DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Acknowledgements
This communication is in response to claim amendments and applicant’s remarks filed on 02/04/2021.
Claims 1, 17, 20, 23-25, and 27 have been amended.
No claims have been added or cancelled.
Claims 1-6 and 17-30 are presented for examination on the merits.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 1-3, 17-19, 21-23, 26, and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Antunovic et al.  (US 20170200149), in view of Dunjic et al. (US 20190108511), further in view of Apple (“Apple”) (“Set up Apple Pay”, Apple.com, published on Feb 26, 2018); Apple (“Apple”) (“Using Apple Pay in store”, Apple.com, published on Oct 6, 2017) which is incorporated by reference in its entirety by “Set up Apple Pay”), Bishop et al. (US 20060012473), Yu et al. (US 6067621), and Maddocks (US 20100308109).
Regarding claim 1, Antunovic discloses:
          initiating, by a mobile device, a wireless communication to verify a contactless card using near field communication (NFC) (By disclosing, mobile devices can be used to carry out contactless communication with contactless card via NFC; a consumer presents his/her card to the terminal of a merchant which initiates a communication; a communication between a digital reader of the ;        
          receiving, at the mobile device, a response from the authentication server verifying the identity of the contactless card based on the cryptogram (By disclosing, an issuer sends an authorization response to the contactless card; the authorization response authenticates the card; the card can be associated with a mobile device (See at least paragraph [0083]-[0084] and [0021] of Antunovic));
          wherein the generation of the cryptogram and the received response from the authentication server is based on a payment protocol (By disclosing, the generated cryptogram is the result of card, terminal, and transaction data encrypted by a Data Encryption Standard (DES) key”; “[t]he issuer 2010 then carries out issuer processing and decisioning based on … and provides an appropriate authorization request response, ISO 8583 MTI 0110” (See at least paragraph [0084] and [0059] of Antunovic)); 
           wherein the response conforms to the payment format (By disclosing, “[t]he issuer 2010 then carries out issuer processing and decisioning based on … and provides an appropriate authorization request response, ISO 8583 MTI 0110” (See at least paragraph [0059] of Antunovic)); and
          updating, by the mobile device, the ATC based on the card verification using the payment protocol (By disclosing, “[t]he application cryptogram returned in step 318 may be based, in part, on the application transaction counter (ATC), 
           Antunovic does not disclose:
           receiving, at the mobile device and as part of the wireless communication, a plurality of inputs, including an application transaction counter (ATC);
           receiving, at the mobile device, a request comprising a non-payment event, the non-payment event comprising modifying a personal identification number (PIN) of the contactless card;
           generating, with the mobile device, a cryptogram based on the plurality of inputs of the wireless communication and a symmetric key associated with the card;
          transmitting, by the mobile device, a message comprising the request and the cryptogram to an authentication server, wherein the message conforms to a payment format;
          wherein the response reflects the modification of the PIN of the contactless card;
           wherein the wireless communication and the card verification is distinct from completing a payment in relation to the payment protocol; 
           wherein the ATC is updated by incrementing the ATC by a predefined value associated with the card, wherein the contactless card is one of a plurality of contactless cards, wherein each contactless card is associated with a different predefined value; and
          synchronizing the updated ATC with the authentication server by incrementing the ATC of the authentication server based on the predefined value associated with the card.
          However, Dunjic teaches:
          receiving, at the mobile device and as part of the wireless communication, a plurality of inputs, including an application transaction counter (ATC) (By disclosing, a mobile electronic device generates a session key; “the session key may be generated by applying a cryptographic hash function one or more times using the fingerprint, the secret value, the payment token, and the transaction counter as inputs”; and “the transaction counter may be an EMV application transaction counter (ATC)” (See at least para. [0024], [0092], and [0089] of Dunjic)); 
          generating, with the mobile device, a cryptogram based on the ATC, the remaining plurality of inputs of the wireless communication and a symmetric key associated with the card (By disclosing, “the cryptogram having been generated by the electronic device using a session key generated by the electronic device based on a fingerprint of the electronic device, a secret value previously shared with the electronic device, the payment token, and a transaction counter”; and “Session keys are symmetric keys used for encrypting messages in a single communication session” (See at least para. [0024] and [0002] of Dunjic)); 
           transmitting, by the mobile device, a message comprising the cryptogram to an authentication server, wherein the message conforms to a payment format (By disclosing, a mobile device send a reply which includes the cryptogram and a payment token; the replay conforms to an EMV standard; the cryptogram and the payment token are transmitted to an authentication server (See at least paragraph [0118]-[0122] of Dunjic)).
            Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of receiving, at the mobile device and as part of the wireless communication, a plurality of inputs, including an application transaction counter (ATC); generating, with the mobile device, a cryptogram based on the plurality of inputs of the wireless communication and a symmetric key associated with the card; and transmitting, by the mobile device, a message comprising the cryptogram to an authentication server as discloses by Dunjic. Doing so would allow the generated cryptogram in accordance with standards published by card networks and increase the security of communications.
           Apple teaches:
           wherein the wireless communication and the card verification is distinct from completing a payment in relation to the payment protocol (By disclosing, a user can tap “+” and “next” on a mobile wallet application to communicate with a bank to get the card verified by the bank and add the card to the wallet application; and the card can be used for payment after the card verification by 
           It would also have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to make the wireless communication and the card verification distinct from completing a payment in relation to the payment protocol as discloses by Apple. Doing so would improve the invention by allowing the card verification and the payment transaction performed in different processes and make the card get verified before future transactions.
          Further, Bishop teaches:
          wherein the ATC is updated by incrementing the ATC by a predefined value associated with the card, wherein the contactless card is one of a plurality of contactless cards, wherein each contactless card is associated with a different predefined value (By disclosing, “RFID transaction device 102 in accordance with the present invention further includes a counter 118 for recording and reporting the number of transactions performed with a particular transaction device 102. Counter 118 may be any device capable of being initiated with a beginning value and incrementing that value by a predetermined amount when transaction device 102 is presented for completion of a transaction”; and “account issuer 112 may .
          It would also have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of updating the ATC by a predefined value which is unique to the transaction card and synchronizing an updated counter with an authentication server as discloses by Bishop.  Doing so would results in an improved invention because this can make it harder for a replay attacker to generate fraud card information.
          Yu teaches:
          synchronizing the updated ATC with the authentication server by incrementing the ATC of the authentication server based on the predefined value (By disclosing, “The counter memory 127 stores a counter value for synchronizing the terminal 120 with the server 140” (See at least Col. 7 lines 36-39, and Col 8 lines 9-67 of Yu)).
           It would also have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic in view of Yu to include techniques of synchronizing an updated counter with an authentication server based on a predefined value associated with a card.  Doing so would results in an improved invention because the authentication server can use the synchronized counter received from a user to compare with a counter 
         And Maddocks teaches:
         receiving, at the mobile device, a request comprising a non-payment event, the non-payment event comprising modifying a personal identification number (PIN) of the contactless card (By disclosing, “A PIN engine can receive the new PIN or request to change the PIN from the user interface 224 through the Message creator 228” (See at least paragraph [0039] of Maddocks)); 
         transmitting, by the mobile device, the request to an authentication server (By disclosing, “the message creator 228 automatically sends the message through the user 200 to the PIN management system 222” (See at least paragraph [0039] of Maddocks)); and
         wherein the response reflects the modification of the PIN of the contactless card (By disclosing, “the user inserts their smart card into a stand-alone smart card reader device, which produces a cryptogram for the Issuer's PIN change management system and waits for a response cryptogram in order to complete the PIN change execution” and “the new PIN value is embedded within the response cryptogram from the Issuer’s PIN change management system” (See at least paragraph [0005] and [0007] of Maddocks)).
         It would also have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic in view of Maddocks to include techniques of receiving, at the mobile device, a 

