DETAILED ACTION
This is a final office action on the merits. The U.S. Patent and Trademark Office (the Office) has received claims 1 – 20.
Claims 1, 10, 12, and 20 are amended.
Claims 1-20 are pending and have been examined on the merits.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
35 USC § 101
Applicant's arguments filed 10/21/2025 have been fully considered but they are not persuasive. The new “database of past pairings” language does not overcome the 101 rejection. The limitations still read on fraud prevention ( a certain method of organizing human activity), plus collecting/processing/comparing data and then deciding whether to transmit for processing. See 101 rejection.
35 USC § 103
Applicant's arguments filed 10/21/2025 have been fully considered but they are not persuasive. Jiang teaches verifying a smart card by determining whether two received values belong to the same card, which necessarily requires accessing stored association data (i.e. a stored pairing) for comparison (the remote system 160 accesses the database of all smart cards and cross-references the numbers… the remote system 160 accesses the smart card 110 account using the card account number and looks up the card verification number (¶ 0072). the remote system 160 determines if the card verification number and card account number belong to the same card (¶ 0074). If the numbers are a match, the remote system 160 transmits verification of the identity of the smart card 110 to the contactless device, in block 863 (¶ 0075)). The “pairing” requirement is met by Jiang’s match logic in paragraph 0074.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention recites and is directed to a judicial exception to patentability (i.e., an abstract idea) and does not provide an integration of the recited abstract idea into a practical application nor include an inventive concept that is “significantly more” than the recited abstract idea to which the claim is directed. MPEP §2106.
In determining subject matter eligibility in an Alice rejection under 35 U.S.C. §101, it is first determined at Step 1 whether the claims are directed to one of the four statutory categories of an invention (i.e., a process, a machine, a manufacture, or a composition of matter). MPEP §2106.03. Here, it is determined that claims 1-11 are directed to a system, claims 12-19 are directed to a method and claim 20 is directed to a process; Under a Step 2A, Prong 1 analysis, it must be determined whether the claims recite an abstract idea that falls within one or more enumerated categories of patent ineligible subject matter that amounts to a judicial exception to patentability. MPEP §2106.04. Here, independent claim 1 recites:
A system of fraud prevention, comprising:
a server including a memory and a processor,
wherein the server is configured to:
receive a transaction message of a contactless card, the transaction message including an Europay, Mastercard, and Visa (EMV) identifier,
receive a unique card identifier and a cryptographic payload of the contactless card,
incorporate the unique card identifier and the cryptographic payload into the transaction message to generate an enhanced transaction message,
determine whether the EMV identifier pairs with the unique card identifier by querying a database of past pairings of EMV identifiers and unique card indentifiers,
determine whether to transmit the enhanced transaction message to a transaction processing device for processing the enhanced transaction message.
(emphasis added on additional element(s))
Here, the claims are directed to the abstract idea, or combination of abstract ideas, of determining a fraud prevention system. This concept/abstract idea, which is seen above, falls within the Certain Methods of Organizing Human Activity grouping because it describes a commercial or legal interaction (e.g., asset management). Accordingly, it is determined that the claims recite an abstract idea since they fall within one or more of the three enumerated categories of patent ineligible subject matter.
Since it is determined that the claim(s) contain a judicial exception, it must then be determined, under Step 2A, Prong 2, whether the judicial exception is integrated into a practical application of the exception. MPEP §2106.04. Here, claim 1 recites the additional elements of: a server (including a memory and a processor), contactless card, and a transaction processing device. The server (including a memory and a processor), contactless card, and transaction processing device are recited at a high-level of generality such that they amount to no more than using a generic computer component and/or system. Therefore, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Looking at the elements as a combination does not add anything more than the elements analyzed individually. Examiner further notes that even though the claims may not preempt all forms of the abstraction, this alone, does not make them any less abstract. See OIP Techs., Inc. v. Amazon.com, Inc., 788 F.3d 1359, 1362-63 (Fed. Cir. 2015).
