Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims

Applicant filed an amendment on January 18, 2021. Claims 8-13 were pending in the Application. Claims 1, 10, and 11 are amended. No new claims have been added. Claims 1-7 have been withdrawn from further consideration. Claim 8, 10, and 11 are independent claims, the remaining claims depend, directly or indirectly, on claim 11. Thus Claims 8 and 10-13 are currently pending. After careful and full consideration of Applicant arguments and amendments, the Examiner finds them to be moot and not persuasive. This action is made FINAL.

Claim Interpretation
The claims are replete with intended use. The subject matter of a properly construed claim is defined by the terms that limit the scope of the claim when given their broadest reasonable interpretation. It is this subject matter that must be examined. As a general matter, grammar and the plain meaning of terms as understood by one having ordinary skill in the art used in a claim will dictate whether, and to what extent, the language limits the claim scope. See MPEP § 2111.01 for more information on the plain meaning of claim language. Language that suggests or makes a feature or step optional but does not require that feature or step does not limit the scope of a claim under the broadest reasonable claim interpretation. The following types of claim language may raise a question as to its limiting effect:
statements of intended use or field of use, including statements of purpose or intended use in the preamble, 
"adapted to" or "adapted for" or "to" or "for" clauses, 
"wherein" or "whereby" clauses, 
contingent limitations, 
printed matter, or 
terms with associated functional language. 

The above list of examples is not intended to be exhaustive. The determination of whether particular language is a limitation in a claim depends on the specific facts of the case. See, e.g., Griffin v. Bertina, 285 F.3d 1029, 1034, 62 USPQ2d 1431 (Fed. Cir. 2002) (finding that a "wherein" clause limited a process claim where the clause gave "meaning and purpose to the manipulative steps"). For more information about these types of claim language and how to determine whether they have a limiting effect on claim scope, see MPEP §§ 2111.02 through 2111.05.

The claims are replete with intended use, which have little to no patentable weight, however, for compact prosecution, the examiner is interpreting the claims as if they have little patentable weight.  Please find and correct all occurrences.  These are provided for example.  

The following claim phrases are intended use:
Independent Claim 8, line 1 - "for generating a single temporary One Time Password (OTP) dynamic code ... "; line 5 - "for generating a single temporary line 13 - "for generating a single temporary One Time Password (OTP) dynamic code ... ". These clauses clearly refer to intended use; they do nothing positively; the clauses at issue are not an element of the limitation, rather, it's someone's interpretation of what might be accomplished future tense; they are also not positive steps in the claim.
Independent Claim 10, line 1 - "for an electronic payment by a contactless device, …"; Page 17, line 1 - "for generating a temporary dynamic code ... ";  and Page 17, line 10 - "for the calculation of the temporary OTP dynamic code;". These clauses clearly refer to intended use; they do nothing positively; the clauses at issue are not an element of the limitation, rather, it's someone's interpretation of what might be accomplished future tense; they are also not positive steps in the claim.
Independent Claim 11, line 1 - "for digital recognition of a person by means …"; line 4 - “for authorization to consult a personal document of the user.”; Page 18, line 1 - “for generating a temporary dynamic code …”; Page 18, line 10 - “for the calculation of the temporary OTP dynamic code;”; Page 18, line 13 - “for a proximity communication;”; Page18, line 17 - “for authorization to consult the document …”. These clauses clearly refer to intended use; they do nothing positively; the clauses at issue are not an element of the limitation, rather, it's someone's interpretation of what might be accomplished future tense; they are also not positive steps in the claim.
Dependent Claim 12, line 3 - "for the calculation of the temporary OTP dynamic code.". This clause clearly refers to intended use; it does nothing positively; the clause at issue is not an element of the limitation, rather, it's someone's interpretation of what might be accomplished future tense; it is also not a positive step in the claim.

Specification






The disclosure is objected to because of the following informalities: 
Page 13, line 27, “fingerprint reader 29." should read "fingerprint reader 30."
The specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which Applicant may become aware in the specification.
Appropriate correction is required.

Claim Objections









Independent Claim 10 is objected to because of the following informalities:
Page 17, Line 1, “activating an OTP microchip or generating …” should read “activating an OTP microchip for generating …”
 Independent Claim 11 is objected to because of the following informalities:
Page 18, Line 1, “activating an OTP microchip or generating …” should read “activating an OTP microchip for generating …”
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U. S. 1. 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.
Ascertaining the differences between the prior art and the claims at issue.
Resolving the level of ordinary skill in the pertinent art.
Considering objective evidence present in the application indicating obviousness or nonobviousness.

Independent Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Song (U. S. Patent Application Publication No. 20160226862 A1), herein referred to as Song, and in view of Loh et al (U. S. Patent Application Publication No. 20130092741 A1), herein referred to as Loh.

Independent Claim 8
Song teaches a method for generating a single temporary One Time Password 
(OTP) dynamic code via a contactless device, said method comprising: calculating and generating the valid and unique OTP temporary dynamic code by means of an algorithm generated by the OTP microchip.
(See Song, [0075], In addition, the OTP control unit 213 generates an OTP by reflecting transaction information for each OTP generation method in any one selected from among the following Equations 1 to 3 according to a fourth embodiment of the present invention. The transaction information may be infor-mation about a transaction occurring in services received through the web service server 600. See Equation 1 and Equation 2 for Time-based OTP Algorithm (TOTP, RFC 6238) scheme; HOTP (HMAC-Based OTP Algorithm (RFC4226)); and OC RA (OATH Challenge/Response Algorithms)

generating a text string resulting from the detection of the user's biometric character through the biometric sensor;
(See Song, [0065], the OTP authentication server 700 stores seed information for each piece of identification information for the wireless OTP generator 200. When receiving an OTP verifying request signal from the touch authentication server 500, the OTP authentication server performs verification with the received OTP and the seed of the wireless OTP generator 200 that generated the OTP, and provides the verification result to the touch authentication server 500.), where the touch authentication server is being construed as being similar to the Touch ID on a smartphone where a finger is applied to the pad, a steel ring sends a message to the biometric sensor, the biometric details are read and recorded in the smartphone. (See Song, 0112], the touch authentication server 500 then transmits an OTP verification request signal, which includes the received OTP and the TSN (or seed information), to the OTP authentication server 700 (step S837). See also Song, [0113], the OTP authentication server 700, having received the OTP verification request signal, performs authentication on the received OTP with the TSN (or seed information) and transmits an OTP verification response signal including the authentication result to the touch authentication server 500 (step S841).), where the TSN (Token Serial Number) is being construed as an alphanumeric text string as the seedkey for the OTP algorithm.