Regarding claim 2, Antunovic further discloses:
the card having a radio frequency identification (RFID) chip, the card being within an NFC range of a digital reader associated with a computer device wherein the cryptogram is an authorization request cryptogram (ARQC) (By disclosing, “Card 112 can include an IC chip 114 having a processor portion 116 and a memory portion 118. An antenna 120 can be provided for contactless communication, such as, for example, using radio frequency (RF) electromagnetic waves”; the contactless card 112 can be NFC (Near Field Communications) proximity cards; a digital reader coupled to a processor can communicate with the card; and the cryptogram is an authorization request cryptogram (See at least paragraph [0021], [0032], [0027], and [0083] of Antunovic)).  

Regarding claim 3, Antunovic further discloses:
the verification of the contactless card is determined from the received response from the authentication server (By disclosing, “[t]he issuer authorization request response is used as an issuer confirmation that the open-loop device is valid and can be used in the transit environment”; and the open-loop device is the contactless card (See at least paragraph [0112] of Antunovic)).  

Regarding claim 17, Antunovic discloses:
          a host system associated with an issuer of a card associated with a user, the host system including a non-transitory computer-readable storage medium storing computer-readable program code executable by a processor to (See at least paragraph [0147]-[0148] of Antunovic): 
         receive, at an authentication server, a communication data associated with a card verification communication initiated by i) an application associated with the card and ii) at least one computer device (By disclosing, a consumer presents his/her card to the terminal of a merchant which initiates a communication; the card can be associates with an application on a mobile phone; an authorization request cryptogram is generated and sent to an issuer server for card authentication (See at least paragraph [0048], [0155], and [0083] of Antunovic)), 
          the communication data including
          i) an application transaction counter (ATC) (By disclosing, an ATC is included in the cryptogram (See at least paragraph [0083] of Antunovic)), and 
  transmit a response from the authentication server verifying the card based on the received cryptogram, wherein the transmitted response is based on recreating the cryptogram by the authentication server in response to receiving the communication data (By disclosing, an issuer server generates an authorization response cryptogram (ARPC) based on an received authorization request cryptogram (ARQC); the issuer server sends the ARPC which authorizes the card (See at least paragraph [0083]-[0084] of Antunovic));
          wherein the transmitted response conforms to the payment format (By disclosing, “[t]he issuer 2010 then carries out issuer processing and decisioning based on … and provides an appropriate authorization request response, ISO 8583 MTI 0110” (See at least paragraph [0059] of Antunovic));
          wherein the cryptogram and the transmitted response from the authentication server are based on a payment protocol (By disclosing, the generated cryptogram is the result of card, terminal, and transaction data encrypted by a Data Encryption Standard (DES) key”; “[t]he issuer 2010 then carries out issuer processing and decisioning based on … and provides an appropriate authorization request response, ISO 8583 MTI 0110” (See at least paragraph [0084] and [0059] of Antunovic)).
           Antunovic does not disclose:
           the communication data including ii) a cryptogram based on a plurality of inputs of the communication and a symmetric key associated with the card, the communication data confirming to a payment format;
 (iii) a request comprising a non-payment event, the non-payment event comprising modifying a personal identification number (PIN) of the card;
           wherein the response reflects the modification of the PIN of the card;
           wherein the card verification is distinct from completing a payment in relation to the payment protocol;
           storing an indication that the card has been verified; 
           updating, by the authentication server, the ATC based on the card verification using the payment protocol, wherein the ATC is updated by incrementing the ATC by a predefined value associated with the card, wherein the contactless card is one of a plurality of contactless cards, wherein each contactless card is associated with a different predefined value; and
          synchronizing the updated ATC with the application.
           However, Dunjic teaches:
          the communication data including ii) a cryptogram based on a plurality of inputs of the communication, the ATC, and a symmetric key associated with the card, the communication data confirming to a payment format (By disclosing, a mobile device send a reply which includes the cryptogram and a payment token; “the cryptogram having been generated by the electronic device using a session key generated by the electronic device based on a fingerprint of the electronic device, a secret value previously shared with the electronic device, the payment token, and a transaction counter”; “Session keys are symmetric keys used for 
