SYSTEMS AND METHODS FOR SECURE ONLINE TRANSACTION

§103 §112

DETAILED ACTION Acknowledgements This Office Action is in response to Applicant’s correspondence filed on 11/13/25. The Examiner notes that citations to United States Patent Application Publication paragraphs are formatted as [####], #### representing the paragraph number. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Status of Claims Claims 1-20 are currently pending. Claims 1-20 are rejected as set forth below. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/13/25 has been entered. Response to Arguments Claim Rejections - 35 U.S.C. § 103 Applicant’s arguments with respect to claims 1, 11, 18 have been fully considered but are not persuasive. The rejection (and corresponding rejections to its dependent claims, if applicable) is maintained. Applicant contends Zarakas does not teach or suggest “payment vehicle information used as an identifier of the authenticated registered user” because a transaction card account cannot be interpreted as an identifier of a user. The Examiner respectfully disagrees. First, a unique transaction card account is uniquely associated with a user. Therefore, the transaction card account is used as a unique identifier of the user. Second, Applicant’s Specification describes the payment vehicle as a traditional transaction card such as a credit card ([0056]). The Examiner notes that the transaction terminal, i.e. the POS terminal, receiving a tokenized PAN from the card tokenization system for use in a payment transaction instead of the actual PAN is equivalent to substituting the sensitive information with tokens. Claim Rejections - 35 USC § 112(b) The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. As per claims 1, 11, 18, the limitation “wherein the sensitive information is substituted with the tokens at a reader head of the POS terminal” renders the scope of the claim indefinite because it is unclear how a reader head, i.e. a component that reads data from magnetic stripes or chips during a swipe/insert/tap card transaction at a POS terminal, is capable of substituting data. That is, a reader head is capable of reading data, not substituting or modifying data. For purposes of examination, the limitation will be interpreted as the POS terminal in general performing the substitution step. By virtue of their dependence, the dependent claims are similarly rejected. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 5-8, 11, 14-15, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No. 20200118115 to Zarakas in view of United States Patent Application Publication No. 20180300730 to Telford-Reed and United States Patent Application Publication No. 20020112171 to Ginter. As per claims 1, 11, 18, Zarakas teaches: A computer-implemented method for secure online transactions using a transaction processing system, the method comprising: receiving, by one or more processors of the transaction processing system, a plurality of transaction data associated with a plurality of payment transactions, wherein the plurality of payment transactions are associated with a with single user from at least one a point of sale (POS) terminal; ([0072], “Process 600 may include receiving, from a transaction terminal, a tokenized primary account number generated by a transaction card, one or more payment credentials associated with the transaction card, a merchant code, and transaction data associated with a transaction (block 610).”) processing, by one or more processors, the plurality of transaction data to identify sensitive information, wherein the sensitive information includes payment vehicle information used as an identifier of the single authenticated registered user at the least one POS terminal; generating, by the one or more processors, tokens, wherein the tokens are randomly generated numbers, randomly generated character sequences, pseudorandom numbers, or a combination thereof, and wherein the sensitive information is substituted with the tokens at a reader head of the POS terminal; ([0012], “As a particular example, when a transaction card is used at a transaction terminal (e.g., by swiping the card, inserting the card, and/or the like), the transaction terminal may transmit the actual PAN to a card tokenization system, which may tokenize the actual PAN to generate a tokenized PAN, and may store the tokenized PAN and/or transmit the tokenized PAN back to the transaction terminal.”, The Examiner notes that the transaction terminal, i.e. the POS terminal, receiving a tokenized PAN from the card tokenization system to be used for a transaction instead of the actual PAN is equivalent to substituting the sensitive information with tokens.; [0017], “In some implementations, the tokenized PAN may be generated to have the same format as the actual PAN (e.g., using a same number of digits). In some implementations, the tokenized PAN may be generated to have a different format than the actual PAN, and may include numbers, letters, symbols, and/or the like. In some implementations, the tokenized PAN may tokenize the entire actual PAN (e.g., all digits of the actual PAN). In some implementations, the tokenized PAN may be generated to tokenize a portion of the actual PAN (e.g., a subset of digits of the actual PAN). Tokenization may use one or more tokenization algorithms and/or tokenization techniques, which may use random number generation, pseudo-random number generation, and/or the like, to generate a tokenized PAN from which the actual PAN cannot be reverse engineered without prior knowledge of the tokenization algorithm and/or technique and the parameters used as input to such tokenization algorithm and/or technique.”) transmitting, by one or more processors, the tokens to one or more processing servers of the transaction processing system for data aggregation and payment settlement. ([0043]-[0044], “Transaction processing system 240 includes one or more devices capable of authorizing and/or facilitating a transaction. For example, transaction processing system 240 may include one or more servers and/or computers to store and/or provide information (e.g., authorizations, balances, payment tokens, security information, account information, and/or the like) associated with processing a transaction via transaction terminal 220. Transaction processing system 240 may include one or more devices associated with banks and/or transaction card associations that authorize the