DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This office action is in response to the claim amendments filed on April 07, 2022.
Claims 1-22 are pending.
Claims 1-22 have been examined.

Response to Arguments
With respect to Claim Rejections - 35 USC § 101:
Applicant Arguments/Remarks (see Arguments/Remarks pages 10-16):
The Examiner, however, respectfully disagrees. 
The claims recite generating random numbers and authenticating a device. Specifically, the claims recite “generating, at the first …, a first random number and encrypting the first random number based on a first key of a first private-public key pair; sending, by the first …, the encrypted first random number to a …; receiving, at the first …, a transaction identifier for the transaction, the first random number and a second random number from the …, wherein the transaction identifier, the first random number and the second random number are encrypted based on a first key of a second private-public key pair; decrypting, at the first …, the encrypted transaction identifier, the encrypted first random number and the encrypted second random number received based on a second key of the second private-public key pair; verifying, at the first …, the first random number decrypted; and sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second … for authenticating the first … for the transaction based on the second random number.”, which is grouped within the “certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because it describes a method for carrying out a commercial interaction between parties that involves communicating data needed to complete a transaction to the parties. Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
Additionally, The claims recite an abstract idea of generating random numbers and authenticating a device for example, see published application Fig. 1 and paragraphs [0015-0016], “FIG. 1 depicts a schematic flow diagram of a method 100 (computer- implemented method) of performing authentication for a transaction between a first device and a second device. The method 100 includes, at 102, generating, at the first device, a first random number and encrypting the first random number based on a first key (e.g., a public key) of a first private-public key pair (e.g., generated for or in relation to a server, which may also be referred to as the server's private-public key pair); at 104, sending, by the first device, the encrypted first random number to the server; at 106, receiving, at the first device, a transaction identifier for the transaction, the first random number and a second random number from the server, wherein the transaction identifier,20 the first random number and the second random number are encrypted based on a first key (e.g., a public key) of a second private-public key pair (e.g., generated for or in relation to the first device, which may also be referred to as the first device's private- public key pair); at 108, decrypting, at the first device, the encrypted transaction identifier, the encrypted first random number and the encrypted second random number25 received based on a second key (e.g., a private key) of the second private-public key pair; at 110, verifying, at the first device, the first random number decrypted; and at 112, sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number. [0016] For example, the first key of the first private-public key pair for encrypting the first random number may be the public key of the private-public key pair generated for the server (or simply referred to as the server's public key). Correspondingly, it will be appreciated by a person skilled in the art that the first key of the first private-public key pair for encrypting the first random number may instead be the secret key of the private- public key pair generated for the first device (or simply referred to as the first device's5 secret ky), since the server possesses the first device's public key, and thus would also be able to decrypt the first random number encrypted by the first device's secret key. It will be appreciated to a person skilled in the art that this similarly applies to other private- public key pairs and to the encryption/decryption of other data disclosed herein, and thus need not be explained again throughout the description for conciseness.”

This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claim(s) such as a server, first device and second device merely use(s) a computer as a tool to perform an abstract idea. Specifically, the server, first device and second device perform(s) the steps or functions of “generating, at the first device, a first random number and encrypting the first random number based on a first key of a first private-public key pair; sending, by the first device, the encrypted first random number to a server; receiving, at the first device, a transaction identifier for the transaction, the first random number and a second random number from the server, wherein the transaction identifier, the first random number and the second random number are encrypted based on a first key of a second private-public key pair; decrypting, at the first device, the encrypted transaction identifier, the encrypted first random number and the encrypted second random number received based on a second key of the second private-public key pair; verifying, at the first device, the first random number decrypted; and sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number.”
The Examiner further determines (Step 2A), based on the current record, that claim 1 uses a computer system as a tool to implement/automate the functions such as “generating, a first random number and encrypting the first random number; sending, data i.e., the encrypted first random number to the server; receiving, data i.e., a transaction identifier for the transaction, from the server; decrypting, the encrypted transaction identifier; verifying, the first random number decrypted; and sending, data i.e., the transaction identifier, and the second random number to the second device. The use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea.
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of using a server, first device and second device to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of generating random numbers and authenticating a device. As discussed above, taking the claim elements separately, the server, first device and second device perform(s) the steps or functions of “generating, at the first device, a first random number and encrypting the first random number based on a first key of a first private-public key pair; sending, by the first device, the encrypted first random number to a server; receiving, at the first device, a transaction identifier for the transaction, the first random number and a second random number from the server, wherein the transaction identifier, the first random number and the second random number are encrypted based on a first key of a second private-public key pair; decrypting, at the first device, the encrypted transaction identifier, the encrypted first random number and the encrypted second random number received based on a second key of the second private-public key pair; verifying, at the first device, the first random number decrypted; and sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of generating random numbers and authenticating a device.” These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of generating random numbers and authenticating a device. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible. Therefore, this ground of rejection is maintained.

