DETAILED ACTION

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/20/2022 has been entered.
 
This is a non-final office action on the merits in application number 16/349157. This action is in response to Applicant’s Amendments and Arguments dated 5/20/2022. Claims 2, 8, and 15-18 were amended and Claims 1, 12 and 19 were previously cancelled.  Claims 2-11 and 13-18 are pending and have been examined on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Response to Arguments

For clarity Examiner has prepared a chart showing equivalent hardware:

Applicant
Shams (US Patent 7,791,782)
White (US Pub 2017/0004475)
Point of Sale System 1
(primary POS device)
Payment Terminal 106
POS Terminal 106
Payment Terminal 2
(secondary device that receives payment information directly from a customer)
Roaming POS System 104
Payment Object Reader 110


As discussed in the 35 USC 103 Rejection, infra, Both Shams and White teach a point of sale system for a retail store with multiple primary POS devices that manage transactions and multiple secondary devices which are capable of directly obtaining payment information from customers. Both Shams and White teach communication between the devices via an electronic network and a temporary pairing between a certain primary device and a certain secondary device to enable the exchange of financial information. Shams teaches an application running on a secondary device (see [Column 3, line 62]) that uses a web-based communications protocol using network addresses to communicate with the primary device (see [Column 5, line 35]). Shams teaches a server on the same network that brokers the pairing between the devices (see [Column 5, line 37]). Shams teaches that the secondary device also communicates with the acquirer (see [Column 4, lines 42-43]). Shams teaches pairing initiated by the primary device (see [Column 5, lines 57-59]) and teaches: the server generates a pairing code, displays it where the user of the particular secondary device can see it, the user of the secondary device types the code into a user input and the server authenticates the secondary device if the codes match, allowing transfer of financial data between the secondary and primary devices (see Column 5, line 62-Column 6, line 20).
Shams teaches that the primary device chooses which secondary device to pair with by selecting the secondary device’s network address (see [Column 5, line 35]). White specifically teaches that a list of available secondary devices is discoverable on a network and the primary device selects one from a list. It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date that showing a list of available secondary devices to the primary device and having it select one, as taught by White, would be a predictably more efficient selection methodology than blindly selecting one that might not be available.
Shams teaches displaying a pairing code but does not specifically say that the code is “dependent on an element of the encryption protocol”. White teaches a similar pairing protocol and also teaches an LED based visual code that is displayed to the secondary device user (see [0024]). Shams teaches that the result of the pairing is to send financial information from the secondary device to the primary device (see [Column 6, lines 33-35]) but does not specifically teach encrypting the financial information. White teaches encrypting the financial information and also that the financial information encryption can be a derivative of the optical authentication data (pairing code) (see [0105, 0106 and 0114]). It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date to encrypt financial data in transit due to predictable security concerns and it would have been obvious to use a main code that was cryptographically-related to the pairing code due to predictably reduced processing requirements and improved traceability if it was ever required.

Applicant asserts on page 10 that Examiner has not articulated why it would be obvious “to provide the functionality of the payment object reader 110 in the payment terminal 106 or in the POS system 104 of Shams”. As discussed in the 35 USC 103 Rejection, infra, White teaches a hardware device “Payment Object Reader 110” that has a functionality of receiving data from a physical credit card from a customer and pairing with POS Terminal 106 for the purposes of exchanging data and completing the customer’s transaction (see [0018]). Examiner asserts that Applicant’s Payment Terminal 2 is functionally equivalent to White’s Payment Object Reader 110 and to Shams’ Roaming POS System 104. 
Applicant asserts on page 11 that a “division of functionality of one device (the payment object reader) across a plurality of devices (a payment terminal and a roaming POS system) is inconsistent and plainly not obvious step, and demonstrates impermissible hindsight reasoning”. In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper.  See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971). Further, Examiner also points out MPEP 2144.04 V (B) “Making Integral… that the use of a one piece construction instead of the structure disclosed in [the prior art] would be merely a matter of obvious engineering choice” and (C) “Making Separable”. Examiner holds that dividing functionality, as Applicant alleges, would be an obvious design choice.
Applicant asserts on page 12 that White does not teach that the authentication code is dependent on an element of the encryption protocol. As discussed in the 35 USC 103 Rejection, infra, White teaches this in at least (see [0105, 0106 and 0114]).

