DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This non-final office action is in response to the applicant’s amendment received on January 7, 2026 (hereinafter “Amendment”).
Claims 1, 7, 9, 15, and 17 have been amended. Claims 1-20 are pending.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/7/2026 has been entered.
Official Notice Taken in Last Office Action
As official notice was taken in the previous office action, the common knowledge or well-known in the art statement is taken to be admitted prior art because the common knowledge or well-known in the art statement is taken to be admitted prior art because applicant either failed to traverse the examiner's assertion of official notice or that the traverse was inadequate (see MPEP 2144.03 C). The common knowledge or well-known in the art statement is taken to be admitted prior art include:
risk factor that includes the digital transaction valued at a predetermined amount of currency or higher is old and well known prior to the effective filing of instant claim.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1-3, 5-11, and 13-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 2022/0237590 A1 (“Rule”) in view of US 2011/0093351 A1 (“Afana”) and US 2016/0232516 A1 (“Dayan”) and US 2015/0038120 (“Larkin”).
Per claims 1, 9, and 17, Rule discloses a method comprising:
soliciting communication between a contactless card and a mobile device (Fig. 1A; Fig. 1B; Fig. 3; ¶0031, contactless card may be in wireless communication with client device; ¶0032, client device may be a mobile device);
after soliciting the communication between the contactless card and the mobile device, receiving, by a short-range communication antenna of the mobile device, a cryptogram from the contactless card (Fig. 1B, the contactless card sends MC cryptogram to the client device; ¶0033; ¶0035, mobile application on the client device; ¶0077, short-range wireless communication ¶0079);
responsive to receiving the cryptogram from the contactless card, verifying, by a processor of the mobile device, the cryptogram to identify the user account and to confirm that the contactless card is associated with the user account (¶0046, processor verified the MAC cryptogram; ¶0048; ¶0081, validate one or more credential from the contactless card; ¶0120; ¶0151; ¶0179)(“to identify the user account and to confirm that the contactless card is associated with the user account” is intended result of the verifying of the cryptogram);
after verifying the cryptogram, verifying, by the processor of the mobile device, that a phone number is associated with the user account (¶0174; ¶0183; ¶0193, validity of phone number; ¶0215); and
responsive to verifying that the contactless card and the phone number are associated with the user account, authorizing execution of the digital transaction in connection with the user account (¶0081, authorize payment and transaction from contactless card and/or client device; ¶0185; ¶0198).
Rule further teaches a mobile device comprising a short-range communication antenna, a processor, and a memory storing instructions (Fig. 3; ¶0070; ¶0071; ¶0077).
While Rule teaches the processor of the mobile device verifying a phone number received from the contactless card as disclosed above, Rule does not particularly teach that the phone number is of the mobile device.
Afana, however, discloses a technique of verifying a phone number of the mobile device ([0047], authenticates the phone number associated with the mobile device by querying operator network to identify the account associated with the mobile phone number).
It would have been obvious to one of ordinary skill in the art before the effective filing of instant claim to modify Rule to include verifying a phone number of the mobile device as a technique of verifying by the processor of the mobile device phone number in Rule as the combination ensures that the authenticity of the mobile device.
While Rule teaches controlling of how the two devices communicate based on current risk level perceived by the recipient of the receiving device/policy (¶0096), Rule/Afana does not particularly teach that the soliciting communication is responsive to a digital transaction initiated in connection with a user account satisfying at least one predetermined risk factor associated with the digital transaction.
Dayan, however, teaches performing a risk level for a payment transaction prior to the user initiating a mobile payment transaction using a predefined risk metric and predictive analysis (¶0025).
It would have been obvious to one of ordinary skill in the art before the effective filing of instant claim to combine the teaching of the Dayan of performing a risk level for a payment transaction prior to the user initiating a mobile payment transaction, i.e., soliciting of communication between the card and the mobile device of the Rule/Afana, as the combination to prevent abuse by unauthorized persons and financial loss (Dayan: ¶0002).
The claim has been amended to recite “transmitting a phone number of the mobile device and an International Mobile Subscriber Identity (IMSI) number of a Subscriber Identity Module (SIM) card in the mobile device from the mobile device to a server to confirm that the phone number of the mobile device is associated with the user account and that the IMSI number of the SIM card is associated with the phone number of the mobile device” and that the authorizing the execution of the digital transaction is in response to verifying that the IMSI number of the SIM card is associated with the phone number of the mobile device.
Rule/Afana/Dayan does not particularly teach the newly added limitation.
Larkin, however, teaches transmitting a phone number of the mobile device and an International Mobile Subscriber Identity (IMSI) number of a Subscriber Identity Module (SIM) card in the mobile device from the mobile device to a server to confirm that the phone number of the mobile device is associated with the user account and that the IMSI number of the SIM card is associated with the phone number of the mobile device” and that the authorizing the execution is based on verifying the IMSI number of the SIM card is associated with the phone number of the mobile device (see ¶0300, the current IMSI is compared to the IMSI previously stored and verified and allowing execution based on the verification).