With respect to Claim Rejections - 35 USC § 103
Regarding claim 1: See Applicant Arguments/Remarks pages 17-19): “1. The references, either taken alone or in combination, fail to disclose or suggest all the limitations of the independent claims as relied on by Office Action
A. The references, either alone or in combination, fail to disclose or suggest at least "preforming authentication for a transaction between a first device and a second device" using a "server" of the independent claims
Applicant respectfully submits that the primary reference, Fuxin, fails to disclose or suggest all the limitations of the independent claims, specifically the limitations regarding "preforming authentication for a transaction between a first device and a second device," whereby the first device and the second device claimed are separate and different from the claimed server used for the authentication. Indeed, and as shown by the independent claims, the system described herein is directed to performing an authentication between a first device and a second device, through a server.”

Applicant’s arguments with respect to claim 1 have been considered.  The Examiner, however, respectfully disagrees.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  
In this case, Fuxin discloses, a communication system between a terminal and a cloud server. And exchanging data (e.g., random numbers) and using public-private keys pairs to authenticate the terminal and the cloud server (see abstract and disclosed below). Additionally, "preforming authentication for a transaction between a first device and a second device," this is preamble language and not part of the recited claim limitations.

Applicant is of the opinion prior art fails to disclose (see Applicant Arguments/Remarks pages 17-18): “…Indeed, nowhere in Fuxin is there disclosure or suggestion of an authentication for a transaction "between a first device and a second device," whereby such a first device and a second device are different from a mentioned server. Thus, Fuxin fails to disclose or suggest at least this limitation of the independent claims. Applicant failed to argue specific positively claim limitations…”

Applicant’s arguments with respect to claim 1 have been considered.  The Examiner, however, respectfully disagrees.
Firstly, Applicant failed to argue specific positively claim limitations. At best, Applicant states “…Indeed, nowhere in Fuxin is there disclosure or suggestion of an authentication for a transaction “between a first device and a second device.” Additionally, Applicant should submit an argument under the heading “Remarks” pointing out disagreements with the examiner’s contentions.  Applicant must also discuss the references applied against the claims, explaining how the claims avoid the references or distinguish from them.

However, Fuxin discloses this language, an authentication for a transaction.
sending, by the first device, [data], and the second random number to the [device] via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number (Fuxin [0120], “After the terminal successfully authenticates the cloud server, it uses the first random number and the second random number to encrypt the preset response information to generate a third ciphertext, and the third ciphertext is Sent to the cloud server”), (see paragraphs [0120]-[0123] and Fig. 5 and related text).

Fuxin further discloses, sending data (e.g., random numbers) to the cloud server for authenticating the first device (e.g., the terminal) (see abstract).
Fuxin does not specifically disclose: sending data (e.g., random numbers) to the second device for authenticating the first device.
However, BAIK discloses:
sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number (BAIK [0022], “the 3-channel settlement authentication method using a quantum random number generator, first, a mobile terminal 100 requests a random number from a POS terminal 200 and a bank server 300 (S110, S111). Step S110 and step S111 may be sequentially performed or simultaneously performed.” [0027], “when a user requests settlement (S150), the mobile terminal 100 sends the second quantum random number QRN2, received from the bank server 300, to the POS terminal 200 (S160) and sends the first quantum random number QRN1, received from the POS terminal 200, to the bank server 300 (S161).”), (see paragraphs [0022]-[0030).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.
Secondly, with respect to this language, “between a first device and a second device.”, the Examiner is unable to locate this language in the claim limitations. Therefore, this ground of rejection is maintained.

