DETAILED ACTION
Status of Claims
1. 	This office action is in response to filing dated 11/12/2021.
2. 	Claims 1-17 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-17
Claims 1-17 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.

Step 2A: 
A claim is eligible at revised Step 2A unless it recites a judicial exception and the exception is not integrated into a practical application of the application.
Prong 1: Prong One of Step 2A evaluates whether the claim recites a judicial exception (an abstract idea enumerated in the 2019 PEG, a law of nature, or a natural phenomenon).
Groupings of Abstract Ideas:
I.	MATHEMATICAL CONCEPTS
A.	Mathematical Relationships
B.	Mathematical Formulas or Equations
C.	Mathematical Calculations
II.	CERTAIN METHODS OF ORGANIZING HUMAN ACTIVITY
A.	Fundamental Economic Practices or Principles (including hedging, insurance, mitigating risk)
B.	Commercial or Legal Interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations)
C.	Managing Personal Behavior or Relationships or Interactions between People (including social activities, teaching, and following rules or instructions)
III.	MENTAL PROCESSES.
Concepts performed in the human mind (including an observation, evaluation, judgment, opinion).
See MPEP 2106.04 (a) (2) Abstract Idea Groupings [R-10.2019]
Examiner notes that concepts recited in the independent claims – a payment instrument having contactless transaction feature, a SoftPOS application running on a mobile device, providing taking payment by approaching said payment unit to mobile device, comprising an OTP interface allowing entrance of cardholder's one time password and/or displaying message requesting submission of authorization for verification of cardholder, a SoftPOS server recognizing said SoftPOS application and mobile device whereon SoftPOS application runs and executing security controls, an identity verification server conducting issuer bank distinction on basis of the payment instrument details for submission of the one time password, a user device belonging to the user and to which the one time password is sent, an SMS network gateway owned by the issuer bank and sending the one time password to the user's device for getting user authorization for cardholder verification, an application server owned by the issuer bank and providing sending of a PUSH notification for verification authorization for cardholder verification – recites Commercial or Legal Interactions and hence recites an abstract idea.
The dependent claims merely limit the abstract idea to – transmission of authorization, display of denial message – that also constitute Commercial or Legal Interactions (or insignificant extra solution activities) and hence abstract.
Hence under Prong One of Step 2A, the claims recite a judicial exception such as Certain Methods of Organizing Human Activity.
Prong 2: Prong Two of Step 2A evaluates whether the claim recites additional elements that integrate the judicial exception into a practical application of the exception.
Limitations that are indicative of integration into a practical application include:
Improvements to the functioning of a computer or to any other technology or technical field – see MPEP § 2106.05(a)
Applying the judicial exception with, or by use of, a particular machine –see MPEP § 2106.05(b)
Effecting a transformation or reduction of a particular article to a different state or thing – see MPEP § 2106.05(c)
Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception – see MPEP §2106.05(e) 
Limitations that are not indicative of integration into a practical application include:
Adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea – see MPEP § 2106.05(f) 
Adding insignificant extra-solution activity to the judicial exception – see MPEP § 2106.05(g) 
Generally linking the use of the judicial exception to a particular technological environment or field of use – see MPEP § 2106.05(h)
The only additional element(s) recited in the claims, beyond the abstract idea, are: a SoftPOS server, an identify verification server, an application server, mobile device, and user device.  The Specification and the Figures do not describe the particulars for any of the above elements in any detail.  Examiner thus notes that the additional element has been recited at a high level of generality such that the claim limitations amount to no more than mere instructions to apply the exception using generic components.  
The claims do not purport to improve the functioning of a computer or effect an improvement in any other technology or technical field.  Indeed, nothing in the claims improves the functioning of the computer, makes it operate more efficiently, or solves any technological problem.  See Trading Techs. Int’l, Inc. v. IBG LLC, 921 F.3d 1378, 1384-85 (Fed. Cir. 2019).  Thus, they do not contain limitations that are indicative of integration into a practical application.
Instead, they do not amount to significantly more than instructions for – detecting whether a product for purchase is a restricted product; acquiring age of the customer; and determining the purchase permission process of the restricted product based on age – using generic components.
The focus of the claims is not on improvement in computers, but on certain independently abstract ideas that merely use computers as tools.  Thus, they are not indicative of integration into a practical application.
Hence, under Prong Two of PEG 2019, the independent claims do not integrate into a practical application.
Hence, the claims are ineligible under Step 2A.
Step 2B:
In Step 2B, the evaluation consists of whether the claim recites additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception.
As discussed above, the additional elements of using a generic server to perform the steps of – a payment instrument having contactless transaction feature, a SoftPOS application running on a mobile device, providing taking payment by approaching said payment unit to mobile device, comprising an OTP interface allowing entrance of cardholder's one time password and/or displaying message requesting submission of authorization for verification of cardholder, a SoftPOS server recognizing said SoftPOS application and mobile device whereon SoftPOS application runs and executing security controls, an identity verification server conducting issuer bank distinction on basis of the payment instrument details for submission of the one time password, a user device belonging to the user and to which the one time password is sent, an SMS network gateway owned by the issuer bank and sending the one time password to the user's device for getting user authorization for cardholder verification, an application server owned by the issuer bank and providing sending of a PUSH notification for verification authorization for cardholder verification – amounts to no more than mere instructions to apply the exception using generic components which is insufficient to provide an inventive concept.
When considered individually or as an ordered combination, the additional elements fail to transform the abstract idea of – a payment instrument having contactless transaction feature, a SoftPOS application running on a mobile device, providing taking payment by approaching said payment unit to mobile device, comprising an OTP interface allowing entrance of cardholder's one time password and/or displaying message requesting submission of authorization for verification of cardholder, a SoftPOS server recognizing said SoftPOS application and mobile device whereon SoftPOS application runs and executing security controls, an identity verification server conducting issuer bank distinction on basis of the payment instrument details for submission of the one time password, a user device belonging to the user and to which the one time password is sent, an SMS network gateway owned by the issuer bank and sending the one time password to the user's device for getting user authorization for cardholder verification, an application server owned by the issuer bank and providing sending of a PUSH notification for verification authorization for cardholder verification – into significantly more.
Hence, the claims are ineligible under Step 2B.
Therefore, the claim(s) are rejected under 35 U.S.C. 101 as being directed to an abstract idea without significantly more.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-17
Claims 1-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ashfield et al (US 10,554,411 B1) in view of Kulshreshtha (US 2017/0061433 A1).

