Secure Payments Using a Mobile Wallet Application

DETAILED ACTION This is office action on the merits in response to the application filed on 01/14/2026. Claims 1-27 have been filed by the applicant. Claims 1, 10 and 19 are currently amended. Claims 1-27 are currently pending and have been examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/14/2026 has been entered. Response to Argument Claim Objections: Objection to claim 10 is maintained because the applicant did not amend claim 10. Rejection under 103: The applicant argues that Scheidt does not teach the claims. New reference is provided. New reference is also Scheidt but it is a different prior art. See 103 rejections below. Claim Objections Claim 10 objected to because of the following informalities: “a asymmetric public key” in line 23. It should be “an asymmetric public key” Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim(s) 1-2, 10-11 and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mittal (US 20130124364 A1), and further in view of Brandys (US 20020186838 A1) and Scheidt (US 20050235148 A1) and Kearby (US 20070050212 A1). With respect to claim 1, 10 and 19: Mittal teaches: receiving, from a merchant, transaction details, wherein the transaction details include an amount of money for a transaction. (the payee (100) contacts the invention's payment server (102), indicates the widget amount (e.g. $5.98), by a voice or machine message such as (306), "Request transaction ID for $5.98". [0055]) providing to the merchant a transaction id, wherein the transaction id is uniquely mapped to the transaction details. (The payment server (102) will generate a transaction ID for this, such as (308) "Transaction ID: 352431 for $5.98 valid for 5 minutes" and transmit this back to the payee device (100). [0055]) receiving a request for transaction details from a computing device associated with a user account, wherein the request contains the transaction id. (the payer (e.g. customer) (110) after receiving the transaction ID from the merchant (100) (by any communications means, for example by reading the displayed transaction ID on a communication application portal running on payee device (100), by direct contact, or other method) (e.g. (400)/(420), or via (120), (420), to (400) can then transmit the transaction ID (402) to the invention's payment server (102), often via the payer's telecommunications device (110), (401)). [0057]) responsive to the request for transaction details, providing the transaction details to the computing device; receiving, from the computing device, the [….] message authorizing the transaction. (Once the payment server (102) requests confirmation (404), the payer can then confirm (406) the transaction using the payer's previously identified and validated telecommunications device (e.g. mobile phone) (110). At this point, the payment server (102) will now have enough information (408), (410) in its database (106) to complete the transaction. [0057] Fig. 4-404]) responsive to successful verification, processing the transaction by sending a payment request to a payment processor. (The payer in turn relays this transaction ID to the payment server, which validates the transaction using the payer device. The payment server then releases funds to the payee. the payment server (102), optionally in conjunction with one or more third party funding sources such as banks or credit cards (108), can then authorize the transaction and begin the process of transferring (500) payer (customer) funds (110/300) to the payee (merchant) (100/302). [0035 0058]) Mittal does not teach the following limitation. However, Brandys teaches: an asymmetric private key. (In an enrollment mode, the biometric data analyzer receives biometric data from a user and triggers the random number generator to create a public key and a private key. [Abstract 0044 0056-0057]) generating, by the computing device, a cryptographically signed message authorizing the transaction using the asymmetric private key; a cryptographically signed message. (From state 512, the process proceeds to a state 516 wherein the message digest is encrypted by the encryption module 208 on the card 100 using the private key 224. The result is an encrypted message digest that is the digital signature 234 for the message 230. This digital signature 234 is added to the message 230. [0044 0056-0057]) verifying the cryptographically signed message authorizing the transaction using an asymmetric public key wherein the asymmetric public key is accessible to the secure payment system and associated with the user account. (From state 512, the process proceeds to a state 516 wherein the message digest is encrypted by the encryption module 208 on the card 100 using the private key 224. The result is an encrypted message digest that is the digital signature 234 for the message 230. This digital signature 234 is added to the message 230. Proceeding to a state 520, the message is sent back to a computer for further processing and communication. When the sender of a message signs the message with his private key, the recipient of the message can use the sender's public key (retrieved from the certificate either sent with the message or available elsewhere on the network) to verify that the sender is legitimate. A certificate can also be used to send an encrypted message to the certificate owner by using the public key contained in the certificate. [0044 0056-0057]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Mittal to cryptographically sign message with the technique as disclosed by Brandys to enhance security. Mittal in view of Brandys does not teach the following limitation. However, Scheidt