integrating said text string within the algorithm through the OTP microchip, and 
(See Song, [0075], Equation 1: Time-based OTP Algorithm (TOTP, RFC 6238) scheme, Transaction_OTP HMAC (SeedKey,Time+transaction message; Equation 2: HOTP (HMAC-Based OTP Algorithm (RFC4226)) scheme, Transaction_OTP HMAC (SeedKey, [Authentication Counter or time or challenge],+ transaction message).)
  
calculating and generating the valid and unique temporary OTP dynamic code, wherein the text string is used as one of the keys for the calculation of the temporary
OTP dynamic code.
(See Song, [0075], in addition, the OTP control unit 213 generates an OTP by reflecting transaction information for each OTP generation method in any one selected from among the following Equations 1 to 3 according to a fourth embodiment of the present invention. The transaction information may be infor-mation about a transaction occurring in services received through the web service server 600. See Equation 1: Time-based OTP Algorithm (TOTP, RFC 6238) scheme, Transaction_OTP HMAC (SeedKey,Time+transaction message; Equation 2: HOTP (HMAC-Based OTP Algorithm (RFC4226)) scheme, Transaction_OTP HMAC (SeedKey, [Authentication Counter or time or challenge],+ transaction message).)  
Song does not teach, however, Loh teaches authenticating a user by detecting a biometric character of the user by means of a biometric sensor present in the device;
(See Loh, [0033], … contactless transactions that can be performed with the wireless smart card include contactless payment, near field communication (NFC) with other NFC devices (i.e. peer-to-peer communication), and Radio Identification (RFID) reading/writing, which can be made in a secure and efficient manner. See Loh, [0048], … once the wireless smart card 300 is configured, the biometric information from the sensor 316 can be used to compare and match a fingerprint at a later time to authenticate the user. The biometric information can also be used to authenticate secure communication lines.)

activating an OTP microchip for generating a temporary dynamic code present inside said contactless device following said authentication; and
(See Loh, [0083], … the wireless smart card 104 can be used to generate the One-Time-Password (OTP). OTP is an established means of creating dynamic credentials for authentication, which is used by many financial institutions have the OTP option for added security of online transactions. The OTP parameter and counter elements can be stored in the secure element 132 of the wireless smart card 104 and displayed by the wireless smart card 104 or by the mobile communication device 108 (OTP information is communicated to the mobile communication device via Bluetooth and PAN transceiver 124).)
Loh teaches a wireless smart card allowing contactless payment through near field communication (NFC). It would have been obvious to one of ordinary skill in the art to include wireless smart card allowing contactless payment through near field communication (NFC), as in Loh, to improve and/or enhance the technology for wireless authentication using a one-time password (OTP) of a mobile communication terminal having near field communication (NFC) function and an OTP generator, as in Song, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references because an OTP overcomes the deficiencies of current ID/password schemes of being easily exposed and not being able to protect private information stored in internet servers very securely. As consumers have become more interested in using their mobile communication devices to perform various transactions (e.g., transfer funds, purchase products, etc.), contactless payment options provide the consumer with a more secure and reliable transaction; and user friendly consumer experience.

Independent Claims 10-11 and Dependent Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Song (U. S. Patent Application Publication No. 20160226862 A1), herein referred to as Song, in view of Loh et al (U. S. Patent Application Publication No. 20130092741 A1), herein referred to as Loh, and in further view of Varadarajan (U. S. Patent No. 8843757 B2), herein referred to as Varadarajan.

Independent Claim 10
Song teaches a method for an electronic payment by a contactless device, the method comprising: calculating and generating the valid and unique OTP temporary dynamic code by an algorithm generated by the OTP microchip;
(See Song, [0075], In addition, the OTP control unit 213 generates an OTP by reflecting transaction information for each OTP generation method in any one selected from among the following Equations 1 to 3 according to a fourth embodiment of the present invention. The transaction information may be infor-mation about a transaction occurring in services received through the web service server 600. See Equation 1 and Equation 2 for Time-based OTP Algorithm (TOTP, RFC 6238) scheme; HOTP (HMAC-Based OTP Algorithm (RFC4226)); and OC RA (OATH Challenge/Response Algorithms)

generating a text string resulting from the detection of the user's biometric character through the biometric sensor;
(See Song, [0065], the OTP authentication server 700 stores seed information for each piece of identification information for the wireless OTP generator 200. When receiving an OTP verifying request signal from the touch authentication server 500, the OTP authentication server performs verification with the received OTP and the seed of the wireless OTP generator 200 that generated the OTP, and provides the verification result to the touch authentication server 500.), where the touch authentication server is being construed as being similar to the Touch ID on a smartphone where a finger is applied to the pad, a steel ring sends a message to the biometric sensor, the biometric details are read and recorded in the smartphone. (See Song, 0112], the touch authentication server 500 then transmits an OTP verification request signal, which includes the received OTP and the TSN (or seed information), to the OTP authentication server 700 (step S837). See also Song, [0113], the OTP authentication server 700, having received the OTP verification request signal, performs authentication on the received OTP with the TSN (or seed information) and transmits an OTP verification response signal including the authentication result to the touch authentication server 500 (step S841).), where the TSN (Token Serial Number) is being construed as an alphanumeric text string as the seedkey for the OTP algorithm.
integrating said text string within the algorithm through the OTP microchip, and
(See Song, [0075], Equation 1: Time-based OTP Algorithm (TOTP, RFC 6238) scheme, Transaction_OTP HMAC (SeedKey,Time+transaction message; Equation 2: HOTP (HMAC-Based OTP Algorithm (RFC4226)) scheme, Transaction_OTP HMAC (SeedKey, [Authentication Counter or time or challenge],+ transaction message).)

