DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed 4 Apr 2021 has been entered. Claims 1-4 and 7-9 remain pending in the application. 

Claim Objections
Claims 8-9 are objected to because of the following informalities:  
Claims 8-9 recite “the user computing device of claim 7” in line 1. It should read --the user mobile computing device of claim 7--.  
Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-4 and 7-9 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. 
Claims 1-4 are drawn to a method which is within the four statutory categories (i.e., a process). Claims 7-9 are drawn to a user computing device which is within the four statutory categories (i.e. a machine).
Since the claims are directed toward statutory categories, it must be determined if the claims are directed towards a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea). Based on consideration of all of the relevant factors with respect to the claim as a whole, claims 1-4 and 7-9 are determined to be directed to an abstract idea. The rationale for this determination is explained below:  
With respect to claims 1 and 7:
Claims 1 and 7 are drawn to an abstract idea without significantly more. The claims recite establishing a verification method by a mobile computing device, receiving cryptographic material from a trusted system by the mobile computing device, performing the transaction step by the mobile computing device, transmitting information to the remote system by the mobile computing device, and determining a legitimate state of the mobile computing device. 


The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception, reaffirming that the limitations are not indicative of integration into a practical application: Generally linking the use of the judicial exception to a particular technological environment or field of use. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements in the process amounts to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. For example, the additional elements such as the user computing device, remote system, trusted system, processor, and memory play roles of people performing the abstract idea. Establishing a piece of data (verification method), receiving a piece data (cryptographic material) from another entity, performing the transaction step that can be successful or unsuccessful, and transmitting a piece of data (information) to still another entity are performed using generic computer components. The claims are not patent eligible.
With respect to claims 2-4 and 8-9:
Dependent claims 2-4 and 8-9 include additional limitations, for example, the computing device state parameters, a transaction application, a mobile phone, and a mobile transaction application using a contactless protocol, but none of these limitations are deemed significantly more than the abstract idea because, as stated above, they require no more than generic computer structures or signals to be executed, and do not recite any improvements to the functioning of a computer, e.g., a modification of conventional Internet hyperlink protocol to dynamically produce a dual-source hybrid webpage, as discussed in DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1258-59, 113 USPQ2d 1097, 1106-07 (Fed. Cir. 2014) (see MPEP § 2106.05(a)), improvements to any other technology or technical field, e.g., a modification of conventional rubber-molding processes to utilize a thermocouple inside the mold to constantly monitor the temperature and thus reduce under- and over-curing problems common in the art, as discussed in Diamond v. Diehr, 450 U.S. 175, 191-92, 209 USPQ 1, 10 (1981) (see MPEP § 2106.05(a)), or applying the judicial exception with, or by use of, a particular machine, e.g., a Fourdrinier machine (which is understood in the art to have a specific structure comprising a headbox, a paper-making wire, and a series of rolls) that is arranged in a particular way to optimize the speed of the 
	Thus, taken alone, the additional elements do not amount to significantly more than the above-identified judicial exception (the abstract idea). Furthermore, looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology, and their collective functions merely provide conventional computer implementation or implementing the judicial exception on a generic computer. 
Therefore, whether taken individually or as an ordered combination, claims 2-4 and 8-9 are nonetheless rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied 
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2 and 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Roberts et al. (EP 2945410 A1; already of record in IDS; hereinafter Roberts) in view of Ranadive et al. (US 20150363581 A1; hereinafter Ranadive).
