DETAILED ACTION
Claim Status
This Office Action is in response to the claims filed on 01/08/2021.
Claims 1-9 are pending of which claims claim 5 have previously been withdrawn from consideration.
Claims 1-4 and 6-9 have been examined.
The PGPub US 2019/0222422 relied upon as the prior art has been reviewed for complete support. (Provisional Application 62/616,675 dated 01/12/2018)

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
With respect to rejection of claims under 35 U.S.C. 101, Applicant is of the opinion that claims 1 and 6 have been amended in a manner that is believed to overcome the rejection under 35 U.S.C. §101 hence the rejection of claims 1-4 and 6-9 under 35 U.S.C. §101 is respectfully traversed.
Examiner fully considers Applicant’s position, but respectfully disagree because the amendments did not provide to add limitations that is significantly more than an abstract idea hence Examiner sustains the rejection.

With respect to rejection of claims under 35 U.S.C. 112(a), Applicant is of the opinion that support for the checking of whether an attribute certificate issued by an issuing party for a user matches with the payment card information limitation, support can be found in, for example, paragraph [0031] of the specification, support for the storing of the payment card for the user on a blockchain if the attribute certificate matches with the payment card information limitation, support can be found in, for example, paragraph [0032] of the specification, support for the signing of the record on the blockchain limitation, support can be found in, for example, paragraph [0032] of the specification, support for the obtaining of the cryptographic challenge from the relying party device if the payment card is stored with the blockchain limitation, support can be found in, for example, paragraph [0034] of the specification and support for the transmitting of the response to the cryptographic challenge to the relying party device limitation, support can be found in, for example, paragraph [0035] of the specification which discloses, 
“The payment card registration module 202 processes a payment card information associated with a payment card for storing the payment card with the electronic payment transaction management application 108 associated with the user device 104. The payment card information may be but it is not limited to a name, card number, validity date, and Card Verification Value (CVV). The attribute certificate checking module 204 checks whether an attribute certificate issued by an issuing party for the user 102 matches with the payment card information obtained from the payment card via the network 110. The attribute certificate may be but it is not limited to driving license and any government issued identity document. The payment card registration module 202 stores the payment card for the user 102 if the attribute certificate matches with the payment card information.
The record signing module 208 signs a record on the blockchain 114 to obtain a signed record via the network 110. In one embodiment, the record includes (a) a cryptographic hash function of the payment card information, (b) a user public key of the set of credentials associated with the user 102, and (c) a device id of the user device 104 associated with the user 102. In another embodiment, signing the record links the cryptographic hash function, the user public key, and the device id with each other. In yet another embodiment, the signed record is stored in a public database to be accessible to a relying party. In yet another embodiment, when an electronic payment card transaction is initiated on a website associated with the relying party, the relying party device 112 checks if the payment card is stored with the blockchain 114 or not. The cryptographic challenge response module 208 obtain's a cryptographic challenge from the relying party device 112 if the payment card is stored with the blockchain 114 via the network 110. The cryptographic challenge response module 208 transmits a response to the cryptographic challenge to the relying party device 112 via the network 110. In one embodiment, the relying party device 112 checks whether the response matches with a predetermined correct response to the cryptographic challenge or not. In another embodiment, the relying party device 112 authenticates the electronic payment transaction only if the response matches with the predetermined correct response.
The payment card information comparison module 302 checks whether the payment card information matches with any payment card information that is stored in the blockchain 114 via the network 110. In one embodiment, the payment card is pre-stored with the blockchain 114 by the user device 104 associated with the user 102 by signing a record on the blockchain 114. The cryptographic challenge module 306 communicates the cryptographic challenge to the user device 104 via the network 110. The cryptographic challenge includes an original random value. The relying party device 112 communicates the original random value to the user device 104. The user device 104 encrypts the original random value with the user private key of the user 102 to obtain an encrypted random value and communicates the encrypted random value back to the relying party device 112. The relying party device 112 decrypts the encrypted random value with the user public key of the user 102 and verifies that the decrypted random value is the same as the original random value to prove that that the user 102 possesses the corresponding user's private key.
The response comparison module 306 receives a response to the cryptographic challenge from the user device 104 via the network 110. The response comparison module 306 matches the response with a predetermined correct response. The payment transaction authentication module 308 authenticates the electronic payment transaction only if the response matches with the predetermined correct response.” [0031-0032, 0034-0035]
Examiner fully considers Applicant’s position, but respectfully disagree that the sections presented above pointed out by Applicant as having proper support for the claimed invention because the claim contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention as the specification do not contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same.  That is, although the section of the Specification recites the claim language, the Specification does not describe the clamed invention in such full, clear, concise, and exact terms of what specific steps or procedures, to accomplish the claimed functions.  Therefore, Examiner sustains the rejection.

With respect to rejection of claims under 35 U.S.C. 103, Applicant is of the opinion that support for the obtaining of the cryptographic challenge from the relying party device if the payment card is stored with the blockchain limitation is provided by the 62/368,875 (‘875) priority document, and support for the transmitting of the response to the cryptographic challenge to the relying party device, wherein the relying party device checks whether the response matches with a predetermined correct response to the cryptographic challenge or not, and the electronic payment transaction is authenticated only if the response matches with the predetermined correct response limitation is also provided by the 62/368,875 (‘875) priority document. Accordingly, at least the obtaining and transmitting limitations have a priority of July 29, 2016 filing date for ‘875 priority document which is earlier than the March 21, 2017 filing date of Haldenby hence for at least the obtaining and transmitting limitations, Haldenby is NOT prior art.
Examiner fully considers Applicant’s position, but respectfully disagree because Haldenby discloses,
“Payment application data 110 may, in some instances, also include data identifying the payment instrument associated with the SV payment application (and additionally or alternatively, one or more of the conventional EMV applications described above). For example, and as described above, the payment instrument may include a credit card account held by user 101 and issued by issuer computing system 142, and the payment instrument data may include, but is not limited to, an account number, expiration date, and card security code (CSC), and any additional or alternate information that would facilitate a successful authorization of an SV purchase transaction initiated POS terminal 122.