Under the Step 2B analysis, it is determined whether the recited additional elements amount to something “significantly more” than the recited abstract idea to which the claims are directed (i.e., provide an inventive concept). MPEP §2106.05. As discussed above with respect to integration of the abstract idea into a practical application, the additional element(s) of a server (including a memory and a processor), contactless card, and a transaction processing device to implement the abstract idea amounts to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using generic computer components cannot provide an inventive concept. That is, simply implementing the abstract idea on a generic computer or merely using a computer as a tool to perform an abstract idea cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. Accordingly, taken alone, the additional elements do not amount to significantly more than a judicial exception. Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually.
Therefore, independent claim 1 is rejected under 35 U.S.C. §101 and is not patent eligible. Independent claims 12 and 20 are similar and is therefore rejected under 35 U.S.C. §101 also. Dependent claims 2-11, 13-19 when analyzed are held to be patent ineligible under 35 U.S.C. §101 because the additional recited limitation(s) fail to establish that the claim(s) is/are not directed to an abstract idea.
Dependent claim 2 recites “the system according to claim 1, wherein the transaction message is an Extensible Markup Language (XML)-supported message. The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 3 recites “the system according to claim 1, wherein the transaction message includes an issuer identifier associated with the contactless card.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 4 recites “the system according to claim 1, wherein the cryptographic payload includes a cryptogram generated by the contactless card.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 5 recites “the system according to claim 1, wherein the contactless card is a near-field communication (NFC)-enabled card.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 6 recites “the system according to claim 1, wherein the server is further configured to: generate a nonce, and transmit the nonce to a user device.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 7 recites “the system according to claim 1, wherein the determining whether the EMV identifier pairs with the unique card identifier includes determining whether the EMV identifier has been paired with the unique card identifier in the past.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 8 recites “the system according to claim 1, wherein the server is further configured to validate the cryptographic payload.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 9 recites “the system according to claim 1, wherein the server is further configured to: transmit the cryptographic payload to a validator, and receive a validation result from the validator.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 10 recites “the system according to claim 9, wherein the validation result indicates that the cryptographic payload fails to be validated, and the server is further configured to not transmit the enhanced transaction message to the transaction processing device.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 11 recites “the system according to claim 1, wherein the cryptographic payload is validated by the transaction processing device.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 13 recites “the method according to claim 12, wherein the transaction message is an ISO20022-supported message.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 14 recites “the method according to claim 12, wherein the unique card identifier and the cryptographic payload are received via near-field communication (NFC) from the contactless card.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 15 recites “the method according to claim 12, further comprising: validating the cryptographic payload; and transmitting the enhanced transaction message to the transaction processing device.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 16 recites “the method according to claim 12, further comprising: generating an issuer identifier associated with the contactless card; and incorporating the issuer identifier into to the enhanced transaction message.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 17 recites “the method according to claim 16, further comprising: transmitting the issuer identifier, the unique card identifier, and the cryptographic payload to a validator; and receiving a validation result of the cryptographic payload from the validator.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 18 recites “the method according to claim 17, wherein: the validation result indicates that the cryptographic payload is successfully validated, and includes an access token, and the method further comprises: incorporating the access token into the enhanced transaction message, and transmitting the enhanced transaction message to the transaction processing device.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Dependent claim 19 recites “the method according to claim 16, wherein the issuer identifier is associated with the transaction processing device.” The claim fails to include any new additional elements that integrate the abstract idea into a practical application or provide significantly more than the abstract idea.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquires set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1066), that are applied for establishing a background for determining obviousness under 35 U.S.C. § 103 are summarized as follows:
Determining the scope and contents of the prior art.
Ascertaining the differences between the prior art and the claims at issue.
Resolving the level of ordinary skill in the pertinent art.
Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1- 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jiang et al. (US20130226796A1) hereinafter Jiang, in view of Hendrick (US20170289127A1).