With respect to claims 1 and 7:
Roberts teaches a method of determining a legitimate state of a mobile computing device for a payment transaction to be approved by a remote system, comprising: (By disclosing, it would be possible to use a computing device such as a mobile telephone as a proxy for a payment card. They have also developed a mobile payment application, Mobile PayPassTM, which can be downloaded to a mobile cellular telephone handset (hereafter "mobile phone") to act as a proxy for a payment card using Near Field Communication (NFC) technology standards, and  a user can conduct tapping based transactions with a proximity reader, as well as perform account management operations over an appropriate network interface (cellular, local wireless network)  
a user mobile computing device comprising: (See at least Roberts: paragraph(s) [0007])
a processor; and (See at least Roberts: paragraph(s) [0007] & [0020])
a memory operably connected to the processor, wherein the memory stores processor executable instructions which when executed causes the processor to: (See at least Roberts: paragraph(s) [0007] & [0020])
determine a legitimate state of the user mobile computing device for a payment transaction to be approved by a remote system; (By disclosing, provided is a method of managing data items for an application in a mobile computing device (user mobile computing device), the mobile computing device having at least one processor and at least one memory together providing a 
establishing, by a mobile computing device of a user, a verification method for checking integrity of the user computing device for carrying out a transaction step of the payment transaction; (By disclosing, the FIDO server to use the verification result from the FIDO registration protocol to establish a set of symmetric keys (SKCredentials and SKManagement) between server and client (checking the integrity of the user mobile computing device). In addition, selection of a registered authenticator in FIDO may be used to link the customer to the mobile device (the user mobile computing device). See at least Roberts: paragraph(s) [0014], [0044], [0047]-[0049], [0051] & [0057])
receiving, by the user mobile computing device, cryptographic material from a trusted system for use in performing the transaction step, wherein the cryptographic material is associated with the transaction step; (By disclosing, the FIDO server to use the verification result from the FIDO registration protocol to establish a set of symmetric keys (SKCredentials and SKManagement) between server and client, and a server random ECC public key is passed to the FIDO client. In addition, the FIDO client then retains these keys 
performing, by the user mobile computing device, the transaction step, wherein performing the transaction step comprises one of successful performance of the verification method or unsuccessful performance of the verification method;, and (By disclosing, the mobile application may be a payment application adapted to enable the mobile computing device to act as a payment device. The data items may comprise payment credentials, or may comprise management instructions (parameters relating to computing device state when the transaction step was performed) for the payment application. In addition, what is returned depends on whether customer verification was performed and whether or not it was successful. See at least Roberts: paragraph(s) [0007]-[0011], [0013] & [0036])
transmitting, by the user mobile computing device, information to a remote system indicating one of successful authentication of a user or unsuccessful authentication of the user and parameters relating to a mobile computing device state [comprising a current status, history data, and mobile device context data including a time value since a last reboot and a distance value since last boot]. (As stated above and by further 
However, Roberts does not teach …parameters relating to a mobile computing device state comprising a current status, history data, and mobile device context data including a time value since a last reboot and a distance value since last boot.
Ranadive, directed to systems and methods for authenticating a user based on a computing device and thus in the same field of endeavor, teaches …parameters relating to a mobile computing device state comprising a current status, history data, and mobile device context data including a time value since a last reboot and a distance value since last boot. (By disclosing, the device characteristics may include a "device_uptime", which may include the time since last reboot of the OS (e.g., in milliseconds). The device characteristics may further include “device_model” (mobile device context data), “dongle_device_id” indicating the dongle allows access to wireless broadband (current status of transmitting), “email_configured” indicating whether an email account is set up on the device (history data), and “emulator” indicating whether the merchant application is running on an emulator (current status). In addition, column "Last Location" 418 stores the last geographic location of the device when it sent user authentication request 401 (last reboot). See at least Ranadive: paragraph(s) [0043], [0065]-[0066] & [0070])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the security for mobile applications teachings of Roberts to incorporate the systems and methods for authenticating a user based on a computing device teachings of Ranadive for the benefit of a system or a method that implements an easier authentication process on mobile devices. (See at least Ranadive: paragraph(s) [0005])
Examiner’s Note: 
(1)  The limitations “for checking integrity of the mobile computing device for carrying out a transaction step of the transaction” in claim 1, lines 3-4 and “for use in performing the transaction step” in claim 1, lines 5-7 are 
With respect to claim 2:
	Roberts and Ranadive teach the method of claim 1, as stated above.
Roberts further teaches
wherein the user computing device state parameters further comprises one of a network status or changes in network status. (By disclosing, a user can conduct tapping based transactions with a proximity reader, as well as perform account management operations over an appropriate network interface (cellular, local wireless network) in an online banking interface with the user's account provider. In addition, other elements shown in the mobile handset are an NFC controller 25 for providing contactless interaction with a POS terminal 2 or other point of interaction, and networking communications 26 enabling internet access, for example to a payment gateway 3 through an 
With respect to claim 8:
	Roberts and Ranadive teach the user computing device of claim 7, as stated above.
Roberts further teaches
 wherein the user mobile computing device is a mobile phone. (By disclosing, the approach may be applied to a payment application without a physical secure element on the mobile device (Remote SE). See at least Roberts: paragraph(s) [0003] & [0032])
With respect to claim 9:
	Roberts and Ranadive teach the user computing device of claim 7, as stated above.