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include a cryptogram based on a plurality of inputs of the communication and a symmetric key associated with the card in the communication data as discloses by Dunjic. Doing so would allow the generated cryptogram in accordance with standards published by card networks and increase the security of communications.
          And Apple teaches:
          wherein the card verification is distinct from completing a payment in relation to the payment protocol (By disclosing, a user can tap “+” and “next” on a mobile wallet application to communicate with a bank to get the card verified by the bank and add the card to the wallet application; and the card can be used for payment after the card verification by holding the mobile phone within a certain range of a contactless reader, which is distinct from the wireless communication and card verification method (See at least section “Add a card on your iPhone” of “Sep up Apple Pay” and “Pay with iPhone” of “Using Apple Pay in store” of Apple)); and
storing an indication that the card has been verified (By disclosing, a user add a card on a mobile device to get verified by a bank and the bank verified the card so the user can use the card for future transactions, which infers that an indication that the card has been verified is stored at the bank server (See at least section “Add a card on your iPhone” of “Sep up Apple Pay” and “Pay with iPhone” of “Using Apple Pay in store” of Apple)).
          It would also have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to make the wireless communication and the card verification distinct from completing a payment in relation to the payment protocol and storing an indication that the card has been verified as discloses by Apple. Doing so would allow the card verification and the payment transaction performed in different processes and make the card get verified for future transactions.
          Further, Bishop teaches:
          wherein the ATC is updated by incrementing the ATC by a predefined value associated with the card, wherein the contactless card is one of a plurality of contactless cards, wherein each contactless card is associated with a different predefined value (By disclosing, “RFID transaction device 102 in accordance with the present invention further includes a counter 118 for recording and reporting the number of transactions performed with a particular transaction device 102. Counter 118 may be any device capable of being initiated with a beginning value and incrementing that value by a predetermined amount when transaction device .
          It would also have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of updating the ATC by a predefined value which is unique to the transaction card and synchronizing an updated counter with an authentication server as discloses by Bishop.  Doing so would results in an improved invention because this can make it harder for a replay attacker to generate fraud card information.
          Yu teaches:
          updating, by the authentication server, the ATC based on the card verification using the payment protocol (By disclosing, “The server 140 increase the counter value and the random number, calculates the password, and compares the password with the password transferred by the user in units of the period of the counter in order to compensate for this” (See at least Col 10 Line 62-Col 13 Line 4 of Yu)); and
          synchronizing the updated ATC with the application by incrementing the ATC of the application based on the predefined value (By disclosing, “The counter memory 127 stores a counter value for synchronizing the terminal 120 with the server 140”; and “The present invention is easily implemented as 
           It would also have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic in view of Yu to include techniques of synchronizing an updated counter with an application by incrementing the ATC of the application based on the predefined value.  Doing so would results in an improved invention because the authentication server can use the synchronized counter received from a user to compare with a counter value of the authentication server in order to authenticate the user (Col 8 lines 9-67 of Yu).
         And Maddocks teaches:
         receiving, at an authentication server, (iii) a request comprising a non-payment event, the non-payment event comprising modifying a personal identification number (PIN) of the card (By disclosing, “The PIN change management system 222 receives a PIN change request message in step 504” (See at least paragraph [0059] of Maddocks)); and
         wherein the response reflects the modification of the PIN of the contactless card (By disclosing, “the user inserts their smart card into a stand-alone smart card reader device, which produces a cryptogram for the Issuer's PIN change management system and waits for a response cryptogram in order to complete the PIN change execution” and “the new PIN value is embedded within the .
         It would also have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic in view of Maddocks to include techniques of receiving, at an authentication server, a request comprising a non-payment event, the non-payment event comprising modifying a personal identification number (PIN) of the contactless card; and a response received from the authentication server reflects the modification of the PIN of the contactless card.  Doing so would results in an improved invention because this would allow the user to change the PIN periodically, thus increasing the security of using the payment card.

