DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This communication is in response to the applicant’s request for continued examination filed on 02/12/2021. Claims 1, 3, 5, 7, and 17 have been amended. Claims 1-8 and 17 are currently pending and have been examined.


Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C.
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the
statutory basis for the rejection will not be considered a new ground of rejection if the prior art
relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness
rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459
(1966), that are applied for establishing a background for determining obviousness under 35
U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or
nonobviousness.

Claims 1, 3, 5, 7, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US20190362334) and Hopkins, III (US 10140479).

Regarding claim 1, Wang teaches: A method for on-the-fly cardholder verification method (CVM) selection during a secure payment transaction comprising: 
	receiving, by a consumer mobile device (mobile device) running a mobile payment application (Alipay) via an input component from a cardholder (fingerprint or password), selection of a payment account for a secure payment transaction and an instruction to pay via one of contactless (contactless/carryon wearable device), barcode, secure remote commerce (SRC) or digital secure remote payment (DSRP) (S205 in Fig. 6, [0005] Because the mobile device is introduced, currently, there is a device-based cardholder verification method (consumer device CVM, CD-CVM) or device cardholder verification, in which a device checks an identity of the cardholder in a form of a fingerprint or a digital password. Alipay launches a wearable device PIN-less function for an online transaction, and uses a feature that a carry-on wearable device can represent the identity of the cardholder, thereby adding a verification factor. [0136] Specifically, when the user needs to perform a transaction, the user selects a card required for the transaction on the payment device, where the card may be one or more of cards registered with the issuing bank host and already associated with the check device). 	

