Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
Applicant’s election without traverse of claims 1-12 (Species A) in the reply filed on 09/28/2020 is acknowledged. However, claim 10 remains directed to “initiating an authentication request” and as such is directed to nonelected Species B. Therefore, claim 10 is also withdrawn.
Claims 10 and 13 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected species, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 09/28/2020.
Examiner’s Comment
Intended Use/Functional Language
Claims 1, 2, 4, and 12 contain intended use/functional language and as such will not differentiate claims from the prior art. Applicant(s) are reminded that intended use/functional language is not given patentable weight. MPEP 2114 (II) states: "A claim containing a 'recitation with respect to the manner in which a claimed apparatus is intended to be employed does not differentiate the claimed apparatus from a prior art apparatus’ if the prior art apparatus teaches all the structural limitations of the claim,” See Ex parte Masham, 2 USPQ2d 1647 (Bd. Pat. App. & Inter, 1987).
Claims 1 and 12, “decrypting...to obtain...”, “transmitting...for use in a transaction.”
Claims 2 and 4, “transmitting...for use in a transaction
Claim 12, “a mobile device...programmed to: store...receive...decrypt...generate... and transmit...”
Not Positively Recited
Claims 1 and 3-4 contain not positively recited limitations and as such will not differentiate claims from the prior art (“Towards that goal, we state the next proposition, which is that every limitation positively recited in a claim must be given effect in order to determine what subject matter that claim defines.” In re Wilder, 166 USPQ 545 (C.C.P.A. 1970)).
Claim 1, “storing...an encrypted session key, and an encrypted user authentication credential”
Claim 3, “...generic predetermined values...”
Non-functional Descriptive Material
Claims 3 and 9 contain non-functional descriptive material and as such will not differentiate claims from the prior art. When descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from prior art in terms of patentability (In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP § 2111.05; Cf. In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983)).
Claim 3, “wherein the null user identifier comprises generic predetermined values, and is of the same length as a user identifier.”
Claim 9, “wherein the user authentication credential is a consumer device cardholder verification method dynamic number (CDN).”
Conditional Language
Claims 4 and 11 contain limitations reciting conditional language. The claims do not require that these conditions necessarily be satisfied in every instance in which the method is performed. Conditional limitations do not serve to differentiate the claims from the prior art. Accordingly, once the positively recited steps are satisfied, the method as a whole is satisfied -- regardless of whether or not other steps are conditionally performed under certain other hypothetical scenarios. (In re Johnston, 77 USPQ2d 1788 (CA FC 2006); Intel Corp. v. Int'l Trade Comm'n, 20 USPQ2d 1161 (Fed. Cir. 1991); MPEP § 2103 I C).
Claim 4, “wherein in the event that the user is not authenticated...”
Claim 11, “wherein the user authentication process may comprise...”
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-9 and 11-12 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 1-9 and 11 are directed to a method and claim 12 is directed to a system. Therefore, these claims fall within the four statutory categories of invention.
Claim 1 is directed to the abstract idea of mathematical operations which is grouped within the “mathematical concepts” grouping of abstract ideas in prong one of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance). Claim 1 recites “storing...a session key, and a user authentication credential”, “receiving...an authorization request initiating a user authentication process”, “generating...a transaction cryptogram based on the user authentication credential and the session key”, and “transmitting...the transaction cryptogram and a user 
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of the claim such as encryption/decryption and mobile device merely uses a computer as a tool to perform an abstract idea. The use of encryption/decryption does not improve the functioning or performance of the processor/computer and the use of a processor/computer (mobile device) as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Additionally, the use of encryption/decryption merely performs mathematical operations (e.g. encryption/decryption algorithms) and therefore is itself an abstract idea. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of encryption/decryption and mobile device do not amount to significantly more than the abstract idea. As discussed above, taking the claim elements separately, The use of encryption/decryption does not improve the functioning or performance of the processor/computer and the use of a mobile device does no more than use a processor/computer as a tool to implement the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recites the concept of securing payment credentials. Therefore, the use of these additional elements does no 
Dependent claims 2-9 and 11 further describe characteristics of data or generally encrypt/decrypt data. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible.