Referring back to FIG. 1, cryptographic data 114 may include a private cryptographic key 116A and a corresponding public cryptographic key 116B. In certain instances, client device 102 may input device-specific private cryptographic key 116A to one or more hash-generation algorithms and digital signature operations, the output of which may form portions of SV block-chain ledger 113, as described below. Cryptographic data 114 also includes public key certificates of issuer system 142 and client device 102, e.g., issuer public key certificate 118 and device public key certificate 120. Issuer public key certificate 118 may, in one instance, be signed by a private cryptographic key maintained by payment network system 182 (e.g., acting as a certificate authority), and device public key certificate 120 may be signed by a private cryptographic key maintained by issuer system 142.
For example, and as described above, the selected SV payment application may be associated with a payment instrument held by user 101 and issued by a financial institution associated with issuer system 142. In certain aspects, and through an online authorization of a request generated by client device 102 in accordance with certain EMV authorization and communications protocols, issuer system 142 may authorize an SV load transaction specified by the request, and may transfer funds consistent with a predetermined or adaptively determined transfer amount of a payment instrument account of user 101 to an SV float account, which “loads” client device 102 with a balance of funds designated for use in SV purchase transactions. Client device 102 may, in some instances, generate and maintain a cryptographically secure SV block-chain ledger, e.g., SV block-chain ledger 113, that tracks the authorized SV load transaction and successive authorized SV purchase transaction that consume portions of the loaded funds, and established a current balance of the loaded funds available for use in a newly initiated SV purchase transaction.
Client device 102 may receive POS terminal challenge 312 through device interface unit 108, and a DDA module 314 of client device 102 may process POS terminal challenge 112, extract the POS challenge value and list of participating data elements incorporated within POS terminal challenge 312, and generate a device response 316 for transmission to POS terminal device 122. For example, and as described above, the list of participating data elements included within POS terminal challenge 312 may identify SV block-chain ledger 113 as a component of device response 316. In certain aspects, DDA module 314 may access data repository 106, obtain SV block-chain ledger 113 (e.g., as stored within ledger data 112), and incorporate the POS challenge value (e.g., as extracted from POS terminal challenge 312) and obtained SV block-chain ledger 113 into device response 316. Further, in additional aspects, DDA module 314 may concatenate the contents of device response 106 and apply a digital signature to the concatenated contents using device private cryptographic key 116A (e.g., by executing a conventional Digital Signature Scheme Giving Message Recovery algorithm on processor 104). Client device 102 may transmit device response 316 to POS terminal 122 across direct communications channel 120A (e.g., through terminal interface unit 120 using any of the communications described above).
POS terminal 122 may receive device response 316 through terminal device unit 126, and authentication module 310 may process device response 316 to verify an authenticity of the contents of device response 316, e.g., SV block-chain ledger 113 and the POS challenge value. For example, authentication module 310 may decode the digital signature applied to device response 316 using now-validated device public key 308, and perform operations that extract the POS challenge value and the copy of SV block-chain ledger 111 from decoded device response 316. Authentication module 310 may also perform operations to confirm that the extracted POS challenge value corresponds to the POS challenge value incorporated into POS terminal challenge 312 and further, to confirm that the extracted copy of SV block-chain ledger 113 corresponds to the locally stored copy of SV block-chain ledger 113 (e.g., as maintained within data repository 128), which POS terminal 122 incorporated into POS terminal challenge 316.” (In at least Pars. 43, 47, 68, 96-97)
Therefore, given the broadest reasonable interpretation of the claims in light of the Applicant’s Specification, Haldenby discloses, “a processor: and a memory coupled with the processor, wherein the memory is configured to store instructions and provide the processor with the instructions which when executed cause the processor perform the operations of: receiving, using the user device, a payment card information associated with a payment card for storing the payment card with an application associated with the user device; an attribute certificate issued by an issuing party for a user, if the attribute certificate matches with the payment card information, signing, using the user device, a record on the blockchain to obtain a signed record, wherein the record comprises: (a) a cryptographic hash function of the payment card information, (b) a user public key of a set of credentials associated with the user, and (c) a device id of the user device associated with the user, wherein signing the record links the cryptographic hash function, the user public key, and the device id with each other, wherein the signed record is stored in a public database to be accessible to a relying party, wherein when an electronic payment card transaction is initiated on a website associated with the relying party; obtaining, using the user device, the cryptographic challenge from the relying party device, transmitting, using the user device, a response to the cryptographic challenge to the relying party device, wherein the relying party device checks whether the response matches with a predetermined correct response to the cryptographic challenge or not, and the electronic payment transaction is authenticated only if the response matches with the predetermined correct response,” and would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to.
Haldenby does not explicitly disclose checking, using the user device, whether an attribute certificate matches with the payment card information obtained from the payment card nor if the attribute certificate matches with the payment card information.  Quesselaire disclose,
“The terminal then only needs to verify that the signature sent by the payment card in the form of a number N taken randomly and the certificate matches the number N encrypted with secret key SIC.
The terminal has key PIC and can therefore determine the authenticity of the signature by decrypting the certificate and verifying that the result is indeed N.
Therefore, given the broadest reasonable interpretation of the claims in light of the Applicant’s Specification, Quesselaire disclose checking, using the user device, whether an attribute certificate matches with the payment card information obtained from the payment card nor if the attribute certificate matches with the payment card information (Pars. 30-33).  Therefore, it would have been obvious for a person of ordinary skill in the art before the effective filing date of the claimed invention to substitute the identifying of SV block-chain ledger, issuer public key certificate, device public key certificate and the validation of issuer public key certificate and device public key certificate by a device (Pars. 83, 95) of Haldenby in view checking, using the user device, whether an attribute certificate matches with the payment card information obtained from the payment card nor if the attribute certificate matches with the payment card information (Pars. 30-33) Quesselaire in order to perform operations that verify and confirm, to a POS terminal, that SV block-chain ledger is generated by the device, and not a counterfeit clone of the device (Haldenby, Par. 95) and to verify the genuineness of a card associated with a payment card information (Quesselaire, Par. 31).  ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
Neither Haldenby nor Quesselaire explicitly disclose storing, using the user device, the payment card for the user on a blockchain and a relying party device checks if the payment card is stored with the blockchain or not.  Purves disclose,
“The blockchain 108 may store alias information including account aliases, device aliases, user aliases, etc. The blockchain 108 may reside on one or more computers in the system 100, including some that may not be specifically depicted in FIG. 1. In some embodiments, the blockchain 108 may store card art for an access card (e.g., a payment card), a token reference ID for a token (e.g., a payment token associated with the payment card), a card alias such as the last four digits of an access card, and a card provider's name in association with an identifier or user alias in a block in the blockchain 108. The token reference ID may be associated with a token which may represent access data. In some embodiments, multiple different entities (e.g., different banks) may store aliases in the blockchain 108. Because the blockchain 108 does not contain underlying sensitive data associated with aliases, different entities may access the blockchain 108.