Claim 1:
A system providing use of a one time password to verify a card holder in transactions with excess limit by payment receiving mobile devices by use of SoftPOS software, characterized by comprising:
a payment instrument having contactless transaction feature,
a SoftPOS application running on a mobile device, providing taking payment by approaching said payment unit to mobile device, comprising an OTP interface allowing entrance of cardholder's one time password and/or displaying message requesting submission of authorization for verification of cardholder,
a SoftPOS server recognizing said SoftPOS application and mobile device whereon SoftPOS application runs and executing security controls,
(See Ashfield: Claim 1 (“a client device application comprising instructions for execution on a client device, wherein:
the contactless card is configured to create a cryptogram based on the at least one key and the counter,
the contactless card is configured to transmit the cryptogram to the client device application,
the contactless card is configured to transmit a one-time password to the client device application,”)
an identity verification server conducting issuer bank distinction on basis of the payment instrument details for submission of the one time password,
(See Ashfield: 
Col. 31 lines 10-20 (“FIG. 13 illustrates a one-time password authentication system 1300 according to an example embodiment. As further discussed below, system 1300 may comprise a contactless card 1310, a client device 1320, one or more networks 1330, and at least one server 1340. Although FIG. 13 illustrates single instances of the components, system 1300 may include any number of components.”)
Col. 31 lines 30-35 (“Contactless card 1310 may be configured to generate and transmit a one-time password to client device 1320 such that the counter is adjusted each time the password is generated. Client device 1320 may be configured to transmit, and at least one server 1340 may be configured to receive, the one-time password for authentication.”)
Claim 1 (“the contactless card is configured to transmit a one-time password to the client device application”)
a user device belonging to the user and to which the one time password is sent,
an SMS network gateway owned by the issuer bank and sending the one time password to the user's device for getting user authorization for cardholder verification,
an application server owned by the issuer bank and providing sending of a PUSH notification for verification authorization for cardholder verification.
(See Ashfield: Col. 36 lines 30-35 (“The OTP device may then notify the at least one server of the outcome of the validation. If a success validation is achieved, the at least one server may provide access to one or more services,”)
(See Kulshreshtha: Para [0025] (“If the transaction amount does not exceed the limit, the financial institution may provide authorization for the transaction over the network.”)