transaction and/or facilitate a transfer of funds or payments between an account of a cardholder of transaction card 210 and an account of an individual or business of transaction terminal 220. For example, transaction processing system 240 may include one or more devices of one or more issuing banks associated with a cardholder of transaction card 210, one or more devices of one or more acquiring banks (or merchant banks) associated with transaction terminal 220, and/or one or more devices associated with one or more card associations (e.g., VISA®, MASTERCARD®, and/or the like) associated with transaction card 210. Accordingly, in response to receiving transaction card data associated with transaction card 210 from transaction terminal 220, various banking institutions and/or card associations of transaction processing system 240 may communicate to authorize the transaction and/or transfer funds between the accounts associated with transaction card 210 and/or transaction terminal 220.”) Zarakas does not explicitly teach, but Telford-Reed teaches: an authenticated registered user for a payment transaction; ([0095], “In the event that at least one trusted biometric pattern is found in the database, then in step 375 the biometric pattern saved in step 370 is compared to the trusted biometric pattern associated with the payment instrument, or to each trusted biometric pattern associated with the payment instrument if more than one trusted biometric pattern exists. If a match is found, then in step 380 the payment is authorised.”) One of ordinary skill in the art would have recognized that applying the known technique of Telford-Reed to the known invention of Zarakas would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such biometric authentication features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the user to be an authenticated registered user results in an improved invention because applying said technique ensures that the transaction is not fraudulent, thus improving the overall security of the invention (Telford-Reed, [0004]). Zarakas as modified does not explicitly teach, but Ginter teaches: encrypting, by one or more processor, data using an encryption protocol to generate encrypted data; ([1527], “The process of disguising or transforming information to hide its substance is called encryption. Encryption produces "ciphertext." Reversing the encryption process to recover the substance from the ciphertext is called "decryption." A cryptographic algorithm is the mathematical function used for encryption and decryption.”) wherein the data are cryptographically hashed using a cryptographic hashing function; ([1662], “There are two types of sealing, keyless sealing, also known as cryptographic hashing, and keyed sealing. Both employ a cryptographically strong hash function, such as MD5 or SHAG Such a function takes an input of arbitrary size and yields a fixed-size hash, or "digest.”) One of ordinary skill in the art would have recognized that applying the known technique of Ginter to the known invention of Zarakas as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such cryptography features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to encrypt the cryptographically generated tokens to generate encrypted tokens at the reader head of the POS terminal and to hash the tokens using a cryptographic hashing function results in an improved invention because applying said technique ensures that tokens are protected, thus improving the overall security of the invention (Ginter, [1506]). As per claims 5, Ginter teaches: wherein the encryption includes an end-to-end (E2E) encryption, a symmetric encryption, or an asymmetric encryption; ([1529]-[1531], “There are two general forms of key-based algorithms, either or both of which may be used by the preferred embodiment PPE 650: symmetric; and public-key (“PK”).”) As per claims 6, Zarakas teaches: wherein the tokens include one of a single use-token, a multi-use token, a reversible token, an irreversible token. ([0030]-[0032], “In some implementations, a tokenized PAN may be a single-use tokenized PAN. In some implementations, a tokenized PAN may be a multi-use tokenized PAN permitted to be used multiple times across different transactions with the same merchant.”) As per claims 7, 14, Zarakas teaches: wherein authenticating the registered user, further comprising: capturing, via one or more image sensors, a plurality of images of the registered user; processing, in real-time, the plurality of images to assign a usability score, wherein an image of the plurality of images with a clearer target area of the registered user is assigned a higher usability score; generating a biometric pattern corresponding to the target area of the image with the higher usability score, wherein the biometric pattern is generated using a facial recognition algorithm; and comparing the generated biometric pattern with a trusted biometric pattern stored in a database; ([0011], “In a second aspect, the invention provides a system, comprising: a secure data entry device comprising a housing, a display, at least one user input means, at least one imaging means, a data processing device, at least one payment instrument reading means and a network interface; and a point of sale terminal comprising an image processing module; wherein the at least one imaging means is configured to capture a plurality of images of a user during a transaction involving a payment instrument; wherein the secure data entry device is configured to cause the plurality of images to be transmitted to the point of sale terminal; and wherein the image processing module is configured to: receive the plurality of images; assign a usability score to each image of the plurality of images; select at least one selected image from the plurality of images based on the usability score of each image and process the at least one selected image to generate a biometric pattern corresponding to the user.”; [0070], “For example, in the case where the target area is the user's face, the biometric pattern is generated using a facial recognition algorithm. Any currently known facial recognition algorithm, or any developed in the future, can be used. Other suitable algorithms will be selected by the skilled person according to the specifics of a given implementation; for example, a fingerprint recognition algorithm would be used in the case that the target area is the