The secure gateway 106 may query the blockchain 108 for the identifier. Pointers in the ledger to each block containing an active card alias entry for the identifier may be used to access each block. The card aliases and corresponding information may be retrieved in an encrypted list. The card aliases stored on the blockchain 108 may be encrypted with a public key associated with a private key on or associated with the user device 102.” (In at least Pars. 54, 67)
Therefore, given the broadest reasonable interpretation of the claims in light of the Applicant’s Specification, Purves disclose storing, using the user device, the payment card for the user on a blockchain (Abstract, Pars. 32, 46, 54, 58, 82, 88, 96, 102-103), and a relying party device checks if the payment card is stored with the blockchain or not (Figs. 2, 4; Pars. 66-67, 70, 88-89, 95).  Therefore, it would have been obvious for a person of ordinary skill in the art before the effective filing date of the claimed invention to substitute the SV block-chain ledger that includes an SV genesis block reflecting a balance of a loaded funds as well as transaction Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).

With respect to rejection of priority because Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 120, Applicant is of the opinion that the receiving of the payment card information associated with a payment card for storing the payment card with an application associated with the user device limitation, support for the limitation can be found in the 62/503,107 (‘107) priority document at, for example, page 4. For example, page 4 of ‘107 recites “[t]he card-holder user would first register their card with the Trusted Key CNP system.” 
Regarding the checking of whether the attribute certificate issued by an issuing party for a user matches with the payment card information obtained from the payment card limitation, support for the limitation can be found in the 62/503,107 (‘107) priority document at, for example, page 4. For example, page 4 of ‘107 recites “the system would also check the user’s Attribute Certificates from a government issued document such as a driver’s license or passport 
“The Trusted Key platform can be used to effectively simulate the POS challenge-response in the CNP transactions. The card-holder user would first register their card with the Trusted Key CNP system, at which point the system would also check the user's Attribute Certificates from a government issued document such as driver's license or passport to confirm that this user is indeed the card-holder (for example, by matching the name on the card with the user's name Attribute Certificate from their government issued ID). Once this is done, the user signs a record (Hash(CC#), Public Key of Credentials, Device ID) with their Credentials associating the user's device (phone) with that credit card, represented by a hash of the credit card number. This signed record is held in a public credit card database, accessible to any Relying Party (such as a merchant) wishing to inspect it.” (Page 4 of 62/503,107 (‘107))
Examiner fully considers Applicant’s position, but respectfully disagree because the cited section do not provide a proper written description as required as it is not sufficient to comply with the requirements of 35 U.S.C. 112(a).  That is, the claim requires “receiving a payment card information associated with a payment card for storing the payment card with an application associated with the user device, checking whether an attribute certificate issued by an issuing party for a user matches with the payment card information obtained from the payment card using the user device.”  However, Page 4 of 62/503,107 (‘107) that is pointed out by Applicant as evidence that Applicant’s discloser provides proper written description as required as  sufficient to comply with the requirements of 35 U.S.C. 112(a) is not found to be because Page 4 of 62/503,107 (‘107) does not disclose receiving a payment card information associated with a payment card for storing the payment card with an application associated with the user device, checking whether an attribute certificate issued by an issuing party for a user matches with the payment card information obtained from the payment card using the user device.  Further, the user device is not the same as Trusted Key CNP system.
Additional Applicant alleges that this application obtains priority from provisional applications 62/368,875 (‘875) and 62/503,107 (‘107) because support for the “obtaining of the cryptographic challenge from the relying party device if the payment card is stored with the blockchain, transmitting of the response to the cryptographic challenge to the relying party device, wherein the relying party device checks whether the response matches with a predetermined correct response to the cryptographic challenge or not, and the electronic payment transaction is authenticated only if the response matches with the predetermined correct response,” limitation can be found in the 62/368,875 (‘875) priority document at, for example, page 9. For example, page 9 of ‘875 recites,
“[w]hen the user needs to login, the service would use a challenge-response mechanism to authenticate the user.  Essentially, the service would generate a random value, encrypt it with the user's public key and ask the user to decrypt the value and return it to the service to prove they possess the corresponding private key.”  
“[i]f the user needs to login to the service using a new device which does not have the user's Certificate (e.g. a shared or public computer), they could still do so by either using their smartcard (with a smart-card reader) which has an associated certificate or even with their smart-phone (by using an "out-of-band" authentication scheme where the phone scans a QR-code based challenge on the computer screen, computes its response using its private key and sends the results back to the site directly using its data connection).” 