calculating and generating the valid and unique temporary OTP dynamic code, wherein the text string is used as one of the keys for the calculation of the temporary OTP dynamic code;
(See Song, [0075], In addition, the OTP control unit 213 generates an OTP by reflecting transaction information for each OTP generation method in any one selected from among the following Equations 1 to 3 according to a fourth embodiment of the present invention. The transaction information may be infor-mation about a transaction occurring in services received through the web service server 600. See Equation 1: Time-based OTP Algorithm (TOTP, RFC 6238) scheme, Transaction_OTP HMAC (SeedKey,Time+transaction message; Equation 2: HOTP (HMAC-Based OTP Algorithm (RFC4226)) scheme, Transaction_OTP HMAC (SeedKey, [Authentication Counter or time or challenge],+ transaction message).)  

 Song does not teach, however, Loh teaches sending to the device by a point of sale terminal of an authorization request of a payment;
(See Loh, [0044], the wireless smart card 104 can be used for trans-actions (e.g., credit or debit payments) by presenting the wireless smart card 104 at the contactless payment terminal 112a. In the transaction mode of operation, the contactless payment terminal 112a communicates with the applets and credentials stored in the secure element 132 through the NFC and/or RFID interface 128 using NFC according to a standard transaction protocol. The transaction and authorization is then processed between the contactless payment terminal 112a and transaction processing center 120 using standard transaction processing.)

authenticating a user by detecting a biometric character of the user by means of a biometric sensor present in the device;
(See Loh, [0033], … contactless transactions that can be performed with the wireless smart card include contactless payment, near field communication (NFC) with other NFC devices (i.e. peer-to-peer communication), and Radio Identification (RFID) reading/writing, which can be made in a secure and efficient manner. See Loh, [0048], … once the wireless smart card 300 is configured, the biometric information from the sensor 316 can be used to compare and match a fingerprint at a later time to authenticate the user. The biometric information can also be used to authenticate secure communication lines.)

authenticating a user by detecting a biometric character of the user by a biometric sensor present in the device;
(See Loh, [0048], … at initial set up, the user's biometric information may be entered and stored in the flash memory of the secure element 340. Once the wireless smart card 300 is configured, the biometric information from the sensor 316 can be used to compare and match a fingerprint at a later time to authenticate the user. The biometric information can also be used to authenticate secure communication lines.)
activating an OTP microchip or generating a temporary dynamic code present inside said contactless device following said authentication;
(See Loh, [0083], … the wireless smart card 104 can be used to generate the One-Time-Password (OTP). OTP is an established means of creating dynamic credentials for authentication, which is used by many financial institutions have the OTP option for added security of online transactions. The OTP parameter and counter elements can be stored in the secure element 132 of the wireless smart card 104 and displayed by the wireless smart card 104 or by the mobile communication device 108 (OTP information is communicated to the mobile communication device via Bluetooth and PAN transceiver 124).)

sending the temporary single OTP dynamic code from the contactless device to the
point of sale terminal by means of a proximity communication;
(See Loh, [0083], … the OTP parameter and counter elements can be stored in the secure element 132 of the wireless smart card 104 and displayed by the wireless smart card 104 or by the mobile communication device 108 (OTP information is communicated to the mobile communication device via Bluetooth and PAN transceiver 124). See Loh, [0044], the wireless smart card 104 can be used for transactions (e.g., credit or debit payments) by presenting the wireless smart card 104 at the contactless payment terminal 112a. In the transaction mode of operation, the contactless payment terminal 112a communicates with the applets and credentials stored in the secure element 132 through the NFC and/or RFID interface 128 using NFC according to a standard transaction protocol.)

sending the temporary single OTP dynamic code from the point of sale terminal to an authentication and control server via a payment circuit;
(See Loh, [0083], … the wireless smart card 104 can be used to generate the One-Time-Password (OTP). OTP is an established means of creating dynamic credentials for authentication, which is used by many financial institutions have the OTP option for added security of online transactions. See Loh, [0044], ... the transaction and authorization is then processed between the contactless payment terminal 112a and transaction processing center 120 using standard transaction processing.)

sending the result of the payment request to the contactless device by the  authentication and control server through the payment circuit and point of sale terminal;
(See Loh, [0043], … the transaction processing center 120 can also activate, download or modify other secure content such as payment account credentials, coupons, or monetary credits to the wireless smart card 104 for payment or other transactions. The transaction processing center 120 can also activate, store or modify the applets, user credentials or other transaction contents via Near Field Communication or RFID between the transaction device 112 ( e.g., contactless payment terminal 112a) and the wireless smart card 104.)
Loh teaches wireless smart card allowing contactless payment through near field communication (NFC). It would have been obvious to one of ordinary skill in the art to include wireless smart card allowing contactless payment through near field communication (NFC), as in Loh, to improve and/or enhance the technology for wireless authentication using a one-time password (OTP) of a mobile communication terminal having near field communication (NFC) function and an OTP generator, as in Song, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references because an OTP overcomes the deficiencies of current ID/password schemes of being easily exposed and not being able to protect private information stored in internet servers very securely. As consumers have become more interested in using their mobile communication devices to perform various transactions (e.g., transfer funds, purchase products, etc.) and gaining access to protected processes and data exchanges, contactless communication options provide the consumer with a more secure and reliable transaction, and gaining access to protected processes and documents; and a user friendly consumer experience.