Applicant’s arguments have been considered but are not persuasive, the rejections are maintained.

Claim Objections
Amended Claim 2 is objected to because of the following informalities: Amended Claim 2, line 5 recites a plurality of further transaction system device. In context the word “device” should be “devices” because Applicant recites “a plurality”. Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 2-6 are rejected under 35 U.S.C. 103 as being unpatentable over 7,971,782 to Khawaja Shams (Shams) in view of U.S. Patent Publication 2017/0004475 to Michael Wells White (White).

Regarding Claim 2:
 Shams teaches a retail point of sale system that temporarily pairs a secondary device capable of obtaining payment information from a customer with a primary point of sale system for the purposes of conducting a transaction. Shams teaches: (Currently Amended) A transaction system comprising: a payment terminal, the payment terminal comprising: ([Column 3, lines 23-24] “roaming point-of-sale system”). Examiner is interpreting Applicant’s payment terminal as the device with which the customer interfaces, from applicant’s Specification page 7, lines 10-11, as a device “to receive transaction particulars” that contains “one or more of magnetic swipe card reader, chip reader, NFC circuitry” etc. Shams further describes his “roaming point-of-sale device” with ([Column 3, lines 38-40] “barcode scanner…magnetic card reader”). Examiner is interpreting Applicant’s Payment Terminal as equivalent to Shams’ POS device and Applicant’s POS as equivalent to Shams’ payment terminal.

a payment application for processing transaction requests; ([Column 3, line 62] “point-of-sale application”).

a web server for client-server communication over a communication channel with at least one further transaction system device; ([Column 3, line 29] “in-store server” and ([Column 3, lines 24-25] “payment terminals”). 

wherein the payment terminal is configured to additionally communicate as a client with an acquirer server; ([Column 4, lines 42-43] “The transaction is completed by transmitting payment to a payment clearinghouse”).

wherein the transaction system further comprises a plurality of point of sale systems, wherein each point of sale (POS) system: is one of the said further transaction system devices; ([Column 3, lines 24-25] “payment terminals”). 

is configured to make a connection request to the web server, to establish a web-services bi-directional communication link between the payment terminal and the POS system over the web-services bi-directional communication link; … wherein the pairing process includes the payment terminal receiving at the web server over the web services bi-directional communication link a pair request message from the POS system ([Column 3, lines 28-29] “Each of the devices are in networked communication with the in-store server 102” and [Column 5, line 35] “network address (e.g. IP address…)” and [Column 5, lines 57-59] “the payment terminal can request pairing with the roaming point-of-sale system using the inverse of the methods described above”). Examiner notes that if either device can initiate the transaction then communication is inherently bi-directional.

While Shams teaches: the server generates a pairing code, displays it where the user of the particular secondary device can see it, the user of the secondary device types the code into a user input and the server authenticates the secondary device if the codes match, allowing transfer of financial data between the secondary and primary devices (see Column 5, line 62-Column 6, line 20), Shams does not specifically teach: and is configured to send, over the web services bi-directional communication link, transaction requests to the payment terminal, wherein the payment terminal is configured to, in response to the connection request: implement a pairing process with the POS system over a network, the pairing process establishing a trusted relationship between the payment terminal and the POS system whereby the transaction requests are encrypted in accordance with an encryption protocol between the payment terminal and POS system;  Response to Non-Final Office Action of April 2, 2021display during the pairing process, on a display, a code that is dependent on an element of the encryption protocol so that the code is able to be independently generated by the POS system with which the payment terminal is pairing, but not able to be independently generated by other devices; and receive user input, via a user interface, the user input indicating the code is acceptable wherein completion of the pairing process to establish the trusted relationship is dependent on receiving the user input indicating the code is acceptable. 