Examiner fully considers Applicant’s position, but respectfully disagree because the cited section do not provide a proper written description as required and is not sufficient to comply with the requirements of 35 U.S.C. 112(a) as the claim requires obtaining the cryptographic challenge from the relying party device if the payment card is stored with the blockchain and transmitting a response to the cryptographic challenge to the relying party device, wherein the relying party device checks whether the response matches with a predetermined correct response to the cryptographic challenge or not, and the electronic payment transaction is authenticated only if the response matches with the predetermined correct response using the user device.  That is, page 9 of ‘875 provided as evidence that provides proper written description sufficient to challenge-response related to a user login and does not describe how obtaining the cryptographic challenge from the relying party device if the payment card is stored with the blockchain and transmitting a response to the cryptographic challenge to the relying party device, wherein the relying party device checks whether the response matches with a predetermined correct response to the cryptographic challenge or not, and the electronic payment transaction is authenticated only if the response matches with the predetermined correct response using the user device is perfumed as there is also no description of what a predetermined correct response to the cryptographic challenge.  Therefore, Examiner sustains the priority rejection.  (See MPEP 2161.01 (I))

Examiner Comments
Claim 1 “issued by an issuing party,” “accessible to a relying party, transaction is initiated on a website associated with the relying party, predetermined correct response, authenticated, predetermined correct response,” Claim 3, “published,” “protected,” Claim 4, “wherein the relying party device communicates,” “wherein the relying party device decrypts the encrypted random value with the user public key of the user and verifies that the decrypted random value is the same as the original random value to prove,” These are examples of language that is not positively recited. It has been held “…every limitation positively recited in a claim must be given effect in order to determine what subject matter that claim defines.” See In re Wilder, 166 USPQ 545 (C.C.P.A 1970). Therefore, as these limitation (e.g. “generating…” and “…a public key…”
Claim 1 recites “storing the payment card for the user on a blockchain if the attribute certificate matches with the payment card information… wherein when an electronic payment card transaction is initiated on a website associated with the relying party, a relying party device checks if the payment card is stored with the blockchain or not… obtaining the cryptographic challenge from the relying party device if the payment card is stored with the blockchain… the electronic payment transaction is authenticated only if the response matches with the predetermined correct response.” Those limitations are conditional language and do not have patentable weight because “storing the payment card for the user on a blockchain,” only occurs when the attribute certificate matches with the payment card information,” “a relying party device checks if the payment card is stored with the blockchain or not,” only occurs when “when an electronic payment card transaction is initiated on a website associated with the relying party,” “obtaining the cryptographic challenge from the relying party device,” only occurs when “the payment card is stored with the blockchain,” “the electronic payment transaction is authenticated,” only occurs when the response matches with the predetermined correct response.  Accordingly, once the positively recited steps are satisfied, the method as a whole is satisfied regardless of whether or not other steps are conditionally performed under certain other hypothetical scenarios. (In re Johnston, 77 USPQ2d 1788 (CA FC 2006); Intel Corp. v. Int'l Trade Comm'n, 20 USPQ2d 1161 (Fed. Cir. 1991); MPEP § 2103 I C).
Claims 1 and 6 recite “wherein the record comprises (a) a cryptographic hash function of the payment card information, (b) a user public key of a set of credentials associated with the user, and (c) a device id of the user device associated with the user, wherein signing the record links the cryptographic hash function, the user public key, and the device id with each other” which describes characteristic of record.  However, as the recited characteristics of these items In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP § 2111.05; Cf. In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983)).

Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, or 365(c) is acknowledged.  Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 120 as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA  35 U.S.C. 112, except for the best mode requirement.  (See Transco Products, Inc. v. Performance Contracting, Inc.
The respective Parent Application Nos. 15/961,791, 15/662,417 and Provisional Applications 62/557,331, 62/503,107, 62/489,772, 62/368,875, fail to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph for one or more claims of this application.  The respective Parent Application Nos. 13/756, 433 and Provisional Applications 61/594, 216 at least do not disclose “checking, using the user device, whether an attribute certificate issued by an issuing party for a user matches with the payment card information obtained from the payment card; storing, using the user device, the payment card for the user on a blockchain if the attribute certificate matches with the payment card information; signing, using the user device, a record on the blockchain to obtain a signed record, wherein the record comprises (a) a cryptographic hash function of the payment card information, (b) a user public key of a set of credentials associated with the user, and (c) a device id of the user device associated with the user, wherein signing the record links the cryptographic hash function, the user public key, and the device id with each other, wherein the signed record is stored in a public database to be accessible to a relying party, wherein when an electronic payment card transaction is initiated on a website associated with the relying party, a relying party device checks if the payment card is stored with the blockchain or not; obtaining, using the user device, the cryptographic challenge from the relying party device if the payment card is stored with the blockchain; and transmitting, using the user device, a response to the cryptographic challenge to the relying party device, wherein the relying party device checks whether the response matches with a predetermined correct response to the cryptographic challenge or not, and the electronic payment transaction is authenticated only if the response matches with the predetermined correct response.” (Claims 1 and 6), “wherein the set of credentials comprise a blockchain-compatible public-private key pair associated with the user, wherein the blockchain-compatible public-private key pair comprises the user public key and a user private key, wherein the user public key is published and the user private key is protected by at least one of the user’s password, biometric or PIN code.” (Claims 3 and 8), “wherein the cryptographic challenge comprises an original random value, wherein the relying party device communicates the original random value to the user device, wherein the user device encrypts the original random value with the user private key of the user to obtain an encrypted random value, and communicates the encrypted random value back to the relying party device, wherein the relying party device decrypts the encrypted random value with the user public key of the user and verifies that the decrypted random value is the same as the original random value to prove that that the user possesses the corresponding user’s private key.” (Claims 4 and 9)
The disclosure of the respective Parent Application Nos. 15/961,791, 15/662,417 and Provisional Applications 62/557,331, 62/503,107, 62/489,772, 62/368,875, fails to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph for one or more claims of this application.  Therefore, the present application does not gain the benefit of priority to Parent Application Nos. 15/961,791, 15/662,417 and Provisional Applications 62/557,331, 62/503,107, 62/489,772, 62/368,875.
MPEP 201.11 (I) (B) states:
Any claim in a continuation-in-part application which is directed solely to subject matter adequately disclosed under 35 U.S.C. 112 in the parent nonprovisional application is entitled to the benefit of the filing date of the parent nonprovisional application. However, if a claim in a continuation-in-part application recites a feature which was not disclosed or adequately supported by a proper disclosure under 35 U.S.C. 112 in the parent nonprovisional application, but which was first introduced or adequately supported in the continuation-in-part application, such a claim is entitled only to the filing date of the continuation-in-part application; In re Chu, 66 F.3d 292, 36 USPQ2d 1089 (Fed. Cir. 1995); Transco Products, Inc. v. Performance Contracting Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994); In re Van Lagenhoven, 458 F.2d 132, 136, 173 USPQ 426, 429 (CCPA 1972); and Chromalloy American Corp. v. Alloy Surfaces Co., Inc., 339 F. Supp. 859, 874, 173 USPQ 295, 306 (D. Del. 1972).

Therefore, as the Present Application is a CIP/CON of the prior-filed Applications, Parent Application No. 15/961,791, 15/662,417 and Provisional Applications 62/557,331, 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-4 and 6-9 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon or an abstract idea) without significantly more.
Analysis
In the instant case, claims 1-4 are directed to a processor implemented method (method).  Claim 6-9 is directed to a system (system).  Therefore, these claims fall within the four statutory categories of invention.