Regarding claim 18, Antunovic further discloses:
          the cryptogram is an authorization request cryptogram (ARQC) (See at least paragraph [0083] of Antunovic).  

Regarding claim 19, Antunovic further discloses:
          the card verification is determined from the transmitted response from the authentication server (By disclosing, “[t]he issuer authorization request response is used as an issuer confirmation that the open-loop device is valid and can be used in the transit environment”; and the open-loop device is the contactless card (See at least paragraph [0112] of Antunovic)).   
Regarding claim 21, Antunovic further discloses:
          the initiation of the wireless communication is based on a first tap (By disclosing, “card 112 can be touched or tapped on the terminal 124 or 128 (or an associated reader), which then contactlessly transmits the electronic data to the proximity IC chip in the card 112 or other wireless device” (See at least paragraph [0032] of Antunovic)).  

Regarding claim 22, Antunovic further discloses:
          the verification of the contactless card is determined from the received response from the authentication server (By disclosing, “[t]he issuer authorization request response is used as an issuer confirmation that the open-loop device is valid and can be used in the transit environment”; and the open-loop device is the contactless card (See at least paragraph [0112] of Antunovic)).   

Regarding claim 26, Antunovic further discloses:
          the card verification is determined from the transmitted response from the authentication server (By disclosing, “[t]he issuer authorization request response is used as an issuer confirmation that the open-loop device is valid and can be used in the transit environment”; and the open-loop device is the contactless card (See at least paragraph [0112] of Antunovic)).  

Regarding claim 30, Antunovic further discloses:
         the card verification is associated with an updated ATC (See at least paragraph [0081]-[0084] of Antunovic).