Claims 1, 12, and 20. Jiang teaches (IN BOLD): A system of fraud prevention and a method of fraud prevention, and a non-transitory, computer-readable medium comprising instructions for fraud prevention that, when executed on a computer arrangement, perform actions comprising, comprising: a server including a memory and a processor, wherein the server is configured to:
receive a transaction message of a contactless card, the transaction message including an Europay, Mastercard, and Visa (EMV) identifier,
Jiang - a new or inactivated smart card 110 may not contain a card verification number. The lack of a verification number may indicate to the remote system 160 that the smart card needs to be activated and the remote system 160 may transmit a message to the contactless device 120 (¶ 0073).
receive a unique card identifier and a cryptographic payload of the contactless card,
Jiang - The secure element 126 communicates with the controller 124 and the application 122 in the contactless device 120. In an exemplary embodiment, the secure element 126 is capable of storing encrypted user information and only allowing trusted applications to access the stored information. The controller 124 interacts with a secure key encrypted application 122 for decryption and installation in the secure element 126 (¶ 0036). The Bluetooth link controller may be capable of sending and receiving data, identifying the smart card 110 (¶ 0037). receiving, by the mobile communication device, smart card identification information from the smart card device, the smart card identification information from the smart card device comprising a smart card account number and a verification number for the smart card device, wherein the verification number for the smart card device is encoded by data on a memory of the smart card device (Claim 1).
incorporate the unique card identifier and the cryptographic payload into the transaction message to generate an enhanced transaction message,
Jiang - In block 860, the remote system 160 determines if the card verification number and card account number belong to the same card, thus confirming the identity of the smart card 110 (¶ 0074). If the numbers are a match, the remote system 160 transmits verification of the identity of the smart card 110 to the contactless device, in block 863 (¶ 0075).
determine whether the EMV identifier pairs with the unique card identifier by querying a database of past pairings of EMV identifiers and unique card identifiers, and
Jiang - the remote system 160 accesses the database of all smart cards and cross-references the numbers… the remote system 160 accesses the smart card 110 account using the card account number and looks up the card verification number (¶ 0072). the remote system 160 determines if the card verification number and card account number belong to the same card (¶ 0074). If the numbers are a match, the remote system 160 transmits verification of the identity of the smart card 110 to the contactless device, in block 863 (¶ 0075). verifying, by the mobile communication device, the smart card device by determining that the smart card account number and verification number received from the smart card device matches a smart card account number and corresponding verification number stored by the mobile communication device; and authorizing, by the mobile communication device, a transaction with the smart card device based on the verification of the smart card device (Claim 1).
determine whether to transmit the enhanced transaction message to a transaction processing device for processing the enhanced transaction message.
Jiang - verifying, by the mobile communication device, the smart card device by determining that the smart card account number and verification number received from the smart card device matches a smart card account number and corresponding verification number stored by the mobile communication device; and authorizing, by the mobile communication device, a transaction with the smart card device based on the verification of the smart card device (Claim 1).
Jiang does not teach, however Hendrick discloses (IN BOLD):
receive a transaction message of a contactless card, the transaction message including an Europay, Mastercard, and Visa (EMV) identifier,
Hendrick - A smart card such as an EMV card that connects, wirelessly or by contact, to a reader or other device, and permits the flow of information/data to/from the card when connected thereto, after fingerprint scanning authorization/user verification system; or image scanning authorization/user verification, or PIN number entry from an on-card pad, or both, including a display screen for displaying changing/static user identification data stored thereon/therein alter such authorization/verification (Abstract).
determine whether the EMV identifier pairs with the unique card identifier, and determine whether to transmit the enhanced transaction message to a transaction processing device for processing the enhanced transaction message.
Hendrick - A smart card such as an EMV card that connects, wirelessly or by contact, to a reader or other device, and permits the flow of information/data to/from the card when connected thereto, after fingerprint scanning authorization/user verification system; or image scanning authorization/user verification, or PIN number entry from an on-card pad, or both, including a display screen for displaying changing/static user identification data stored thereon/therein alter such authorization/verification (Abstract).