Song and Loh do not teach, however, Varadarajan teaches generating a temporary unique One Time Password (OTP) dynamic code by:
(See Varadarajan, [Column 4, lines 11-19], the system and method described herein to generate an OTP from a user device can be adapted to any system where a PIN input is required for access, approval, authorization or authentication, e.g., for secure access to an online system, computer network, database, etc., or online authentication of personal identity or approval of a transaction, or for any other representation of an account number or user identification which is used in conjunction with a PIN for a transaction, authorization or authentication. See Varadarajan, [Column 4, lines 30-34], by definition the OTP can only be used one-time, for a single PIN-required transaction. For the next card use, e.g., for the next PIN-required transaction, another different OTP must be generated by the OTP generator on the user device and provided to the user cardholder. See Varadarajan, [Column 4, lines 42-43], … since the OTP has been used for the transaction just com-pleted, the same OTP cannot be used again, …)

wherein the text string used to generate the unique temporary OTP dynamic code is stored both in the device and in the authentication and control server.
(See Varadarajan, [Column 7, lines 6-12], the user device 105 may be further configured with an OTP generating application 100 which may include one or more OTP generating algorithms configurable to generate an OTP 110 using an OTP key con-figured as a camouflaged card string or other key or secret which may be provided to OTP application 100 or stored in a database or file system 103 on user device 105. See Varadarajan, [Column 10, lines 45-49], the transaction server 140 is configured with a CPU and a memory, and may include an OTP application 100 which may be configurable to generate OTPs, keys, secrets or other data elements, which may be stored in a database or file system.)
	Varadarajan teaches one-time pin generation. It would have been obvious to one of ordinary skill in the art to include such means for one-time pin generation, as in Varadarajan, and wireless smart card allowing contactless payment through near field communication (NFC), as in Loh, to improve and/or enhance the technology for wireless authentication using a one-time password (OTP) of a mobile communication terminal having near field communication (NFC) function and an OTP generator, as in Song, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a system and method to replace the personal identification number (PIN) for a user account with a dynamic PIN structure, where a unique, single use PIN, also referred to as a one-time PIN (OTP) or one-time passcode (OTP), is provided by a user accountholder’s mobile device for use with a single account transaction. This dynamic PIN structure mitigates the risk of the user’s static PIN being obtained by other means, and even if it was obtained, would not be able to be used beyond the single transaction.

Dependent Claim 11
Song teaches a method for digital recognition of a person by means of a contactless device, the method comprising: sending to the device an authentication request of a user who is the holder of the device following a request for authorization to consult a personal document of the user; 
(See Song, [0075], … wirelessly transmitting the OTP when an OTP request signal is received; a mobile communication terminal obtaining the OTP generated by the wireless OTP generator when an OTP request message is received, and transmitting OTP authentication information comprising the OTP and identification information of the mobile communication terminal; … obtaining the OTP authentication information through a mobile communication terminal corresponding to the user identification information when an OTP authentica-tion request signal for registered user identification informa-tion is received, verifying an OTP of the obtained OTP authentication information through the OTP authentication server, and providing an OTP verification result to the web service server.

calculating and generating the valid and unique OTP temporary dynamic code by an algorithm generated by the OTP microchip;
(See Song, [0075], In addition, the OTP control unit 213 generates an OTP by reflecting transaction information for each OTP generation method in any one selected from among the following Equations 1 to 3 according to a fourth embodiment of the present invention. The transaction information may be infor-mation about a transaction occurring in services received through the web service server 600. See Equation 1 and Equation 2 for Time-based OTP Algorithm (TOTP, RFC 6238) scheme; HOTP (HMAC-Based OTP Algorithm (RFC4226)); and OC RA (OATH Challenge/Response Algorithms)

generating a text string resulting from the detection of the user's biometric character through the biometric sensor;
(See Song, [0065], the OTP authentication server 700 stores seed information for each piece of identification information for the wireless OTP generator 200. When receiving an OTP verifying request signal from the touch authentication server 500, the OTP authentication server performs verification with the received OTP and the seed of the wireless OTP generator 200 that generated the OTP, and provides the verification result to the touch authentication server 500.), where the touch authentication server is being construed as being similar to the Touch ID on a smartphone where a finger is applied to the pad, a steel ring sends a message to the biometric sensor, the biometric details are read and recorded in the smartphone. (See Song, 0112], the touch authentication server 500 then transmits an OTP verification request signal, which includes the received OTP and the TSN (or seed information), to the OTP authentication server 700 (step S837). See also Song, [0113], the OTP authentication server 700, having received the OTP verification request signal, performs authentication on the received OTP with the TSN (or seed information) and transmits an OTP verification response signal including the authentication result to the touch authentication server 500 (step S841).), where the TSN (Token Serial Number) is being construed as an alphanumeric text string as the seedkey for the OTP algorithm.

integrating said text string within the algorithm through the OTP microchip,
(See Song, [0075], Equation 1: Time-based OTP Algorithm (TOTP, RFC 6238) scheme, Transaction_OTP HMAC (SeedKey,Time+transaction message; Equation 2: HOTP (HMAC-Based OTP Algorithm (RFC4226)) scheme, Transaction_OTP HMAC (SeedKey, [Authentication Counter or time or challenge],+ transaction message).)

calculating and generating the valid and unique temporary OTP dynamic code, wherein the text string is used as one of the keys for the calculation of the temporary OTP dynamic code;
(See Song, [0075], In addition, the OTP control unit 213 generates an OTP by reflecting transaction information for each OTP generation method in any one selected from among the following Equations 1 to 3 according to a fourth embodiment of the present invention. The transaction information may be infor-mation about a transaction occurring in services received through the web service server 600. See Equation 1: Time-based OTP Algorithm (TOTP, RFC 6238) scheme, Transaction_OTP HMAC (SeedKey,Time+transaction message; Equation 2: HOTP (HMAC-Based OTP Algorithm (RFC4226)) scheme, Transaction_OTP HMAC (SeedKey, [Authentication Counter or time or challenge],+ transaction message).)