Examiner notes that the phrase ‘A method for on-the-fly cardholder verification method (CVM) selection during a secure payment transaction’ is listed in the preamble. A preamble is generally not accorded any patentable weight where it merely recites the purpose of a process or the intended use of a structure, and where the body of the claim does not depend on the preamble for completeness but, instead, the process steps or structural limitations are able to stand alone. See In re Hirao, 535 F.2d 67, 190 USPQ88, USPQ 478, 481 (CCPA 1951).
	transmitting, by the consumer mobile device to a merchant (whitelist merchant) device, a request (initiated by a mobile device) for the secure payment (QuickPass) transaction (Fig. 7, [0004] Currently, for some industries and merchants that have a relatively large proportion of small-amount services and require a high checkout speed, the UnionPay launches a QuickPass online small-amount quick service (a small-amount signature-free and password-free service), and the merchants may apply for the service to become a whitelist merchant. When the whitelist merchant initiates an online transaction lower than a standard limit in a QuickPass manner, an integrated circuit (integrated circuit, IC) card used by a cardholder or a mobile device earning IC card information supports the small-amount quick service by default without jumping to a password input interface or perform signature verification, that is, there is no need to perform cardholder verification in a PBOC procedure, thereby implementing payment at sight for the cardholder. [0056] CD-CVM: A CDCVM is a specific cardholder verification manner for a QuickPass transaction initiated by a mobile device and currently the CDCVM is usually (including but is not limited to) a digital password and a fingerprint of a wallet application. [0194] In this embodiment of the present invention, the RF circuit 710 may be configured to send or receive information, or send or receive a signal to be processed by the processor 720 in a call process).
receiving, by the consumer mobile device from the merchant device, a request for payment account (PIN-less identifier) data ([0004] For a transaction that is initiated by the whitelist merchant and that satisfies conditions (QuickPass and lower than the limit), an acquirer adds a PIN-less identifier to the transaction and marks that the transaction belongs to the small-amount quick service, so that an issuing bank performs PIN-less authorization on the transaction). 
	receiving, by the consumer mobile device via an input component, selection of a CVM comprising one of a flexible CDCVM (on-consumer-device CVM) with mobile PIN (Personal Identification Number) or a flexible CDCVM with DLA (device-level authentication) from the displayed list (e.g. CVM list) by the cardholder; ([0056] CD-CVM: A CDCVM is a specific cardholder verification manner for a QuickPass transaction initiated by a mobile device and currently the CDCVM is usually (including but is not limited to) a digital password and a fingerprint of a wallet application. If a mobile phone and a PoS machine both support the CDCVM in a CVM list, a result of the CDCVM is used as a cardholder verification result (the CDCVM has a highest priority in the CVM list), and an online PIN or signature does not need to be provided again. Compared with a digital password, a fingerprint is more convenient in actual use and provides better user experience (both the two manners belong to the CDCVM). 
	Examiner notes that one of ordinary skill in the art would understand from reading the reference that Wang does not teach away from requiring a PIN only that under some circumstances (i.e. Wang [0085]) a PIN does not need to be entered and that a fingerprint (according to Wang) is more efficient.  Further, one of ordinary skill in the art, from reading the specification, would understand that a fingerprint, reads to ‘device level authentication’ 
	[listing], by the consumer mobile device via [an indicator], a plurality of cardholder verification methods (CVMs) for selection by a cardholder ([Table 1] If a CVM list exists and an amount X or an amount Y in the CVM list is not zero, application 
	Examiner notes that one of ordinary skill in the art, from reading the reference would understand that during cardholder verification methods, the cardholder must either input a fingerprint or a digital password on the touch screen of the display device.
	receiving, by the consumer mobile device via an input component, [selection of a CVM] from the displayed list by the cardholder; ([0017] According to the transaction method provided in the second aspect, the PIN-less identifier is stored in the check device, and the PIN-less identifier and information about the card in the payment device are separately stored. After a card is selected for each transaction, authorization is applied for from the check device, and two-factor verification is implemented after the payment device and the check device verify each other. In this way, even if the payment device is lost or the information about the card is thieved, because the check device further needs to be verified for a small-amount PIN-less transaction, unauthorized payment is not performed, thereby achieving higher security and better user experience).
	Examiner notes that one of ordinary skill in the art, from reading the reference would understand that during cardholder verification methods, the cardholder must either input a choice of cards (CVM’s) on the touch screen of the display device.
	prompting, by the consumer mobile device via the mobile payment application, the cardholder to [identifier data] in accordance with the selected CVM ([0017] According to the transaction method provided in the second aspect, the PIN-less identifier is stored in the check device, and the PIN-less identifier and information about the card in the payment device are separately stored. After a card is selected for each transaction, authorization is applied for from the check device, and two-factor verification is implemented 
	Examiner notes that one of ordinary skill in the art, from reading the reference would understand that during cardholder verification methods, the cardholder must either input a choice of cards (CVM’s) on the touch screen of the display device.
	receiving and authenticating, by the consumer mobile device, the cardholder identification data from the cardholder ([0018] With reference to the second aspect, in a first possible implementation of the second aspect, before the sending, by the check device PIN-less answer information to the payment device, the method further includes, receiving, by the check device, the PIN-less identifier that is sent by a server for the transaction, where the PIN-less identifier is generated by the server based on PIN-less verification request information sent by the payment device.
	generating, by the consumer mobile device, a cryptogram in accordance with the selected CVM, wherein the cryptogram comprises CVM entry information; and ([0065] FIG. 2 is a schematic flowchart of existing contactless payment qPBOC. As shown in FIG. 2, after transaction preprocessing and application selection are completed, an initial transaction processing procedure is entered. In this process, after obtaining an authorization amount entered by a cashier, a PoS machine first performs a series of checks, for example, checks whether a currency unit meets a regulation and whether the authorization amount exceeds a CVM limit of the PoS machine. After it is checked that requirements are met, a user is required to show a card. The PoS machine sends, to the card, a GPO instruction together with transaction information such as the authorization amount and the ATC and a PoS machine parameter such as a PoS machine transaction attribute, so that the card performs operations, for 
	transmitting, by the consumer mobile device to the merchant device, transaction data including payment account data and the cryptogram ([0053] Authorization request cryptogram (authorization request cryptogram, ARQC): an application cryptogram generated when it is determined that online authorization is required during a transaction performed by using an IC card, and generated by encrypting such information as an authorization amount and an application transaction counter by using a key that is preset in the card by an issuing bank. For qPBOC, the cry program is returned to a PoS machine in a response of a get processing option instruction. Subsequently, the PoS machine generates an online authorization request packet by using the cryptogram and other necessary information, and sends the online authorization request packet to the issuing bank for transaction authorization).
	determining, by the consumer mobile device, that at least one of the payment transaction is a low-value transaction and velocity checks are enabled and failed, or that the payment transaction is a high value transaction; ([0085] Optionally, the PIN-less answer information may further include a PIN-less limit corresponding to the PIN-less identifier, and the PIN-less limit is used to define an amount of a PIN-less permission, so that the card may be PIN-less for a transaction below the corresponding PIN-less limit.)
	Examiner notes that one of ordinary skill in the art from reading the reference, would understand that since the applicant has not defined ‘low-value’ nor ‘high-value’, the terms are relative and do not differentiate from prior art that includes any ‘value’. Examiner further notes that the phrase “velocity checks are enabled and failed” is a contingent limitation.  That is, this limitation only occurs if a certain condition is met, in this case, when velocity checks are enabled and fail.  The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include 