Therefore, it would have been obvious before the effective filing date of the claimed invention to modify the message of Jiang with the message including the EMV of Hendrick because doing transmits the message for processing to avoid fraud.
Regarding Claim 2. The combination of Jiang and Hendrick further teaches: the system according to claim 1, wherein the transaction message is an Extensible Markup Language (XML)-supported message.
Jiang - The network 140 comprises a telecommunication means by which network devices (including devices 120, 150, and 160) can exchange data. For example, the network 140 can be implemented as, or may be a part of, a storage area network (SAN), personal area network (PAN), local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), a wireless local area network (WLAN), a virtual private network (VPN), an intranet, the Internet, Bluetooth, NFC or any other appropriate architecture or system that facilitates the communication of signals, data and/or messages (generally referred to as data) (¶ 0049).
Regarding Claim 3. The combination of Jiang and Hendrick further teaches: the system according to claim 1, wherein the transaction message includes an issuer identifier associated with the contactless card.
Hendrick - Bank card numbers are prescribed by ISO/IEC 7812. Bank card numbers identify a card, which is then electronically associated by an issuer with a cardholder, and with a cardholder's bank account (¶ 0018).
Regarding Claim 4. The combination of Jiang and Hendrick further teaches: the system according to claim 1, wherein the cryptographic payload includes a cryptogram generated by the contactless card.
Jiang - The secure element 126 includes components typical of a smart card, such as crypto processors and random generators (¶ 0035).
Regarding Claim 5. The combination of Jiang and Hendrick further teaches: the system according to claim 1, wherein the contactless card is a near-field communication (NFC)-enabled card.
Jiang - NFC controller capable of performing similar functions (¶ 0037).
Regarding Claim 6. The combination of Jiang and Hendrick further teaches: the system according to claim 1, wherein the server is further configured to: generate a nonce, and transmit the nonce to a user device.
Jiang - The remote system generates a random card verification number that becomes associated with the smart card and encoded in the card identification information. The remote system transmits the initial smart card data to the contactless device, which includes the card verification number, and the contactless device transmits the date to the smart card (¶ 0021).
Regarding Claim 7. The combination of Jiang and Hendrick further teaches: the system according to claim 1, wherein the determining whether the EMV identifier pairs with the unique card identifier includes determining whether the EMV identifier has been paired with the unique card identifier in the past.
Jiang - The smart card transmits the card identification information and transaction history to the contactless device. The contactless device confirms the identity of the smart card by cross-referencing the card account number and the card verification number. The merchant confirms whether the smart card has a sufficient balance available for a purchase transaction by using the contactless device to read the current sum of deposits and the current sum of withdrawals from the monotonic counters resident on the smart card. The contactless device compares the sums read from the monotonic counters to the sums calculated using the transaction history (¶ 0023).
Regarding Claim 8. The combination of Jiang and Hendrick further teaches: the system according to claim 1, wherein the server is further configured to validate the cryptographic payload.
Jiang - Preventing fraud during an offline transaction by encoding a randomly-generated card verification code onto a smart card. The verification code is transmitted to a contactless device during each transaction, wherein it is cross-referenced with the account number to ensure presence of the card. Also, every transaction record is signed by an access key resident on the contactless device and certified by a signing key resident on a remote system. Funds may be deposited onto the card when the contactless device creates a deposit request, signs the request using an access key and transmits it to the remote system, which in turn processes the request and certifies it with a signing key. Funds may be withdrawn when the contactless device creates a withdrawal record and signs it using an access key. The remote system verifies the signatures and certifies the records using a signing key when the records are later transmitted (Abstract).
Regarding Claim 9. The combination of Jiang and Hendrick further teaches: the system according to claim 1, wherein the server is further configured to: transmit the cryptographic payload to a validator, and receive a validation result from the validator.