Claims 4 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Antunovic et al.  (US 20170200149), in view of Dunjic et al. (US 20190108511), further in view of Apple (“Apple”) (“Set up Apple Pay”, Apple.com, published on Feb 26, 2018); Apple (“Apple”) (“Using Apple Pay in store”, Apple.com, published on Oct 6, 2017) which is incorporated by reference in its entirety by “Set up Apple Pay”), Bishop et al. (US 20060012473), Yu et al. (US 6067621), Maddocks (US 20100308109), and Dimmick (US 20140164254).
Regarding claim 4, Antunovic further discloses:
          wherein the payment format is associated with the payment protocol (See at least paragraph [0039] of Antunovic); and
          an updated version of the ATC (By disclosing, an ATC “which increments every transaction” and an issuer can verify that the cryptogram received from the card is not an old cryptogram (See at least paragraph [0081] of Antunovic)).
         Antunovic does not disclose:
         wherein the message includes a predefined transaction value to mimic the payment protocol to verify the identity of the card without completing a payment;
         updating, by the authentication server, the ATC by incrementing the ATC; and
storing the ATC on a host device associated with the authentication server.
         However, Yu teaches:
         updating, by the authentication server, the ATC by incrementing the ATC (By disclosing, “The server 140 increase the counter value and the random number, calculates the password, and compares the password with the password transferred by the user in units of the period of the counter in order to compensate for this” (See at least Col 10 Line 62-Col 13 Line 4 of Yu)).
         Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of updating, by the authentication server, the ATC by incrementing the ATC as discloses by Yu.  Doing so would results in an improved invention because the authentication server can use the synchronized counter received from a user to compare with a counter value of the authentication server in order to authenticate the user (Col 8 lines 9-67 of Yu).
         And Dunjic teaches:
         storing the ATC on a host device associated with the authentication server (By disclosing, the ATC may be maintained by the payment account issuer (See at least paragraph [0089] of Dunjic)) (Note: the combination of payment account issuer computer system 930 and the computer server system 110 of the Dunjic prior art can be the host device of the claimed invention).  
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of storing an ATC on a host device associated with the authentication server as discloses by Dunjic.  Doing so would allow issuer ensure that the cryptogram produced by the card is not a previous cryptogram, thus decrease the possibility of replay attack.
          Further, Dimmick teaches:
          wherein the message includes a predefined transaction value to mimic the payment protocol to verify the identity of the card without completing a payment (By disclosing, “The zero dollar authorization request message may be sent to an issuer in some embodiments. In one embodiment, a zero dollar transaction (i.e., an authorization request message with a zero dollar amount) may provide an effective means for verification of the payment account number, personal identifier, address verification (AVS) and a card verification value (CVV, CVV2, or other variants, etc.). In one embodiment, the zero dollar authorization request message may include transaction details as well as a personal identifier provided by a consumer for authentication” (See at least paragraph [0032] of Dimmick)).
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic in view of Dimmick to include techniques of wherein the message includes a predefined transaction value to mimic the payment protocol to verify the identity of the card without completing a payment
Regarding claim 23, Antunovic further discloses:
         the identity verification is based on an updated ATC (See at least paragraph [0081]-[0084] of Antunovic); 
          receiving, by the authentication server, an indication of a first payment event associated with the card (By disclosing, “As shown at 351, pertinent data (typically, a suitable card identifier, account-related data, and transaction-related data) is supplied by the reader to the terminal for inclusion in the authorization request or clearing record. For online card authentication, the cryptogram generated by the card that is included in the pertinent data is an ARQC (Authorization ReQuest Cryptogram); it is included in an authorization request sent to the issuer 2010 at 353” (See at least paragraph [0083] and Fig. 10 of Antunovic)); and
          approving, by the authentication server, the first payment event based at least in part on successful authentication (By disclosing, “The merchant utilizes the PAN to initiate an authorization request, and upon receiving an authorization request response indicating approval, will complete the e-commerce transaction” (See at least paragraph [0034] of Antunovic)). 
          Antunovic does not disclose:
          wherein the message includes a predefined transaction value to mimic the payment protocol to verify the identity of the card without completing a payment; and
          authenticating based on the synchronization of the updated ATC.

          a predefined transaction value to mimic the payment protocol to verify the identity of the card without completing a payment (By disclosing, “A "zero dollar authorization request message" may be an electronic message that is used to verify the identity of the consumer and/or the validity of a payment account” (See at least paragraph [0032] of Dimmick)).
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic in view of Dimmick to include a message includes a predefined transaction value to mimic the payment protocol to verify the identity of the card without completing a payment. Doing so would results in an improved invention because this would the identity of a consumer and/or the validity of a payment card to be verified before perform the real payment transaction, thus improving the security of the transaction.
          And Yu teaches:
          authenticating based on the synchronization of the updated ATC (By disclosing, “The server 140 receives the one-time password transferred by the user through the password receiver 142 at step 700. Then, the server 140 extracts the counter value from the data bit stream received by the counter extractor 148 at step 710 and synchronizes with the terminal 120. The server 140 generates a one-time password by the same method as in the terminal, using the synchronized random number and secret number at step 720. Since the process 
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic in view of Yu to include techniques of approving, by the authentication server, the first payment event based at least in part on the synchronization of the updated ATC.  Doing so would results in an improved invention because this would improve resistance to replay attacks, thus improving the security of the claimed invention.

Claims 5, 24, and 27-29 are rejected under 35 U.S.C. 103 as being unpatentable over Antunovic et al.  (US 20170200149), in view of Dunjic et al. (US 20190108511), further in view of Apple (“Apple”) (“Set up Apple Pay”, Apple.com, published on Feb 26, 2018); Apple (“Apple”) (“Using Apple Pay in store”, Apple.com, published on Oct 6, 2017) which is incorporated by reference in its entirety by “Set up Apple Pay”), Bishop et al. (US 20060012473), Yu et al. (US 6067621), Maddocks (US 20100308109), Dimmick (US 20140164254), and Cooreman (US 6839840). 
Regarding claim 5, Antunovic further discloses:
          the identity verification associated with the updated ATC (See at least paragraph [0081]-[0084] of Antunovic).
          Antunovic does not disclose:
           the identity verification is logged as a non-payment event in a non-payment event log of the authentication server separate from a payment event log of the authentication server, the payment event log to store payment events
However, Cooreman teaches:
          the identity verification is logged as a non-payment event in a non-payment event log of the authentication server separate from a payment event log of the authentication server, the payment event log to store payment events (By disclosing, “[t]he method of the invention applies (FIG. 1) to a memory chip card CM which of course comprises a memory M but also a so-called transaction counter CT which counts the transactions performed between the card CM and a terminal TE to which the card is connected by insertion. The memory chip card CM can also comprise a second so-called authentication counter CE which counts the authentication requests, these authentication requests possibly occurring at any time during a transaction and independently thereof”; and “[t]he invention concerns a method enabling a smart card and a terminal whereto it is connected to authenticate each other” which infers that the memory chip card 
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of logging an identity verification as a non-payment event in a non-payment event log of the authentication server separate from a payment event log of the authentication server as disclosed by Cooreman.  Doing so would results in an improved invention by allowing the number of authentications can also be counted besides the number of transactions, thus expanding the scope of the invention.

