Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments/Amendments
Regarding amendments to claim 15, the claim introduces new matter not found in the specification in the recitation of:
	Claim 15, “A computer program product for conducting a transaction with a mobile device, comprising at least one non-transitory computer-readable medium including program instructions that when executed by at least one processor, cause the at least one processor to perform operations comprising: ... receiving the cryptogram from the point-of-sale system; generating a recreated limited use key based on stored biometric data associated with the user; generating a recreated cryptogram based at least partially on the recreated limited use key and the transaction data corresponding to the transaction between the user and the merchant; comparing the recreated cryptogram and the cryptogram received from the mobile device; determining whether the recreated cryptogram matches the cryptogram received from the mobile device; and in response to determining that the recreated cryptogram matches the cryptogram received by the point-of-sale system from the mobile device, generate an authorization request message and communicate the authorization request message to an issuer system.”
	Paragraphs 0081-0085 and Fig. 3 disclose the limitations emphasized above as being performed by the transaction processing system and the limitations prior to those cited as being performed by the mobile device. However, claim 15 is directed to a singular computer program product operating on at least one processor. Therefore, under broadest reasonable interpretation, all the operations of claim 15 could be performed by only one entity (e.g. the mobile device or 
	For purposes of examination and in line with the disclosure of the specification, claim 15 and its dependents will be treated identically to claims 1 and 8 (i.e. where the operations are performed by a combination of the mobile device and transaction processing system).
Regarding rejection of the claims under 35 USC 103 over Prakash in view of Bjorn, Applicant appears to interpret Bjorn as teaching the limitation of generating the cryptogram based on a limited use key. However, Examiner clarifies that Bjorn was not cited as teaching generation of the cryptogram but instead cited for generation of the limited use key using biometric information (see Fig. 6, Col 3 line 18-25, Col 7 line 28-45). Rather, paragraphs 0029, 0031, 0050, and 0054-0055 of Prakash teach generating, by the mobile device, a cryptogram based at least partially on the limited use key and the transaction data. Therefore, the rejection is maintained with the addition of Gemalto SA to teach the recent amendments.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 15-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
New Matter
The amendments to claim 15 introduce new matter not found in the specification in the recitation of:
	Claim 15, “A computer program product for conducting a transaction with a mobile device, comprising at least one non-transitory computer-readable medium including program instructions that when executed by at least one processor, cause the at least one processor to perform operations comprising: ...receiving the cryptogram from the point-of-sale system; generating a recreated limited use key based on stored biometric data associated with the user; generating a recreated cryptogram based at least partially on the recreated limited use key and the transaction data corresponding to the transaction between the user and the merchant; comparing the recreated cryptogram and the cryptogram received from the mobile device; determining whether the recreated cryptogram matches the cryptogram received from the mobile device; and in response to determining that the recreated cryptogram matches the cryptogram received by the point-of-sale system from the mobile device, generate an authorization request message and communicate the authorization request message to an issuer system.”
	Claims 16-20 are also rejected due to their dependence on at least claim 15.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 7 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Unclear Scope
Claim 7 includes limitations directed to “at least one processor.” However, claim 1, from which claim 7 depends, is directed to a “mobile device” and “transaction processing server.” It is unclear whether the “at least one processor” is a processor of the mobile device, a processor of the transaction processing system, or a third separate, distinct processor. Therefore, the scope of claim 7 is unclear (In re Zletz, 13 USPQ2d 1320 (Fed. Cir. 1989)).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 3, 5-6, 8, 10, 12-13, 15, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Prakash et al. (US 2016/0092872; hereinafter Prakash) in view of Gemalto SA (WO 2017/102142; hereinafter Gemalto) and Bjorn (USP 6035398; hereinafter Bjorn).
Regarding claims 1, 8, and 15, Prakash teaches: A computer-implemented method, system and computer program product for conducting a transaction with a mobile device, comprising: receiving, by the mobile device, transaction data from a point-of-sale system via a wireless communication with the mobile device, the transaction data corresponding to a transaction between the user and a merchant (0053-0054);
generating, by the mobile device, a cryptogram based at least partially on the limited use key and the transaction data (0029, 0031, 0050, 0054-0055);
and communicating, by the mobile device, the cryptogram to the point-of- sale system via the wireless communication (0053, 0055);
Prakash does not teach: receiving, by a transaction processing system, the cryptogram from the point-of-sale system;
generating, by the transaction processing system, a recreated cryptogram based at least partially on the recreated limited use key and the transaction data corresponding to the transaction between the user and the merchant;
comparing, by the transaction processing system, the recreated cryptogram and the cryptogram received from the mobile device;
determining, by the transaction processing system, whether the recreated cryptogram matches the cryptogram received from the mobile device;
and in response to determining that the recreated cryptogram matches the cryptogram received by the point-of-sale system from the mobile device, generating an authorization request message and communicating the authorization request message to an issuer system.
