DETAILED ACTIONResponse to Amendment
The amendment filed on November 26, 2025 has been entered. Applicant has amended claims 1, 4, 6-8, 11, 13-15, 18 and 20. Claims 1-2, 4, 6-9, 11, 13-16, 18 and 20-24 remain pending, have been examined, and currently stand rejected.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Continuation
This application is a continuation of U.S. Patent Application Serial No. 16/681,733, filed November 12, 2019, which is a continuation of U.S. Patent Application Serial No.16/265,974, filed February 1, 2019. See MPEP §201.07. In accordance with MPEP §609.02 A.2 and MPEP §2001.06(b) (last paragraph), the Examiner has reviewed and considered the prior art cited in the Parent Applications. Also, in accordance with MPEP §2001.06(b) (last paragraph), all documents cited or considered ‘of record’ in the Parent Applications are now considered cited or ‘of record’ in this application. Additionally, Applicant(s) are reminded that a listing of the information cited or ‘of record’ in the Parent Applications need not be resubmitted in this application unless Applicant(s) desire the information to be printed on a patent issuing from this application. See MPEP §609.02 A.2.
Claim Interpretation
Non-Functional Language:
Regarding Claims 1, 8 and 15: The claim 1, 8 and 15 phrase which recites “executing on a compute device of an accountholder of a contactless card”, found in the receiving step, is merely providing non-functional descriptive material about the merchant application. The fact that the merchant application is executing on a particular device (e.g., a compute device of an accountholder of a contactless card) fails to affect how any of the positively recited steps are performed. For example, the information/data received from the merchant application is not received differently because the merchant application is executed on this device. Examiner also notes that applicant is not positively reciting any steps performed by the merchant application or the compute device, rather the entire claimed invention is claimed from the perspective of the processor (i.e., the of the server, the processor of the computing apparatus).
Similarly, the claim 1, 8 and 15 phrase which recites “wherein the merchant application comprises an online application”, found in the receiving step, is also providing non-functional descriptive material about the merchant application. The mere fact that the merchant application is an “online application” fails to affect how any of the positively recited steps are performed.
The claim 1, 8 and 15 phrase which recites “sent to the compute device via a near-field communication (NFC) exchange”, found in the receiving step, is merely providing non-functional descriptive material about the encrypted data (i.e., how the encrypted data was received by the compute device). The fact that the encrypted data was sent to the compute device via NFC fails to affect how any of the positively recited steps are performed. It is also noted that applicant is not positively reciting any steps performed by the compute device (e.g., receiving, via an NFC exchange, encrypted data) or by the contactless card (e.g., sending, via an NFC exchange, encrypted data).
The claim 1, 8 and 15 phrase which recites “wherein the virtual account number has an amount restriction assigned thereto such that the transaction can only be processed by a merchant server if the transaction is for an amount at or below the amount restriction”, found in the generating step, is non-functional descriptive material as it only describes, at least in part, attributes associated with the virtual account number. The fact that the virtual account number has an amount restriction assigned thereto fails to affect how any of the positively recited steps are performed. For example, there is no indication that the virtual account number is generated differently simply because it is assigned this particular restriction. Additionally, applicant is not positively reciting a step, or steps, where an amount restriction is assigned to the virtual account number. Likewise, applicant is not positively reciting a step where the transaction is processed, or not processed, based on this restriction.
It has been held that non-functional descriptive material will not distinguish the invention from the prior art in terms of patentability.
Intended Use Language:
Regarding Claims 1, 8 and 15: The claim 1, 8 and 15 phrase which recites “to process the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV,” found in the transmitting step, is merely a recited intended use/result of why the processor transmits this data/information to the merchant server. Applicant is not positively reciting a step of processing the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.
These phrases are given little to no patentable weight because the limitation, or portion thereof, does not claim the functions as being positively recited actions or functions, and/or they do not add any meaning or purpose to the associated manipulative step(s). See MPEP 2103 C and 2111.04. Simply because the limitation recites something as being “for … [performing a specific functionality]”, etc. does not mean that the functions are required to be performed, or are actually performed.