Regarding claim 24, Antunovic further discloses:
           an updated ATC (See at least paragraph [0081] of Antunovic).
           Antunovic does not disclose:
           a counter is logged as the non-payment event.
           However, Cooreman teaches:
           a counter is logged as the non-payment event (By disclosing, “[t]he memory chip card CM can also comprise a second so-called authentication counter CE which counts the authentication requests, these authentication requests possibly occurring at any time during a transaction and independently thereof”; and “[t]he invention concerns a method enabling a smart card and a terminal whereto it is connected to authenticate each other” which infers that the 
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to make a counter logged as a non-payment event as disclosed by Cooreman.  Doing so would results in an improved invention by allowing the number of authentications can also be counted besides the number of transactions, thus expanding the scope of the invention.

Regarding claim 27, Antunovic also discloses:
           an updated version of the ATC (By disclosing, an ATC “which increments every transaction” and an issuer can verify that the cryptogram received from the card is not an old cryptogram (See at least paragraph [0081] of Antunovic)); and 
          the card verification is associated with the updated ATC (See at least paragraph [0081] of Antunovic).  
          Antunovic does not disclose:
          store the updated ATC; and
          wherein the card verification is logged as the non-payment event.
          However, Dunjic teaches:
          store the updated ATC (By disclosing, the ATC may be maintained by the payment account issuer (See at least paragraph [0089] of Dunjic)). 
storing an ATC on a host device associated with the authentication server as discloses by Dunjic.  Doing so would allow issuer ensure that the cryptogram produced by the card is not a previous cryptogram, thus decrease the possibility of replay attack.
           And Cooreman teaches:
           wherein the card verification is logged as the non-payment (By disclosing, “[t]he method of the invention applies (FIG. 1) to a memory chip card CM which of course comprises a memory M but also a so-called transaction counter CT which counts the transactions performed between the card CM and a terminal TE to which the card is connected by insertion. The memory chip card CM can also comprise a second so-called authentication counter CE which counts the authentication requests, these authentication requests possibly occurring at any time during a transaction and independently thereof”; and “[t]he invention concerns a method enabling a smart card and a terminal whereto it is connected to authenticate each other” which infers that the memory chip card can be an authentication server (See at least Col 2 lines 34-43, Fig. 1 and Abstract of Cooreman)).
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of logging a card verification as a non-payment 

Regarding claim 28, Antunovic also discloses:
          perform an antifraud measure for a payment event associated with the card (By disclosing, “[t]he issuer 2010 then carries out issuer processing and decisioning (e.g., with issuer processing platform 2040) based on … fraud detection protocols, etc.” (See at least paragraph [0059] of Antunovic))
          a non-payment event is associated with the updated ATC (By disclosing, an ATC increments every transaction; and the incremented ATC can be used to ensure that the cryptogram is not a previous cryptogram in an authorization process. (See at least paragraph [0081]-[0084] of Antunovic)); and
          performing a transaction by using the non-payment event (By disclosing, “[t]he merchant utilizes the PAN to initiate an authorization request, and upon receiving an authorization request response indicating approval, will complete the e-commerce transaction” (See at least paragraph [0034] of Antunovic)).

Regarding claim 29, Antunovic also discloses:
          the cryptogram is an authorization request cryptogram (ARQC) (See at least paragraph [0083] of Antunovic).  