Hendrick - Following user authentication as a result of a match of biometric information or PIN number on the card to a user, the card then displays on its surface the card's stored CID, CVV, PAN, or other security identification number for a prescribed time period, allowing a user to use the card to carry out a transaction, whether CNP or otherwise. These new cards provide added security at a point of sale in a store or other place of business, as the security identification number is displayed following a biometric match of the user to the card. A merchant, for instance, may, in some cases, enter this identification number on its terminal/connected register at the time of making a transaction (¶ 0015).
Regarding Claim 10. The combination of Jiang and Hendrick further teaches: the system according to claim 9, wherein: the validation result indicates that the cryptographic payload fails to be validated, and the server is further configured to not transmit the enhanced transaction message to the transaction processing device.
Hendrick - Following user authentication as a result of a match of biometric information or PIN number on the card to a user, the card then displays on its surface the card's stored CID, CVV, PAN, or other security identification number for a prescribed time period, allowing a user to use the card to carry out a transaction, whether CNP or otherwise. These new cards provide added security at a point of sale in a store or other place of business, as the security identification number is displayed following a biometric match of the user to the card. A merchant, for instance, may, in some cases, enter this identification number on its terminal/connected register at the time of making a transaction (¶ 0015).
Regarding Claim 11. The combination of Jiang and Hendrick further teaches: the system according to claim 1, wherein the cryptographic payload is validated by the transaction processing device.
Hendrick - Following user authentication as a result of a match of biometric information or PIN number on the card to a user, the card then displays on its surface the card's stored CID, CVV, PAN, or other security identification number for a prescribed time period, allowing a user to use the card to carry out a transaction, whether CNP or otherwise. These new cards provide added security at a point of sale in a store or other place of business, as the security identification number is displayed following a biometric match of the user to the card. A merchant, for instance, may, in some cases, enter this identification number on its terminal/connected register at the time of making a transaction (¶ 0015).
Regarding Claim 13. The combination of Jiang and Hendrick further teaches: the method according to claim 12, wherein the transaction message is an ISO20022-supported message.
Jiang - In an exemplary embodiment, NFC communication protocols include, but are not limited to ISO/IEC 14443 type A and/or B technology (hereafter “ISO 14443”), MIFARE technology (hereafter “MIFARE”), and/or ISO/IEC 18092 technology (hereafter “ISO 18092”). ISO 14443 is a communication protocol for contactless devices operating in close proximity with a reader. An ISO 14443 communication protocol is utilized for secure card payments, including but not limited to credit card payments, debit card payments, and other forms of financial card payments. MIFARE is a communication protocol for contactless devices that comply with proprietary device standards that are based on ISO 14443. A MIFARE protocol is utilized for stored function transactions, including but not limited to gift cards, transit cards, tickets, access cards, loyalty cards, and other forms of stored value card transactions. A MIFARE protocol may also be used for limited value-added services. ISO 18092 is a communication protocol for contactless devices operating at higher bit rates, allowing for richer communication between the devices (¶ 0028).
Regarding Claim 14. The combination of Jiang and Hendrick further teaches: the method according to claim 12, wherein the unique card identifier and the cryptographic payload are received via near-field communication (NFC) from the contactless card.
Jiang - In exemplary embodiments, the secure communication channel 130 can comprise communication via a close proximity communication protocol, such as near field communication (NFC), Bluetooth, or Wi-Fi, using appropriate protocols corresponding to those communication methods. In an alternative exemplary embodiment, the secure communication channel 130 can comprise a cellular network (¶ 0027).
Regarding Claim 15. The combination of Jiang and Hendrick further teaches: the method according to claim 12, further comprising: validating the cryptographic payload; and transmitting the enhanced transaction message to the transaction processing device.
Jiang - The user may deposit funds onto the smart card using the contactless device, wherein a merchant operating the contactless device enters the deposit information onto the contactless device, creates a deposit request, signs the deposit request using an access key and transmits a request to the remote system. The transmitted request comprises the card identification information, the access key signature and the amount of the deposit. The remote system confirms the identity of the smart card, processes the request, certifies the request using a signing key and transmits a deposit record to the contactless device, which in turn transmits the deposit record to the smart card (¶ 0007).