Claim Rejections - 35 USC § 103
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 4, 6, 8, 11, 13, 15, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hammad (US 2016/0379217 A1) in view of Faith et al. (US 2019/0066069 A1) (“Faith”) in view of Dixon et al. (US 2006/0253458 A1) (“Dixon”).
Regarding Claims 1, 8 and 15: Hammad discloses:
Claim 1: A method, comprising:
Claim 8: A non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by a processor of a server (See at least Hammad [0083-0085]), cause the processor to:
Claim 15: A computing apparatus comprising:
a processor (See at least Hammad [0083-0084] “one or more processors 81”); and
a memory storing instructions that (See at least Hammad [0083-0085] “Computer-readable medium 82”), when executed by the processor, cause the processor to:
receiving, by a processor of a server from a merchant application executing on a compute device of an accountholder of a contactless card: (i) a merchant identifier of a merchant associated with the merchant application, (ii) a transaction identifier of a transaction, and (iii) encrypted data generated by the contactless card and sent to the compute device via a near-field communication (NFC) exchange, wherein the merchant application comprises an online application (See at least Hammad [0014]; [0034-0036]; [0042-0043]; [0047]; [0057-0058]; [0060-0061]; [0063-0064]; [0068-0069]; [0087]; [0100]; Fig. 4 step 182. Where a processor of a server (i.e., processor of Validation Entity 80) receives from a merchant application (i.e., from data and codes that direct operation) executing on a compute device of an accountholder of a contactless card (i.e., executing on a verification token of a user/consumer of a portable consumer device (e.g., a contactless card)): (i) a merchant identifier of a merchant associated with the merchant application (i.e., merchant identifier), (ii) a transaction identifier of a transaction (i.e., transaction identifier), and (iii) encrypted data (i.e., encrypted identification information, e.g., a variable datum) generated by the contactless card (i.e., by the portable consumer device, e.g., a contactless card) and sent to the compute device (i.e., to the verification token) via a near-field communication (NFC) exchange (e.g., by waving the portable consumer device near the reader of the verification token), wherein the merchant application comprises an online application (i.e., wherein the data and codes that direct operation comprises code that allows the verification token to communicate online (e.g., via a network [0058], via a networking facility [0060; 0063], via an internet browser [0061; 0064], etc.).);
accessing, by the processor, a key for the contactless card maintained by the server (See at least Hammad [0089]; [0100]; also see [0035]; [0037] and [0069] which indicate the use of contactless cards. Where the processor (i.e., processor of Validation Entity 80) accesses a key for the contactless card (i.e., a decryption key, e.g., a decryption key corresponding to an encryption key assigned beforehand that can be used for contactless card transactions) maintained by the server (i.e., maintained by Validation Entity 80).);
verifying, by the processor, the encrypted data by decrypting the encrypted data based at least in part on the key for the contactless card maintained by the server (See at least Hammad [0089]; [0100]; also see [0035]; [0037] and [0069] which indicate the use of contactless cards. Where the processor (i.e., processor of Validation Entity 80) verifies the encrypted data by decrypting the encrypted data (i.e., by decrypting the encrypted identification information) based at least in part on the key for the contactless card (i.e., based on the decryption key that can be used for contactless card transaction) maintained by the server (i.e., maintained by Validation Entity 80).);
generating, by the processor based on the verification of the encrypted data: a virtual account number (See at least Hammad [0042-0043]; [0087]; [0091-0092]. Where a virtual account number (i.e., a substitute account number) is generated by the processor (i.e., processor of Validation Entity 80) based on the verification of the encrypted data (i.e., based on applying at least one validation test to the decrypted information).); and
transmitting, by the processor, the merchant identifier, the transaction identifier, the virtual account number, the expiration date, and the CVV to the merchant server associated with the merchant to process the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV (See at least Hammad [0014]; [0036]; [0042-0043]; [0045]; [0048]; [0064]. Where the processor (i.e., processor of Validation Entity 80) transmits (i.e., sends/forwards) the merchant identifier, the transaction identifier, the virtual account number (i.e., substitute account number), the expiration date (i.e., expiration date of the card), and the CVV (i.e., device verification value (dCVV2)) to the merchant server associated with the merchant (i.e., to the merchant, e.g., to merchant website 20) to process the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.).