user's finger or thumb.”; [0095]) As per claims 8, 15, Zarakas teaches: wherein the target area of the registered user includes face, eyes, or a combination thereof of the registered user, and wherein one or more stored comparisons of biometric patterns trains an artificial neural network to generate the trusted biometric pattern; ([0070], [0091], “The results of the aforementioned comparison can be stored in a database to form an example set that is used as training input for an artificial neural network. The artificial neural network may operate under a supervised learning mode, as is known in the art. The artificial neural network is trained using the example set using suitable training method, as will be known to a skilled person. Further comparison results may be added to the example set over time if additional training of the artificial neutral network is required. It will be appreciated that, over time, the artificial neural network will develop the ability to predict what a ‘typical’ biometric pattern should look like for a given payment instrument. The ‘typical’ biometric pattern may be thought of as a trusted biometric pattern, as it can be stated with high confidence that the artificial neural network's prediction corresponds to a biometric pattern that is associated with authorised use of the payment instrument.”) Claims 2-4, 12-13, 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No. 20200118115 to Zarakas in view of United States Patent Application Publication No. 20180300730 to Telford-Reed and United States Patent Application Publication No. 20020112171 to Ginter, and further in view of United States Patent Application Publication No. 20090112759 to Foster. As per claims 2, 12, 19, Zarakas teaches: detokenizing, by the one or more processing servers of the transaction processing system, the cryptographically generated tokens; ([0027], “In some implementations, the transaction processing system (e.g., a combination of hardware included in the transaction card and software executing on the transaction card) may perform detokenization (e.g., a detokenization process, a detokenization algorithm, and/or the like) to determine the actual PAN from the tokenized PAN.”) Ginter teaches: decrypting, by the one or more processing servers of the transaction processing system, the encrypted data; ([1527]) Zarakas as modified does not explicitly teach, but Foster teaches: processing the plurality of transaction data to aggregate an outstanding amount based, at least in part, on a first preset time period; transmitting payments for the aggregated outstanding amount from a settlement account to an account associated with a merchant to the plurality of transaction data based, at least in part, on the first preset time period, a pre-determined total outstanding amount threshold, or a combination thereof; aggregating the transmitted payments based, at least in part, on a second preset time period; and transmitting an amount that equals the aggregated transmitted payments from an account associated with a registered user to the settlement account based, at least in part, on the second preset time period. ([0035], “As pointed out above, financial intermediary 112 may finance non-cash transactions between merchant 104 and customers 102. Here, financial intermediary 112 may receive a single invoice 128 to settle payment for multiple transactions between merchant 104 and customers 102. In response to invoice 128, financial intermediary 112 may make a single payment 118 for settlement. In one particular embodiment, although claimed subject matter is not limited in this respect, such a single payment 118 may comprise an electronic deposit of funds into a bank account held by merchant 104. Such an electronic deposit of funds may comprise, for example, a wire transfer or other type of electronic transfer employing IP infrastructure. Also, financial intermediary 112 may provide a billing statement 130 to a customer 102 for charges incurred on an associated credit account including, for example, a portion of invoice 118 attributed to transactions between merchant 104 and the customer 102.”; [0075], “FIG. 6A is a flow diagram illustrating a process 600 for payment to a merchant for settling multiple non-cash transactions over a predetermined period. Again, such a process may be performed by, for example, one or more computing platforms on behalf of a financial intermediary such as financial intermediary 112 or 302. Here, process 600 may iterate blocks 604 through 612 until a predetermined period elapses. Such a predetermined period may comprise, for example, billing cycle (e.g., daily, weekly, monthly or annually). Block 606 receives a payment request and, subject to approval of the payment at diamond 608 considering factors as illustrated above, block 610 updates a payment account to include, for example, a value of a non-cash transaction identified in the payment request. At the end of the time period, a single payment may be made at block 614 to settle multiple non-cash transactions conducted during the time period.”) One of ordinary skill in the art would have recognized that applying the known technique of Foster to the known invention of Zarakas as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such settlement features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to process the plurality of transaction data to aggregate an outstanding amount based, at least in part, on a first preset time period, transmit payments for the aggregated outstanding amount from a settlement account to an account associated with a merchant to the plurality of transaction data based, at least in part, on the first preset time period, a pre-determined total outstanding amount threshold, or a combination thereof, aggregate the transmitted payments based, at least in part, on a second preset time period, and transmit an amount that equals the aggregated transmitted payments from an account associated with a registered user to the settlement account based, at least in part, on the second preset time period results in an improved invention because applying said technique reduces the usage of resources dedicated to settlement by combining multiple transactions into one settlement, thus improving the overall efficiency of the invention. As per claims 3, 13, 20, Zarakas teaches: generating a user interface element in a user interface of a device associated with the registered user, the