However, in the same field of endeavor, Gemalto teaches: receiving, by a transaction processing system, the cryptogram from the point-of-sale system (Fig. 4, Page 9 line 15-28, Page 12 line 10-14);
generating, by the transaction processing system, a recreated cryptogram based at least partially on the recreated limited use key and the transaction data corresponding to the transaction between the user and the merchant (Fig. 4, Page 13 line 13-24, Page 14 line 1-7, Page 14 line 17-19);
comparing, by the transaction processing system, the recreated cryptogram and the cryptogram received from the mobile device (Fig. 4, Page 14 line 8-19);
determining, by the transaction processing system, whether the recreated cryptogram matches the cryptogram received from the mobile device (Fig. 4, Page 14 line 8-19);
and in response to determining that the recreated cryptogram matches the cryptogram received by the point-of-sale system from the mobile device, generating an authorization request message and communicating the authorization request message to an issuer system (Page 15 line 7-20).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify claims 1, 8, and 15 disclosed by Prakash by including recreating and matching the cryptogram on the transaction processing system as disclosed by Gemalto. One of ordinary skill in the art would have been motivated to make this modification to prevent a need for storing authentication credentials on the transaction processing system (Gemalto Page 1 line 12-23).
Prakash also does not teach: generating, by the mobile device, a limited use key based at least partially on at least one biometric input from a user;
generating, by the transaction processing system, a recreated limited use key based on stored biometric data associated with the user;
However, in the same field of endeavor, Bjorn teaches: generating, by the mobile device, a limited use key based at least partially on at least one biometric input from a user (Fig. 6, Col 3 line 18-25, Col 7 line 28-45);
generating, by the transaction processing system, a recreated limited use key based on stored biometric data associated with the user (Fig. 6, Col 3 line 18-25, Col 7 line 28-45);
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify claims 1, 8, and 15 disclosed by Prakash by including generating limited use keys based on biometrics as disclosed by Bjorn. One of ordinary skill in the art would have been motivated to make this modification to provide secure local key generation (Bjorn Col 1 line 27-36).
Regarding claims 3, 10, and 17, Prakash in view of Gemalto and Bjorn teaches all the limitations of claims 1, 8, and 15. Prakash further discloses: wherein the transaction data comprises a transaction time, and wherein the cryptogram is generated based at least partially on the transaction time (0021, 0032, 0054).
Regarding claims 5, 12, and 19, Prakash in view of Gemalto and Bjorn teaches all the limitations of claims 1, 8, and 15. Bjorn further discloses: wherein the at least one biometric input comprises at least one of the following: a spoken word or phrase, a fingerprint, a retina, an iris, a face, or any combination thereof (Fig. 6, Col 7 line 28-45).
Regarding claims 6 and 13, Prakash in view of Gemalto and Bjorn teaches all the limitations of claims 1, 8, and 15. Prakash further discloses: authenticating the transaction using the cryptogram (0055-0059).
Claims 2, 4, 7, 9, 11, 14, 16, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Prakash in view of Gemalto and Bjorn as applied to claims 1, 8, and 15 above, and further in view of Govindarajan et al. (US 2019/0095907; hereinafter Govindarajan).
Regarding claims 2, 9, and 16, Prakash in view of Gemalto and Bjorn teaches all the limitations of claims 1, 8, and 15.
Prakash in view of Gemalto and Bjorn does not teach: wherein the mobile device generates the limited use key and the cryptogram while offline.
However, in the same field of endeavor, Govindarajan teaches: wherein the mobile device generates the limited use key and the cryptogram while offline (Abstract, 0024).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify claims 2, 9, and 16 disclosed by Prakash in view of Gemalto and Bjorn by including generating a limited use key offline as disclosed by Govindarajan. One of ordinary skill in the art would have been motivated to make this modification to allow conducting transactions without an Internet connection (Govindarajan 0003).
Regarding claims 4, 11, and 18, Prakash in view of Gemalto and Bjorn teaches all the limitations of claims 1, 8, and 15. Govindarajan further discloses: wherein the cryptogram is generated based at least partially on a device identifier of the mobile device (0024, 0038, 0051).
Regarding claims 7, 14, and 20, Prakash in view of Gemalto and Bjorn teaches all the limitations of claims 1, 8, and 15. Govindarajan further discloses: generating, with at least one processor, an account registration message comprising the at least one biometric input (0037-0038);
and communicating, with at least one processor, the account registration message to the issuer system, wherein the account registration message is generated and communicated prior to generating the limited use key (0037-0038).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAYLOR RAK whose telephone number is (571)270-1575.  The examiner can normally be reached on Monday-Friday 9:30-5:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571)-272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/T.R./Examiner, Art Unit 3685

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685