White, in the same field of art, teaches: and is configured to send, over web services bi-directional communication link, transaction requests to the payment terminal, ([0046] “The payment object reader 110 implements one or more mechanisms to capture data from and off the payment objects 104 and to communicate the captured data … wirelessly to the POS terminal 106”). White teaches a hardware device “Payment Object Reader 110” that has a functionality of receiving data from a physical credit card from a customer and pairing with POS Terminal 106 for the purposes of exchanging data and completing the customer’s transaction (see [0018]). Examiner asserts that Applicant’s Payment Terminal 2 is functionally equivalent to White’s Payment Object Reader 110 and to Shams’ Roaming POS System 104. 

wherein the payment terminal is configured to, in response to the connection request: implement a pairing process with the POS system over a network, the pairing process establishing a trusted relationship between the payment terminal and the POS system Examiner asserts that Applicant’s POS system is functionally equivalent to White’s POS Terminal 106 and Shams’ Payment Terminal 106. White teaches: ([0024] “To start the process of pairing the POS terminal with the payment object reader, the POS terminal, through a pairing component, discovers and identifies a desired payment object reader from a list of devices available in its network”). 

whereby the transaction requests are encrypted in accordance with an encryption protocol between the payment terminal and POS system; Page 2 of 12Appl. No. 16/349,157Attorney Docket No. 102504-OO1000US-1139875 ([0105] “The POS terminal 506 and the payment object reader 510 further establish the communication channel as secure. In one implementation, the POS terminal 506 and the payment object reader 510 do so by sharing payment token(s)”).

…display during the pairing process, on a display, a code that is dependent on an element of the encryption protocol so that the code is able to be independently generated by the POS system with which the payment terminal is pairing, but not able to be independently generated by other devices; and ([0024] “When selected, the desired payment object reader emits through the LEDs, a visual pattern of colors indicative or representative of the authentication data” and ([0105] “A payment token can also be a derivative of the optical authentication data 546 with static or dynamically changing numbers, which map to the optical authentication data 546”).

receive user input, via a user interface, the user input indicating the code is acceptable ([0024] “A user of the POS terminal can inspect the visual pattern and manually enter the as-inspected pattern on a display screen of the POS terminal”).

wherein completion of the pairing process to establish the trusted relationship is dependent on receiving the user input indicating the code is acceptable. ([0024] “if there is a match, the payment object reader establishes a communication channel to connect the POS terminal with the payment object reader, the channel allows the merchant operating the POS terminal to accept any payment object from the customer”).  

It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date that showing a list of available secondary devices to the primary device and having it select one, as taught by White, would be a predictably more efficient selection methodology than blindly selecting one that might not be available. Further, it would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date to encrypt financial data in transit due to predictable security concerns and it would have been obvious to use a main code that was cryptographically-related to the pairing code due to predictably reduced processing requirements and improved traceability if it was ever required.

Regarding Claim 3:
Shams in view of White teaches all of the elements of Claim 2. Shams also teaches:  (Original) The transaction system of claim 2, further comprising a management services module, wherein the management services module: is a said further transaction system device; and is configured to provide the payment terminal with connection information for the POS system.  ([Column 5, lines 36-40] “the roaming point-of-sale system can send a pairing request to an in-store server, which can broker a pairing between the roaming point-of-sale system and the payment terminal. The pairing request can include data identifying the roaming point-of-sale system and the payment terminal”).

Regarding Claim 4:
Shams in view of White teaches all of the elements of Claims 2-3. Shams also teaches:   (Original) The transaction system of claim 3, comprising a plurality of payment terminals, ([Column 5, lines 1-4] “method for temporarily pairing a roaming point-of-sale system selected from a pool of such devices with a payment terminal selected from a pool of such devices”).

wherein the management services module is configured to: provide, to the POS system, terminal identifiers of the plurality of payment terminals; receive, from the POS system, information indicating a selection of a terminal identifier; Preliminary Amendmentand provide the payment terminal associated with the terminal identifier with the connection information.  ([Column 5, lines 36-40] “the roaming point-of-sale system can send a pairing request to an in-store server, which can broker a pairing between the roaming point-of-sale system and the payment terminal. The pairing request can include data identifying the roaming point-of-sale system and the payment terminal”).