Applicant is of the opinion prior art fails to disclose: see Applicant Arguments/Remarks pages 20-21: “B. The references, either taken alone or in combination, fail to disclose or suggest at least "receiving, at a first device,.. .the first random number and a second random number from the server.”

Applicant’s arguments with respect to claim 1 have been considered.  The Examiner, however, respectfully disagrees.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).
In this case, Fuxin discloses:
receiving, at the first device, …, the first random number (the Examiner considers the second ciphertext including the first decryption information (e.g., first random number) to be the first random number) and a second random number (e.g., second ciphertext including the second random) from the server, (Fuxin [0115], “the cloud server decrypts the first ciphertext to obtain first decryption information, encrypts the second random number generated by the cloud server and the first decryption information, generates a second ciphertext, and Sending the second ciphertext to the terminal” [0015], “The cloud server is further configured to decrypt the first ciphertext using a pre-stored cloud server private key to obtain first decryption information, and use the terminal key in the first decryption information to generate the The second random number is encrypted with the first random number in the first decryption information, a second ciphertext is generated, and the second ciphertext is sent to the terminal”), (see paragraphs [0017], [0058], [0110]-[0111], [0115]-[0116] and Fig. 5 and related text);
Furthermore, Fuxin clearly discloses “receiving, at a first device,.. .the first random number and a second random number from the server” because Fuxin authenticates the based on the data (i.e., first random number and second random number) the terminal received from the cloud server (Fuxin [0026], “The third encryption module is configured to encrypt the second random number generated by the cloud server and the first decryption information, generate a second ciphertext, and send the second ciphertext to the terminal for use by the terminal Decrypt the second ciphertext to obtain second decryption information, and authenticate the cloud server according to the second decryption information and the first random number. After the cloud server is successfully authenticated, Encrypt the preset response information by using the first random number and the second random number, generate a third ciphertext, and return the third ciphertext…”).
Additionally, Yu discloses: receiving, at the first device, a transaction identifier for a transaction and first random number from the server (Yu [0253], “the OPS may further perform the following parts: The OPS generates a first random number and a transaction identifier (namely, a transaction ID). The OPS sends the first random number and the transaction identifier to the eUICC by using the LPA. The OPS receives third information sent by the eUICC by using the LPA.” [0257], “the eUICC receives a first random number and a transaction identifier;”), (see paragraphs [0253], [0202] and [0257]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Fuxin with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

The Applicant argues that the Examiner relies on Baik to allegedly teach “receiving, at a first device,...the first random number and a second random number from the server.” See page 20 of the Applicant Arguments/Remarks: “The Office Action relies on the Baik reference to disclose the limitation "receiving, at a first device,...the first random number and a second random number from the server." However, Baik fails to disclose at least a device (e.g., a mobile terminal) which receives a first random number and a second random number from a server, as required by the claims.”
In response, the Examiner points out that the Examiner did not relied on Baik to teach "receiving, at a first device,...the first random number and a second random number from the server." As shown above. Therefore, this ground of rejection is maintained.

Applicant is of the opinion the combination of references is based on improper hindsight bias (see Applicant Arguments/Remarks pages 22-21): “A. The combination of Fuxin and Yu to allegedly disclose "exchanging a transaction identifier for a transaction between the terminal and cloud server" is improperly based on hindsight in view of Applicant's application 
Applicant respectfully submits that the combination of Fuxin with Yu is improperly based on hindsight in view of Applicant's application. In establishing obviousness via a combination of references, a proper motivation to combine must be provided.”