Therefore, it would have been obvious to a person having ordinary skills in the art at the time of the invention to modify the above noted disclosure of Ashfield it relates to cryptographic authentication of contactless cards to include the above noted disclosure of Kulshreshtha as it relates to mobile device limits.  The motivation for combining the references would have been for parents to control children using contactless cards.


Claim 2:
wherein the SoftPOS application comprises an L3 work layer managing user interface experience and workflows.
(See Ashfield: Col. 4 lines 50-65)

Claim 3:
comprising an L2 kernel where core applications based on payment schemes are executed.
(See Ashfield: Col. 19 lines 50-55)

Claim 4:
comprising a mobile banking application running on the user device and where to the PUSH notification providing getting user's authorization is sent.
(See Ashfield: Col. 28 lines 55-60)

Claim 5:
wherein the SoftPOS server comprises an HSM unit providing hardware functioning of security key and cryptographic algorithms.
(See Ashfield: Col. 11 lines 5-15)

Claim 6:
wherein said payment instrument is a card or a mobile phone with contactless transaction feature.
(See Ashfield: Col. 4 lines 1-5)

Claim 7:
A method providing use of a one time password to verify a card holder in transactions with excess limit by payment receiving mobile devices by use of SoftPOS software, characterized by comprising process steps of:
entrance of payment amount by running a SoftPOS application providing receipt of payment (1001),
tapping of a payment instrument providing payment by the SoftPOS application (1002),
execution of EMV transaction flow by the SoftPOS application (1003),
(See Ashfield: Col. 29 lines 5-20 (“Once payee taps his contactless card against the screen of his smartphone with the application enabled, the contactless card is read and verified.  Next, the application displays a prompt for payor to tap his contactless card to send payment.  After the payor taps his contactless card, the application reads the card information and transmits, via an associated processor, a request for payment to payor's card issuer.  The card issuer processes the transaction and sends a status indicator of the transaction to the smartphone.  The application then outputs for display the status indicator of the transaction.”)
transmission of a cardholder verification request to SoftPOS server executing security controls (1004),
SoftPOS server's sending cardholder verification request to an identity verification server (1005),
determining issuer bank and transmission of cardholder verification request to the issuer bank by identity verification server (1006),
(See Ashfield: Col. 19 lines 15-20)
forwarding of cardholder verification request to the user device by an SMS network gateway sending one time password and/or an application server capable to send PUSH notice, and receiving required authorization (1007),
(See Ashfield: Col. 36 lines 30-35 (“The OTP device may then notify the at least one server of the outcome of the validation. If a success validation is achieved, the at least one server may provide access to one or more services,”)
identifying values of OTP and BTN values coding authorization request message displayed in ISO fields under acquiring key and writing code symbolizing SoftPOS application processes into “POS Entry Mode” and transmitting to acquirer bank by SoftPOS server (1015),
transmission of request message delivered to the acquirer bank to the issuer bank (1016),
parsing ISO fields and controlling OTP and BTN values by issuer bank (1017),
(See Ashfield: Col. 19 lines 15-20 (“bank identifier number (BIN) level master keys may be used in conjunction with the account identifier”)
in case authorization request fails, displaying of information indicating that transaction is declined in SoftPOS application (1018 a),
in case authorization request is correct, displaying of information indicating that transaction is approved in SoftPOS application (1018 b).
(See Ashfield: Col. 36 lines 30-35 (“The OTP device may then notify the at least one server of the outcome of the validation. If a success validation is achieved, the at least one server may provide access to one or more services,”)