Regarding Claim 5:
 	Shams in view of White teaches all of the elements of Claims 2-4. Shams also teaches:  (Original) The transaction system of claim 4, wherein the management services module: in response to receipt of the terminal identifier generates and causes display of a code on a display associated with the management services module; and ([Column 5, line 62 – Column 6, line 6] “the server can issue a pairing code to both the roaming point-of-sale system and the payment terminal. The pairing code can be generated by the server and can be a randomly generated number or assigned according to a scheme. Upon receiving the pairing codes at the roaming point-of-sale system and the payment terminal, one device can display the pairing code to the sales associate and the other can present a form for accepting entry of the pairing code (510). Which device takes which role is not important to the present technology, but it should be consistent within any system”).
provides the payment terminal associated with the terminal identifier with the connection information only after receipt from the payment terminal of data identifying the code.  ([Column 6, lines 25-32] “the in-store server can verify that the pairing code is proper and verify the pairing. If however, the wrong pairing code is entered, the process can terminate. With the pairing completed, the roaming point-of-sale system and the payment terminal can communicate with each other, either directly, or through the server as an intermediary”).
Regarding Claim 6:
 	Shams in view of White teaches all of the elements of Claim 2. Shams also teaches:  (Previously Presented) The transaction system of claim 2 further comprising a monitoring module, wherein the monitoring module is a said further transaction system device and wherein the payment terminal is configured to report status information to the monitoring module.  ([Column 6, lines 56-63] “The in-store server can be provided with information … the information being reported to the in-store server can be reported from both devices according to their knowledge of the transaction”).

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent 7,971,782 to Khawaja Shams (Shams) in view of U.S. Patent Publication 2017/0004475 to Michael Wells White (White) in view of U.S. Patent Publication 2016/0212213 to Shigeru Aoki et. al. (Aoki).

Regarding Claim 7:
 	Shams in view of White teaches all of the elements of Claim 2. While Shams also teaches ([Column 7, lines 3-7] “After the transaction has been completed and the necessary information has been reported to the in-store server, the pairing of the roaming point-of-sale system and payment terminal can be terminated (524) so that both devices can be used in another transaction”), Shams does not specifically teach:  (Previously Presented) The transaction system claim 2 wherein the web server utilises a WebSockets protocol for the client-server communication. Aoki teaches a retail POS system that uses websocket technology to communicate between the devices and the server of this system. Aoki teaches: ([0033] “transmission system may be configured with the output device and the server device connecting by WebSocket”). It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date to use websocket technology to communicate between the devices and server taught in Shams because Shams teaches a persistent data connection and websocket technology, as taught by Aoki, provides this functionality. See also Aoki ([0113-114]).
 
Claims 8, 9, 15, 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent 7,971,782 to Khawaja Shams (Shams) in view of U.S. Patent Publication 2014/0122563 to Dicky B. Singh et. al. (Singh) in view of U.S. Patent Publication 2017/0004475 to Michael Wells White (White). 

Regarding Claim 8:
 Shams teaches: (Currently Amended) A payment terminal comprising: ([Column 3, lines 23-24] “roaming point-of-sale system”). Examiner is interpreting Applicant’s payment terminal as the device with which the customer interfaces, from applicant’s Specification page 7, lines 10-11, as a device “to receive transaction particulars” that contains “one or more of magnetic swipe card reader, chip reader, NFC circuitry” etc. Shams further describes his “roaming point-of-sale device” with ([Column 3, lines 38-40] “barcode scanner…magnetic card reader”). Examiner is interpreting Applicant’s Payment Terminal as equivalent to Shams’ POS device and Applicant’s POS as equivalent to Shams’ payment terminal.

a payment application for processing transaction requests; ([Column 3, line 62] “point-of-sale application”).

and a web server for client-server communication over a communication channel with a plurality of transaction processing devices, each of the transaction processing devices comprising a point of sale (POS) device, : ([Column 3, line 29] “in-store server” and  ([Column 3, lines 24-25] “payment terminals”).

wherein the web server is configured to implement the client-server communication with the POS device as a web services bidirectional link; ([Column 3, lines 28-29] “Each of the devices are in networked communication with the in-store server 102” and [Column 5, line 35] “network address (e.g. IP address…)” and [Column 5, lines 57-59] “the payment terminal can request pairing with the roaming point-of-sale system using the inverse of the methods described above”). Examiner notes that if either device can initiate the transaction then communication is inherently bi-directional.

