been obvious to one of ordinary skill in the offline payment devices art at the time of filing to modify JANG’s token to be signed by a private key, as taught by Williams, in order to improve security for remote purchases using credit cards. See Williams [0003].

		The combination of JANG in view of Williams substantially discloses the claimed invention; however, the combination fails to explicitly disclose the “parsing, by the POS machine while offline, the credit payment token to obtain security content included in the credit payment token, wherein the security content comprises transaction information, user identity information, and one or more random numbers corresponding to the credit payment token; determining, by the POS machine while offline, that the payment associated with the credit payment code satisfies the security content, comprising determining that one or more random numbers have not been included in previous payments and recorded by the POS machine; in response to determining that the payment associated with the credit payment code satisfies the security content, accepting, by the POS machine, the payment offline; and after accepting the payment offline”. However, von Mueller teaches:
		parsing, by the POS machine while offline, the credit payment token (von Mueller, col.13- lines 2-16; “a credit card utilizing a magnetic stripe is the token 101, data capture device 103 can include any of a variety of forms of magnetic stripe readers to extract the data from the credit card”. Fig. 10, receive token data 240”. Col. 34-lines 63-65; “obtain, detect, or otherwise read data from token 111”).to obtain security content included in the credit payment token (von Mueller, Fig. 10; “determine signature 246”. col. 23, lines 63 – col. 24, lines 2; “where the secure transaction module is configured to decrypt account information”), wherein the security content comprises transaction information (von Mueller, col. 24, 8-11; “the secure transaction module can provide hashes, transaction amounts, merchant IDs, terminal IDs, transaction dates, etc. for reporting transaction information or other data”), the user identity information that is encrypted using the public key, and one or more random numbers corresponding to the credit payment token (von Mueller, col.5-lines 27, to col. 6-lilnes 1; “The signature information included with the transaction data can be used to authenticate the token … encrypted using keys … additional measure of security … such as PIN code … biometric or other information that may be provided to authenticate a user can also be encrypted to provide a measure of security in that information”); 
		determining, by the POS machine while offline, that the payment associated with the credit payment code satisfies the security content (von Mueller, Fig. 10; “valid 262”. Col. 35-lines 32-33; “a determination as to whether the token 111 is valid based on the authenticity of the signature in a Step 262”. col. 24, lines 13-16; “The hash stored in the secure transaction module could be used to verify that subsequent encrypted transactions are not "replays" of an earlier transaction”), 
		comprising determining that the one or more random numbers have not been included in previous payments and recorded by the POS machine (von Mueller, col. 24; lines 8-11; “hashes of the account information or other token data can be maintained at the secure transaction module to enable the module to check for duplicate transactions”); 
		in response to determining that the payment associated with the credit payment code satisfies the security content, accepting, by the POS machine, the payment offline; (von Mueller, Fig. 10; “check authenticity 260” > “valid 262” > “forward for processing 264”. Col. 35, lines 31-35; “Step 250, and make a determination as to whether the token 111 is valid based on the authenticity of the signature in a Step 262. If valid, the transaction can be forwarded for further processing based on the token data itself as illustrated by Step 264”), 
		Therefore, it would have been obvious to one of ordinary skill in the offline payment devices art at the time of filing to modify JANG to include parsing, by the POS machine while offline, the credit payment token to obtain security content included in the credit payment token, wherein the security content comprises transaction information, the user identity information that is encrypted using the public key, and one or more random numbers corresponding to the credit payment token; determining, by the POS machine while offline, that the payment associated with the credit payment code satisfies the security content, comprising determining that the one or more random numbers have not been included in previous payments and recorded by the POS machine; in response to determining that the payment associated with the credit payment code satisfies the security content, accepting, by the POS machine, the payment offline; and after accepting the payment offline, as taught by von Mueller, where this would be performed in order to enable or otherwise facilitate various forms of token transactions.  See von Mueller, col. 3, lines 42-43.


		Regarding claims 2, 9 and 16. The combination of JANG in view of Williams further in view of von Mueller disclose the computer-implemented method of claim 1, 
		The combination of JANG in view of Williams substantially discloses the claimed invention; however, the combination fails to explicitly disclose the “the transaction information includes at least one of a generation time of the credit payment token, a predetermined time duration the credit payment code is valid, payment account information, or authorized payee information”. However, von Mueller teaches: 
		wherein the transaction information includes at least one of a generation time of the credit payment token, a predetermined time duration the credit payment code is valid, payment account information, or authorized payee information (von Mueller, col. 12, lines 4-6; “The token is typically accepted by the merchant, the account information read, and used to credit the transaction”. Col. 18, lines 3-5; “encryption module 132 is implemented so as to encrypt a portion of the account number to provide a certain measure of security to the account information”).
		Therefore, it would have been obvious to one of ordinary skill in the offline payment devices art at the time of filing to modify JANG to include the transaction information includes at least one of a generation time of the credit payment token, a predetermined time duration the credit payment code is valid, payment account information, or authorized payee information, as taught by von Mueller, where this would be performed in order to provide decryption of some or all of the token data that has been encrypted to facilitate transaction routing and processing. See von Mueller, col. 4, lines 44-46.


