Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment

Applicant’s “Response to Amendment and Reconsideration” filed on 3/4/2021, has been considered.
Applicant’s response by cancelling claims 11-14, 16, and 21 has overcome the Examiner’s rejection under 35 USC § 101 paragraph.
Claims 22-28 are added. Claims 1-7, 9-10, 17-20, 22-28 are pending in this application and an action on the merits follows.

Drawings
The drawings were received on 3/4/21.  These drawings are accepted.

Claim Rejections - 35 USC § 112
Claims 1-7, 9-10, 17-20, 22-25 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 23 recite the limitation "the authentication device”.  There is insufficient antecedent basis for this limitation in the claim.

Claim 23 recites “An authentication card, comprising: a communication interface configured to send and receive information from and to the authentication card”. How does the authentication card receive from or to the authentication card?


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.

3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-5, 12, 14, 20, 22-28, are rejected under 35 U.S.C. 103 as being unpatentable over Ekselius et. al. (US20140258108A1) (hereafter Ekselius) in view of Hodes (US2002/0091573).

Regarding Claims 1, 23, 26, Ekselius discloses receiving, by an authentication card authentication data including information about a product (E.g. Paragraph [0027], the secure token 102 can be read and the product authenticated via a terminal 106.)
wherein the authentication card is provided by a goods manager to the merchant and the authentication card is not associated with the product (E.g. Paragraph [0026], An "acquirer" 116 can refer to the owner or operator of terminal 106, which, in some embodiments, can be the processor of online transactions at the point of the transaction, and/or a financial institution with which a merchant maintains a banking relationship.); See [57-58] for interface, storage and processor.
once the information about the a product has been received, generating, by the authentication device, a signed message which comprises information about the authentication card and the authentication data as received from the merchant terminal (E.g. Paragraphs [0032], [0043], and [0036], Terminal 106 reading secure token 102 to authenticate product item 104 can be referred to as an "endorsement transaction." With reference to FIGS. 1 and 3, in an exemplary embodiment, the endorsement transaction 
communicating, by the authentication card, the signed message to the card issuer; receiving, by the authentication card, authorization data authorizing the sale of the product from the card issuer when information in the signed message fulfils one or more criteria (E.g. Paragraphs [0032] and [0043], Terminal 106 reading secure token 102 to authenticate product item 104 can be referred to as an "endorsement transaction." With reference to FIGS. 1 and 3, in an exemplary embodiment, the endorsement transaction can be performed "offline," that is, with or without the use of a network, such as payment network 108.  At 250, terminal 106 can read the secure token 102 of product item 104. The data read from the secure token 102 can include, for example, an encrypted data value encrypted using a public-key infrastructure (PKI), which can include digital certificates stored within each secure token 102. As such, the terminal 106 can decrypt the encrypted data using a public key stored within the terminal 106 to obtain a decrypted data value. The endorsement transaction information can include, for example and without limitation, for each endorsement transaction, one or more of a date and time of the transaction, a location of the transaction, the product code of the product item 104 authenticated, the serial number of the product item 104 authenticated, whether the transaction indicated that product item 104 was authentic and the owner of terminal 106 performing the transaction. Terminal 106 can be configured to perform and offline endorsement transaction, and can have to option to go online, which can allow an issuer 118 to perform additional authentication of the endorsement transaction.  The Examiner notes that the “endorsement transaction” in 
Eskelius substantially discloses the claimed invention, however, does not explicitly disclose receiving, by an authentication card authentication data including sale information associated with the product from a merchant terminal associated with a merchant during a sale of the product, wherein the authentication card
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Ekselius, to include the above limitations as taught by Hodes in order to provide additional security (Hodes, Paragraph [125]).

Regarding Claim 2, Ekselius discloses the authentication cardis a modified payment card, chip or virtual card provided by an application executed on a computing device (E.g. Paragraph [0021], the term "secure tokens" or "tokens" can include one or 

Regarding Claim 3, Ekselius discloses the authentication cardand the goods manager communicate via at least one element of a transaction infrastructure (E.g. Paragraph [0044], the endorsement transactions can be performed at any point in a supply chain from principal 114 to consumer 110, and as such, the endorsement transaction information can be utilized by principal 114 to track one or more product items 104 in a supply chain. For example and without limitation, principal 114 can perform an endorsement transaction on a product item 104 using a terminal 106 owned by principal 114. Principal 114 can deliver product item 104 to a wholesaler, who can perform an endorsement transaction on product item 104 using a terminal 106 owned by the wholesaler. Wholesaler can deliver product item 104 to a merchant 112, who can perform an endorsement transaction on product item 104 using a terminal 106 owned by merchant 112, or by acquirer 116 acting on behalf of merchant 112. Consumer 110 can purchase product item 104 from merchant 112, and consumer 110 can perform an endorsement transaction on product item 104 using a terminal 106 owned by consumer 110. In some embodiments can be configured as an NFC enabled mobile phone running appropriate software to operate as an EMV-compliant or PayPass-compliant terminal. In this manner, principal 114 can receive and/or view a report of the endorsement transaction information for each endorsement transaction performed in the supply chain.),