teaches (in italic): generating, by the computing device, a symmetric encryption key using a one-way hashing function to hash a random salt and an authenticating input, the authenticating input being acquired from a user associated with the user account and the random salt previously stored in a memory of the computing device. (The token sends a token ID, a salt value, an encrypted encryption key, and an encrypted user profile to the provider. The user provides a user password to the provider. The provider generates a derived key based at least in part on the salt value and the password. Particular embodiments of the Configurable Identification and Authentication Scheme (fourth embodiment) use an extended PKCS #5 Password Based Encryption (PBE) to derive an encryption key from a User Password. The extension is the use of SHA-256. It is therefore an objective of the present invention to enforce domain member access control to labeled data with cryptography, that is, by using symmetric key algorithms, asymmetric key algorithms, and cryptographic hash functions. [0015 0049 0331-0332 0423]) accessing, by the computing device, an encrypted asymmetric private key associated with the user account from the memory of the computing device; decrypting, by the computing device, the encrypted asymmetric private key using the symmetric encryption key to obtain asymmetric private key. (The provider then decrypts the encrypted instance of the encryption key, decrypts the encrypted profile with the encryption key, and provides the decrypted user credential to the system to grant the user at least one of cryptographic reading authority and cryptographic writing authority. A user profile includes at least one credential, and each credential includes one or both of an asymmetric key pair: a credential public key (write authority) and a credential private key (access authority). A user can encrypt (or write) an object with one or more particular credential public keys included in the user's profile, such that subsequent decryption of the encrypted object by another user (or the original user) requires corresponding or otherwise authorized credentials. Accordingly, a user can decrypt an encrypted object if the user possesses, in that user's profile, credentials corresponding to those with which the encrypted object was encrypted. [0033-0034 0049 0331-0332]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Mittal in view of Brandys to use user input to generate an encryption key for decrypting with the technique as disclosed by Scheidt to provide greater security as Scheidt suggested in [0038]. Mittal in view of Brandys and Scheidt does not teach deleting, by the computing device, the authenticating input, the symmetric encryption key, and the asymmetric private key from the memory of the computing device. However, Kearby teaches deleting, by the computing device, the authenticating input, the symmetric encryption key, and the asymmetric private key from the memory of the computing device. (The server 6 can delete all or part of the decrypted key values and/or all or part of the decrypted private patient data and/or the decrypted physician data private key from RAM after the physician uploads the patient data and/or when the physician logs off or is logged off the physician account by the server 6. [0056]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Mittal in view of Brandys and Scheidt to delete all data after use with the technique as disclosed by Kearby to provide a secured system as Kearby suggested in [0052]. Claim 10, a non-transitory computer medium with the same scope as claim 1, is rejected. Claim 19, a system with the same scope as claim 1, is rejected. With respect to claim 2, 11 and 20: Brandys further teaches wherein the cryptographically signed message authorizing the transaction can only be generated using an asymmetric private key, and the asymmetric public key and the asymmetric private key constitute a public key- private key pair and the asymmetric private key is not accessible to the secure payment system. (In asymmetric (public key) cryptography different keys are used to encrypt and decrypt a message. Each user is associated with a pair of keys. One key (the public key) is publicly known and is used to encrypt messages destined for that user, and the other key (the private key) is known only to that user and is used to decrypt incoming messages. Since the public key need not be kept secret, it is no longer necessary to secretly convey a shared encryption key between communicating parties prior to exchanging confidential traffic or authenticating messages. RSA is the most well known asymmetric algorithm. [0033 0044]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system to cryptographically sign message with the technique as disclosed by Brandys to enhance security. Claim 11, a non-transitory computer medium with the same scope as claim 2, is rejected. Claim 20, a system with the same scope as claim 2, is rejected. Claim(s) 3-5, 12-14 and 21-23 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Mittal”, “Brandys” and “Scheidt” and “Kearby” as applied to claim 1, 10 and 19 above, and further in view of Willins (US 20110137803 A1). With respect to claim 3, 12 and 21: Mittal in view of Brandys and Scheidt and Kearby does not teach the following limitation. However, Willins teaches: further comprising digitally signing the cryptographically signed message authorizing the transaction to the merchant with an additional signature, wherein the additional signature is generated using an asymmetric private key known to the secure payment system. (The email server signs the electronic receipt using the