The same analysis pertaining to the abstract idea of securing credentials holds true for claim 12 as well, with the additional elements of memory and processor merely using a processor/computer as a tool to implement the abstract idea. Therefore, claim 12 is also not patent eligible.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-9 and 11-12 rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably 
Lack of Algorithm
Claims 1 and 12 lack disclosure within the specification of what algorithms are used for performing certain actions within the claims (MPEP 2161.01 I “In other words, the algorithm or steps/procedure taken to perform the function must be described with sufficient detail so that one of ordinary skill in the art would understand how the inventor intended the function to be performed”).
Regarding claim 1, “receiving...an authorization request initiating a user authentication process...” Paragraph 0067 of the published specification discloses authenticating a user to access a keystore based on initiating a transaction. However, the specification does not disclose how the authorization request “initiates” the user authentication process.
Regarding claim 4, “transmitting...independent of the user authentication credential...” Paragraph 0019 discloses generating a transaction cryptogram independent of the credential and transmitting the cryptogram. However, the specification does not disclose how the cryptogram is transmitted independent of the credential.
Regarding claim 12, “a mobile device comprising a processor programmed to...” Paragraph 0039 discloses a computer program product comprising instructions. However, the specification does not disclose how the mobile device processor is programmed to perform the operations in the claim.
Claims 2-9 and 11 are also rejected due to their dependence on at least claim 1.
Broader than the Specification
Claims 2, 4-5 and 7-8 are silent as to what is performing certain acts within the claims (LizardTech Inc. v. Earth Resource Mapping Inc., 76 USPQ2d 1724 (Fed. Cir. 2005)).	
	Claims 2 and 4, “decrypting...”, “generating...”, “transmitting...”
	Claim 5, “providing...registering...downloading...”
	Claim 7, “...registering...”
	Claim 8, “transmitting...”
The published specification discloses the acts emphasized above as being performed by the mobile device. However, the claim does not. Therefore, the claim is broad enough to read on all possible entities performing the claimed act and as such, the specification does not provide support for the full breadth of the claim.
Claims 3 and 6 are also rejected due to their dependence on at least claim 2 or 5.
New Matter
The amendments to claim 6 introduce new matter not found in the specification in the recitation of:
	Claim 6, “wherein the session key and the user authentication credential are associated with user transaction account.”
	Under broadest reasonable interpretation, “user transaction account” may refer to any and all user transaction accounts. However, paragraphs 0020-0022 disclose a session key and credential associated with a specific transaction account (i.e. the registered user transaction account). Therefore, the specification fails to disclose a session key and user authentication credential associated with any and all user transaction accounts.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-9 and 11-12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Lack of Antecedent Basis
Claims 1 and 12 recite the limitations "the user authentication credential” and “the session key" in “generating...a transaction cryptogram based on the user authentication credential and the session key...” The previous limitation of “decrypting...to obtain a session key...and a authentication credential...” is intended use of the decryption and therefore the credential and key are never positively obtained. Accordingly, there is insufficient antecedent basis for this limitation in the claim.
Claims 2-9 and 11 are also rejected due to their dependence on at least claim 1.
Relative Term
The term "generic" in claim 3 “generic predetermined values” is a relative term which renders the claim indefinite.  The term "generic" is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.  
The term "independent" in claim 4, “generating a transaction cryptogram independent of the user authentication credential,” is a relative term which renders the claim indefinite.  The term "independent" is not defined by the claim, the specification does not provide a standard for 
Hybrid
Claim 12 is indefinite because they are hybrid claims. See MPEP § 2173.05(p) II. In particular, the claims are directed to neither a “process” nor a “machine” but rather embrace or overlap two different statutory classes of invention. This in turn causes confusion regarding when infringement occurs, through limitations that are unclear whether infringement occurs when someone creates or possesses the claimed machine/product or when the claimed machine/product is actually used. See also IPXL Holdings v. Amazon.com, Inc., 430 F.3d 1377, 77 USPQ2d 1140 (Fed. Cir. 2005).
Evidence to support a position that claim 12 is drawn to a product includes the recitation of “A system...” Conversely, evidence to support a position that claim 12 is drawn to a process includes recitation of:
Claim 12, “decrypt...to obtain a session key... and a user authentication credential”, “transmit...for use in a transaction.”
In light of this conflicting evidence, a person of ordinary skill in the art could reasonably interpret claim 12 to be drawn to either a product or process.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-4, 8-9, and 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Cateland et al. (WO 2015/084755; hereinafter Cateland) in view of Evans (US 2012/0023024; hereinafter Evans).