The claims recite payment method processing (credit card issuing/activation), which is an abstract idea.  Specifically, the claims recite "receiving a payment card information associated with a payment card for storing the payment card with associated the user; checking whether an attribute certificate issued by an issuing party for a user matches with the payment card information obtained from the payment card, storing the payment card for the  user if the attribute matches with the payment card information; signing a record to obtain a signed record, wherein the record comprises (a) the payment card information, (b) a user key of a set of credentials associated with the user, and (c) an id of the user associated with the user, wherein signing the record links the function, the user key, and the id with each other, wherein the signed record is stored in a public database to be accessible to a relying party, wherein when an payment card transaction is initiated with the relying party, a relying party checks if the payment card is stored with or not; obtaining the challenge from the relying party if the payment card is stored, transmitting a response to the challenge to the relying party, wherein the relying party checks whether the response matches with a predetermined correct response to the challenge or not, and the payment transaction is authenticated only if the response matches with the predetermined correct response," which is grouped within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test such as managing relationship/commercial interaction (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because the claims involve obtaining a payment card information, checking a certificate matches with the payment card information and storing the payment card information on a ledger, signing a record of the payment card information with key and an identifier associated with a user by linking those data and storing the linked data in a ledger that is accessible for an entity that can provide an irrefutable confirmation of a transaction that involves the linked data which is an interaction between a consumer/user and a service provider for payment transaction authentication.  Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) system comprising: a processor: and a memory coupled with the processor, wherein the memory is configured to store instructions and provide the processor with the instructions which when executed cause the processor perform the operations,” “user device,” “application associated with the user device,” “blockchain,” “certificate,” “a cryptographic hash function,” “public key,” “device id,” “electronic payment card,” “website,” and “relying party device,” merely uses a computer as a tool to perform an abstract idea and/or generally links the use of a judicial exception to a particular technological environment.  Specifically, the “system comprising: a processor: and a memory coupled with the processor, wherein the memory is configured to store instructions and provide the processor with the instructions which when executed cause the processor perform the operations,” “user device,” “application associated with the user device,” “blockchain,” “certificate,” “a cryptographic hash function,” “public key,” “device id,” “electronic payment card,” “website,” and “relying party device,” perform the steps or functions of "receiving a payment card information associated with a payment card for storing the payment card with associated the user; checking whether an attribute certificate issued by an issuing party for a user matches with the payment card information obtained from the payment card, storing the payment card for the  user if the attribute matches with the payment card information; signing a record to obtain a signed record, wherein the record comprises (a) the payment card information, (b) a user key of a set of credentials associated with the user, and (c) an id of the user associated with the user, wherein signing the record links the function, the user key, and the id with each other, wherein the signed record is stored in a public database to be accessible to a relying party, wherein when an payment card transaction is initiated with the relying party, a relying party checks if the payment card is stored with or not; obtaining the challenge from the relying party if the payment card is stored, transmitting a response to the challenge to the relying party, wherein the relying party checks whether the response matches with a predetermined correct response to the challenge or not, and the payment transaction is authenticated only if the response matches with the predetermined correct response."  The use of a processor/computer as a tool to implement the abstract idea and/or generally linking the use of the abstract idea to a particular technological environment does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea.  The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo).  Additionally, the additional element of “signing a record on the blockchain to obtain a signed record, wherein the record comprises (a) a cryptographic hash function of the payment card information, (b) a user public key of a set of credentials associated with the user, and (c) a device id of the user…, wherein signing the record links the cryptographic hash function, the user public key, and the device id with each other” also does not improve a computer as it represents the mere performance of a mathematical calculation by a computer.  Therefore, the claims do not, for example, purport to improve the functioning of a computer.  Nor do they effect 
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional elements of using a “system comprising: a processor: and a memory coupled with the processor, wherein the memory is configured to store instructions and provide the processor with the instructions which when executed cause the processor perform the operations,” “user device,” “application associated with the user device,” “blockchain,” “certificate,” “a cryptographic hash function,” “public key,” “device id,” “electronic payment card,” “website,” and “relying party device,” to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of payment method processing (credit card issuing/activation).  As discussed above, taking the claim elements separately, the “system comprising: a processor: and a memory coupled with the processor, wherein the memory is configured to store instructions and provide the processor with the instructions which when executed cause the processor perform the operations,” “user device,” “application associated with the user device,” “blockchain,” “certificate,” “a cryptographic hash function,” “public key,” “device id,” “electronic payment card,” “website,” and “relying party device,” perform the steps or functions of " receiving a payment card information associated with a payment card for storing the payment card with associated the user; checking whether an attribute certificate issued by an issuing party for a user matches with the payment card information obtained from the payment card, storing the payment card for the  user if the attribute matches with the payment card information; signing a record to obtain a signed record, wherein the record comprises (a) the payment card information, (b) a user key of a set of credentials associated with the user, and (c) an id of the user associated with the user, wherein signing the record links the function, the user key, and the id with each other, wherein the signed record is stored in a public database to be accessible to a relying party, wherein when an payment card transaction is initiated with the relying party, a relying party checks if the payment card is stored with or not; obtaining the challenge from the relying party if the payment card is stored, transmitting a response to the challenge to the relying party, wherein the relying party checks whether the response matches with a predetermined correct response to the challenge or not, and the payment transaction is authenticated only if the response matches with the predetermined correct response,"  These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of payment method processing (credit card issuing/activation).  Further, the additional element of “signing a record on the blockchain to obtain a signed record, wherein the record comprises (a) a cryptographic hash function of the payment card information, (b) a user public key of a set of credentials associated with the user, and (c) a device id of the user…, wherein signing the record links the cryptographic hash function, the user public key, and the device id with each other” also does not improve a computer as it represents the mere performance of a mathematical calculation by a computer.  Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea.  The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly 
Dependent claims 2-4 and 7-9 further describe the abstract idea of payment method processing (credit card issuing/activation).  The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea.  Therefore, the dependent claims are also not patent eligible.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-4 and 6-9 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 1 recites checking, using the user device, whether an attribute certificate issued by an issuing party for a user matches with the payment card information obtained from the payment card… obtaining, using the user device, the cryptographic challenge from the relying party device if the payment card is stored with the blockchain.”  However, according to the Applicant’s Specification which discloses,
“FIG. 5 is a flow chart illustrating a method for blockchain-based electronic payment transaction management using the user device 104 of FIG. 1 according to an embodiment herein. At step 502, the user device 104 processes the payment card information associated with the payment card for storing the payment card with the electronic payment transaction management application 108 associated with the user device 104. At step 504, the user device 104 checks whether an attribute certificate issued by an issuing party for the user 102 matches with the payment card information obtained from the payment card. At step 506, the user device 104 stores the payment card for the user 102 if the attribute certificate matches with the payment card information. At step 508, the user device 104 signs a record on the blockchain 114 to obtain a signed record. The record includes (a) a cryptographic hash function of the payment card information, (b) a user public key of a set of credentials associated with the user 102, and (c) a device id of the user device 104 associated with the user 102. In one embodiment, the record links the cryptographic hash function, the user public key, and the device id with each other.” (PGPub, Par. 37 as similarly in 5, 8-9, 14, 30-31)
However, the Applicant’s Specification does not describe what is involved in performing the acts of  nor “checking” or “obtaining” the manner in which “checking” and “obtaining” are performed.  Therefore, the Specification does not explain what hardware and/or software with specific steps or procedures, to accomplish the function. (See MPEP 2161.01 (I)).