…the payment application is configured to additionally communicate as a client with a transaction acquirer server. ([Column 4, lines 42-43] “The transaction is completed by transmitting payment to a payment clearinghouse”).

While Shams teaches both a web server and a payment application, Shams does not specifically teach: wherein: the web server and payment application communicate via one or more application programming interfaces (APIs)… and communicated to the payment application via the one or more APIs for processing by the payment terminal, and Page 4 of 12Appl. No. 16/349,157Attorney Docket No. 102504-OO1000US-1139875Response to Non-Final Office Action of April 2, 2021 Singh teaches a system that enables securely downloading and modifying content in a payment app in the secure element of a mobile device using APIs. Singh teaches: ([0013] “Mobile wallet application 116 may also be configured to utilize application programming interfaces (APIs) to i) determine the aforementioned available hardware and software components, ii) communicate with downloadable services provisioned on the mobile device, and iii) communicate with network servers”). It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date that the payment application taught by Shams could be located in a secure element, as taught by Singh, and could be accessed by APIs, as taught by Singh, because Shams teaches transferring financial information with a predictable need for security in transit and use of secure element would have been an obvious to try solution.

While Shams does not specifically teach: the payment terminal is configured to implement a pairing process with each of the point- of-sale (POS) devices over the web services bidirectional link, the pairing process comprising: receiving, at the web server over the web services bidirectional communication link a pair request message from the POS device, wherein the pair request message is unencrypted; White, in the same field of art, teaches: : the payment terminal is configured to implement a pairing process with each of the point- of-sale (POS) devices over the web services bidirectional link, ([0046] “The payment object reader 110 implements one or more mechanisms to capture data from and off the payment objects 104 and to communicate the captured data … wirelessly to the POS terminal 106”). White teaches a hardware device “Payment Object Reader 110” that has a functionality of receiving data from a physical credit card from a customer and pairing with POS Terminal 106 for the purposes of exchanging data and completing the customer’s transaction (see [0018]). Examiner asserts that Applicant’s Payment Terminal 2 is functionally equivalent to White’s Payment Object Reader 110 and to Shams’ Roaming POS System 104. 

the pairing process comprising: receiving, at the web server over the web services bidirectional communication link a pair request message from the POS device, Examiner asserts that Applicant’s POS system is functionally equivalent to White’s POS Terminal 106 and Shams’ Payment Terminal 106. White teaches: ([0024] “To start the process of pairing the POS terminal with the payment object reader, the POS terminal, through a pairing component, discovers and identifies a desired payment object reader from a list of devices available in its network”). 

wherein the pair request message is unencrypted; ([0047] “public password”).

displaying during the pairing process, on a display, a code that is dependent on an element of an encryption protocol for encrypted requests received by the payment terminal from the POS device; ([0024] “When selected, the desired payment object reader emits through the LEDs, a visual pattern of colors indicative or representative of the authentication data” and ([0105] “A payment token can also be a derivative of the optical authentication data 546 with static or dynamically changing numbers, which map to the optical authentication data 546”).

and receiving user input, via a user interface of the payment terminal, the user input indicating the code is acceptable; ([0024] “A user of the POS terminal can inspect the visual pattern and manually enter the as-inspected pattern on a display screen of the POS terminal”).

responsive to the received user input, completing the pairing process whereby requests from the POS device are encrypted according to an encryption protocol and are received by the web server ([0024] “if there is a match, the payment object reader establishes a communication channel to connect the POS terminal with the payment object reader, the channel allows the merchant operating the POS terminal to accept any payment object from the customer”). 

It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date that showing a list of available secondary devices to the primary device and having it select one, as taught by White, would be a predictably more efficient selection methodology than blindly selecting one that might not be available. Further, it would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date to encrypt financial data in transit due to predictable security concerns and it would have been obvious to use a main code that was cryptographically-related to the pairing code due to predictably reduced processing requirements and improved traceability if it was ever required.