Claim 8:
wherein if said user device has a mobile banking application, the method comprises process steps of:
sending a PUSH notification to the mobile banking application by the application server (1007 b),
sending information showing that notice is sent to the identity verification server by the issuer bank (1008 b),
sending notice status information to the SoftPOS server by the identity verification server (1009 b),
transmission of notice status information to the SoftPOS application by the SoftPOS server (1010 b),
displaying of approval request message in the SoftPOS application (1011 b),
giving approval by the mobile banking application running on the mobile device by cardholder (1012 b),
transmission of authorization request message to the SoftPOS server by the SoftPOS application (1013 b).
(See Ashfield: Col. 36 lines 30-35 (“The OTP device may then notify the at least one server of the outcome of the validation. If a success validation is achieved, the at least one server may provide access to one or more services,”)

Claim 9:
comprising the process step of displaying of a message approval request able to direct cardholder to the mobile banking application in the SoftPOS application.
(See Ashfield: Col. 36 lines 30-35)

Claim 10:
wherein if said user device does not have a mobile banking application, the method comprises process steps of:
transmission of cardholder identification request to an SMS network gateway which will send one time password by the issuer bank (1007 a),
sending one time password to cardholder's mobile device by the SMS network gateway (1008 a),
sending information of one time password sending status to the identity verification server together with BTN number by Payment unit holder bank (1009 a),
sending no time password status information to the SoftPOS server by identity verification server (1010 a),
sending one time password status information to the SoftPOS application by SoftPOS server (1011 a),
if one time password status information is correct, opening of an OTP entry interface in the SoftPOS application (1012 a),
entrance of one time password over the SoftPOS application by the cardholder (1013 a),
sending authorization request message together with one time password to the SoftPOS server by the SoftPOS application (1014 a).
(See Ashfield: Col. 36 lines 30-35)

Claim 11:
comprising the process step of submission of payment instrument verification request to the SoftPOS server together with coded PAN information.
(See Ashfield: Col. 20 lines 5-15)

Claim 12:
comprising the process step of management of user interface experience and workflows of SoftPOS application by an L3 wok layer.
(See Ashfield: Col. 4 lines 50-65)

Claim 13:
comprising the process step of running core applications of payment schemes by an L2 kernel.
(See Ashfield: Col. 19 lines 50-55)

Claim 14:
wherein if authorization request is correct, the method comprises process steps of:
issuer bank's sending an approval message to the acquirer bank,
acquirer bank's sending message to the SoftPOS server,
SoftPOS server's sending message of “operation approved” to the SoftPOS application (2),
display of approval of transaction on the SoftPOS application.
(See Ashfield: Col. 36 lines 30-35)

Claim 15:
wherein if authorization request is not correct, the method comprises process steps of:
issuer bank's sending a denial message to the acquirer bank,
acquirer bank's sending message to the SoftPOS server,
SoftPOS server's sending message of “operation denied” to the SoftPOS application,
display of denial of transaction on the SoftPOS application.
(See Kulshreshtha: Para [0025])

Claim 16:
comprising the process step of hardware operation of the SoftPOS server by means of a security key and cryptographic algorithms of HSM unit.
(See Ashfield: Col. 21 lines 60-65)

Claim 17:
comprising the process step of preparation of authorization data by the SoftPOS server according to ISO 8583 message structure.
(See Ashfield: Col. 27 lines 10-20)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARUNAVA CHAKRAVARTI whose telephone number is (571)270-1646. The examiner can normally be reached IFP.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Kalinowski can be reached on (571)272-6771. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ARUNAVA CHAKRAVARTI/Primary Examiner, Art Unit 3693