Regarding claims 1 and 12, Cateland teaches: A method and system for generating transaction credentials for a user in a transaction, comprising:
storing, by a mobile device, an encrypted session key ("single use key"), and an encrypted user authentication credential ("PIN") (Fig. 3, 0059-0061, 0072, 0074, 0084, 0087);
receiving, by the mobile device, an authorization request initiating a user authentication process (0088, 0132);

and transmitting, by the mobile device, the transaction cryptogram and a user authentication status to a transaction processing entity for use in a transaction (0064, 0089, 0131).
Cateland does not teach: decrypting, by the mobile device, the encrypted session key and encrypted user authentication credential to obtain a session key from the encrypted session key and a user authentication credential from the encrypted user authentication credential;
However, in the same field of endeavor, Evans teaches: decrypting, by the mobile device, the encrypted session key and encrypted user authentication credential to obtain a session key from the encrypted session key and a user authentication credential from the encrypted user authentication credential (0022-0023, 0071, 0077);
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify claims 1 and 12 disclosed by Cateland by including decrypting account profiles as disclosed by Evans. One of ordinary skill in the art would have been motivated to make this modification as a simple substitution of one know element for another to obtain predictable results (KSR International Co. v. Teleflex Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007)).
Regarding claim 2, Cateland and Evans teach: The method of claim 1, wherein the method further comprises; decrypting the encrypted session key (Evans 0022-0023, 0071, 0077);
generating the transaction cryptogram based further on a null user identifier and the session key (Cateland 0043, 0088, 0132);

Regarding claim 3, Cateland teaches: The method of claim 2, wherein the null user identifier comprises generic predetermined values, and is of the same length as a user identifier (0064).
Regarding claim 4, the claim recites the conditional language “wherein in the event...” Therefore, under broadest reasonable interpretation, the following steps of “decrypting...”, “generating...”, and “transmitting...” do not occur (see MPEP 2103 I C). Accordingly, as Cateland and Evans teach all of claim 1, Cateland and Evans necessarily teach claim all of 4 as well.
Additionally, Cateland and Evans teach: The method of claim 1, wherein in the event that the user is not authenticated the method comprises; decrypting the encrypted session key (Evans 0022-0023, 0071, 0077);
generating a transaction cryptogram ("first application cryptogram") independent of the user authentication credential (Cateland 0043, 0088, 0130);
and transmitting the transaction cryptogram independent of the user authentication credential to the transaction processing entity for use in a transaction (Cateland 0089, 0131).
Regarding claim 8, Cateland teaches: The method of claim 1, comprising transmitting the transaction cryptogram and the user authentication status from an application of the mobile device to a transaction management system (TMS) (0089, 0131).
Regarding claim 9, Cateland teaches: The method of claim 1, wherein the user authentication credential is a consumer device cardholder verification method dynamic number (CDN) (0064).
.
Claims 5-7 are rejected under 35 U.S.C. 103 as being unpatentable over Cateland and Evans as applied to claim 1 above, and further in view of Collinge et al. (US 2013/0262317; hereinafter Collinge).
Regarding claim 5, Cateland and Evans teach: The method of claim 1.
Cateland and Evans do not teach: wherein the method comprises a user registration process, the user registration process comprising; providing user information to the transaction processing entity, registering a transaction account associated with the user, at the transaction processing entity, downloading an application associated with the transaction processing entity to the mobile device.
However, in the same field of endeavor, Collinge teaches: The method of claim 1, wherein the method comprises a user registration process, the user registration process comprising; providing user information to the transaction processing entity (0065, 0089-0090), registering a transaction account associated with the user, at the transaction processing entity (0065, 0089-0090), downloading an application associated with the transaction processing entity to the mobile device (0065-0066).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify claim 5 disclosed by Cateland and Evans by including registering the user as disclosed by Collinge. One of ordinary skill in the art would have been 
	Regarding claim 6, Cateland teaches: The method of claim 5, wherein the session key and the user authentication credential are associated with user transaction account (0059, 0064).
Regarding claim 7, Collinge teaches: The method of claim 5, wherein the user registration process comprises registering a plurality of transaction accounts associated with the user, at the transaction processing entity (0065, 0089-0090).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAYLOR RAK whose telephone number is (571)270-1575.  The examiner can normally be reached on Monday-Friday 9:30-5:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin L Hewitt II can be reached on (571)-272-6709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to 




/T.R./Examiner, Art Unit 3685                                                                                                                                                                                                        
/CALVIN L HEWITT II/Supervisory Patent Examiner, Art Unit 3685