Claim 6 are also rejected based on the same rational as it recites similar limitation.
Claims 2-4 and 7-9 are all rejected as each depend on claims 1 and 6, respectively.
Claim 1 recites “storing, using the user device, the payment card for the user on a blockchain if the attribute certificate matches with the payment card information; signing, using the user device, a record on the blockchain to obtain a signed record, wherein the record comprises (a) a cryptographic hash function of the payment card information, (b) a user public key of a set of credentials associated with the user, and (c) a device id of the user device associated with the user, wherein signing the record links the cryptographic hash function, the user public key, and the device id with each other, wherein the signed record is stored in a public database to be accessible to a relying party, wherein when an electronic payment card transaction is initiated on a website associated with the relying party, a relying party device checks if the payment card is stored with the blockchain or not.”  Although the Applicant’s Specification discloses,
“The payment card information comparison module 302 checks whether the payment card information matches with any payment card information that is stored in the blockchain 114 via the network 110. In one embodiment, the payment card is pre-stored with the blockchain 114 by the user device 104 associated with the user 102 by signing a record on the blockchain 114. The cryptographic challenge module 306 communicates the cryptographic challenge to the user device 104 via the network 110. The cryptographic challenge includes an original random value. The relying party device 112 communicates the original random value to the user device 104. The user device 104 encrypts the original random value with the user private key of the user 102 to obtain an encrypted random value and communicates the encrypted random value back to the relying party device 112. The relying party device 112 decrypts the encrypted random value with the user public key of the user 102 and verifies that the decrypted random value is the same as the original random value to prove that that the user 102 possesses the corresponding user's private key.
FIG. 4 is a flow chart that illustrates a process of the user 102 having the user device 102 being authenticated by the relying party device 112 via the blockchain 114 of FIG. 1 according to an embodiment herein. At step 402, the user 102 stores the payment card information of the payment card in the electronic payment transaction management application 108 associated with the user device 104. At step 404, the user device 104 signs the record on the blockchain 114. At step 406, the relying party device 112 processes the electronic payment transaction. At step 408, the relying party device 112 checks if the payment card is stored or not with the blockchain 114. At step 410, the relying party device 112 communicates the cryptographic challenge to the user device 104 via the network 110. At step 412, the user device 104 responds to the cryptographic challenge. At step 414, the relying party device 112 checks if the response matches with the predetermined response to authenticate the electronic payment transaction.
FIG. 5 is a flow chart illustrating a method for blockchain-based electronic payment transaction management using the user device 104 of FIG. 1 according to an embodiment herein. At step 502, the user device 104 processes the payment card information associated with the payment card for storing the payment card with the electronic payment transaction management application 108 associated with the user device 104. At step 504, the user device 104 checks whether an attribute certificate issued by an issuing party for the user 102 matches with the payment card information obtained from the payment card. At step 506, the user device 104 stores the payment card for the user 102 if the attribute certificate matches with the payment card information. At step 508, the user device 104 signs a record on the blockchain 114 to obtain a signed record. The record includes (a) a cryptographic hash function of the payment card information, (b) a user public key of a set of credentials associated with the user 102, and (c) a device id of the user device 104 associated with the user 102. In one embodiment, the record links the cryptographic hash function, the user public key, and the device id with each other.” (PGPub, Pars. 34, 36-37 as similarly in 5, 8-9, 12, 14, 16, 30, 32, 39)
The Applicant’s Specification does not describe how storing of the payment card for the user on a blockchain, using the user device, if the attribute certificate matches with the payment card information is performed nor the Specification disclose how the user device is signing a record that includes (a) a cryptographic hash function of the payment card information, (b) a user public key of a set of credentials associated with the user, and (c) a device id of the user device associated with the user on the blockchain.  Further, the Specification does not describe how signing the record links the cryptographic hash function, the user public key, and the device id with each other, wherein the signed record is stored in a public database to be accessible to a relying party, wherein when an electronic payment card transaction is initiated on a website associated with the relying party, a relying party device checks if the payment card is stored with the blockchain or not.   Therefore, the Specification does not explain what hardware and/or software with specific steps or procedures, to accomplish the function. (See MPEP 2161.01 (I)).
Claim 6 are also rejected based on the same rational as it recites similar limitation.
Claims 2-4 and 7-9 are all rejected as each depend on claims 1 and 6, respectively.
Claim 1 recites “obtaining, using the user device, the cryptographic challenge from the relying party device if the payment card is stored with the blockchain; and transmitting, using the user device, a response to the cryptographic challenge to the relying party device, wherein the relying party device checks whether the response matches with a predetermined correct response to the cryptographic challenge or not, and the electronic payment transaction is authenticated only if the response matches with the predetermined correct response.”  Although the Applicant’s Specification discloses,
“The payment card information comparison module 302 checks whether the payment card information matches with any payment card information that is stored in the blockchain 114 via the network 110. In one embodiment, the payment card is pre-stored with the blockchain 114 by the user device 104 associated with the user 102 by signing a record on the blockchain 114. The cryptographic challenge module 306 communicates the cryptographic challenge to the user device 104 via the network 110. The cryptographic challenge includes an original random value. The relying party device 112 communicates the original random value to the user device 104. The user device 104 encrypts the original random value with the user private key of the user 102 to obtain an encrypted random value and communicates the encrypted random value back to the relying party device 112. The relying party device 112 decrypts the encrypted random value with the user public key of the user 102 and verifies that the decrypted random value is the same as the original random value to prove that that the user 102 possesses the corresponding user's private key.