Claim 6 is are rejected under 35 U.S.C. 103 as being unpatentable over Antunovic et al.  (US 20170200149), in view of Dunjic et al. (US 20190108511), further in view of Apple (“Apple”) (“Set up Apple Pay”, Apple.com, published on Feb 26, 2018); Apple (“Apple”) (“Using Apple Pay in store”, Apple.com, published on Oct 6, 2017) which is incorporated by reference in its entirety by “Set up Apple Pay”), Bishop et al. (US 20060012473), Yu et al. (US 6067621), Maddocks (US 20100308109), Dimmick (US 20140164254), Cooreman (US 6839840), and Baldrick et al. (US 20130080327).
Regarding claim 6, Antunovic further discloses:
           the initiation of the wireless communication is based on a first tap (By disclosing, “card 112 can be touched or tapped on the terminal 124 or 128 (or an associated reader), which then contactlessly transmits the electronic data to the proximity IC chip in the card 112 or other wireless device” (See at least paragraph [0032] of Antunovic)).            
            Antunovic does not disclose:
            receiving an indication of a payment event associated with the card;
            determining that an amount of time that has elapsed subsequent to the non-payment event exceeds a time threshold; and
            performing an antifraud measure for the payment event associated with the card based on the amount of time exceeding the time threshold.
            However, Dunjic teaches:
receiving an indication of a payment event associated with the card (By disclosing, “sending, via a network, a request including an account reference number and a fingerprint of the electronic device”; the request is for performing a payment transaction; and the transaction can be associated with a card (See at least paragraph [0026] and [0034] of Dunjic)).
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of receiving an indication of a payment event associated with the card as disclosed by Dunjic in order to perform the transaction with the card.
          And Baldrick teaches:
          determining that an amount of time that has elapsed subsequent to the non-payment event exceeds a time threshold (By disclosing, “estimating, using a computer operatively coupled with a memory, whether the first authorization has expired by comparing a time that has elapsed since the first authorization to a threshold time” (See at least paragraph [0024] of Baldrick)); and
           performing an antifraud measure for the payment event associated with the card based on the amount of time exceeding the time threshold (By disclosing, “estimating, using a computer operatively coupled with a memory, whether the first authorization has expired by comparing a time that has elapsed since the first authorization to a threshold time, automatically generating a second request for a second authorization corresponding to the payment .
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of determining that an amount of time that has elapsed subsequent to the non-payment event exceeds a time threshold and performing an antifraud measure for the payment event associated with the card based on the amount of time exceeding the time threshold as disclosed by Baldrick. Doing so would improve the invention by calibrating capture payment request timing for payment transactions which can save a merchant fees or fines from some payment processor.

Claims 20 is rejected under 35 U.S.C. 103 as being unpatentable over Antunovic et al.  (US 20170200149), in view of Dunjic et al. (US 20190108511), further in view of Apple (“Apple”) (“Set up Apple Pay”, Apple.com, published on Feb 26, 2018); Apple (“Apple”) (“Using Apple Pay in store”, Apple.com, published on Oct 6, 2017) which is incorporated by reference in its entirety by “Set up Apple Pay”), Bishop et al. (US 20060012473), Yu et al. (US 6067621), Maddocks (US 20100308109), Cooreman (US 6839840), and Buhrmann et al. (US 20130197998).
Regarding claim 20, Antunovic also discloses:
          an updated version of the ATC (By disclosing, an ATC “which increments every transaction” and an issuer can verify that the cryptogram received from the card is not an old cryptogram (See at least paragraph [0081] of Antunovic)), and
perform an antifraud measure for a payment event associated with the card (By disclosing, “[t]he issuer 2010 then carries out issuer processing and decisioning (e.g., with issuer processing platform 2040) based on … fraud detection protocols, etc.” (See at least paragraph [0059] of Antunovic)), and
           a non-payment event is associated with the updated ATC (By disclosing, an ATC increments every transaction; and the incremented ATC can be used to ensure that the cryptogram is not a previous cryptogram in an authorization process. (See at least paragraph [0081]-[0084] of Antunovic)).
          Antunovic does not disclose:
          store the updated ATC, wherein the card verification associated with the updated ATC is logged as a non-payment event in a non-payment event log of the authentication server separate from a payment event log, of the authentication server the payment event log to store payment events; receive an indication of a payment event associated with the card; determine, based on the logs, that a number of payment events received subsequent to the non-payment event exceeds a threshold; and perform an antifraud measure for the payment event associated with the card based on the number of payment events exceeding the threshold.
           However, Dunjic teaches:
           storing the ATC (By disclosing, the ATC may be maintained by the payment account issuer (See at least paragraph [0089] of Dunjic)) (Note: the combination of payment account issuer computer system 930 and the computer server system 110 of the Dunjic prior art can be the host device of the claimed invention); and
          receiving an indication of a payment event associated with the card (By disclosing, “sending, via a network, a request including an account reference number and a fingerprint of the electronic device”; the request is for performing a payment transaction; and the transaction can be associated with a card (See at least paragraph [0026] and [0034] of Dunjic)).
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of storing an ATC and receiving an indication of a payment event associated with the card as discloses by Dunjic.  Doing so would allow issuer ensure that the cryptogram produced by the card is not a previous cryptogram and then perform the transaction.
          And Cooreman teaches:
          the card verification is logged as a non-payment event in a non-payment event log of the authentication server separate from a payment event log of the authentication server, the payment event log to store payment events (By disclosing, “[t]he method of the invention applies (FIG. 1) to a memory chip card CM which of course comprises a memory M but also a so-called transaction counter CT which counts the transactions performed between the card CM and a terminal TE to which the card is connected by insertion. The memory chip card CM can also comprise a second so-called authentication counter CE which counts the authentication requests, these authentication requests possibly occurring at any time during a transaction and independently thereof”; and “[t]he invention concerns a method enabling a smart card and a terminal whereto it is connected to authenticate each other” which infers that the memory chip card can be an authentication server (See at least Col 2 lines 34-43, Fig. 1 and Abstract of Cooreman)).
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of logging an identity verification as a non-payment event in a non-payment event log of the authentication server separate from a payment event log of the authentication server as disclosed by Cooreman.  Doing so would allow the number of authentications can also be counted besides the number of transactions.
           Further, Buhrmann teaches:
           determining that a number of payment events received exceeds a threshold (By disclosing, “[i]f the number of transactions or the dollar amount ; and
            performing an antifraud measure for the payment event associated with the card based on the number of payment events exceeding the threshold (See at least paragraph [0011] of Buhrmann).
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Antunovic to include techniques of determining that a number of payment events received exceeds a threshold and performing an antifraud measure for the payment event associated with the card based on the number of payment events exceeding the threshold as disclosed by Buhrmann in order to improve the security of the invention by limiting financial identity theft and fraud.