Regarding Claim 9:
Shams in view of Singh and White teach all of the elements of Claim 8. Shams does not specifically teach: (Original) The payment terminal of claim 8, wherein the payment terminal returns via the web server, in response to a call, a list of functions supported by the one or more APIs.  Singh teaches: ([0013] “Mobile wallet application 116 may also be configured to utilize application programming interfaces (APIs) to i) determine the aforementioned available hardware and software components, ii) communicate with downloadable services provisioned on the mobile device, and iii) communicate with network servers” and see at least [0021] “capabilities object”).  It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date that the payment application taught by Shams could be located in a secure element, as taught by Singh, and could be accessed by APIs, as taught by Singh, because Shams teaches transferring financial information with a predictable need for security in transit and use of secure element would have been an obvious to try solution.

Regarding Claim 15:
Shams teaches: (Currently Amended) A method of establishing a transaction system, comprising: providing one or more merchant terminals, each merchant terminal comprising: ([Column 3, lines 23-24] “roaming point-of-sale system”). Examiner is interpreting that Applicant’s “merchant terminal” is the same as Applicant’s previously recited Payment Terminal 2. This interpretation is reasonable based on Applicant’s specification [page 7, line 8] “a payment terminal 2 (a merchant terminal)”. As above, Examiner is interpreting Applicant’s payment terminal as the device with which the customer interfaces, from applicant’s Specification page 7, lines 10-11, as a device “to receive transaction particulars” that contains “one or more of magnetic swipe card reader, chip reader, NFC circuitry” etc. Shams further describes his “roaming point-of-sale device” with ([Column 3, lines 38-40] “barcode scanner…magnetic card reader”). Examiner is interpreting Applicant’s Payment Terminal as equivalent to Shams’ POS device and Applicant’s POS as equivalent to Shams’ payment terminal.

a payment application configured to communicate as a client with a transaction acquirer server ([Column 3, line 62] “point-of-sale application” and [Column 4, lines 42-43] “The transaction is completed by transmitting payment to a payment clearinghouse”).

a web server for client-server communications over a communication channel with a plurality of POS systems, wherein the web server is configured to implement the client- server communication with the POS systems as a web services bidirectional link, ([Column 3, lines 28-29] “Each of the devices are in networked communication with the in-store server 102” and [Column 5, line 35] “network address (e.g. IP address…)” and [Column 5, lines 57-59] “the payment terminal can request pairing with the roaming point-of-sale system using the inverse of the methods described above”). Examiner notes that if either device can initiate the transaction then communication is inherently bi-directional.


providing the plurality of POS systems for the one or more merchant terminals, each of the POS systems communicating via the web server; ([Column 3, lines 28-29] “Each of the devices are in networked communication with the in-store server 102”).

providing a management services module, the management services module communicating with the merchant terminal, through the web server, and with each of the POS systems, the management services module managing connections between the one or more merchant terminals and each of the POS systems ([Column 5, lines 36-40] “the roaming point-of-sale system can send a pairing request to an in-store server, which can broker a pairing between the roaming point-of-sale system and the payment terminal. The pairing request can include data identifying the roaming point-of-sale system and the payment terminal”).

 the method further comprising, at the merchant terminal: displaying, on a display screen, a network address of the merchant terminal; ([Column 2, lines 9-12] “The payment terminal can be identified by a unique name, an Internet protocol address (IP address) of the device on the network”).

receiving, at said network address, a pairing request from the POS system;  [Column 6, lines 2-4] “Upon receiving the pairing codes at the roaming point-of-sale system and the payment terminal, one device can display the pairing code to the sales associate and the other can present a form for accepting entry of the pairing code (510). Which device takes which role is not important to the present technology” and [Column 6, lines 21-27] “The pairing code can be input into the form presented for that purpose (512). The device presenting the form can verify that the proper code has been entered and verify to the server that the proper devices have been associated for the purpose of completing the transaction (514). Alternatively the in-store server can verify that the pairing code is proper and verify the pairing”).