Song does not teach, however, Loh teaches authenticating the user by detecting a biometric character of the user by means of a biometric sensor present in the device;
(See Loh, [0033], … contactless transactions that can be performed with the wireless smart card include contactless payment, near field communication (NFC) with other NFC devices (i.e. peer-to-peer communication), and Radio Identification (RFID) reading/writing, which can be made in a secure and efficient manner. See Loh, [0048], … once the wireless smart card 300 is configured, the biometric information from the sensor 316 can be used to compare and match a fingerprint at a later time to authenticate the user. The biometric information can also be used to authenticate secure communication lines.)

authenticating a user by detecting a  biometric character of the user by a biometric sensor present in the device;
(See Loh, [0048], … at initial set up, the user's biometric information may be entered and stored in the flash memory of the secure element 340. Once the wireless smart card 300 is configured, the biometric information from the sensor 316 can be used to compare and match a fingerprint at a later time to authenticate the user. The biometric information can also be used to authenticate secure communication lines.)

activating an OTP microchip or generating a temporary dynamic code present inside said contactless device following said authentication; and
(See Loh, [0083], … the wireless smart card 104 can be used to generate the One-Time-Password (OTP). OTP is an established means of creating dynamic credentials for authentication, which is used by many financial institutions have the OTP option for added security of online transactions. The OTP parameter and counter elements can be stored in the secure element 132 of the wireless smart card 104 and displayed by the wireless smart card 104 or by the mobile communication device 108 (OTP information is communicated to the mobile communication device via Bluetooth and PAN transceiver 124).)

sending the temporary single OTP dynamic code from the contactless device to an
NFC terminal for a proximity communication;
(See Loh, [0083], … the OTP parameter and counter elements can be stored in the secure element 132 of the wireless smart card 104 and displayed by the wireless smart card 104 or by the mobile communication device 108 (OTP information is communicated to the mobile communication device via Bluetooth and PAN transceiver 124). See Loh, [0044], the wireless smart card 104 can be used for transactions (e.g., credit or debit payments) by presenting the wireless smart card 104 at the contactless payment terminal 112a. In the transaction mode of operation, the contactless payment terminal 112a communicates with the applets and credentials stored in the secure element 132 through the NFC and/or RFID interface 128 using NFC according to a standard transaction protocol.)

sending the temporary unique OTP dynamic code from the NFC to an authentication and control server through an administration server, wherein the administration server includes data relating to the personal document of the user;
(See Loh, [0083], … the wireless smart card 104 can be used to generate the One-Time-Password (OTP). OTP is an established means of creating dynamic credentials for authentication, which is used by many financial institutions have the OTP option for added security of online transactions. See Loh, [0044], ... the transaction and authorization is then processed between the contactless payment terminal 112a and transaction processing center 120 using standard transaction processing. See Loh, [0033], the wireless smart card can be used to provision or modify secure personal credentials, store and modify monetary values, upload or review transactions, and read and download information from external transaction devices, such as smart posters and other NFC or RFID devices.)

sending the result of the request for authorization to consult the document to the contactless device by the authentication and control server via the administration server and NFC terminal;
(See Loh, [0043], … the transaction processing center 120 can also activate, download or modify other secure content such as payment account credentials, coupons, or monetary credits to the wireless smart card 104 for payment or other transactions. The transaction processing center 120 can also activate, store or modify the applets, user credentials or other transaction contents via Near Field Communication or RFID between the transaction device 112 ( e.g., contactless payment terminal 112a) and the wireless smart card 104.)
Loh teaches wireless smart card allowing contactless payment through near field communication (NFC). It would have been obvious to one of ordinary skill in the art to include wireless smart card allowing contactless payment through near field communication (NFC), as in Loh, to improve and/or enhance the technology for wireless authentication using a one-time password (OTP) of a mobile communication terminal having near field communication (NFC) function and an OTP generator, as in Song, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references because an OTP overcomes the deficiencies of current ID/password schemes of being easily exposed and not being able to protect private information stored in internet servers very securely. As consumers have become more interested in using their mobile communication devices to perform various transactions (e.g., transfer funds, purchase products, etc.) and gaining access to protected processes and data exchanges, contactless communication options with OTP provide the consumer with a more secure and reliable transaction, and gaining access to protected processes and documents; and a user friendly consumer experience.

Song and Loh do not teach, however, Varadarajan teaches generating a temporary unique One Time Password (OTP) dynamic code by:
(See Varadarajan, [Column 4, lines 11-19], the system and method described herein to generate an OTP from a user device can be adapted to any system where a PIN input is required for access, approval, authorization or authentication, e.g., for secure access to an online system, computer network, database, etc., or online authentication of personal identity or approval of a transaction, or for any other representation of an account number or user identification which is used in conjunction with a PIN for a transaction, authorization or authentication. See Varadarajan, [Column 4, lines 30-34], by definition the OTP can only be used one-time, for a single PIN-required transaction. For the next card use, e.g., for the next PIN-required transaction, another different OTP must be generated by the OTP generator on the user device and provided to the user cardholder. See Varadarajan, [Column 4, lines 42-43], … since the OTP has been used for the transaction just com-pleted, the same OTP cannot be used again, …)

