DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgment
Applicant preliminary amendment filed on September 21, 2020 is acknowledged. Accordingly claims 21-40 remain pending and have been examined.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees.  See In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent is shown to be commonly owned with this application.  See 37 CFR 1.130(b).
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer.  A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims 21-40, are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-17 of U.S. Patent No. 10,817,875 B2.  
Although the conflicting claims are not identical, they are not patentably distinct from each other. 
Claims 1 and 13 of the U.S. Patent No. 10,817,875 B2 is obvious variants or verbatim copy of claims 21 and 34 of the current application. 
Claim 4 of the U.S. Patent No. 10,817,875 B2 is obvious variants or verbatim copy of claims 24 of the current application. 
Claim 5 of the U.S. Patent No. 10,817,875 B2 is obvious variants or verbatim copy of claim 25 of the current application. 
Claim 9 of the U.S. Patent No. 10,817,875 B2 is obvious variants or verbatim copy of claim 33 of the current application. 
Claim 10 of the U.S. Patent No. 10,817,875 B2 is obvious variants or verbatim copy of claim 31 of the current application. 
Claim 11 of the U.S. Patent No. 10,817,875 B2 is obvious variants or verbatim copy of claim 32 of the current application. 
Claim 12 of the U.S. Patent No. 10,817,875 B2 is obvious variants or verbatim copy of claim 30 of the current application. 
Accordingly, it would have been obvious to one of ordinary skill in the art at the time of applicant’s invention to modify claims 1-17 of US. Patent No. 10,817,875 B2 by adding and/or substituting the limitations resulting generally in the claims of the present application since the present application and the claims recited in U.S. Patent No. 10,817,875 B2 actually perform the same or similar function. It is well settled that the omission of an element and its function is an obvious expedient if the remaining elements perform the same function as before. In re Karlson, 136 USPQ 184 (CCPA 1963; Also note Ex parte Rainu, 168 USPQ 375 (Bd. App. 1969). Omission of a reference element whose function is not needed would be obvious to one of ordinary skill in the art.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 21-40, are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Subject Matter Eligibility Standard
When considering subject matter eligibility under 35 U.S.C. 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter.  If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so, it must additionally be determined whether the claim is a patent-eligible application of the exception.  If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself.    Examples of abstract ideas include fundamental economic practices; certain methods of organizing human activities; an idea itself; and mathematical relationships/formulas. (Alice Corporation Pty. Ltd. v. CLS Bank International, et al. US Supreme Court, No. 13-298, June 19, 2014). 
Analysis
Step 1: In the instant case, 
claim 21 is directed to a method, which is a statutory category of invention and 
Claim 34 is directed to a mobile device, which is a statutory category of invention.
Step 2a: 
While claims 21 and 34 are directed towards a statutory category of invention, the claims are directed towards at least one judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) without significantly more. In the instant case, the claims are directed to an algorithm or protocol which describes the concept of receiving payment information…, encrypting the payment information…, providing a payment request…, receiving a payment response including re-encrypting the payment information--- which is considered an abstract idea. Thus an algorithm or a protocol for receiving payment information…, encrypting the payment information…, providing a payment request…, receiving a payment response including re-encrypting the payment information is not eligible subject matter. See grouping of abstract ideas in prong one of step 2A (see 2019 Revised Patent Subject Matter Eligibility Guideline). Claims 1 and 34 recites a series of steps that can be performed upon a generic, not purpose-built, computer. These steps include: receiving payment information…, encrypting the payment information…, providing a payment request…, receiving a payment response including re-encrypting the payment information ….These steps constitutes the abstract idea of organizing human activity or a mental process of manipulation data by a generic computer such that the sum of the claim steps amounts to no more than an abstract idea. The limitations that set forth this abstract idea include: 
receiving payment information…, encrypting the payment information…, providing a payment request…, receiving a payment response including re-encrypting the payment information....….
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of the claim such as “mobile device”, merely uses the mobile device as a tool to perform the abstract idea. The use of “mobile device”, does no more than generally link the abstract idea to a particular field of use, the use of “mobile device”, does not improve the functioning or performance of the processor/computer and the use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of “mobile device”, do not amount to significantly more than the abstract idea. As discussed above, taking the claim elements separately, the use of “mobile device”, does not improve the functioning or performance of the processor/computer and the use of a processor/computer does no more than use a processor/computer to implement the abstract idea. 
Viewed as a whole, the combination of elements recited in the claims merely recites the concept of “receiving payment information…, encrypting the payment information…, providing a payment request…, receiving a payment response including re-encrypting the payment information...” using a generic computer. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Dependent claims 22-33 and 35-40 further recite characteristics of data or continue to perform similar actions on data to perform the abstract idea. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Dependent claims 22-33 and 35-40 merely extend the abstract idea of claims 21 and 34 by describing the use of computer device or processor to receiving payment information…, encrypting the payment information…, providing a payment request…, receiving a payment response including re-encrypting the payment information... and only serve to add additional layers of abstraction to the abstract idea of claims 21 and 34. Therefore, the dependent claims are also not patent eligible.