The response comparison module 306 receives a response to the cryptographic challenge from the user device 104 via the network 110. The response comparison module 306 matches the response with a predetermined correct response. The payment transaction authentication module 308 authenticates the electronic payment transaction only if the response matches with the predetermined correct response” (PGPub, Pars. 34-35 as similarly in 5-11, 13-16, 32-33, 36, 38-39)
The Applicant’s Specification does not describe how the relying party device checks whether the response matches with a predetermined correct response to the cryptographic challenge or not, and the electronic payment transaction is authenticated only if the response matches with the predetermined correct response.  Although, the Specification describe how a random value communicated between a user device and relying party verifies that the decrypted random value is the same as the original random value to prove that that the user possesses the corresponding user's private key, the Specification does not describe how the relying party device checks whether the response matches with a predetermined correct response to the cryptographic challenge or not since the Specification does not describe how the relying party access/identify the user’s public key for decryption nor does it describe what the predetermined correct response is.  Therefore, the claim recites functional language but the Specification does not describe how the function is performed (lack of algorithm or steps for performing the function). (See In re Katz, 97 USPQ2d 1737 (Fed. Cir. 2011)).
Claims 4, 6 and are also rejected based on the same rational as each recites similar limitation.
Claims 3 and 8 are also rejected based on the same rational as each recites functional language but the Specification does not describe how the function is performed
Claims 2-4 and 7-9 are all rejected as each depend on claims 1 and 6, respectively.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):



The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4 and 6-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 1 recites “using the user device…”  The claim is unclear to one of ordinary skilled because it is not clear as to what entity is using the user device to perform the recited steps.  Therefore, the scope of the claim is unclear.  (See In re Zletz, 893 F.2d 319, 13 USPQ2d 1320 (Fed. Cir. 1989)).
Claims 2-4 are all rejected as each depend on claims 1.
Claim 1 recites “checking, using the user device, whether an attribute certificate issued by an issuing party for a user matches with the payment card information obtained from the payment card; storing, using the user device, the payment card for the user on a blockchain if the attribute certificate matches with the payment card information; signing, using the user device, a record on the blockchain…”  The claim is unclear to one of ordinary skilled because for checking using the user device whether an attribute certificate issued by an issuing party for a user matches with the payment card information obtained from the payment card requires that the user device having/accessing the attribute certificate issued for the user and the payment card information for the checking step.  However, the claim does not provide the user device having/accessing the attribute certificate issued for the user to check for matching, but only In re Zletz, 893 F.2d 319, 13 USPQ2d 1320 (Fed. Cir. 1989)).
Claims 2-4 and 7-9 are all rejected as each depend on claims 1 and 6, respectively.
Claim 1 recites “issued by an issuing party,” “accessible to a relying party,” “transaction is initiated on a website associated with the relying party,” “a relying party device checks” which are limitations directed to an issuing party and relying party.  However, claim 1 is directed to a user device, “A processor implemented method for blockchain-based electronic payment transaction authentication using a user device….”  It is unclear to one of ordinary if the claim is directed to a user device or in combination with an issuing party and relying party.  Therefore, the scope of the claim is unclear.  (See In re Zletz, 893 F.2d 319, 13 USPQ2d 1320 (Fed. Cir. 1989)).
Claims 4, 6 and 9 are also rejected based on the same rational as each recite similar language.
Claims 2-4 and 7-9 are all rejected as each depend on claims 1 and 6, respectively.  
Claims 6, and 8-9 are indefinite because they are hybrid claims.  See MPEP § 2173.05(p) II.  In particular, the claims are directed to neither a “process” nor a “machine” but rather embrace or overlap two different statutory classes of invention.
Evidence to support a position that claims 6, and 8-9 are drawn to a product includes the recitation of “A system…” in claim 6.  On the other hand, evidence to support a position that claims are drawn to a process include:
Claim 6 “issued by an issuing party,” “accessible to a relying party,” “transaction is initiated on a website associated with the relying party,” “relying party device checks if the payment card is stored,” “relying party device checks whether the response matches with a predetermined correct response, and…authenticated…predetermined correct response”
Claim 8, “published,” “protected, ”
Claim 9, “wherein the relying party device communicates,” “wherein the relying party device decrypts the encrypted random value with the user public key of the user and verifies that the decrypted random value is the same as the original random value to prove, ”
In light of this conflicting evidence, a person of ordinary skill in the art could reasonably interpret that claims 6, and 8-9 to be drawn to either a product or process.
Therefore, claims 6, and 8-9 are attempting to claim both an apparatus and the method steps of using the apparatus.  However, It has been held that a claim that recites both an apparatus and the method steps of using said apparatus and/or method steps is indefinite under section 112, paragraph 2, as it does not sufficiently provide competitors with an accurate determination of the 'metes and bounds' of the protection involved.  This in turn causes confusion regarding when infringement occurs, either through limitations that are not attributed to any of the claimed structure or through limitations in which it is unclear whether infringement depends on use of the claimed structure or on its functionality. (IPXL Holdings LLC v. Amazon.com Inc., Ex parte Lyell, 17 USPQ2d 1548 (B.P.A.I. 1990); In re Katz Interactive Call Processing Patent Litigation, 97 USPQ2d 1737 (Fed. Cir. 2011); UltimatePointer, LLC v. Nintendo Co., 118 USPQ2d 1125 (Fed. Cir. 2016); Rembrandt Data Techs., LP v. AOL, LLC, 641 F.3d 1331, 98 USPQ2d 1393 (Fed. Cir. 2011)).
Claims 7-9 are all rejected as each depend on claim 6.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Haldenby et al. (US 2018/0276666), Quesselaire (US 2004/0236693) in view of Purves (US 2019/0222422).