wherein the text string used to generate the unique temporary OTP dynamic code is stored both in the device and in the authentication and control server.
(See Varadarajan, [Column 7, lines 6-12], the user device 105 may be further configured with an OTP generating application 100 which may include one or more OTP generating algorithms configurable to generate an OTP 110 using an OTP key con-figured as a camouflaged card string or other key or secret which may be provided to OTP application 100 or stored in a database or file system 103 on user device 105. See Varadarajan, [Column 10, lines 45-49], the transaction server 140 is configured with a CPU and a memory, and may include an OTP application 100 which may be configurable to generate OTPs, keys, secrets or other data elements, which may be stored in a database or file system.)
	Varadarajan teaches one-time pin generation. It would have been obvious to one of ordinary skill in the art to include such means for one-time pin generation, as in Varadarajan, and wireless smart card allowing contactless payment through near field communication (NFC), as in Loh, to improve and/or enhance the technology for wireless authentication using a one-time password (OTP) of a mobile communication terminal having near field communication (NFC) function and an OTP generator, as in Song, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a system and method to replace the personal identification number (PIN) for a user account with a dynamic PIN structure, where a unique, single use PIN, also referred to as a one-time PIN (OTP) or one-time passcode (OTP), is provided by a user accountholder’s mobile device for use with a single account transaction. This dynamic PIN structure overcomes the user’s static PIN from being obtained by other means, and even if it was obtained, would not be able to be used beyond the single transaction.

Dependent Claim 12
Song, Loh, and Varadarajan disclose the limitations of Independent Claim 11.
Loh and Varadarajan do not teach, however, Song teaches the method according to claim 11, wherein at least one pre-installed code relating to the type of the requested personal document of the user is used as one of the keys for the calculation of the temporary OTP dynamic code.
(See Song, [0065], the OTP authentication server 700 stores seed information for each piece of identification information for the wireless OTP generator 200. When receiving an OTP verifying request signal from the touch authentication server 500, the OTP authentication server performs verification with the received OTP and the seed of the wireless OTP generator 200 that generated the OTP, and provides the verification result to the touch authentication server 500.)

Dependent Claim 13
Song, Loh, and Varadarajan disclose the limitations of Independent Claim 11 and Dependent Claim 12.
Loh and Varadarajan do not teach, however, Song teaches the method according to claim 12 the pre-installed code is stored both in the device and in the administration server, and in the authentication and control server.
(See Song, [0108], The wireless OTP generator 200 then transmits, to the mobile communication terminal 300, an OTP that is pre-generated and stored in the wireless OTP processing unit 224 at the time of receiving the OTP request signal, or that is generated by the OTP request signal and stored in the wireless OTP processing unit 224 (step S827). In order for the OTP to be pre-stored in the wireless OTP processing unit 224, the user must press an OTP generation button of the input unit 215 of the wireless OTP generator 200 to generate the OTP before the PIN authentication, and the wireless OTP process-ing unit 224 must be activated by the generation of the OTP. However, the OTP generated by the OTP generation button or the RF signal may be stored in the OTP interlocking unit 222, and when the OTP request signal is received, the OTP inter-locking unit 222 may transmit the stored OTP to the mobile communication terminal 300 through the antenna 230.)

Response to Arguments

































Applicant filed an amendment on January 18, 2021. Claims 8-13 were pending in the Application. Claims 1, 10, and 11 are amended. No new claims have been added. Claims 1-7 have been withdrawn from further consideration. Claim 8, 10, and 11 are independent claims, the remaining claims depend, directly or indirectly, on claim 11. Thus Claims 8 and 10-13 are currently pending. After careful and full consideration of Applicant arguments and amendments, the Examiner finds them to be moot and not persuasive. This action is made FINAL.
The specification objections in 10.a.-.n., 10.p.-.ff., and 10.ii-.ww. of the Non-final Office Action dated October 19, 2020, are hereby withdrawn with the exception of 10.o, 10.gg, and 10.hh, as identified in the Non-final Office Action dated October 19, 2020. Applicant has corrected the specification objections 10.a.-.n., 10.p.-.ff., and 10.ii-.ww. identified in the same Non-final Office Action dated October 19, 2020, but still needs to adjudicate 10.o, 10.gg, and 10.hh. 
The drawing objection in 4.a. of the Non-final Office Action dated October 19, 2020, is hereby withdrawn. Applicant has amended FIG. 4 as requested by Examiner. 
The claim objections in 6.a.-.c., 7.a.-.b., and 8.a. of the Non-final Office Action dated October 19, 2020, are hereby withdrawn. Applicant has amended Claims 8, 10, and 11 to correct the claim objections of the Non-final Office Action dated October 19, 2020. However, a new set of claim objections have been identified by the Examiner as noted above in paragraphs 10 and 11.
In the context of 35 U.S.C. §103, Applicant has graciously brought to the attention of the Examiner that the statement of rejection of claim 9 refers to "paragraph [0215]" in Song, and a "biometric information driver module 951," but neither paragraph 215 nor component 951 exists in Song. Instead, Applicant noted that such paragraph and component do seem to exist in the Kim reference (U.S. Patent Publication No. 20170337542). Thus, Applicant requests clarification of the stated rejection.
For clarification and the record, Examiner states the rejection should have been for the Non-final Office Action dated October 19, 2020, as follows:
Dependent Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Song (U. S. Patent Application Publication No. 20160226862 A1), herein referred to as Song, in view of Loh et al (U. S. Patent Application Publication No. 20130092741 A1), herein referred to as Loh, and in further view of Kim et al (U. S. Patent Application Publication No. 20170337542 A1), herein referred to as Kim.