Wang does not explicitly teach the displaying a list of CVM, choosing from the list and inputting cardholder identification data, however, Hopkins, III  from a same or analogous art, teaches:
	displaying, by the consumer mobile device via a display component, a plurality of cardholder verification methods (CVMs) for selection by a cardholder (Fig. 1, 5b, and Claim 7: A method of providing multi-factor authentication of an authenticatable user according to claim 1, further comprising the step of displaying said list of authentication options to the user via a graphical user interface for confirmation by the user. Column 7, Lines 10-23: the electronic tag reader 214 recognizes multiple unique tag identifiers. In this embodiment, a list is generated of the authentication action associated with individual tag identifiers and the resulting list is then presented to the user 202 within a display of the multi-factor authentication terminal 204).
	receiving, by the consumer mobile device via an input component, selection of a CVM comprising one of a flexible CDCVM (on-consumer-device CVM) with mobile PIN (Personal Identification Number) or a flexible CDCVM with DLA (device-level authentication) from the displayed list by the cardholder; (Column 7, Line 56 - Column 8, Line 2: In one embodiment, the user 202 is requested to provide a predetermined biometric feature, such as a fingerprint 206, as a biometric authentication factor. The user provides the requested biometric feature (e.g., fingerprint 206) to a biometric reader 
	Examiner notes that one of ordinary skill in the art, from reading the reference would understand that during cardholder verification methods, the cardholder must either input a fingerprint or a digital password on the touch screen of the display device.
	prompting, by the consumer mobile device via the mobile payment application, the cardholder to provide cardholder identification data in accordance with the selected CVM (Fig. 4, 5a-5c, Column 2, Lines 55-65: The user provides the requested PIN information using a keypad coupled to the multi-factor authentication terminal. Once the PIN information is entered, it is stored in temporary memory).
	generating, by the consumer mobile device, a cryptogram in accordance with the selected CVM, wherein the cryptogram (unique tag identifier) comprises CVM entry information; (Column 10, Line 59 - Column 11, Line 23:  As used herein, an authentication action refers to a series of process steps associated with the authentication of a user. In one embodiment, the list comprises a unique tag identifier associated with authenticating the user for access to a physical facility. In another embodiment, the list comprises a unique tag identifier for authenticating the user for access to a restricted information processing system. In yet another embodiment, the list comprises a unique tag identifier for authenticating the user for access to a restricted information repository. In one embodiment, the list comprises a unique tag identifier for authenticating the user for the provision of information associated with the user. In various embodiments, the associated information comprises medical information, law enforcement information, or information 
	Examiner notes that one of ordinary skill in the art, from reading the reference would understand that in order to maintain security for the recited sensitive data, the information would be encrypted into a unique tag identifier cryptogram).
	receiving and authenticating, by the consumer mobile device, the mobile PIN from the cardholder; (Column 2, Lines 50-60: The biometric feature is then processed to generate a unique biometric identifier, which is then stored in temporary memory. In another embodiment, the user is requested to provide a personal identification number (PIN) to be authenticated. The user provides the requested PIN information using a keypad coupled to the multi-factor authentication terminal. Once the PIN information is entered, it is stored in temporary memory.)
	It would be obvious to one skilled in the art at the time of the applicant’s invention to combine the CVM system of Wang with the display and verification of Hopkins. Adding a display for user choice of multiple types of cardholder verification methods to a mobile device, gives users much more flexibility and is more secure.  As Hopkins states:
In various embodiments, the authentication information stored in temporary memory is submitted by the multi-factor authentication terminal to a multi-factor authentication module. The multi-factor authentication module receives the submitted authentication information and then compares it to authentication information associated with the user. In one embodiment, the multi-factor authentication module is operable to access a database comprising an index cross-referencing the unique tag identifier to the user's authentication information. In various embodiments, the multi-factor authentication module is operable to access a database comprising an index cross-referencing the biometric identifier or the PIN to the user's authentication information. If the submitted authentication information matches the user's authentication information, then the user is authenticated.