Applicant’s arguments with respect to claim 1 have been considered.  The Examiner, however, respectfully disagrees.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  
In this case, Fuxin discloses, a communication system between a terminal and a cloud server. And exchanging data (e.g., random numbers) and using public-private keys pairs to authenticate the terminal and the cloud server (see abstract and disclosed above). Fuxin does not specifically disclose: exchanging a transaction identifier for a transaction between the terminal and cloud server.
However, the Examiner, relied on Yu, an analogous art of security, relates to the field of terminal technologies, and in particular, to a method and system for updating a certificate issuer public key, and a related device, discloses: receiving, at the first device, a transaction identifier for a transaction and first random number from the server, (see paragraphs [0253], [0202] and [0257], as shown above). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Fuxin with Yu to include additional identifier/authentication data to enhance security. Therefore, this ground of rejection is maintained.

Applicant is of the opinion the combination of references is based on improper hindsight bias (see Applicant Arguments/Remarks pages 20-21): “B. The combination of Fuxin and Baik to allegedly disclose "sending data (e.g., random numbers) to the second device for authenticating the first device" is improperly based on hindsight in view of Applicant's application 
Applicant respectfully submits that the combination of Fuxin with Baik is improperly based on hindsight in view of Applicant's application.”

Applicant’s arguments with respect to claim 1 have been considered.  The Examiner, however, respectfully disagrees.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  
In this case, Fuxin discloses, sending data (e.g., random numbers) to the cloud server for authenticating the first device (e.g., the terminal), (see abstract and disclosed above).
Fuxin does not specifically disclose: sending data (e.g., random numbers) to the second device for authenticating the first device.
The Examiner, relied on BAIK, an analogous art of security (e.g., settlement authentication), relates to the a settlement authentication method and system using a quantum random number generator and, more particularly, to a 3-channel settlement authentication method and system using a natural random number., discloses: sending data (e.g., random numbers) to the second device for authenticating the first device, (see paragraphs [0022]-[0030), as shown above). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to include additional device (e.g., the second device) for the purpose of authenticating a transaction to enhance security. Therefore, this ground of rejection is maintained.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-22 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 1-10 are directed to a method, claims 11-21 are directed to a system comprising a memory and a processor and claim 22 is directed to a non-transitory computer-readable storage medium. Therefore, these claims fall within the four statutory categories of invention. 
The claims recite generating random numbers and authenticating a device. Specifically, the claims recite “generating, at the first …, a first random number and encrypting the first random number based on a first key of a first private-public key pair; sending, by the first …, the encrypted first random number to a …; receiving, at the first …, a transaction identifier for the transaction, the first random number and a second random number from the …, wherein the transaction identifier, the first random number and the second random number are encrypted based on a first key of a second private-public key pair; decrypting, at the first …, the encrypted transaction identifier, the encrypted first random number and the encrypted second random number received based on a second key of the second private-public key pair; verifying, at the first …, the first random number decrypted; and sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second … for authenticating the first … for the transaction based on the second random number.”, which is grouped within the certain methods of organizing human activity grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because it describes a process for carrying out a commercial interaction between parties that involves communicating data needed to complete a transaction to the parties. Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claim(s) such as a server, first device and second device merely use(s) a computer as a tool to perform an abstract idea. Specifically, the server, first device and second device perform(s) the steps or functions of “generating, at the first device, a first random number and encrypting the first random number based on a first key of a first private-public key pair; sending, by the first device, the encrypted first random number to a server; receiving, at the first device, a transaction identifier for the transaction, the first random number and a second random number from the server, wherein the transaction identifier, the first random number and the second random number are encrypted based on a first key of a second private-public key pair; decrypting, at the first device, the encrypted transaction identifier, the encrypted first random number and the encrypted second random number received based on a second key of the second private-public key pair; verifying, at the first device, the first random number decrypted; and sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number.” The use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of using a server, first device and second device to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of generating random numbers and authenticating a device. As discussed above, taking the claim elements separately, the server, first device and second device perform(s) the steps or functions of “generating, at the first device, a first random number and encrypting the first random number based on a first key of a first private-public key pair; sending, by the first device, the encrypted first random number to a server; receiving, at the first device, a transaction identifier for the transaction, the first random number and a second random number from the server, wherein the transaction identifier, the first random number and the second random number are encrypted based on a first key of a second private-public key pair; decrypting, at the first device, the encrypted transaction identifier, the encrypted first random number and the encrypted second random number received based on a second key of the second private-public key pair; verifying, at the first device, the first random number decrypted; and sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of generating random numbers and authenticating a device.” Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Regarding dependent claims: 3, 5, 6, 7, 9, 10, 13, 15, 16, 17, 19 and 20 further describe the abstract idea of generating random numbers and authenticating a device. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible.
Regarding dependent claims: 2, 4, 8, 12, 14 and 18 further describe the abstract idea of generating random numbers and authenticating a device. The claims 2, 4, 8, 12, 14 and 18 recite additional elements such as verifying the digital signature of the message. Therefore, they fails to recite a practical application or significantly more than the abstract ideas. Therefore, the dependent claims are also not patent eligible.