As indicated above, Hammad discloses generating a virtual account number (i.e., substitute account number) based on verifying data/information. Hammad [0042-0043]; [0087]; [0091-0092]. Hammad further discloses that the validation entity (i.e., server) may obtain a dCVV2 value (i.e., CVV) by generating it from pre-stored data, or by receiving it from payment processing network or issuing bank. Hammad [0048]. Hammad also discloses that the validation entity (i.e., server) may send the merchant all of the information it needs to complete a transaction, such as shipping address, card expiration date, card holder name, etc. Hammad [0094]. In addition, Hammad shows that it was known to provide a substitute account number, expiration date and dCVV2 values in order to complete a transaction. Hammad differs from the claimed invention, in part, because Hammad does not explicitly disclose generating (ii) an expiration date associated with the virtual account number, and (iii) a card verification value (CVV) associated with the virtual account number. Faith, on the other hand, teaches generating (ii) an expiration date associated with the virtual account number, and (iii) a card verification value (CVV) associated with the virtual account number (See at least Faith [0020]; [0035]; [0044-0046]; [0052]. Where (ii) an expiration date (i.e., new/second expiration date) associated with the virtual account number (i.e., associated with the new/second account number), and (iii) a card verification value (CVV) (i.e., CVV) associated with the virtual account number (i.e., associated with the new/second account number) is generated by the processor.). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hammad’s method, which generates a virtual account number (i.e., substitute account number) based on verifying data/information, and obtains and provides all of the information needed to complete a transaction, to include the teachings of Faith. One would have been motivated to include these features in order to make it more difficult for an unauthorized person to obtain numbers that can be used to conduct fraudulent transactions (Faith [0004]; [0007]).
Hammad also fails to explicitly disclose wherein the virtual account number has an amount restriction assigned thereto such that the transaction can only be processed by a merchant server if the transaction is for an amount at or below the amount restriction.
Dixon, on the other hand, teaches wherein the virtual account number has an amount restriction assigned thereto such that the transaction can only be processed by a merchant server if the transaction is for an amount at or below the amount restriction (See at least Dixon [0259]. Dixon teaches wherein the virtual account number (i.e., virtual credit card number) has an amount restriction (i.e., a maximum charge) assigned thereto such that the transaction can only be processed by a merchant server if the transaction is for an amount at or below the amount restriction.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hammad’s method, which generates a virtual account number (i.e., substitute account number) based on verifying data/information, and obtains and provides all of the information needed to complete a transaction, to include the teachings of Dixon. One would have been motivated to include these features in order to only allow a small amount to be charged to a virtual credit card number when the user is performing a transaction on a suspect e-commerce site (Dixon [0259]).
Examiner also notes that the phrase/limitation which recites “wherein the virtual account number has an amount restriction assigned thereto such that the transaction can only be processed by a merchant server if the transaction is for an amount at or below the amount restriction” is non-functional descriptive material as it only describes, at least in part, attributes associated with the virtual account number. The fact that the virtual account number has an amount restriction assigned thereto fails to affect how any of the positively recited steps are performed. For example, there is no indication that the virtual account number is generated differently simply because it is assigned this particular restriction. Additionally, applicant is not positively reciting a step, or steps, where an amount restriction is assigned to the virtual account number. Likewise, applicant is not positively reciting a step where the transaction is processed, or not processed, based on this restriction. It has been held that non-functional descriptive material will not distinguish the invention from the prior art in terms of patentability.
Regarding Claims 4, 11 and 18: The combination of Hammad, Faith and Dixon discloses the method of claim 1, the computer-readable storage medium of claim 8, and the computing apparatus of claim 15. Hammad further discloses determining, by the processor, that a device identifier received from the compute device of the accountholder is associated with a user account associated with the contactless card, wherein the virtual account number is generated based on the determination that the device identifier is associated with the contactless card (See at least Hammad [0042-0043]; [0087]; [0090]; [0106]. Where the processor (i.e., processor of Validation Entity 80) determines that a device identifier (i.e., variable datum) received from the compute device of the accountholder (i.e., received from the verification token) is associated with a user account associated with the contactless card (i.e., is associated with an account number based on a stored record), wherein the virtual account number (i.e., substitute account number) is generated based on the determination that the device identifier is associated with the contactless card (i.e., indicated by the fact that the identification information (e.g., the variable datum) passes the one or more validation tests).).