Wang teaches:
	a storage device operably connected to the mobile device processor, ([0168] Optionally, the payment device 300 may further include a storage unit 340, and the storage unit 340 may be configured to store code executed by the sending unit 310, the receiving unit 320, and the processing unit 330.)
	wherein the storage device comprises a mobile wallet application and processor executable instructions (e.g. implementing code) which when executed cause the mobile device processor to: ([0212] It should be noted that in an embodiment of the present invention, the receiving unit 810 may be implemented by a receiver, the processing unit 820 may be implemented by a processor, the sending unit 830 may be implemented by a transmitter, and the storage unit 840 may be implemented by a memory. As shown in FIG. 14, a server 900 may include a receiver 910, a processor 920, a transmitter 930, and a memory 940. The receiver 910, the processor 920, the transmitter 930, and the memory 940 in FIG. 14 communicate with each other, and transfer a control and/or data signal by using an internally connected channel. The memory 940 is configured to store program code, and the receiver 910, the processor 920, and the transmitter 930 are configured to invoke the program code to implement the methods in the foregoing embodiments of the present invention.)
	Examiner notes that one of ordinary skill in the art, from reading the reference, would understand that the mobile wallet application is merely code that when executed can cause the processor to perform the functions as noted in the limitation. Therefore, Examiner notes that the memory device of the stated prior art, reads to the limitation.
receive a request for payment account data from the merchant device ([0004] Currently, for some industries and merchants that have a relatively large proportion of small-amount services and require a high checkout speed, the UnionPay launches a QuickPass online small-amount quick service (a small-amount signature-free and password-free service), and the merchants may apply for the service to become a whitelist merchant. When the whitelist merchant initiates an online transaction lower than a standard limit in a QuickPass manner, an integrated circuit (integrated circuit, IC) card used by a cardholder or a mobile device earning IC card information supports the small-amount quick service by default without jumping to a password input interface or perform signature verification, that is, there is no need to perform cardholder verification in a PBOC procedure, thereby implementing payment at sight for the cardholder. For a transaction that is initiated by the whitelist merchant and that satisfies conditions (QuickPass and lower than the limit), an acquirer adds a PIN-less identifier to the transaction and marks that the transaction belongs to the small-amount quick service, so that an issuing bank performs PIN-less authorization on the transaction.)