Claim 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Antunovic et al.  (US 20170200149), in view of Dunjic et al. (US 20190108511), further in view of Apple (“Apple”) (“Set up Apple Pay”, Apple.com, published on Feb 26, 2018); Apple (“Apple”) (“Using Apple Pay in store”, Apple.com, published on Oct 6, 2017) which is incorporated by reference in its entirety by “Set up Apple Pay”), Bishop et al. (US 20060012473), Yu et al. (US 6067621), Maddocks (US 20100308109), Dimmick (US 2014016254), and Gaitanos et al. (US 20190114645).
Regarding claim 25, Antunovic does not disclose:
         receiving, by the authentication server, an indication of a second payment event associated with the card;
         determining, by the authentication server, that a number of payment events received subsequent to the non-payment event exceeds a threshold, the number of payment events including the first payment event; and 
         performing an antifraud measure for the second payment event associated with the card by using the non-payment event associated with the updated ATC and based on the number of payment events exceeding the threshold.
          However, Gaitanos teaches:
          receiving, by the authentication server, an indication of a second payment event associated with the card (By disclosing, “At block 608, the authorization request may be routed from the payment terminal 206 through the payment system 200”; and “It is further assumed that the account issuer 112a declined the transaction because a low value transaction counter maintained by the account issuer 112a had reached a limit such that user authentication was required for the next transaction (i.e.,--in this case--the current transaction)” (See at least paragraph [0058] and [0066] of Gaitanos)); 
         determining, by the authentication server, that a number of payment events received subsequent to the non-payment event exceeds a threshold, the number of payment events including the first payment event (By disclosing, “It is further assumed that the account issuer 112a declined the transaction because a low ; and 
         performing an antifraud measure for the second payment event associated with the card by using the non-payment event associated with the updated ATC and based on the number of payment events exceeding the threshold (By disclosing, “In this situation, the authorization response may contain a data element that indicates that a transaction counter limit had been exceeded, and the decline reason message generated by the payment network computer 502 at block 624 (FIG. 6) may (in coded or plain text form) include a prompt that says "Enter wallet PIN and retry". When the latter message is displayed by the payment-enabled mobile device 102a at block 630, the user 202 may enter the PIN and tap the payment-enabled mobile device 102a again on the payment terminal 206” (See at least paragraph [0066]-[0067] and [0054] of Gaitanos)).
         Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of receiving, by the authentication server, an indication of a second payment event associated with the card; determining, by the authentication server, that a number of payment events received subsequent to the non-payment event exceeds a threshold, the number of payment events including the first payment event; and performing an antifraud measure for the second payment event associated with the card by using the non-payment event associated with the updated ATC and based on the number of payment events exceeding the threshold.  Doing so would results in an improved invention because this would resist fraudulent transaction by setting a threshold transaction limit in case the payment device is obtained by someone else, thus improving the security of the claimed invention.

Response to Amendment
Applicant’s arguments with regard to the respect to the 35 U.S.C. § 103 rejection have been considered but are moot in view of new grounds of rejection.	
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  


Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUAN ZHANG whose telephone number is (571)272-4642.  The examiner can normally be reached on Mon - Fri 10 AM-5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 5712701492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/DUAN ZHANG/Examiner, Art Unit 3685       

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685