With respect to claims 1 and 6, Haldenby discloses a processor implemented method for blockchain-based electronic payment transaction authentication using a user device based on a cryptographic challenge and a system, the method and the system comprising:
a processor: and a memory coupled with the processor, wherein the memory is configured to store instructions and provide the processor with the instructions which when executed cause the processor perform the operations of (Figs. 1-8B; Pars. 4-5, 18-21, 23, 32, 35-36, 39, 43, 210-215):
receiving, using the user device, a payment card information associated with a payment card for storing the payment card with an application associated with the user device (Fig. 1; Pars. 21-22, 32-33, 36, 41-43, 68, 76);
an attribute certificate issued by an issuing party for a user, if the attribute certificate matches with the payment card information (Figs. 1-8B; Pars. 47, 83, 91),
signing, using the user device, a record on the blockchain to obtain a signed record, wherein the record comprises: (a) a cryptographic hash function of the payment card information, (b) a user public key of a set of credentials associated with the user, and (c) a device id of the user device associated with the user, wherein signing the record links the cryptographic hash function, the user public key, and the device id with each other, wherein the signed record is stored in a public database to be accessible to a relying party, wherein when an electronic payment card transaction is initiated on a website associated with the relying party (Figs. 5C; Pars. 43, 47, 68, 83-84, 96-97, 179-181);
obtaining, using the user device, the cryptographic challenge from the relying party device (Fig. 3A; Pars. 95-96), 
transmitting, using the user device, a response to the cryptographic challenge to the relying party device (Fig. 3A; Pars. 95-96), 
wherein the relying party device 
checks whether the response matches with a predetermined correct response to the cryptographic challenge or not (Fig. 3A; Pars. 96-97), and 
the electronic payment transaction is authenticated only if the response matches with the predetermined correct response (Fig. 3A; Pars. 96-99). 
Haldenby does not explicitly disclose checking, using the user device, whether an attribute certificate matches with the payment card information obtained from the payment card Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
Neither Haldenby nor Quesselaire explicitly disclose storing, using the user device, the payment card for the user on a blockchain and a relying party device checks if the payment card is stored with the blockchain or not.  Purves disclose storing, using the user device, the payment card for the user on a blockchain (Abstract, Pars. 32, 46, 54, 58, 82, 88, 96, 102-103), and a relying party device checks if the payment card is stored with the blockchain or not (Figs. 2, 4; Pars. 66-67, 70, 88-89, 95).  Therefore, it would have been obvious for a person of ordinary skill Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).

Claims 2-4 and 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Haldenby et al. (US 2018/0276666), Quesselaire (US 2004/0236693), Purves (US 2019/0222422) in view of Kamal et al (US 2019/0197815).
With respect to claims 2 and 7, Haldenby, Quesselaire in view Purves discloses all the limitations as described above.  
Neither Haldenby, Quesselaire nor Purves explicitly discloses wherein the set of credentials are created by a hardware-based cryptographic processor on the user device associated with the user.  Kamal disclose wherein the set of credentials are created by a hardware-based cryptographic processor on the user device associated with the user (Pars. 20-21, Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
With respect to claims 3 and 8, Haldenby, Quesselaire, Purves in view of Kamal discloses all the limitations as described above.  Additionally, Haldenby discloses 
wherein the set of credentials comprising a blockchain-compatible public-private key pair associated with the user, wherein the blockchain-compatible public-private key pair comprises the user public key and a user private key (Figs. 1; Pars. 41, 47).
Haldenby does not explicitly disclose wherein the user public key is published.  Quesselaire disclose wherein the user public key is published (Pars. 29).  Therefore, it would have been obvious for a person of ordinary skill in the art before the effective filing date of the claimed invention to substitute the identifying of SV block-chain ledger, issuer public key certificate, device public key certificate and the validation of issuer public key certificate and Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
Neither Haldenby, Quesselaire nor Purves explicitly discloses the user private key is protected by at least one of the user’s password, biometric or PIN code.  Kamal disclose the user private key is protected by at least one of the user’s password, biometric or PIN code (Pars. 20-23, 25, 29-30).  Therefore, it would have been obvious for a person of ordinary skill in the art before the effective filing date of the claimed invention to substitute the user private key is protected by at least one of the user’s password, biometric or PIN code (Pars. 20-23, 25, 29-30) of Haldenby, Quesselaire, Purves in view of wherein the set of credentials are created by a hardware-based cryptographic processor on the user device associated with the user (Pars. 20-21, 25, 30, 37, 52) Kamal in order to perform operations that verify and confirm, to a POS terminal, that SV block-chain ledger is generated by the device, and not a counterfeit clone of the device based on keys (Haldenby, Pars. 95-97) and to verify the genuineness of a user device with other entities using keys generated by the user device  (Kamal, Pars. 36-37).  ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
With respect to claims 4 and 9, Haldenby, Quesselaire, Purves in view of Kamal discloses all the limitations as described above.  Additionally, Haldenby discloses:
wherein the cryptographic challenge comprises an original random value, wherein the relying party device communicates the original random value to the user device (Fig. 3A; Pars. 95-96), 
wherein the user device (sign) the original random value with the user private key of the user to obtain an (signed) random value (Fig. 3A; Pars. 95-96), and 
communicates the encrypted random value back to the relying party device (Fig. 3A; Pars. 95-96), 
wherein the relying party device (decode) the encrypted random value with the user public key of the user and verifies that the (decode) random value is the same as the original random value to prove that that the user possesses the corresponding user’s private key (Fig. 3A; Pars. 96-99).
Haldenby does not explicitly disclose encrypts the original random nor decrypts the encrypted random value.  Quesselaire disclose encrypts the original random nor decrypts the encrypted random value (Pars. 30-33, 41-43).  Therefore, it would have been obvious for a person of ordinary skill in the art before the effective filing date of the claimed invention to substitute apply a digital signature to the concatenated contents that includes the random value received by user device using device private cryptographic key and the decoding the digital Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
PGPub Kamal (US 2018/0288033); Generating a unique identifier and public/private key pair associated with the unique ID for a user as well as blockchain that store digital identity records and corresponding certification records (together or separately) (Abstract, Figs. 3A-3B; Pars. 16, 44-45).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WODAJO GETACHEW whose telephone number is (469)295-9069.  The examiner can normally be reached on M-F 8:00-6:00 CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin L Hewitt can be reached on 5712726709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 



/WODAJO GETACHEW/Examiner, Art Unit 3685

/Mohammad A. Nilforoush/Primary Examiner, Art Unit 3685