Claim Rejections - 35 USC § 103
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-9 and 11-19 are rejected under 35 U.S.C. 103 as being unpatentable over Liu Fuxin (CN105871920A) in view of Yu et al. (US 20190394053 A1) and further in view of BAIK et al. (US 20180068305 A1).

Regarding claims 1, 11, 21 and 22: Fuxin discloses: A computer-implemented method of performing authentication for a transaction between a first device and a second device, the method comprising:
generating, at the first device, a first random number and encrypting the first random number based on a first key of a first private-public key pair (Fuxin [0113], “when the terminal establishes communication with the cloud server, generate a first random number, encrypt the first random number”), [0014], “Preferably, the terminal is further configured to generate a first random number when establishing communication with the cloud server, and use a pre-stored cloud server public key to encrypt the first random number and the pre-stored terminal public key to generate The first ciphertext is sent to the cloud server;”, (see paragraphs [0014], [0017], [0057], [0106] and [0108] and Fig. 5 and related text);
sending, by the first device, the encrypted first random number to a server (Fuxin [0113], “when the terminal establishes communication with the cloud server, generate a first random number, encrypt the first random number, generate a first ciphertext, and send it to the cloud server”, [0017], “The first encryption module is used to generate a first random number when establishing communication with the cloud server, encrypt the first random number, generate a first ciphertext, and send it to the cloud server for the cloud server…”), (see paragraphs [0014], [0023], [0057], [0108], [0110] and [0114] and Fig. 5 and related text);
receiving, at the first device, [data] for the transaction, the first random number and a second random number from the server, wherein the [data], the first random number and the second random number are encrypted based on a first key of a second private-public key pair (Fuxin [0115], “the cloud server decrypts the first ciphertext to obtain first decryption information, encrypts the second random number generated by the cloud server and the first decryption information, generates a second ciphertext, and Sending the second ciphertext to the terminal” [0015], “The cloud server is further configured to decrypt the first ciphertext using a pre-stored cloud server private key to obtain first decryption information, and use the terminal key in the first decryption information to generate the The second random number is encrypted with the first random number in the first decryption information, a second ciphertext is generated, and the second ciphertext is sent to the terminal”), (see paragraphs [0017], [0058], [0110]-[0111], [0115]-[0116] and Fig. 5 and related text); 
decrypting, at the first device, the encrypted [data], the encrypted first random number and the encrypted second random number received based on a second key of the second private-public key pair (Fuxin [0117]-[0118], “the terminal decrypts the second ciphertext, obtains second decryption information, and authenticates the cloud server according to the second decryption information and the first random number. When receiving the second ciphertext, the terminal can decrypt the second ciphertext to obtain second decryption information. If the first ciphertext is successfully decrypted and the second ciphertext is also successfully decrypted, the second decryption information at this time is the first random number and the second random number, so the terminal will decrypt the second ciphertext obtained The second decryption information and the first random number are matched and verified to authenticate the cloud server.”), (see paragraphs [0018]-[0019], [0023], [0026], [0058], [0063], [0109] and [0117]-[0118] and Fig. 5 and related text);
verifying, at the first device, the first random number decrypted (Fuxin [0063], “When the terminal 10 receives the second ciphertext, it can decrypt the second ciphertext to obtain second decryption information. If the first ciphertext is successfully decrypted and the second ciphertext is successfully decrypted, the second decryption information at this time is the first random number and the second random number, so the terminal 10 will decrypt the second ciphertext to obtain The second decryption information of and the first random number are matched and verified”), (see paragraphs [0018]-[0019], [0023], [0026], [0058], [0063], [0109] and [0117]-[0118] and Fig. 5 and related text); and
sending, by the first device, [data], and the second random number to the [device] via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number (Fuxin [0120], “After the terminal successfully authenticates the cloud server, it uses the first random number and the second random number to encrypt the preset response information to generate a third ciphertext, and the third ciphertext is Sent to the cloud server”), (see paragraphs [0120]-[0123] and Fig. 5 and related text).