While Shams teaches both a web server and a payment application, Shams does not specifically teach: with one or more APIs for communications therebetween; Singh teaches a system that enables securely downloading and modifying content in a payment app in the secure element of a mobile device using APIs. Singh teaches: ([0013] “Mobile wallet application 116 may also be configured to utilize application programming interfaces (APIs) to i) determine the aforementioned available hardware and software components, ii) communicate with downloadable services provisioned on the mobile device, and iii) communicate with network servers”). It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date that the payment application taught by Shams could be located in a secure element, as taught by Singh, and could be accessed by APIs, as taught by Singh, because Shams teaches transferring financial information with a predictable need for security in transit and use of secure element would have been an obvious to try solution.

While Shams does not specifically teach: exchanging encryption keys, via the management services module, with the POS system;…displaying, on the display screen of the payment terminal, an encryption key dependent code generated by the management services module; White, in the same field of art, teaches: ([0024] “When selected, the desired payment object reader emits through the LEDs, a visual pattern of colors indicative or representative of the authentication data” and ([0105] “A payment token can also be a derivative of the optical authentication data 546 with static or dynamically changing numbers, which map to the optical authentication data 546”).

 receiving, via a user interface of the payment terminal, user input responsive to the displayed encryption key dependent code; and selectively pairing or not pairing with the POS system, via the management services module, dependent on said user input. ([0024] “if there is a match, the payment object reader establishes a communication channel to connect the POS terminal with the payment object reader, the channel allows the merchant operating the POS terminal to accept any payment object from the customer”). It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date to encrypt financial data in transit due to predictable security concerns and it would have been obvious to use a main code that was cryptographically-related to the pairing code due to predictably reduced processing requirements and improved traceability if it was ever required.

Regarding Claim 17:
 Shams in view of Singh and White teach all of the elements of Claim 15.  Shams also teaches: (Currently Amended) The method of claim 15, wherein the one or more POS systems and plurality of merchant terminals are local with respect to each other.  (see [Figure 1])

Regarding Claim 18:
 	Shams in view of Singh and White teach all of the elements of Claims 8. Shams also teaches: (Currently Amended) The payment terminal of claim 8, wherein: Page 6 of 12Appl. No. 16/349,157Attorney Docket No. 102504-OO1000US-1139875 The web services bidirectional link is configured for receiving transaction requests from each of the POS devices over the communication channel; ([Column 3, lines 28-29] “Each of the devices are in networked communication with the in-store server 102”).

While Shams does not specifically teach: the pairing process establishes a trusted relationship between each of the payment terminals and the POS device whereby the received transaction requests are encrypted in accordance with the encryption protocol; White, in the same field of art, teaches ([0024] “if there is a match, the payment object reader establishes a communication channel to connect the POS terminal with the payment object reader, the channel allows the merchant operating the POS terminal to accept any payment object from the customer” and [0105] “The POS terminal 506 and the payment object reader 510 further establish the communication channel as secure. In one implementation, the POS terminal 506 and the payment object reader 510 do so by sharing payment token(s)”).

and the code is able to be independently generated by each of the POS devices with which the payment terminal is pairing, but not able to be independently generated by other devices. and ([0024] “When selected, the desired payment object reader emits through the LEDs, a visual pattern of colors indicative or representative of the authentication data” and ([0105] “A payment token can also be a derivative of the optical authentication data 546 with static or dynamically changing numbers, which map to the optical authentication data 546”). It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date to encrypt financial data in transit due to predictable security concerns and it would have been obvious to use a main code that was cryptographically-related to the pairing code due to predictably reduced processing requirements and improved traceability if it was ever required.

Claims 10, 11, 13, 14 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent 7,971,782 to Khawaja Shams (Shams) in view of U.S. Patent Publication 2014/0122563 to Dicky B. Singh et. al. (Singh) in view of U.S. Patent Publication 2017/0004475 to Michael Wells White (White) and further in view of U.S. Patent Publication 2014/0279546 to Thomas S. Poole et. al. (Poole).