Dependent Claim 9
Song and Loh disclose the limitations of Independent Claim 8.
Loh does not teach, however, Song teaches the method according to claim 8, further comprising: integrating said text string within the algorithm through the OTP microchip, and 
Song teaches, in paragraph [0075], Equation 1: Time-based OTP Algorithm (TOTP, RFC 6238) scheme, Transaction_OTP HMAC (SeedKey,Time+transaction message; Equation 2: HOTP (HMAC-Based OTP Algorithm (RFC4226)) scheme, Transaction_OTP HMAC (SeedKey, [ Authentication Counter or time or challenge],+ transaction message).

calculating and generating the valid and unique temporary OTP dynamic code, wherein the text string is used as one of the keys for the calculation of the temporary OTP dynamic code.
Song teaches, in paragraph [0075], In addition, the OTP control unit 213 generates an OTP by reflecting transaction information for each OTP gen-eration method in any one selected from among the following Equations 1 to 3 according to a fourth embodiment of the present invention. The transaction information may be infor-mation about a transaction occurring in services received through the web service server 600. See Equation 1: Time-based OTP Algorithm (TOTP, RFC 6238) scheme, Transaction_OTP HMAC (SeedKey,Time+transaction message; Equation 2: HOTP (HMAC-Based OTP Algorithm (RFC4226)) scheme, Transaction_OTP HMAC (SeedKey, [ Authentication Counter or time or challenge],+ transaction message)

Song and Loh do not teach, however, Kim teaches generating a text string resulting from the detection of the user's biometric character through the biometric sensor;
Kim teaches, in paragraph [0215], returning to FIG. 9, the biometric information driver module 951 may deliver a message, which is deliv-ered from the biometric information management module 943 of the payment manager 940, to the biometric sensor 2401. Biometric information obtained from a biometric sensor may not be delivered to a module in the REE 910 but may be delivered to the biometric information module 925 in the TEE 920.
Kim teaches using an electronic device using registration information to represent a payment function through a display. It would have been obvious to one of ordinary skill in the art to include representing the payment means by transmitting registration information to an electronic device, as in Kim, in conjunction with wireless communication by means of a near field communication (NFC) and radio frequency identification (RFID) using a wireless smart card, as in Loh, to improve and/or enhance the technology of wireless authentication using a one-time password (OTP) through near field communication (NFC) as in Song because it would amount to combining three elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references in order to securely authenticate the user of an electronic device, which has the capability of contactless communication and transfer of data, and by using a dynamic password to conduct a payment function.
Since the Applicant has amended Independent Claim 8 to include the limitations of Dependent Claim 9, and Dependent Claim 9 has accordingly been canceled in the Applicant’s Remarks dated January 18, 2021, this rejection is now considered moot. 
In the context of 35 U.S.C. §103, Applicant argues that according to the Office Action, Kim (not Song) is alleged to teach generating a text string resulting from the detection of the user's biometric character and Song is alleged to teach integrating the string in the algorithm and calculating the OTP code, wherein the text string is used as one of the keys for the calculation of the OTP code. 
Applicant disagrees. In paragraph [0215], Kim simply discloses a standard biometric authentication process using a biometric sensor and the corresponding saving and managing of the biometric information that can be delivered to two regions of the microcontroller, i.e. the Rich Execution Environment and the Trust Execution Environment. Therefore, Kim fails to disclose the generation of the particular text string according to amended claim 8 that is then used as a seed or key for the algorithm. Applicant continues to argue that Song describes methods using standard keys for the algorithm and fails to disclose using biometric information (biometric template, text string, etc. ...) as a seed or key for the algorithm.
Examiner has considered these arguments and is persuaded that Kim does not specifically teach the generation of the particular text string according to amended claim 8 that is then used as a seed or key for the algorithm. Examiner argues that the text string is an alphanumeric string resulting from the fingerprint scan as disclosed in the specification. Examiner continues to argue that Song [0065] and [0113] teaches a token serial number (TSN), which is an alphanumeric string, being the seed information for the OTP generation as the result of the verifying request signal from the touch authentication server, which is similar to the Touch ID on a smartphone that reads and stores the biometric details, such as a fingerprint. Therefore, Examiner argues that Song teaches the generation of the particular text string according to amended Independent Claim 8.
Thus, the applicant arguments are not persuasive, as Song, [0065] and [0113], apply to respective claim limitations of Independent Claim 8 (see 103 analysis above). Therefore, Independent Claim 8, and similarly Independent Claims 10 and 11, stand rejected under 35 U.S.C §103 in the analysis above, and is therefore, not patentable. 
In the context of 35 U.S.C. §103, Applicant argues by directly using the biometric template as a seed or key for the calculation of the temporary dynamic OTP code as in amended claim 8, the sensitive information is protected, due to the non-reversibility of the temporary dynamic OTP code. 
Accordingly, the cited art teaches a skilled person that a stronger password can be determined by using biometric templates to build the OTP keys but the cited art does not teach that the biometric templates can be directly used as one of the keys for the calculation of the dynamic OTP code. 
Therefore, amended claim 8 defines novel and patentable subject matter over any permissible combination of Song, Loh and Kim. In that regard, Applicant does not concede that these references are compatible or that they can all be combined in any manner, let alone as suggested in the office action.
Examiner has considered these arguments and is not persuaded. Examiner argues the term “biometric template” is not specifically claimed in Independent Claim 8. One of ordinary skill in the art would not know or understand the meaning of the term “biometric template” from the claimed subject matter in Independent Claim 8. The specification discloses that a biometric template is the alphanumeric text string resulting from the fingerprint scan, however, the term “biometric template” is not what is being specifically cited in Independent Claim 8. Examiner continues to argue that Song teaches an alphanumeric text string, in the form of a SeedKey as a token serial number (TSN), [0065] and [0113], and in the form of “Time + transaction message,” as one of the keys for the calculation of the dynamic OTP code, as seen in the equations of Song, [0075]. Therefore, Examiner argues that Song teaches the generation of the particular text string to build the OTP keys directly used for the calculation of the dynamic OTP code according to amended Independent Claim 8.