Regarding Claim 16. The combination of Jiang and Hendrick further teaches: the method according to claim 12, further comprising: generating an issuer identifier associated with the contactless card; and incorporating the issuer identifier into to the enhanced transaction message.
Hendrick - PAN's are found on payment cards, such as credit cards and debit cards, on stored-value cards, gift cards and other similar cards. PAN's may have a prescribed internal structure, and a prescribed numbering scheme. Bank card numbers are prescribed by ISO/IEC 7812. Bank card numbers identify a card, which is then electronically associated by an issuer with a cardholder, and with a cardholder's bank account (¶ 0018).
Regarding Claim 17. The combination of Jiang and Hendrick further teaches: the method according to claim 16, further comprising: transmitting the issuer identifier, the unique card identifier, and the cryptographic payload to a validator; and receiving a validation result of the cryptographic payload from the validator.
Hendrick - Following user authentication as a result of a match of biometric information or PIN number on the card to a user, the card then displays on its surface the card's stored CID, CVV, PAN, or other security identification number for a prescribed time period, allowing a user to use the card to carry out a transaction, whether CNP or otherwise. These new cards provide added security at a point of sale in a store or other place of business, as the security identification number is displayed following a biometric match of the user to the card. A merchant, for instance, may, in some cases, enter this identification number on its terminal/connected register at the time of making a transaction (¶ 0015).
Regarding Claim 18. The combination of Jiang and Hendrick further teaches: the method according to claim 17, wherein: the validation result indicates that the cryptographic payload is successfully validated, and includes an access token, and the method further comprises: incorporating the access token into the enhanced transaction message, and transmitting the enhanced transaction message to the transaction processing device.
Hendrick - Following user authentication as a result of a match of biometric information or PIN number on the card to a user, the card then displays on its surface the card's stored CID, CVV, PAN, or other security identification number for a prescribed time period, allowing a user to use the card to carry out a transaction, whether CNP or otherwise. These new cards provide added security at a point of sale in a store or other place of business, as the security identification number is displayed following a biometric match of the user to the card. A merchant, for instance, may, in some cases, enter this identification number on its terminal/connected register at the time of making a transaction (¶ 0015).
Regarding Claim 19. The combination of Jiang and Hendrick further teaches: the method according to claim 16, wherein the issuer identifier is associated with the transaction processing device.
Hendrick - PAN's are found on payment cards, such as credit cards and debit cards, on stored-value cards, gift cards and other similar cards. PAN's may have a prescribed internal structure, and a prescribed numbering scheme. Bank card numbers are prescribed by ISO/IEC 7812. Bank card numbers identify a card, which is then electronically associated by an issuer with a cardholder, and with a cardholder's bank account (¶ 0018).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Lin et al. (EP1223565A1) - A method of mutually authenticating a transaction or a message between a Terminal (102) and a Smartcard (104), includes the steps of: transferring key data between a Terminal and a Smartcard; and generating a card key (Kd) at the Terminal (102) based on said key data wherein the generated card key (Kd) is equal to the card key of the Smartcard (104) thereby authenticating a valid Smartcard; and/or generating a Terminal identifier at the Smartcard (104) based on said key data wherein the generated Terminal identifier (IDt) is equal to the Terminal identifier (IDt) of the Terminal (102) thereby authenticating a valid Terminal (102). A Smartcard, a Terminal (102), a Smartcard command set, a method of generating a session key, a dynamic session key, a set of instructions, a Commit command (352, 354) and a roll-back mechanism are provided. This provides a high level of security, ensures data integrity and a fast commit processing and fast transaction time.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTINA C STEVENSON whose telephone number is (571)270-7280. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/C.C.S./Examiner, Art Unit 3698
/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3698