Regarding Claims 6, 13 and 20: The combination of Hammad, Faith and Dixon discloses the method of claim 1, the computer-readable storage medium of claim 8, and the computing apparatus of claim 15. Hammad further discloses:
receiving, by the processor, a software fingerprint of the compute device of the accountholder (See at least Hammad [0051]; [0070]. Where the processor (i.e., processor of Validation Entity 80) receives a software fingerprint (i.e., serial number) of the compute device of the accountholder (i.e., of the verification token).); and
determining, by the processor, that the software fingerprint matches a known software fingerprint associated with the contactless card, wherein the virtual account number is generated based on the determination that the software fingerprint matches the known software fingerprint (See at least Hammad [0051]; [0070]; [0087-0088]; [0100-0102]; [0120]. Where the processor (i.e., processor of Validation Entity 80) determines that the software fingerprint (i.e., serial number) matches a known software fingerprint (i.e., known serial number) associated with the contactless card, wherein the virtual account number (i.e., substitute account number) is generated based on a determination that the software fingerprint matches the known software fingerprint (i.e., indicated by the fact that the identification information (e.g., serial number) passes the one or more validation tests).).
Claims 2, 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Hammad in view of Faith in view of Dixon, as applied above, and further in view of Anderson et al. (US 2014/0032419 A1) (“Anderson”).Regarding Claims 2, 9 and 16: The combination of Hammad, Faith and Dixon discloses the method of claim 1, the computer-readable storage medium of claim 8, and the computing apparatus of claim 15. Hammad further discloses wherein the expiration date associated with the virtual account number is the same as an expiration date of the contactless card (See at least Hammad [0036]; [0094].).
Hammad discloses the use of a contactless card to conduct the transaction. Hammad [0035]; [0037]; [0069]. Hammad also describes generating a virtual account number (i.e., substitute account number) based on verifying various information (i.e., based on applying at least one validation test). Hammad [0042-0043]; [0087]; [0091-0092]. However, Hammad does not explicitly disclose determining, by the processor, that the contactless card has been used to make a previous purchase with the merchant, wherein the virtual account number is generated based on the determination that the contactless card has previously been used to make a purchase with the merchant. Anderson, on the other hand, teaches determining, by the processor, that the contactless card has been used to make a previous purchase with the merchant, wherein the virtual account number is generated based on the determination that the contactless card has previously been used to make a purchase with the merchant (See at least Anderson [0057]; [0064]. Where the processor (i.e., processor of the merchant) determines that the contactless card (i.e., card) has been used to make a previous purchase with the merchant (i.e., used for the customer’s previous purchases with the merchant), wherein the virtual account number (i.e., redacted token) is generated based on the determination that the contactless card (i.e., card) has previously been used to make a purchase with the merchant (i.e., has been used for the customer’s previous purchases with the merchant).). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hammad’s method of conditionally generating a virtual account number (i.e., substitute account number) based on verified information, to include the teachings of Anderson, in order to present various partially concealed payment options to the customer during a transaction (Anderson [0057-0058]; [0064]). Additionally, presenting and using a partially concealed payment option helps to protect the customers payment information from thieves (Anderson [0051]; [0066-0067]).
Hammad also fails to explicitly disclose wherein the virtual account number has a time restriction assigned thereto such that the virtual account number can only be processed by the merchant server if the transaction is within a predefined time.
Dixon, on the other hand, further teaches wherein the virtual account number has a time restriction assigned thereto such that the virtual account number can only be processed by the merchant server if the transaction is within a predefined time (See at least Dixon [0259]. Dixon teaches wherein the virtual account number (i.e., virtual credit card number) has a time restriction (i.e., length of time it is valid, e.g., 24 hours) assigned thereto such that the virtual account number can only be processed by the merchant server if the transaction is within a predefined time.). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hammad’s method, which generates a virtual account number (i.e., substitute account number) based on verifying data/information, and obtains and provides all of the information needed to complete a transaction, to include the teachings of Dixon. One would have been motivated to include these features in order to place a time restriction on a virtual credit card number when the user is performing a transaction on a suspect e-commerce site (Dixon [0259]).