Fuxin further discloses, a communication system between a terminal and a cloud server. And exchanging data (e.g., random numbers) and using public-private keys pairs to authenticate the terminal and the cloud server (see abstract and disclosed above).
Fuxin does not specifically disclose: exchanging a transaction identifier for a transaction between the terminal and cloud server.

However, Yu discloses: receiving, at the first device, a transaction identifier for a transaction and first random number from the server (Yu [0253], “the OPS may further perform the following parts: The OPS generates a first random number and a transaction identifier (namely, a transaction ID). The OPS sends the first random number and the transaction identifier to the eUICC by using the LPA. The OPS receives third information sent by the eUICC by using the LPA.” [0257], “the eUICC receives a first random number and a transaction identifier;”), (see paragraphs [0253], [0202] and [0257]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Fuxin with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Fuxin further discloses, sending data (e.g., random numbers) to the cloud server for authenticating the first device (e.g., the terminal) (see abstract).
Fuxin does not specifically disclose: sending data (e.g., random numbers) to the second device for authenticating the first device.
However, BAIK discloses:
sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number (BAIK [0022], “the 3-channel settlement authentication method using a quantum random number generator, first, a mobile terminal 100 requests a random number from a POS terminal 200 and a bank server 300 (S110, S111). Step S110 and step S111 may be sequentially performed or simultaneously performed.” [0027], “when a user requests settlement (S150), the mobile terminal 100 sends the second quantum random number QRN2, received from the bank server 300, to the POS terminal 200 (S160) and sends the first quantum random number QRN1, received from the POS terminal 200, to the bank server 300 (S161).”), (see paragraphs [0022]-[0030).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.

Regarding claims 2 and 12: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 1, wherein:
said receiving, at the first device, [data], the first random number and the second random number from the server comprises receiving a message comprising the transaction identifier and the first random number, and […], wherein the message is encrypted based on the first key of the second private-public key pair (see paragraphs [0017], [0058], [0110]-[0111], [0115]-[0116] and Fig. 5 and related text); and
said verifying further comprises verifying, at the first device, the […] of the message received based on the first key of the first private-public key pair (see paragraphs [0018]-[0019], [0023], [0026], [0058], [0063], [0109]-[0110] and [0117]-[0118] and Fig. 5 and related text).

Fuxin does not specifically disclose: exchanging a transaction identifier for a transaction between the terminal and cloud server.

However, Yu discloses: receiving, at the first device, a transaction identifier for a transaction and first random number from the server (see paragraphs [0253], [0202] and [0257]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Fuxin does not specifically disclose, verifying the digital signature of the message.
However, Yu discloses:
said verifying further comprises verifying, at the first device, the digital signature of the message received based on the first key of the first private-public key pair (see paragraphs [0169]-[0170], [0200]-[0201] and [0206]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Regarding claims 3 and 13: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 2, further comprising: 
receiving, at the first device, [random number] associated with the [device] from the [device] via the communication channel, (see paragraphs [0033] and [0059]); and
sending, by the first device, the third random number to the server for authenticating the [device] for the transaction based on the third random number (Fuxin [0033]-[0034], “After the terminal successfully authenticates the cloud server, it uses the first random number and the second random number to encrypt the preset response information, generates a third ciphertext, and sends the third ciphertext to all The cloud server.” [0034], “The cloud server decrypts the third ciphertext to authenticate the terminal, and establishes a communication link with the terminal after the authentication succeeds”), (see paragraphs [0033] and [0060]).