buyer's trusted private key (step 38). The email server can then send the signed electronic receipt back to the seller (step 39). The electronic receipt now has a preloaded verified certificate/public key of the email server allowing a public key operation to verify the transaction (step 40). [0019]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Mittal in view of Brandys and Scheidt and Kearby to cryptographically sign message using additional key with the technique as disclosed by Willins to provides very high degree of payer security as Willins suggested in [0028]. Claim 12, a non-transitory computer medium with the same scope as claim 3, is rejected. Claim 21, a system with the same scope as claim 3, is rejected. With respect to claim 4, 13 and 22: Willins further teaches further comprising sending the cryptographically signed message authorizing the transaction to the merchant. (The email server signs the electronic receipt using the buyer's trusted private key (step 38). The email server can then send the signed electronic receipt back to the seller (step 39). The electronic receipt now has a preloaded verified certificate/public key of the email server allowing a public key operation to verify the transaction (step 40). [0019]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system to send cryptographically sign message with the technique as disclosed by Willins to provides very high degree of payer security as Willins suggested in [0028]. Claim 13, a non-transitory computer medium with the same scope as claim 4, is rejected. Claim 22, a system with the same scope as claim 4, is rejected. With respect to claim 5, 14 and 23: Willins further teaches further comprising: generating a cryptographically signed receipt using an asymmetric private key known to the secure payment system; and sending the cryptographically signed receipt to the computing device. (The method further includes registering the buyer with associated data including the buyer's email address; and sending the digitally signed data with the trusted private key as an electronic receipt to the buyer's email address. [0004]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system to generate cryptographically signed receipt with the technique as disclosed by Willins to provides very high degree of payer security as Willins suggested in [0028]. Claim 15, a non-transitory computer medium with the same scope as claim 4, is rejected. Claim 23, a system with the same scope as claim 4, is rejected. Claim(s) 6, 9, 15, 18, 24 and 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Mittal”, “Brandys” and “Scheidt” and “Kearby” as applied to claim 1, 10 and 19 above, and further in view of Zhang et al. (US 20090210701 A1). With respect to claim 6, 15 and 24: Mittal in view of Brandys and Scheidt and Kearby does not teach the following limitation. However, Zhang teaches: receiving, from the memory of the computing device, encrypted payment information containing, in encoded form, payment information. (a user may populate portions 510 to provide billing information to be associated with the content subscription. Upon activating accept portion 520, the payment information may be encrypted (block 420) and sent to a selected content provider 120 (block 430). [0027-0029]) retrieving an encryption key from a memory of the secure payment system, wherein the encryption key is associated with an index of the payment information; decrypting the encrypted payment information with the encryption key to obtain the payment information; and sending the payment information in the payment request to the payment processor to facilitate processing of the transaction. (By way of further example, device 110 may encrypt the payment information using the extracted content provider public key K.sub.pub, and content provider 120 may decrypt the received payment information using its private key K.sub.pri. Content provider 120 may then process the decrypted payment information, such as by submitting an initial charge to a credit card company dependently upon the decrypted payment information. [0027-0029]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Mittal in view of Brandys and Scheidt and Kearby to using encrypted payment information during transaction with the technique as disclosed by Zhang to prevent unauthorized access as Zhang suggested in [0007]. Claim 15, a non-transitory computer medium with the same scope as claim 6, is rejected. Claim 24, a system with the same scope as claim 6, is rejected. With respect to claim 9, 18 and 27: Mittal further teaches wherein the payment information constitutes at least one of a credit card number, a debit card number, a bank account number, and a gift card number. (One step is the step of using the payer's telecommunications device (110) to communicate with the payment server (102) and inform the server that a payer source of funds (e.g. a payer credit card number, bank account, or the like) should be linked to the device ID of the payer's telecommunication's device (110). [0049]) Claim 18, a non-transitory computer medium with the same scope as claim 9, is rejected. Claim 27, a system with the same scope as claim 9, is rejected. Claim(s) 7, 16 and 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Mittal”, “Brandys”, “Scheidt”, “Kearby” and “Zhang” as applied to claim 6, 15 and 24 above, and further in view of Schechter et al. (US 20130212385 A1). With respect to claim 7, 16 and 25: Mittal in view of Brandys and Scheidt and Kearby and Zhang does not teach receiving, from the computing device, a first hash, wherein the first hash is generated using a one way hashing function to hash the payment information and a random