Examiner also notes that the phrase/limitation which recites “wherein the virtual account number has a time restriction assigned thereto such that the virtual account number can only be processed by the merchant server if the transaction is within a predefined time” is non-functional descriptive material as it only describes, at least in part, attributes associated with the virtual account number. The fact that the virtual account number has a time restriction assigned thereto fails to affect how any of the positively recited steps are performed. For example, there is no indication that the virtual account number is generated differently simply because it is assigned this particular restriction. Additionally, applicant is not positively reciting a step, or steps, where a time restriction is assigned to the virtual account number. Likewise, applicant is not positively reciting a step where the transaction is processed, or not processed, based on this restriction. It has been held that non-functional descriptive material will not distinguish the invention from the prior art in terms of patentability.
Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Hammad in view of Faith in view of Dixon, as applied above, and further in view of Han (US 2009/0292642 A1).
Regarding Claims 7 and 14: The combination of Hammad, Faith and Dixon discloses the method of claim 1, the computer-readable storage medium of claim 8, and the computing apparatus of claim 15. Hammad further discloses:
receiving, by the processor from the compute device of the accountholder, authentication information for a user account associated with the contactless card (See at least Hammad [0042-0043]; [0051]; [0070]; [0087]; [0090]; [0106]. Where the processor (i.e., processor of Validation Entity 80) receives, from the compute device of the accountholder (i.e., from the verification token), authentication information for a user account (e.g., a serial number, fingerprint and/or variable datum).); and
verifying, by the processor, the authentication information for the user account, wherein the virtual account number is generated based on the verification of the authentication information (See at least Hammad [0051]; [0070]; [0087-0088]; [0090]; [0100-0102]; [0120]. Where the processor (i.e., processor of Validation Entity 80) verifies the authentication information for the user account (e.g., a serial number, fingerprint and/or variable datum), wherein the virtual account number (i.e., substitute account number) is generated based on the verification of the authentication information (i.e., indicated by the fact that the identification information (e.g., serial number, fingerprint and/or variable datum) passes the one or more validation tests).).
In addition to the above described authentication procedures, Hammad further discloses where the validation token (i.e., compute device of the accountholder) receives and validates a username and a password. Hammad [0072-0077]. The validation token validates this authentication information prior to performing subsequent actions related to the user’s account. Id. However, Hammad does not explicitly disclose wherein the authentication information [received by the processor] comprises one or more of: (i) a username and a password, (ii) biometric credentials.
Han, on the other hand, teaches wherein the authentication information comprises one or more of: (i) a username and a password, (ii) biometric credentials (See at least Han [0071-0072]; [0078-0079]. Where the processor (i.e., credit facility) receives authentication information for a user (i.e., customer) account, the authentication information comprising one or more of: (i) a username and a password (i.e., of user ids and passwords), (ii) biometric credentials (i.e., biometric information).).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hammad’s method of authenticating/validating information pertaining to a user, and/or their contactless card, and generating a virtual account number (i.e., substitute account number) based on the authentication/validation, to include the teachings of Han. One would have been motivated to include a username, password and/or biometric credentials in the authentication information received at the processor in order to confirm the customer’s identity prior to determining a payment identifier (e.g., a one-time use number in the same format as a credit card) (Han [0072]).
Claims 21-23 are rejected under 35 U.S.C. 103 as being unpatentable over Hammad in view of Faith in view of Dixon, as applied above, and further in view of Lavender et al. (US 2017/0272253 A1) (“Lavender”).
Regarding Claim 21: The combination of Hammad, Faith and Dixon discloses the method of claim 1. Hammad discloses where a processor (i.e., processor of Validation Entity 80) receives from a merchant application (i.e., from data and codes that direct operation) executing on a compute device of the accountholder (i.e., verification token) encrypted data (i.e., encrypted identification information). Hammad [0014]; [0035-0036]; [0042-0043]; [0057]; [0068]; [0087]; [0100]; Fig. 4 step 182. Hammad further discloses where the processor (i.e., processor of Validation Entity 80) verifies the encrypted data by decrypting the encrypted data (i.e., by decrypting the encrypted identification information) based at least in part on a key for the contactless card (i.e., based on the decryption key that can be used for contactless card transaction). Hammad [0089]; [0100]; also see [0035]; [0037] and [0069]. However, Hammad does not explicitly disclose wherein the contactless card generates the encrypted data based on a key stored by the contactless card.