Thus, the applicant arguments are not persuasive, as Song, [0065], [0075], and [0113], apply to respective claim limitations of Independent Claim 8 (see 103 analysis above). Therefore, Independent Claim 8, and similarly Independent Claims 10 and 11, stand rejected under 35 U.S.C §103 in the analysis above, and is therefore, not patentable.
In the context of 35 U.S.C. §103, Applicant argues that Claim 10 includes all limitations of claim 8 and is patentable for at least those reasons that claim 8 is patentable, and for the additional novel and not obvious subject matter set forth in this claim.
Applicant further argues that Voldman is alleged to teach authenticating a user by detecting a biometric character of the user, generating a temporary unique OTP dynamic code (according to claim 8), and that the text string used to generate the OTP code is stored both in the device and the authentication and control server. Applicant disagrees and argues that Voldman cannot teach or suggest storing the biometric data in both the device and the authentication server and Voldman in fact teaches away from this concept, and that Voldman several times mentions the use of asymmetric algorithms, thereby requiring the generation of separated keys for encrypting and decrypting messages (see e.g. paragraphs [0005], [0056]). The skilled person is aware of the difficulties in managing asymmetric keys due to the mathematical elaboration and slowness of long strings and their limits due to the future diffusion of quantum computers. Applicant finally argues that claim 10 sets forth a principle of symmetric encryption, wherein both the authenticator and the verifier are aware of the same "secret element", in this case the biometric template, used as generation key or seed for the calculation of the temporary dynamic OTP code. 
The method of claim 10 solves therefore, among other things, the problem of known systems using biometric authentication processes based on biometric templates stored in a centralized database. In fact, in prior art systems, the biometric data of the user can be intercepted by third parties and can be permanently damaged since it is not changeable by definition. On the other hand, using the biometric template as a key for the calculation of the dynamic OTP code and storing it not only in the device but also in the authentication server, avoids all the complications related to the asymmetric encryption and, at the same time, ensures a high security for the sensitive information of the user.
Examiner has considered these arguments and is not persuaded. Examiner argues it is not clear to one of ordinary skill in the art that the principle of symmetric encryption, wherein both the authenticator and the verifier are aware of the same "secret element", in this case the biometric template, used as generation key or seed for the calculation of the temporary dynamic OTP code is being cited and claimed in Independent Claim 10. The specification does not recite any definition, explanation, or teachings in regard to the terms “asymmetric” or “symmetric” encryption. In fact, the specification is silent in regards to the terms “asymmetric” and “symmetric.” 
In any event, as US Patent No. 8843757 B2 to Varadarajan is being applied to the subject matter (See 35 U.S.C. 103 Analysis above) of “wherein the text string used to generate the unique temporary OTP dynamic code is stored both in the device and in the authentication and control server” for Independent Claim 10, and similarly Independent Claim 11, Examiner finds the applicant arguments moot in view of new grounds of rejection and not persuasive, and therefore, Independent Claims 10 and 11 are not patentable. Independent Claims 10 and 11 stand rejected under 35 U.S.C §103 in the analysis above, and are therefore, not patentable in view of Varadarajan, with [Column 7, lines 6-12] and [Column 10, lines 45-49] now applying to the applicable sections for Independent Claim 10, and similarly Independent Claim 11. Therefore, Independent Claim 10, and similarly Independent Claim 11, stand rejected under 35 U.S.C §103 in the analysis above, and is therefore, not patentable.
In the context of 35 U.S.C. §103, Applicant argues Claim 11 includes all limitations of claim 8 and is patentable for at least those reasons that claim 8 is patentable, and for the additional novel and not obvious subject matter set forth in this claim.
Applicant further argues that it seems that the Examiner has misinterpreted the recited subject-matter by referring to Kim. In fact, whereas Kim describes a payment method, claim 11 refers to a method for digital recognition of a person that replaces standard recognition methods based on the physical ID documents. In paragraph [0163], Kim refers to a method of recognizing that a payment has failed at a POS. However, this is different from a method for recognizing the identity of a person.
Examiner has considered these arguments and is persuaded that Kim does not specifically teach a method for digital recognition of a person. Examiner argues that Loh, teaches digital recognition of a person through a wireless smart card that can generate an OTP to establish means of creating dynamic credentials for authentication [0083], which is digital recognition of a person, and can also be used to provision or modify secure personal credentials, [0033].
Thus, the applicant arguments are not persuasive, as Loh, [0033], [0043], [0044], and [0083], apply to respective claim limitations of Independent Claim 11 (see 103 analysis above). Therefore, Independent Claim 11 stands rejected under 35 U.S.C §103 in the analysis above, and is therefore, not patentable.
Therefore, the amended Independent Claims 8, 10, and 11 stand rejected under 35 U.S.C. 103. Dependent Claims 12-13, which depend on Independent Claim 11, stand rejected under 35 U.S.C. 103.

Conclusion


































The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:


Marien et al (U. S. Patent No. 9124433 B2) – Remote Authentication and Transaction Signatures
Marien recites authentication devices and methods for generating dynamic credentials. A dynamic credential such as a one-time password (OTP) or a message authentication code (MAC) may be generated by receiving from a server an encrypted initialization seed.

Ehrensvard (U. S. Patent Application Publication No. 20140357187 A1) – Devices and Methods for Identifying, Authentication and Signing Purposes
	Ehrensvard recites a method to be performed in a one-time password, OTP, generating device. The OTP device comprises an NFC/RFID, Near Field Communication/Radio Frequency Identification, interface. The method comprises the steps of generating an OTP; and a corresponding OTP generating device is also presented.
Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN CHISM whose telephone number is (571) 272-5915. The examiner can normally be reached during 8:00 AM – 4:30 PM Monday – Thursday, EST.
	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin L. Hewitt II can be reached (571) 272-6709. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/STEVEN CHISM/
Examiner, Art Unit 3692
/BRUCE I EBERSMAN/Primary Examiner, Art Unit 3692