Regarding Claim 10:
 	Shams in view of Singh and White teaches all of the elements of Claims 8 and 9. While Shams teaches a payment terminal (roaming point of sale terminal) that is comprised of a handheld computing device such as a cell phone in combination and in electrical communication with a scanning device ([See at least Column 3, lines 31-52, and Fig 3]), Shams does not specifically teach: (Original) The payment terminal of claim 9, wherein the payment terminal is configured to receive, via the web server, an update to the one or more APIs.  Poole teaches a device in combination and in electrical communication with a mobile device that contains a secure element that contains payment applications and receives updates using APIs.  Poole teaches: ([0036] “the system may include APIs that allow access to the NFC antenna and secure element for enabling, disabling, locking, initial provisioning, updates, emergency turnoff, and other operations”).

Regarding Claim 11:
 	Shams in view of Singh and White teaches all of the elements of Claims 8 and 9, Shams in view of Singh, White and Poole teaches all of the elements of Claim 10. Shams does not specifically teach: (Original) The payment terminal of claim 10, wherein the update comprises adding a new API.  Poole teaches: ([0036] “the system may include APIs that allow access to the NFC antenna and secure element for enabling, disabling, locking, initial provisioning, updates, emergency turnoff, and other operations”).


Regarding Claim 13:
 	Shams in view of Singh and White teach all of the elements of Claim 8. Shams does not specifically teach: (Previously Presented) The payment terminal of claim 8 wherein the payment application is on a secure element of the payment terminal, whereby a process on the web server cannot access data of the payment application except for through the API.  Poole teaches: ([0032] “the attachment may contain an NFC antenna and secure element (SE)… The SE may include a computer processor or other computational hardware or software. As one example, the secure element may contain the Visa.RTM. and MasterCard.RTM. applications for PayWave.RTM. and PayPass.RTM. transactions)” and [0036] “the system may include APIs that allow access to the … secure element”).

Regarding Claim 14:
 	Shams in view of Singh and White teach all of the elements of Claims 8. Shams in view of Singh, White and Poole teaches all of the elements of Claim 13. Shams does not specifically teach: (Original) The payment terminal of claim 13, wherein the web server runs on another secure element of the payment terminal, different from the secure element for the payment application.  Poole teaches: ([0072] “Secure element 508 may represent multiple secure elements used to isolate various applications and provide additional security” and [0120] “application server(s) 1516 may act as a set of components accessible to, for example, a financial institution or other entity implementing system 1500, through an API defined by the platform itself. For Web applications, these components may be performed in, for example, the same running environment as web server(s)… the web server(s) 1516 may behaves like an extended virtual machine for running applications”).
It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date that the payment application taught by Shams could be located in a secure element, as taught by Singh, and could be accessed by APIs, as taught by Singh, because Shams teaches transferring financial information with a predictable need for security in transit and use of secure element would have been an obvious to try solution. Further, it would have been obvious that system could contain more than one secure element and these could be remotely provisioned and updated using APIs, as taught by Poole, for predictably enhanced security.

Regarding Claim 16:
Shams in view of Singh and White teach all of the elements of Claim 15.  Shams does not specifically teach: (Currently Amended) The method of claim 15, wherein the management services module is remote from the plurality of POS systems and the one or more merchant terminals.   Poole teaches ([0035] “the attachment may include software and application programming interfaces (APIs) to enable remote and local provisioning of the SE, use of NFC antenna, payments enablement, and attachment security management (e.g. long range deactivation)”.  It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s effective filing date that the server taught by Shams could be remote or connected to a remote network, as taught by Poole, due to the predictable security improvement of using an SE and the greater flexibility provided regarding the source of data with the advantage of the additional security.


Relevant Prior Art Not Relied Upon
The prior art is made of record and not relied upon is considered pertinent to applicant’s disclosure.  The additional cited art further establishes the state of the art at the time of applicant’s application.

U.S. Patent Publication 2009/0307142 (Mardikar) – This prior art teaches a trusted service manager in a retail point of sale environment with two secure elements.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KIMBERLY S BURSUM whose telephone number is (571)272-8213. The examiner can normally be reached M-F 9:30 AM - 6:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nathan C Uber can be reached on 571-270-3923. The fax phone number for the organization where this application or proceeding is assigned is 571-273-2786.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.S.B./Examiner, Art Unit 3687                                                                                                                                                                                                        

/FLORIAN M ZEENDER/Supervisory Patent Examiner, Art Unit 3627