Lavender, on the other hand, teaches wherein the contactless card generates the encrypted data based on a key stored by the contactless card (See at least Lavender [0053] “the sender device 110 may alternatively be in the form of a payment card”; [0104]; [0112]; [0124]. Where the contactless card (i.e., sender device, e.g., payment card) generates the encrypted data (i.e., cryptogram) based on a key (i.e., based on a cryptographic key) stored by the contactless card.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hammad’s method of receiving and verifying encrypted data, to include the teachings of Lavender, in order to validate that the user agreed to the interaction and that the interaction details have not been changed (Lavender [0009]).
Regarding Claim 22: The combination of Hammad, Faith, Dixon and Lavender discloses the method of claim 21. Hammad further discloses wherein the verification of the encrypted data further comprises determining, by the processor, that the decryption of the encrypted data yields a customer identifier (See at least Hammad [0042-0043]; [0087]; [0089]; [0100]; [0106]; also see [0035]; [0037] and [0069] which indicate the use of contactless cards. Wherein the verification of the encrypted data (i.e., verification of the encrypted identification information) further comprises determining, by the processor (i.e., processor of Validation Entity 80), that the decryption of the encrypted data yields a customer identifier (i.e., digital magnetic fingerprint).).
Regarding Claim 23: The combination of Hammad, Faith, Dixon and Lavender discloses the method of claim 22. Hammad further discloses wherein the verification of the encrypted data further comprises determining, by the processor, that the customer identifier matches a stored customer identifier associated with the contactless card (See at least Hammad [0042-0043]; [0087]; [0089-0090]; [0100]; [0106]; also see [0035]; [0037] and [0069] which indicate the use of contactless cards. Wherein the verification of the encrypted data (i.e., verification of the encrypted identification information) further comprises determining (e.g., via a comparison), by the processor (i.e., processor of Validation Entity 80), that the customer identifier (i.e., digital magnetic fingerprint) matches a stored customer identifier (i.e., matches a stored copy of the digital fingerprint) associated with the contactless card (i.e., associated with portable consumer device (e.g., a contactless card)).).
Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Hammad in view of Faith in view of Dixon, as applied above, and further in view of Ecker et al. (US 2019/0188705 A1) (“Ecker”).
Regarding Claim 24: The combination of Hammad, Faith and Dixon discloses the method of claim 1. Hammad discloses where the processor (i.e., processor of Validation Entity 80) verifies the encrypted data by decrypting the encrypted data (i.e., by decrypting the encrypted identification information) based at least in part on the key for the contactless card (i.e., based on the decryption key that can be used for contactless card transaction) maintained by the server (i.e., maintained by Validation Entity 80). Hammad [0089]; [0100]; also see [0035]; [0037] and [0069]. Hammad further discloses a desire to ensure that the user/consumer was in possession of the card at the time the purchase was made. Hammad [0049]. However, Hammad does not explicitly disclose wherein the verification of the encrypted data further comprises determining, by the processor based on the decryption of the encrypted data, that the contactless card generated the encrypted data.
Ecker, on the other hand, teaches determining, by the processor based on the decryption of the encrypted data, that the contactless card generated the encrypted data (See at least Ecker [0033]; [0083]; [0085]. Where the processor (i.e., issuer server) determines based on the decryption of the encrypted data (i.e., based on the decryption of the online cryptogram ARQC) that the contactless card (i.e., payment card, e.g., contactless card) generated the encrypted data (i.e., generated the online cryptogram ARQC).).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hammad’s method of verifying the encrypted data by decrypting the encrypted data, to include the teachings of Ecker, in order to determine that the payment card generated the online cryptogram ARQC, thus ensuring that the user is in possession of the card at the time of the transaction (Ecker [0085]).