Fuxin further discloses, sending data (e.g., random numbers) to the cloud server for authenticating the first device (e.g., the terminal) (see abstract).
Fuxin does not specifically disclose: authenticating the second device for the transaction based on the third random number.

However, BAIK discloses:
sending, by the first device, the third random number to the server for authenticating the second device for the transaction based on the third random number (see paragraphs [0022]-[0030).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.

The Examiner would like to direct the Applicant’s attention that Mere duplication of parts has no patentable significance unless new and unexpected result is produced (see MPEP §2144.04 VI (B)). For example, claim 1 “recites sending, by the first device, the encrypted first random number to the server”. Claim 1 further recites “and sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number.”. Therefore, the Examiner submits that the third random, has no patentable significance because the random number and the second random number produces predictable results as produced by the third random.

Regarding claims 4 and 14: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 3, further comprising sending, by the first device, […] the third random number generated based on the second key of the second private-public key pair to the server for authenticating the [device] for the transaction further based on the […] third random number (see paragraphs [0033], [0060], [0066], [0067], [0075] and [0077]-[0078]).

Fuxin does not specifically disclose, authenticating the second device based on the digital signature of the message.
However, Yu discloses: authenticating the second device based on the digital signature of the message (see paragraphs [0023] and [0046]-[0047]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Fuxin does not specifically disclose: authenticating the second device for the transaction.
However, BAIK discloses:
authenticating the second device for the transaction (see paragraphs [0022]-[0030]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.

Regarding claims 5 and 15: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 1, further comprising:
receiving, at the [device], the [random number] associated with the [device] from the server, wherein the third random number is encrypted based on a first key of a third private-public key pair (see paragraphs [0017], [0058], [0110]-[0111], [0115]-[0116] and Fig. 5 and related text); and 
sending, by the [device], the [random number] received from the [device] to the server for authenticating the first device for the transaction based on the second random number, the [random number] being associated with the first device (see paragraphs [0014], [0023], [0057], [0108] and [0114] and Fig. 5 and related text).

Fuxin does not specifically disclose: a second device performing similar functions as the first device, as disclosed above.
However, BAIK discloses:
receiving, at the second device, a first identifier associated with the first device from the first device (see paragraph [0025]);
sending, by the second device, the transaction identifier and the first identifier to the server (see paragraph [0027]);
receiving, at the second device, the third random number associated with the second device from the server, wherein the third random number is encrypted based on a first key of a third private-public key pair (see paragraph [0025]); and 
sending, by the second device, the second random number received from the first device to the server for authenticating the first device for the transaction based on the second random number, the second random number being associated with the first device (see paragraphs [0028]-[0030).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.

The Examiner would like to direct the Applicant’s attention that Mere duplication of parts has no patentable significance unless new and unexpected result is produced (see MPEP §2144.04 VI (B)). For example, claim 1 recites: recites sending, by the first device, the encrypted first random number to the server; receiving, at the first device, a transaction identifier for the transaction, the first random number and a second random number from the server; and sending, by the first device, the transaction identifier, and the second random number to the second device via a communication channel between the first and second devices for authenticating the first device for the transaction based on the second random number. Therefore, the Examiner submits that the functions performed by the second device and the second random and third random, has no patentable significance because the second device and the second random and third random produces predictable results as produced by the first device.

Regarding claims 6 and 16: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 5, further comprising:
generating, at the server, the second random number associated with the first device and the third random number associated with the [device] (see paragraph [0078]);
encrypting, at the server, the second random number and the third random number based on the first key of the second private-public key pair and the first key of the third private-public key pair, respectively (see paragraph [0078]); 

Fuxin does not specifically disclose: a second device performing similar functions of first device, as disclosed above.
However, BAIK discloses:
receiving, at the server, the transaction identifier and the first identifier from the second device (see paragraph [0027] and [0049] and Fig. 1 and related text]);
sending, at the server, the encrypted second random number and the encrypted third random number to the first device and the second device, respectively (see paragraph [0025] and Fig. 1 and related text); and
receiving, at the server, the second random number and the third random number from the second device and the first device, respectively, for authenticating the first device and the second device for the transaction based on the second random number and the third random number (see paragraph [0027]-[0030] and Fig. 1 and related text).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and Yu with BAIK to including additional device (e.g., the second device) for the purpose of authentication a transaction to enhance security.