It would have been obvious to one of ordinary skill in the art before the effective filing of instant claim to combine the teaching of verification of the IMSI as taught by Larkin to Rule/Afana/Dayan as the combination ensures that the fraudster has not taken over the user’s phone number.
As per claims 2 and 10, Rule/Afana/Dayan/Larkin further teaches wherein the digital transaction includes a wire transfer (Rule: ¶0195).
As per claims 3 and 11, while Rule/Afana/Dayan/Larkin discloses risk level, Rule does not particularly teach wherein the at least one predetermined risk factor includes the digital transaction valued at a predetermined amount of currency or higher (Dayan: ¶ 0017-¶0019).
As per claims 5 and 13, Rule/Afana/Dayan/Larkin further teaches successfully decrypting the cryptogram to verify the cryptogram and identify the user account (Rule: ¶0120; ¶0134; ¶0151).
As per claims 6 and 14, Rule/Afana/Dayan/Larkin further teaches decrypting protected data in the cryptogram; comparing the protected data to stored record data associated with the contactless card; and identifying the user account based on a match between the protected data and the stored record data (Rule: ¶0081; ¶0091, if the output of the MAC operation matches the MAC output revealed by decryption, then the data may be deemed valid; ¶0120; ¶0129; ¶0151; ¶0177; ¶0179; ¶0195).
As per claims 7-8 and 15-16, Rule/Afana/Dayan/Larkin further teaches transmitting the cryptogram from the mobile device to a server; and receiving, at the mobile device, one or more indications that the cryptogram and the phone number of the mobile device have been verified, transmitting one or more messages from the mobile device to the server (Rule: ¶0072; ¶0112; ¶0113; ¶0177; ¶0178; ¶0198; ¶0218).
As per claim 18, Rule/Afana/Dayan/Larkin further teaches a user interface device, wherein the instructions further cause the processor to display on or emit from the user interface device a solicitation for the communication with the contactless card (Rule: ¶0033, display; ¶0070 NFC communication).
As per claim 19, Rule/Afana/Dayan/Larkin further teaches that the mobile device comprising an Internet browser or mobile application, wherein the digital transaction is initiated via the Internet browser or the mobile application (Rule: ¶0032, Internet browser; multiple mobile OS).
Claim(s) 4 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Rule”, “Afana”, “Dayan”, and “Larkin” as applied in claims 1 and 12, in further view of US 20150379517 A1 (“Jin”).
Per claims 4 and 12, Rule/Afana/Dayan/Larkin does not particularly teach wherein the at least one predetermined risk factor includes the digital transaction originating from a suspicious location, a suspicious device, or a suspicious Internet Protocol (IP) address.
Jin, however, teaches the at least one predetermined risk factor includes the digital transaction originating from a suspicious location, a suspicious device, or a suspicious Internet Protocol (IP) address (¶0029, domain name of the requester or the merchant business, an IP address, etc … these may also be used in a fraud risk assessment).
As Rule/Afana/Dayan/Larkin generally teaches performing communication based on risk level in Rule and Dayan teaching various consideration of factors in determining transaction risk, it would have been obvious to one of ordinary skill in the art prior to the effective filing of the instant claim to include any known type of risk factor(s) as taught by Jin as risk factor(s) in Rule/Afana/Dayan in preventing transaction originating from a suspicious merchant.
Claim(s) 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Rule”, “Afana”, “Dayan”, and “Larkin” as applied in claim 17, in further view of US 20180025348 A1 (“Shauh”).
As per claim 20, Rule/Afana/Dayan/Larkin does not particularly teach wherein the digital transaction is initiated via an Internet browser on a desktop computer.
Shauh, however, teaches wherein the digital transaction is initiated via an Internet browser on a desktop computer (see Fig. 6; ¶0026, browser of PC).
It would have been obvious to one of ordinary skill in the art before the effective filing of instant claim to include the technique of utilizing Internet browser on a PC in initiating transaction as taught by Shauh to mobile authentication system of Rule/Afana/Dayan in order to adopt any known transactional techniques for flexibility of the system of Rule.
Furthermore, as the scope of the claim is the mobile device and particular recited functions of the mobile device (its components), the description of the Internet browser on a desktop computer does not move to distinguish over the prior art as the description does not affect the positively recited mobile device structures and functions.
Response to Argument(s)
101
The applicant’s argument is persuasive. As such, the 101 rejections have been withdrawn
103 Rejections
Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on reference applied and presented in the argument.
Double Patenting
Double patenting rejection(s) have been withdrawn in light of the claim amendment(s).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20170372056 A1 discloses risk factor such as amount of transaction;
US 11138593 B1 discloses authentication of smart card including authentication of cryptogram and other customer information (name, address, phone number);
US 11341470 B1 discloses smart card that transmits various information such as cryptogram identifying customer information such as phone number, user name, address, etc.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN S KIM whose telephone number is (571)270-5287. The examiner can normally be reached Monday -Friday: 7:00 - 3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached at 571-272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/STEVEN S KIM/Primary Examiner, Art Unit 3698