salt; receiving, from the computing device, the random salt; responsive to decrypting the encrypted payment information with the encryption key to obtain the payment information: generating, by the secure payment system, a second hash using the one way hashing function to hash the payment information and the random salt; and verifying, by the secure payment system, that the payment information is correct by checking that the first hash is the same as the second hash. However, Schechter teaches receiving, from the computing device, a first hash, wherein the first hash is generated using a one way hashing function to hash the payment information and a random salt; receiving, from the computing device, the random salt; responsive to decrypting the encrypted payment information with the encryption key to obtain the payment information: generating, by the secure payment system, a second hash using the one way hashing function to hash the payment information and the random salt; and verifying, by the secure payment system, that the payment information is correct by checking that the first hash is the same as the second hash. (The decrypter component 124 decrypts the received ciphertext utilizing the key 110, thereby resulting in the first hash value (the hash of the concatenation of the actual password and the salt). The hash component 118 then generates a hash of the concatenation of the purported password and the salt received from the authentication server 102 to create a second hash value. The comparer component 122 then compares the first hash value with the second hash value, and outputs a signal that is indicative of the difference between the first hash value and the second hash value. If there is no difference, for instance, the comparer component 122 can output a true signal to the authentication server 102. [0034]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Mittal in view of Brandys and Scheidt and Kearby and Zhang to generating and compare first and second hash with the technique as disclosed by Schechter to protect system from attack as Schechter suggested in [0006]. Claim 16, a non-transitory computer medium with the same scope as claim 7, is rejected. Claim 25, a system with the same scope as claim 7, is rejected. Claim(s) 8, 17 and 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Mittal”, “Brandys” and “Scheidt” and “Kearby” as applied to claim 1, 10 and 19 above, and further in view of Jaffe (US 20150278814 A1). With respect to claim 8, 17 and 26: Mittal in view of Brandys and Scheidt and Kearby does not teach responsive to receiving the transaction details from the merchant wherein the transaction details specify a recurring payment: displaying, by the computing device, that a payment, specified by the transaction details, is recurring; responsive to receiving the cryptographically signed message authorizing the transaction, generating, by the secure payment system, a token, which uniquely identifies the transaction details for the recurring payment; and providing the token to the merchant. However, Jaffe teaches responsive to receiving the transaction details from the merchant wherein the transaction details specify a recurring payment: displaying, by the computing device, that a payment, specified by the transaction details, is recurring; responsive to receiving the cryptographically signed message authorizing the transaction, generating, by the secure payment system, a token, which uniquely identifies the transaction details for the recurring payment; and providing the token to the merchant. (When authorizing the generation of a QR-c code, an option to confirm “Recurring” or not, needs to be presented. However, “Recurring” may be made a flag part of the QR-m code to trigger a screen to confirm the user's acceptance of a recurring charge. Once a recurring charge is authorized, there are two special concerns in creating an appropriate QR-c code: duration and the amount. [0315-0329]) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Mittal in view of Brandys and Scheidt and Kearby to process recurring transactions using tokens with the technique as disclosed by Jaffe to improve security and functionality as Jaffe suggested in [0079]. Claim 17, a non-transitory computer medium with the same scope as claim 8, is rejected. Claim 26, a system with the same scope as claim 8, is rejected. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20020143634 A1: A payment system and method of conducting a shopping transaction between a customer and a merchant utilizing an approval system over portable phone which controls the acceptance or rejection of the shopping transaction and a financial institution to provide credit or an account that can be debited to pay for the shopping transaction. US 20060131385 A1: A method and a corresponding system are described for providing conditional notification of transaction requests. The method includes receiving a transaction request which contains information regarding an account requesting a transaction and determining if the transaction request satisfies at least one condition for providing a notification of the transaction request. If at least one condition for providing the notification is satisfied by the transaction request, a transaction notification message is generated and transmitted to a communication device assigned to the requesting account. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZESHENG XIAO whose telephone number is (571)272-6627. The examiner can normally be reached 10:00am-4:30pm M-F. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Z.X./Examiner, Art Unit 3685 /PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3698