	Regarding claims 3, 10 and 17. The combination disclose the computer-implemented method of claim 2, wherein the user identity information is encrypted using [[a]]  the public key different form a second public key that decrypts the credit payment token (JANG, [0074]; “an encryption algorithm that uses identification information (a phone number, etc.) of the purchaser terminal 102 as a public key … decrypt the encrypted payment confirmation request using a client-side private key”), and wherein the transaction information is encrypted using [[a]] the  private key (JANG, [0074]; “The payment confirmation request is encrypted with an encryption algorithm that uses identification information (a phone number, etc.) of the purchaser terminal 102 as a public key and transmitted from the card management server 106 to the payment confirmation module 206”), and wherein decrypting, by the POS machine while offline, the credit payment code based on the asymmetric key decryption to obtain the credit payment token comprises decrypting the transaction information using the second public key and keeping the user identity information encrypted (JANG, [0011-]; “a security module configured to encrypt a transmission message transmitted to the card management server and decrypt a reception message received from the card management server … The security module may encrypt the transmission message with an encryption algorithm that uses identification information …  an identity (ID) of the user”). 


	Regarding claims 4, 11 and 18. The combination disclose the computer-implemented method of claim 1, wherein determining that the payment associated with the credit payment code satisfies the security content further includes determining the credit payment code is obtained at a point-in-time within a predetermined time duration, and wherein the predetermined time duration begins at generation of the credit payment token (JANG, [0029]; “The card management server may transmit a payment confirmation request to the purchaser terminal when a payment approval message is received from the card company server according to the payment request and determine that the payment for the product is successful when a payment confirmation message is received from the purchaser terminal in a predetermined time”).  

	Regarding claims 6, 13 and 20. The combination disclose the computer-implemented method of claim 1, further comprising: registering the POS machine to the server before obtaining the credit payment code (JANG, [0085]; “encrypt data transferred between systems using the ID-based encryption technique, thus minimizing a delay time caused by complicated public key authentication, and may also transmit the encrypted message only to a registered purchaser terminal 102”); and receiving [[a]] the public key from the server for decrypting the credit payment code (JANG, [0085-0088]; “the digital card-based payment system may initially generate a code and then continuously reuse the generated code, unlike a conventional technique in which a new code is generated whenever payment is made … generates a pair of a public key and a private key”).

		Regarding claims 7 and 14. The combination disclose the computer-implemented method of claim 3, further comprising 
		The combination of JANG in view of Williams substantially discloses the claimed invention; however, the combination fails to explicitly disclose the “recording a credit payment after determining that the payment associated with the credit payment code satisfies the security content, recording information associated with the decrypted transaction information and the encrypted user identity information; and sending the recorded information to the server”. However, von Mueller teaches:
		recording a credit payment after determining that the payment associated with the credit payment code satisfies the security content, recording information associated with the decrypted transaction information and the encrypted user identity information (von Mueller, col. 5, lines 4-10; “features and functionality can be provided to assist detecting duplicate transactions. For example, transactions can be hashed to generate unique hash codes used to verify that subsequent transactions are not replays of an earlier transaction. Additionally, sequence numbers, signature detection and other techniques can be used to verify the authenticity of a token and a given transaction”); and sending the recorded information to the server (von Mueller, Fig. 32; “send transaction 708”. col. 59, lines 48-; “These keys can be transmitted in an encrypted fashion to preserve their integrity … a new random number generator or other algorithm that might be used to generate keys is provided as an update, this algorithm can be updated at the data capture device and sent, in some embodiments in encrypted form, to the transaction processing server to update their records as well”).
		Therefore, it would have been obvious to one of ordinary skill in the offline payment devices art at the time of filing to modify JANG to include recording a credit payment after determining that the payment associated with the credit payment code satisfies the security content, recording information associated with the decrypted transaction information and the encrypted user identity information; and sending the recorded information to the server, as taught by von Mueller, where this would be performed in order to provide decryption of some or all of the token data that has been encrypted to facilitate transaction routing and processing.  See von Mueller, col. 4, lines 44-46.


	Claims 5, 12 and 19 are rejected under 35 U.S.C 103 as being unpatentable over JANG in view of Williams in view of von Mueller further on view of US Pat. Pub. No. 2015/0248664 to Makhdumi et al. (“Makhdumi”).

	Regarding claims 5, 12 and 19. The combination disclose the computer-implemented method of claim 1, wherein 
		The combination of JANG in view of Williams in view of von Mueller substantially discloses the claimed invention; however, the combination fails to explicitly disclose the “the two- dimensional code is valid for offline payment use for a predetermined number of time”. However, Makhdumi teaches: the two- dimensional code is valid for offline payment use for a predetermined number of times (Makhdumi, [0033]; “The second user 121a may generate a limited-time-validity QR code, e.g., 122, including information on the amount of money to be transferred, as well as a privacy token/alias linked to a financial account of the second user”).  

		Therefore, it would have been obvious to one of ordinary skill in the offline payment devices art at the time of filing to modify JANG to include  two- dimensional code is valid for offline payment use for a predetermined number of times, as taught by Makhdumi, where this would be performed in order to reduce the need to manage many different cards, coupons, and other devices when making purchases . See Makhdumi, [0005].

	
Conclusion
1.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

2.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to AVIA SALMAN whose telephone number is (313)446-4901.  The examiner can normally be reached on Monday thru Friday; 9:00 AM to 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FAHD OBEID can be reached on (571)270-3324.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/AVIA SALMAN/Examiner, Art Unit 3687                                                                                                                                                                                                        
/PETER LUDWIG/Primary Examiner, Art Unit 3687