Regarding Claim 4, Ekselius discloses the merchant terminal is a terminal of a payment system configured to process transactions according to the EMV specification (E.g. Paragraphs [0026] and [0030], An "acquirer" 116 can refer to the owner or operator of terminal 106, which, in some embodiments, can be the processor of online transactions at the point of the transaction, and/or a financial institution with which a merchant maintains a banking relationship. Terminal 106 can be configured as a Europay, MasterCard and Visa (EMV) merchant terminal, for example where the secure token 102 includes a contact chip, or a contactless PayPass terminal.)

Regarding Claim 5, Ekselius discloses wherein the signed information from the authentication card comprises an application cryptogram (E.g. E.g. Paragraphs [0032], [0043], and [0036], Terminal 106 reading secure token 102 to authenticate product item 104 can be referred to as an "endorsement transaction." With reference to FIGS. 1 and 3, in an exemplary embodiment, the endorsement transaction can be performed "offline," that is, with or without the use of a network, such as payment network 108.  At 250, terminal 106 can read the secure token 102 of product item 104. The data read from the secure token 102 can include, for example, an encrypted data value encrypted 

Regarding Claim 12, 24, 27, Ekselius discloses the authentication card is a chip card, chip or virtual card on a computing device; and wherein communicating with the authentication card comprises establishing a contact or contactless communication with the card, chip or computing device (E.g. Paragraph [0009], the secure token can include a contact smart chip readable by an EMV payment card terminal. Additionally or alternatively, the secure token can include a contactless chip readable by a contactless payment card terminal. The data value can include a serial number of the product item and/or a product model number of the product item.)

Regarding Claim 14, Ekselius discloses terminal is part of a payment infrastructure and is configured to perform transactions using the EMV specification (E.g. Paragraph [0027], terminal 106 can include a contact or contactless payment terminal, which can be an EMV-compliant terminal.).

Regarding Claim 20, Ekselius discloses storing, by the authentication device, information about the merchant in a personal account number data field (E.g. Paragraphs [0032]-0033], terminal 106 can determine that the data value is a valid data value. In an exemplary embodiment, the data value can include an authenticable code that, when validated, can indicate that the product item 104 is associated with a genuine and unique token 102. For example, the data value can be configured as a personal account number (PAN).  The terminal 106 can decrypt the encrypted data using a public key stored within the terminal 106 to obtain a decrypted data value. In this manner, the 

Regarding Claims 22, 25, 28, Ekselius does not explicitly disclose, however, Hodes teaches the authorization data triggers a start of a warranty associated with the product, (an extended warranty is encoded in a computer chip or hard drive and is printed out in response to the data encoded reader receiving an active identification number, [172-174].

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Ekselius and Hodes combination as applied to claims above and in further view of Roberts et. al. (US20170178121A1) (hereafter Roberts). 
Regarding Claim 6, the combination does not explicitly disclose the authentication card requests product information as part of the card data object list 1 (CDOL1). However Roberts discloses E.g. Paragraph [0073], the process may include a request for the transaction data (commodities and points to be transacted) as part of the CDOL1 list.
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination to include requested information as part of a CDOL1 list as taught by Roberts in order to establish a transaction. (Roberts, Paragraph [0018]).

Claims 7 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ekselius and Hodes combination as applied to claim 1 above, and further in view of Mobini et. al. (US10489778) (hereafter Mobini), and further in view of Xie et. al. (US20190043059A1) (hereafter Xie).

Regarding Claim 7, Ekselius discloses the method of claim 1, wherein the authentication card is associated with a card issuer (E.g. Paragraph [0026], An "issuer" 118 can refer to the entity issuing the token and, in some embodiments, providing online authorization and/or tracking services on behalf of the principal 114. The issuer 118 can be, for example and without limitation, the principal 114 itself, a third-party issuer 118, the payment network 108 owner and/ or a financial institution with which a consumer maintains a banking relationship.); 
The combination does not explicitly disclose receiving the authorization data from the goods manager includes receiving, by the authentication device, the authorization data from the goods manager. However, Mobini discloses in Col 13 Lines 6-12, in block 516, the payment card receives transaction information sent by the merchant system. The transaction information may include, but is not limited to, a total amount of the goods and/or services being purchased, a time, a date, store and/or store location identifiers, and/or any other data items required to obtain approval from the authorization system for the transaction.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Ekselius in view of Freeney, to include receiving authorization data by Mobini in order to provide authorization for the merchant system to accept payment from a user using a payment card of the user. (Mobini, Col 6 Lines 25-27).

Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination  to include a query to verify product information as taught by Xie in order to prevent the unwitting purchase of counterfeit, knockoff, stolen, expired, gray market or otherwise unauthorized goods. (Xie, Paragraph [0106]).

Regarding Claim 18, the combination fails to disclose the product information is stored on the authentication card in one or more data fields used to compute the application cryptogram in a conventional EMV payment device. However Mobini discloses Col 13 Lines 15-22, In block 520, the payment card receives the  certificate of the merchant system. In block 522, the payment card encrypts the merchant system certificate and/or one or more or all of the items of transaction information received from 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify combination to include an application cryptogram as taught by Mobini in order to provide an increased level of security (Mobini, Col 1 Line 28).

Claims 9-10, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Ekseliusand and Hodes combination and further in view of Mobini et. al. (US10489778) (hereafter Mobini).

Regarding Claim 9, the combination does not explicitly disclose, however Mobini discloses the method of claim 1, further comprising communicating, by the authentication device, the signed message to a card issuer, whereby the card issuer is permitted to use the information in the message to generate a unique transaction identifier (E.g. Col 6 Lines 31-34, Col 13 Lines 30-36, and Col 15 Lines 36-37, An exemplary authorization system is a server operated by an issuer of the payment card or a third party that is tasked, by the issuer of the payment card, to provide the merchant system with authorization to charge the payment card. The authentication data and the transaction information are encrypted using an encryption technique that the merchant system is unable to decrypt. For example, the processor of the payment card encrypts the 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination to include communicating a signed message as taught by Mobini in order approve the transaction (Mobini, Col 15 Line 3).

Regarding Claim 10, the combination does not explicitly disclose, however Mobini discloses the method of claim 1, wherein the authentication card is associated with a unique identifier which is comprised in the information of the signed message (E.g. Col 13 Lines 15-22 and 27-36, the payment card identifying information, which may be stored in the payment card, uniquely identifies the payment card. The merchant system certificate, the payment card identifying information, and the request for authentication may be collectively referred to as authentication data and encrypted authentication data once encrypted. The authentication data and the transaction information are encrypted using an encryption technique that the merchant system is unable to decrypt. For example, the processor of the payment card encrypts the authentication data and transaction information using a key that is shared with the authorization system, but not with the merchant system. Examiner notes that the encrypted message in this art is the same as a signed message.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination to include a 

Regarding Claim 17, the combination does not explicitly disclose, however Mobini discloses wherein providing a signed message which comprises information about the authentication card and information about the product received from the merchant terminal comprises providing the signed message to the merchant terminal (E.g. Col 13 Lines 16-22, In block 522, the payment card encrypts the merchant system certificate and/or one or more or all of the items of transaction information received from the merchant system. As part of the encryption, in block 522, the payment card also may encrypt payment card identifying information and a request for merchant system authentication.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination, to include a signed message as taught by Mobini in in order to provide an increased level of security (Mobini, Col 1 Line 28).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Ekselius Hodes and Mobini combination and further in view of Feeney (US2016/0098730A1).
The combination does not explicitly disclose, however, Freeney discloses the method of claim 9, wherein the transaction identifier comprises an output of a hash function, and wherein the input of the hash function comprises an application cryptogram generated by the authentication card (E.g. Paragraph [0086], signatures. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination to include a hash function as taught by Freeney in order to lookup of data stored in the data storage facility. (Freeney, Paragraph [0041]).

Response to Arguments
Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant argues that the prior art does not teach “once the information about the a product has been received, generating, by the authentication device, a signed message which comprises information about the authentication card and the authentication data as received from the merchant terminal”. Examiner does not agree.  Ekselius teaches in paragraphs [0032], [0043], and [0036], Terminal 106 reading secure token 102 to authenticate product item 104 can be referred to as an "endorsement transaction." With reference to FIGS. 1 and 3, in an exemplary embodiment, the endorsement transaction can be performed "offline," that is, with or without the use of a 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MILENA RACIC whose telephone number is (571)270-5933.  The examiner can normally be reached on M-F 7:30am-4pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Florian (Ryan) Zeender can be reached on (571)272-6790.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MILENA RACIC/Patent Examiner, Art Unit 3627 




/FLORIAN M ZEENDER/Supervisory Patent Examiner, Art Unit 3627