The Examiner would like to direct the Applicant’s attention that Mere duplication of parts has no patentable significance unless new and unexpected result is produced (see MPEP §2144.04 VI (B)). For example, claim 1 recites: generating, at the first device, a first random number and encrypting the first random number based on a first key of a first private-public key pair; sending, by the first device, the encrypted first random number to the server; receiving, at the first device, a transaction identifier for the transaction, the first random number and a second random number from the server, wherein the transaction identifier, the first random number and the second random number are encrypted based on a first key of a second private-public key pair. Therefore, the Examiner submits that generating random numbers and encrypting the generated random numbers by the server, has no patentable significance because the server generating random numbers and encrypting the generated random numbers produces predictable results as produced by the first device.

Regarding claims 7 and 17: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 1, wherein the communication channel in which the first and [device] communicate data with each other is based on a two-way wireless communication channel (see paragraphs [0056], [0060]).

Regarding claims 8 and 18: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 1, wherein:
said receiving, at the first device, the transaction identifier, the first random number and the second random number from the server comprises receiving a message comprising the transaction identifier, the first random number and the second random number, and […] of the message generated based on a second key of the first private-public key pair, wherein the message is encrypted based on the first key of the second private- public key pair (see paragraphs [0017], [0058], [0110]-[0111], [0115]-[0116] and Fig. 5 and related text); and
said verifying further comprises verifying, at the first device, the […] of the message received based on the first key of the first private-public key pair (see paragraphs [0018]-[0019], [0023], [0026], [0058], [0063], [0109] and [0117]-[0118] and Fig. 5 and related text).

Fuxin does not specifically disclose, verifying the digital signature of the message.
However, Yu discloses:
verifying further comprises verifying, at the first device, the digital signature of the message received based on the first key of the first private-public key pair (see paragraphs [0169]-[0170], [0200]-[0201] and [0206]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Regarding claims 9 and 19: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 8, further comprising:
sending, by the [device], the […] and the second random number to the server for authenticating the first device for the transaction based on the second random number (see paragraphs [0034]-[0035], [0043], [0060] and [0069]).

Fuxin does not specifically disclose: exchanging a transaction identifier for a transaction between the terminal and cloud server.
However, Yu discloses: exchanging a transaction identifier for a transaction between the terminal and cloud server (see paragraphs [0253], [0202] and [0257]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Fuxin does not specifically disclose: the second device.
However, BAIK discloses:
sending, by the second device, the transaction identifier and the second random number to the server for authenticating the first device (see paragraphs [0022]-[0030).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin and BAIK with Yu to include additional identifier/authentication to a transaction to enhance look-up/queries functions and to enhance security.

Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Liu Fuxin (CN105871920A) in view of Yu et al. (US 20190394053 A1) further in view of BAIK et al. (US 20180068305 A1) and further in view of Basmajian et al. (US 20130110607 A1).

Regarding claims 10 and 20: Fuxin, Yu and BAIK, discloses as shown above.
Fuxin further discloses: The method according to claim 1, wherein the communication channel in which the first device communicates data to the second device is based on a [Wifi] communication channel (see paragraph [0056]).

Fuxin does not specifically disclose: a one-way visual communication channel such as a QR code.
However, Basmajian discloses: first device communicates data to the second device is based on a one-way visual communication channel such as QR code (see abstract, paragraph [0023], [0030] and [0037] and fig 1 and related text):
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Fuxin, Yu and BAIK with Basmajian to include a well-known feature such as QR code to enhance user experience.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAHED ALI whose telephone number is (571)270-1085.  The examiner can normally be reached on 8:00 - 5:00 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571)-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JAHED ALI/Examiner, Art Unit 3685

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685