Conclusion
The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not effect an improvement to another technology or technical filed; the claim does not amount to an improvement to the functioning of a computer system itself; and the claim does not move beyond a general link of the use of an algorithm to a particular technological environment. 
Accordingly, the Examiner concludes that there are no meaningful limitations in the claim that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself. Thus Examiner concludes that the claims are not directed to a patent-eligible subject matter under 35 U.S.C. 101 because it does not amount to significantly more than the abstract idea.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 21-40, is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al (hereinafter “Lee”) U.S. Patent Application Publication No. 2014/0222676 A1 in view of Spies et al (hereinafter “Spies”) U.S. Patent Application Publication No. 2011/0137802 A1

As per claims 21 and 34, Lee discloses a method comprising:
retrieving, by a mobile payment application on a mobile device, payment information including security information (see fig. 4, which discloses mobile payment application; 0008, which discloses that “a mobile payment apparatus which, when payment request information is received, receives payment method information and one-time password (OTP) information corresponding to the payment method information from at least one of a terminal, a user terminal, and a home shopping providing apparatus depending on purchase method selection information and, when the OTP information is authenticated using at least one of a telecommunication company apparatus and a card company apparatus, performs payment processing for the payment request information;”; 0049);
encrypting, by the mobile payment application using a first encryption key, the payment information to form encrypted payment information (0069, which discloses that “At this time, the mobile payment apparatus 140 transmits the OTP authentication key after encryption to the terminal 110, and this member registration process of the mobile payment apparatus 140 will now be described in more detail.”);
providing, by the mobile device to a server computer, a payment request including the encrypted payment information (0008, which discloses that “According to an aspect of the present invention to achieve the above objects, there is provided a mobile payment system comprising: a mobile payment apparatus which, when payment request information is received, receives payment method information and one-time password (OTP) information corresponding to the payment method information from at least one of a terminal, a user terminal, and a home shopping providing apparatus depending on purchase method selection information and, when the OTP information is authenticated using at least one of a telecommunication company apparatus and a card company apparatus, performs payment processing for the payment request information”), 
wherein the server computer decrypts the encrypted payment information using a second encryption key, includes an authentication response value from an authentication computer in the payment information, and re-encrypts the payment information with a third encryption key (0049, which discloses that “At this time, the terminal 110 receives an encrypted OTP authentication key from the mobile payment apparatus 140, decrypts the encrypted OTP authentication key,…”); and
receiving, by the mobile device from the server computer, a payment response including re-encrypted payment information, wherein a transaction processor associated with the mobile device decrypts the re-encrypted payment information using a fourth encryption key and initiates a payment transaction using the decrypted payment information (0049, which discloses that “At this time, the terminal 110 receives an encrypted OTP authentication key from the mobile payment apparatus 140, decrypts the encrypted OTP authentication key, re-encrypts the decrypt OTP authentication key together with information (e.g., PIN information) required for the authentication, and stores the resulting OTP authentication key. Here, the payment method information includes at least one of credit card information, check card information, phone bill information, and financial account information. For the operation of the terminal 110, the terminal 110 uses the mobile payment application 112 installed therein.”).
Alternatively Spies discloses 
receiving, by the mobile device from the server computer, a payment response including re-encrypted payment information, wherein a transaction processor associated with the mobile device decrypts the re-encrypted payment information using a fourth encryption key and initiates a payment transaction using the decrypted payment information (0041, which discloses that “the resulting decrypted payment card information may, if desired, be re-incrypted”)
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of Lee and incorporate a method, comprising: receiving, by the mobile device from the server computer, a payment response including re-encrypted payment information, wherein a transaction processor associated with the mobile device decrypts the re-encrypted payment information using a fourth encryption key and initiates a payment transaction using the decrypted payment information in view of the teachings of Spies in order to enhance security of the transaction

As per claim 22, Lee further discloses the method, wherein the authentication response value is obtained from the authentication computer (0049).

As per claim 23, Lee further discloses the method, wherein the transaction processor is a merchant application on the mobile device (see fig. 4 and associated text).