Response to Arguments
Claim Rejections – 35 U.S.C. § 103 Applicant argues that Hammad in view of Faith and Dixon does not disclose
at least the features "receiving, by a processor of a server from a merchant application executing on a compute device of an accountholder of a contactless card the contactless card and sent to the compute device via a near-field communication (NFC)
exchange, wherein the merchant application comprises an online application" of amended claim 1. Amendment, pp. 10-11. Examiner respectfully disagrees. Examiner contends that Hammad discloses where a processor of a server (i.e., processor of Validation Entity 80) receives from a merchant application (i.e., from data and codes that direct operation) executing on a compute device of an accountholder of a contactless card (i.e., executing on a verification token of a user/consumer of a portable consumer device (e.g., a contactless card)): (i) a merchant identifier of a merchant associated with the merchant application (i.e., merchant identifier), (ii) a transaction identifier of a transaction (i.e., transaction identifier), and (iii) encrypted data (i.e., encrypted identification information, e.g., a variable datum) generated by the contactless card (i.e., by the portable consumer device, e.g., a contactless card) and sent to the compute device (i.e., to the verification token) via a near-field communication (NFC) exchange (e.g., by waving the portable consumer device near the reader of the verification token), wherein the merchant application comprises an online application (i.e., wherein the data and codes that direct operation comprises code that allows the verification token to communicate online (e.g., via a network [0058], via a networking facility [0060; 0063], via an internet browser [0061; 0064], etc.). Hammad [0014]; [0034-0036]; [0042-0043]; [0047]; [0057-0058]; [0060-0061]; [0063-0064]; [0068-0069]; [0087]; [0100]; Fig. 4 step 182.
Applicant argues that claim 1 has been amended to clarify that the merchant application comprises an "online application" such as a web application or native application on the mobile device that connects to the internet. Amendment, p. 11. Applicant further asserts that the "data and codes that direct the operation of processor 41" of verification token 40 of Hammad are not the same as an online application and are instead akin to an operating system of the verification token. Id. This argument is unpersuasive. Hammad clearly indicates that the "data and codes that direct the operation of processor 41" of verification token 40 comprises code that allows the verification token to communicate online (e.g., via a network [0058], via a networking facility [0060; 0063], via an internet browser [0061; 0064], etc.). Hammad [0058]; [0060-0061]; [0063-0064]. Examiner contends that the "data and codes that direct the operation of processor 41" of verification token 40 is an “online application” since the code comprises code that allows the verification token to communicate online (e.g., to send and/or retrieve data via an network).
Examiner also notes the limitation indicating that the “merchant application comprises an online application” is merely providing non-functional descriptive material about the merchant application. The mere fact that the merchant application is an “online application” fails to affect how any of the positively recited steps are performed.
For the above reasons, and for those set forth in the 35 U.S.C. § 103 rejection above, all of the claims remain rejected under 35 U.S.C. § 103.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure is cited in the Notice of References Cited (PTO-892). The additional cited art further establishes the state of the art prior to the effective filling date of Applicant’s claimed invention.
Maclin et al. (US 2002/0032662 A1) discloses a method and an apparatus for securing e-commerce transactions include processing that begins by receiving a customer package of variables regarding a desired secure e-commerce transaction. The processing continues by validating the desired secure e-commerce transaction based on at least one item of the package of variables. If the desired secure e-commerce transaction is validated, the processing continues by generating a temporary credit card number for the desired secure e-commerce transaction based on the at least one item of the package of variables. Once the temporary credit card number is generated, the processing continues by providing the temporary credit card number for use in the desired secure e-commerce transaction. Maclin Abstract.
Kurian (US 2016/0027000 A1) discloses receiving a card limit from the user, wherein the card limit indicates a threshold spending amount limiting usage of a bank card; and wherein generating the one-time bank card number is based at least in part on the received card limit; and wherein the one-time bank card number indicates to a merchant conducting the transaction with the user the card limit. Kurian [0003].
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON FENSTERMACHER whose telephone number is (571)270-3511. The examiner can normally be reached Monday - Friday 9:00 AM to 5:30 PM ET, Alternate Fridays Off.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached at 571-272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/J.F./Examiner, Art Unit 3698
/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3698