Detailed Action
Acknowledgments
This office action is in response to the claims filed November 23, 2020. 
Claims 1-20 are pending and have been examined. 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees.  See In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970);and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent is shown to be commonly owned with this application.  See 37 CFR 1.130(b). Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer.  A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

Claim 1-20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claim 5 of U.S. Patent No. 7, 249, 097 B2 to Hutchison et al (“Patent Document”).  

Although the conflicting claims are not identical, they are not patentably distinct from each other. Claim 1, for example, of the Patent Document recites all the limitations of claim 1 of the instant application; however, claim 1 of the Patent Document differs since it further recites additional claim limitations including: a transaction request from a first terminal to perform a transaction with a user of the smart card, wherein: the transaction request includes card identification information, encrypted card data, and transaction information, the card identification information and the encrypted card data are extracted by the first terminal from the smart card, and un-encrypted card data and a decryption key associated with the card identification information are stored in the memory of the server. 

However, it would have been obvious to a person of ordinary skill in the art to modify claim 1 of the Patent Document by removing the additional limitations noted above, resulting generally in the claims of the present application, since the claims of the present application and the claim recited in the Patent Document actually perform a similar function.  It is well settled that the omission of an element and its function is an obvious expedient if the remaining elements perform the same function as before.  In re Karison, 136 USPQ 184 (CCPA 1963).  Also note Ex parte Rainu, 168 USPQ 375 (Bd. App. 1969).  Thus, omission of a reference element whose function is not needed would be obvious to one of ordinary skill in the art.

Claims 19-20 are rejected based on the same rationale. 

Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to Applicant's disclosure, and is listed in the attached form PTO-892 (Notice of References Cited). Unless expressly noted otherwise by the Examiner, all documents listed on form PTO-892 are cited in their entirety. 

US 20020128977 A1
microchip-enabled online transaction system and method that emulates a "card-present" transaction in an online or remote environment by using an improved authentication and transaction system. More specifically, this system uses an authenticating instrument (e.g., smart card), an authenticating instrument reader (e.g., smart card reader), and a user-specific identification signature (e.g., user PIN) to better authenticate an online purchaser. Additionally, this system may also employ techniques (1) for transmitting to a merchant a secondary transaction number in place of the user's primary transaction account number, and (2) for automatically filling an online merchant's payment and shipping web pages with the appropriate profiled user information.


US 20050050366 Al
A Method and system are disclosed for accessing personal
Web site or executing electronic commerce with security in
a smart Java card. A personal Web site which includes
personal or private information is stored in a personal smart
Java card. Before a user can access the Web site stored in the
smart Java card, the user is validated by any one of or in
combination of PIN, facial images, hand images, eye image,
voice characteristics, and finger prints. In addition, an
encryption engine embedded in the smart Java card decodes
and compares the entered PIN combined with a secure key
or security certificate to verify the identity of the user.
Before the bank account can be accessed freely by the user,
the bank's computer system checks the combined secure
data to ensure the authenticity of the card and the user's
identity with multiple check points using Internet security
protocols via Web browsers.

US 20070028118 Al
A smart card, system, and method for securely authorizing
a user or user device using the smart card is provided. The
smart card is configured to provide, upon initialization or a
request for authentication, a public key to the user input
device such that the PIN or password entered by the user is
encrypted before transmission to the smart card via a smart
card reader. The smart card then decrypts the PIN or
password to authorize the user. Preferably, the smart card is
configured to provide both a public key and a nonce to the
user input device, which then encrypts a concatenation or
other combination of the nonce and the user-input PIN or
password before transmission to the smart card. The smart
card reader thus never receives a copy of the PIN or
password in the clear, allowing the smart card to be used
with untrusted smart card readers. 


US 20160027010 Al
Methods and systems for secure transaction authentication.
The card is read in a POS reader, data is sent to a remote server
after being encrypted, a code is then sent from the remote
server to a unique identifier provided as a proof of authentication,
thereafter the code is provided to authenticate the
transaction. The methods and systems may include obtaining
a unique identifier from the user, such as a mobile telephone
number. In some configurations, the data of the mobile telephone
number can be compared to patterns of activity related
to usage of the mobile telephone number. The methods and
systems may include sending a code that is provided by
during the transaction and verifying that the code provided
matches with the code sent by the remote server.


US 2005/0188167 Al
A standalone memory device is provided that when in a first state allows data to be written to the device from a data source but prevents a normal user from useably accessing that data. When in a second state the device enables the user to useably access data stored in the device. The device is arranged to implement a prohibition or restriction on re­ entry to its first state after having left it. In preferred embodiments, the device limits the number of times or the frequency at which, it re-enters its first state, whereby to limit the amount or rate of transfer of data via the memory device from the data source to a data recipient. The device can be used to limit content download from data sources at an exhibition. A system and method using the device are also provided.

US 20090144205 A1
A server is operable to receive a media device identifying number (ID) and establish an association between a media device and a payment account and, in one embodiment, supports at least one of payment authorization and payment clearing based at least in part on the media device ID and the payment account. A network and system include a payment card processor server that is operable to receive a payment authorization request and to determine if an authorized media device generated a purchase selection message and to determine to approve a received payment authorization request based, in part, if the media device was authorized for the purchase selection based upon a received media device ID.

US 20070011066 A1
Techniques for conducting secure online transactions are provided. Some techniques utilize a trusted, secure device that is distributed to a human user, and which only the user can access, a device reader, and a one-time secret valid only to authenticate a single transaction to improve on the traditional transaction model by isolating elements of the transaction with the user on the user's trusted, secure device. Isolating elements of the transaction on the trusted, secure device facilitates a secure transaction on an untrusted machine and over an untrusted network.


US 20050150945 A1
The present invention generally relates to a wireless banking system and a wireless banking method using a mobile phone. The mobile phone includes a smart card inputting smart card information consisting of bank account information, log information, and an authentication key. A card applet is provided which operates the smart card information. The banking service uses a common full text and individual full texts used for banking transactions, prepared through the smart card information and an input of the mobile phone. An encoding/decoding module is provided for encoding the banking service full text and decoding the response to the banking service full text by using a session key; and a card manager communicating the application with the smart card. 


US 20110173124 A1
A technique for conducting a transaction via a network is described. In this technique, in response to receiving transaction information associated with the transaction via the network from a network browser in a computer, a computer system provides an encrypted version of the received transaction information via the network to an application that executes in the computer, which facilitates a comparison of the received transaction information with original transaction information provided by a user to the computer. Note that this application is separate from the network browser, and the communication with the application via the network is independent of the network browser. Moreover, if the received transaction information matches the original transaction information, the computer system receives approval for the transaction from the computer via the network.


Conclusion
Any inquiry concerning this communication or earlier communications from the Examiner should be directed to MAMON OBEID whose telephone number is (571)270-1813.  The Examiner can normally be reached on 8 AM- 5 PM.
If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, John W. Hayes can be reached on 5712726708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MAMON OBEID/Primary Examiner, Art Unit 3685