As per claim 24, Lee further discloses the method, wherein the authentication computer is operated by a payment processing network on-behalf-of an account issuer (see fig. 4 and associated text).

As per claim 25, Lee further discloses the method, wherein the payment information comprises payment credentials stored in a secure memory of the mobile device (0046; 0075; 0109).

As per claim 26, Lee further discloses the method, wherein the payment credentials comprise a payment token (0109; 0110).

As per claim 27, Lee further discloses the method, wherein the security information comprises user authentication data (0049; 0050; 0070; 0071).

As per claim 28, Lee further discloses the method, wherein the security information further comprises device-specific security values (0049).

As per claim 29, Lee failed to explicitly disclose the method, wherein the payment request further comprises a transaction processor certificate, and the server computer determines the third encryption key using the transaction processor certificate by:
validating that the transaction processor certificate is authentic;
verifying the transaction processor certificate is currently valid with a certificate authority; and
extracting the third encryption key from the transaction processor certificate.
Spies discloses the method, wherein the payment request further comprises a transaction processor certificate, and the server computer determines the third encryption key using the transaction processor certificate by:
validating that the transaction processor certificate is authentic (0021);
verifying the transaction processor certificate is currently valid with a certificate authority (0021); and
extracting the third encryption key from the transaction processor certificate (0021).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of Lee and incorporate a method, wherein the payment request further comprises a transaction processor certificate, and the server computer determines the third encryption key using the transaction processor certificate by: validating that the transaction processor certificate is authentic; verifying the transaction processor certificate is currently valid with a certificate authority; and extracting the third encryption key from the transaction processor certificate in view of the teachings of Spies in order to enhance security of the transaction

As per claim 30, Lee further discloses the method, wherein the transaction processor initiates the payment transaction by mapping the decrypted payment information to an authorization request message configured to be processed by a payment processing network (0070).

As per claim 31, Lee further discloses the method, wherein the authentication response value is validated by a payment processing network after initiation of the payment transaction during processing of the payment transaction (0049; 0070).

As per claim 32, Lee failed to explicitly disclose the method, wherein the first encryption key includes a public key of a third party public/private key pair, wherein the third party public/private key pair includes a third party public key and a third party private key, wherein the first encryption key includes the third party public key, and wherein the second encryption key includes the third party private key.
Spies discloses the method, wherein the first encryption key includes a public key of a third party public/private key pair, wherein the third party public/private key pair includes a third party public key and a third party private key, wherein the first encryption key includes the third party public key, and wherein the second encryption key includes the third party private key (0022; 0023; 0024).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of Lee and incorporate a method, wherein the first encryption key includes a public key of a third party public/private key pair, wherein the third party public/private key pair includes a third party public key and a third party private key, wherein the first encryption key includes the third party public key, and wherein the second encryption key includes the third party private key in view of the teachings of Spies in order to enhance security of the transaction

As per claim 33, Lee failed to explicitly disclose the method, wherein the server computer, the third party public key, and the third party private key are associated with a payment processing network.
Spies discloses the method, wherein the server computer, the third party public key, and the third party private key are associated with a payment processing network (0022; 0023; 0024).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of Lee and incorporate a method, wherein the server computer, the third party public key, and the third party private key are associated with a payment processing network in view of the teachings of Spies in order to enhance security of the transaction

As per claim 35, Lee further discloses the mobile device, wherein the transaction processor is a merchant application, and the mobile device further comprises a remote transaction application which communicates with the merchant application and the mobile payment application (see fig. 4 and associated text).

As per claim 36, Lee further discloses the mobile device, wherein the mobile device further comprises a secure element (0004).

As per claim 37, Lee further discloses the mobile device, wherein the payment information comprises a credential, and the credential is stored on the secure element (0004; 0058).

As per claim 38, Lee further discloses the mobile device, wherein the transaction processor is a merchant application (see fig. 4 and associated text).

As per claim 39, Lee further discloses the mobile device, wherein the mobile device comprises an antenna coupled to the processor (0004; 0058).

As per claim 40, Lee further discloses the mobile device, further comprising a remote transaction application, wherein the method further comprises:
sending, by the mobile payment application, the encrypted payment information to the remote transaction application, which generates the payment request (0108; 0109).

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Charles C. Agwumezie whose number is (571) 272-6838. The examiner can normally be reached on Monday – Friday 8:00 am – 5:00 pm.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Hayes can be reached on (571) 272 – 6708.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHINEDU C AGWUMEZIE/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        August 25, 2022