Roberts further teaches 
wherein the user mobile computing device further comprises a mobile transaction application installed in the memory, and the user mobile computing device is adapted to make transactions using a contactless protocol. (By disclosing, other elements shown in the mobile handset are an NFC controller 25 for providing contactless interaction with a POS terminal 2 or other point of interaction, and networking communications 26 enabling 
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Roberts in view of Ranadive, as applied to claim 2, and in further view of Melzer (US 2014/0299660 A1; hereinafter Melzer) and Raleigh et al. (US 2016/0344604 A1; hereinafter Raleigh). 
With respect to claim 3:
	Roberts and Ranadive teach the method of claim 2, as stated above.
However, Roberts and Ranadive do not teach wherein the changes in network status include at least one of entry into flight mode and/or a change of telecommunications network operator.
Melzer, directed to encryption and decryption of visible codes for real time augmented reality views and thus in the same field of endeavor, teaches wherein the changes in network status include at least one of entry into flight mode entry into flight mode and… (By disclosing, the wearable mobile device is 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Roberts and Ranadive to incorporate the encryption and decryption of visible codes for real time augmented reality views teachings of Melzer for the benefit of systems and methods for image enhancement and data privacy in wearable computing devices (See at least Melzer: paragraph(s) [0032]).
Raleigh, directed to mobile Device and method attributing media services network usage to requesting application and thus in the same field of endeavor, teaches …a change of telecommunications network operator. (By disclosing, a QoS session refers to the QoS enabled traffic for a given device that flows over a QoS channel or QoS link. In some embodiments, a device QoS activity is a combination of one or more of the following: application, destination, source, socket (e.g., IP address, protocol, and/or port), socket address (e.g., port number), URL or other similar service identifier, service provider, network type, traffic type, content type, network protocol, session type, QoS identifier, time of day, network capacity (e.g., network busy state), user service plan 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Roberts, Ranadive, and Melzer to incorporate the mobile device and method attributing media services network usage to requesting application teachings of Raleigh for the benefit of facilitating implementation of services on a network to facilitate differential control of certain services to protect network capacity (e.g., to reduce network congestion, network capacity demand, network resource demand; and/or to increase network availability) (See at least Raleigh: paragraph(s) [0065]).
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Roberts in view of Ranadive, as applied to claim 1, and in further view of Raleigh.
With respect to claim 4:
	Roberts and Ranadive teach the method of claim 1, as stated above.
However, Roberts and Ranadive do not teach wherein the user computing device state parameters comprises at least one of power cycling information or boot history information.
wherein the user computing device state parameters further comprises power cycling information. (By disclosing, another example of device service activity behavior that can have an impact on network performance is the way the device, device subsystem, and/or modem subsystem power cycling or transitions from one power save state to another. See at least Raleigh: paragraph(s) [0055])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Roberts and Ranadive to incorporate the mobile device and method attributing media services network usage to requesting application teachings of Raleigh for the benefit of facilitating implementation of services on a network to facilitate differential control of certain services to protect network capacity (e.g., to reduce network congestion, network capacity demand, network resource demand; and/or to increase network availability) (See at least Raleigh: paragraph(s) [0065]).

Response to Arguments
Applicant's arguments filed 5 Apr 2021 have been fully considered but they are not persuasive.
In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). It is noted that the limitations “checking integrity of the mobile computing device for carrying out a transaction step of the payment transaction” and “for use in performing the transaction step” are intended use, ‘cryptographic material’ has never been used in any step of the process, and the remote system is recited with no technical details and also it is unclear whether the remote system is a part of the method and system for the invention. With such limitations, the parameters that are transmitted to the remote system do not provide any technical details for the invention. In addition, “a payment 
In response to applicant’s argument that “Roberts is silent regarding the state of the device during performance of a transaction step, and thus cannot (and does not) teach or even suggest the about highlighted element.. Randive instead discloses.. None of these involves carrying out a transaction step of a payment transaction, as claimed,” it is noted that the step for transmitting is recited to be performed after the step for performing the transaction step in the claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Graham et al. (WO2010096356A1) teaches radio access point location verification using GPS location and radio environment data, including “When the GPS location data substantially matches the reference GPS location data, operations of the radio access point device are enabled and the radio environment data is stored to be used as reference radio environment data for purposes of subsequent location verification of the radio access point device. Subsequent location verifications (such as 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAY C LEE whose telephone number is (571)272-3309.  The examiner can normally be reached on Monday-Friday 8-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571)270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/C.C.L./Examiner, Art Unit 3685    
/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685