merchant, or a combination thereof, wherein the user interface element includes a notification on crediting of the aggregated outstanding amount to the account associated with the merchant, debiting of the aggregated transmitted payments from the account associated with the registered user, or a combination thereof; ([0075], “For example, the transaction processing system (e.g., processor 320, output component 360, communication interface 370, and/or the like) may transmit, to the transaction terminal, a result of determining whether the transaction is authorized, as described above in connection with FIG. 1.”) As per claims 4, Foster teaches: wherein the settlement account, the account associated with the registered user, and the account associated with the merchant are associated with a same financial institution. (Fig 3, [0043], “FIG. 3 is a schematic diagram of a financial transaction system 300 according to an embodiment. In a particular embodiment, although claimed subject matter is not limited in this respect, a financial intermediary 302, merchant 306 and one or more customers 304 may operate and/or control computing platforms that are capable of communicating with one another over a communication network such as the Internet, for example.”) Claims 9-10, 16-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No. 20200118115 to Zarakas in view of United States Patent Application Publication No. 20180300730 to Telford-Reed and United States Patent Application Publication No. 20020112171 to Ginter, and further in view of United States Patent Application Publication No. 20200364716 to Pickering. As per claims 9, 16, Zarakas as modified does not explicitly teach, but Pickering teaches: wherein authenticating the registered user, further comprising: receiving, via one or more sensors, device movement pattern from the registered user, wherein the device movement pattern includes a collection of one or more motion signals captured by the one or more sensors over a duration of a signature move; and determining whether the device movement pattern matches a device movement- based signature associated with the registered user; ([0007], “One embodiment provides a system for device movement-based authentication. The system may comprise one or more processors; and a non-transitory computer readable medium storing instructions which, when executed by the one or more processors, cause the one or more processors to perform a method comprising: receiving contextual data from one or more sensors of a user device; determining a device movement pattern based on the received contextual data; determining whether the determined device movement pattern matches a device movement-based signature associated with a user of the user device; upon determining that the determined device movement pattern matches the device movement-based signature within a predetermined threshold, authenticating the user for an electronic transaction; and upon determining that the determined device movement pattern does not match the device movement signature, transmitting a notification indicating authentication failure to the user device.”) One of ordinary skill in the art would have recognized that applying the known technique of Pickering to the known invention of Zarakas as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such device movement pattern features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the step of authenticating the registered user to receive, via one or more sensors, device movement pattern from the registered user, wherein the device movement pattern includes a collection of one or more motion signals captured by the one or more sensors over a duration of a signature move and determine whether the device movement pattern matches a device movement- based signature associated with the registered user results in an improved invention because applying said technique provides authentication data in a theft-resistant and unique manner, thus improving the overall security of the invention (Pickering, [0004]). As per claims 10, 17¸ Pickering teaches: associating the determined device movement pattern to one or more rules, wherein the one or more rules include a requirement for a minimum number of device movements, a minimum number of different types of device movements, a minimum duration of device movement, or a combination thereof; ([0045], “In some embodiments, the collection of motion signals may be associated with rules regarding a minimum number of motion signals to ensure a minimum level of security. For example, simply moving the device one time in one direction may be considered an insufficient collection of motion signals for purposes of authentication. Thus, when the user creates a device movement pattern meant to serve as a device movement-based signature, there may be a minimum number of movements, a required minimum number of types of movements (for example, at least one circular movement, at least one straight line movement, and/or at least one device inversion movement, etc.), a minimum time duration of the device movement-based signature, etc.”) Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: United States Patent Application Publication No. 20170200155 to Fourez discloses an invention in which encrypted payment data messages are sent via a communication network. A payment data message is generated including a primary account number of the account associated with the sender device and a transaction amount. The payment data message is encrypted with a public key of the receiver device. The payment data message is transmitted to the receiving server via the communication network. The receiving server has a private key of the receiver device corresponding to the public key and a receiving account number for the account associated with the receiver device. A payment authorization is generated by the receiving server for processing by the transaction card payment network based on the primary account number of the account associated with the sender device, the transaction amount, and the receiving account number. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAY HUANG whose telephone number is (408)918-9799. The examiner can normally be reached 9:00a - 5:30p PT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Anita Coupe can be reached on (571) 270-3614. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAY HUANG/Primary Examiner, Art Unit 3619