Regarding claim 3, Wang teaches: The method of claim 1, wherein the plurality of cardholder verification methods (CVMs) comprises: 
	on-consumer-device CVM (CDCVM) always with mobile personal identification number (PIN), CDCVM always with device-level authentication (DLA), flexible CDCVM with mobile PIN, flexible CDCVM with DLA, and card-like CVM ([0010] With reference to the first aspect, in a first possible implementation of the first aspect, the modifying, by the payment device, a cardholder verification method CVM list of the card includes, setting, in the CVM list of the card, a service condition of an online personal 
	Examiner considers that one skilled in the art would understand from reading the reference that flexible CDCVM with DLA is equivalent to two-factor authentication.
	In regards to claim 7, the mobile device of claim 7 corresponds generally to method claim 3, and recite similar features in method form, and therefore is rejected under the same rationale.

Claims 2, 4, 6, and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US20190362334), Hopkins, III (US 10140479) and Smets (US 20140263625). 

Regarding claim 2, Wang teaches: The method of claim 1, further comprising: 
	receiving, by the consumer mobile device, a transaction completed confirmation message; and (Fig. 4, [0067] After the issuing bank host performs verification and feeds back a transaction authorization result, the PoS machine notifies the cardholder of the transaction result. [0068] FIG. 4 is a schematic flowchart of a small-amount PIN-less transaction performed by using an existing mobile device card. Mobile device card payment is SE-based mobile payment, that is, a card required for a transaction is bound to a mobile device).
	displaying, by the consumer mobile device, [information] on the display component ([0197] The display unit 740 may be configured to display information input by the user or information provided for the user, and various menus of the device).

Neither Wang nor Hopkins III explicitly recited the limitation of:
	displaying, by the consumer mobile device, the transaction completed confirmation message on the display component 

However, Smets, from a same or analogous art, teaches:
	displaying, by the consumer mobile device, the transaction completed confirmation message on the display component ([0156] The v3.0 architecture that lies as the basis of the diagram below can usefully be extended for personal readers by: [0157] the reader confirming directly the amount and transaction type to the display, [0158] the reader providing ODA related data such as CDA signatures, DOL and certificate data to the server so that it may verify the correctness of the reader processing).
	It would be obvious to one skilled in the art at the time of the applicant’s invention to combine the CVM system of Wang with the display and verification of Smets and Hopkins. Adding multiple types of cardholder verification methods to a mobile device, gives users much more flexibility, saves time and is more secure than previous methods. As Smets states:
	[0003] Technology has further developed to provide payment cards which operate contactlessly--under EMV, these are covered under the ISO/IEC 14443 standard. Using such cards, the account number can be read automatically from the card by a POS terminal, generally using a short range wireless technology such as Radio Frequency Identification (RFID)--this approach is generally referred to as "contactless" or "proximity" payment. This is typically enabled by embedding of an RFID tag in a card body together with a suitable antenna to allow transmission and receipt of wireless signals--the transmissions may be powered by a radio frequency interrogation signal emitted by a proximity reader in the POS terminal.	In regards to claim 6, the mobile device of claim 6 corresponds generally to method claim 2, and recite similar features in method form, and therefore is rejected under the same rationale.



Regarding claim 4, Wang teaches: The method of claim 1, wherein the transaction data further comprises 
	at least one of token account information, an [QuickPass], a Mag stripe (magnetic field induction) application cryptogram, and track 2 data (two factor authentication), ([0003] QuickPass is a brand defined based on the PBOC 2.0/3.0 standard, and currently has two mobile payment modes: a secure module (secure element, SE)-based mobile payment mode and a host card emulation (host card emulation, HCE)-based mobile payment mode. UnionPay Cloud QuickPass implements card emulation in a mobile device based on HCE and is compatible with logic of a PBOC technology. [0061] Near field communication (near field communication, NFC): NFC is a short-distance wireless connection technology, by using which communication between electronic devices within a short distance is implemented through magnetic field induction based on a radio frequency identification technology. [0009] According to the transaction method provided in the first aspect, two-factor verification is implemented after the payment device and the additional check device verify each other).
	Examiner notes that one of ordinary skill in the art, would understand from reading the reference that QuickPass is equivalent to M/Chip. Also, that two-factor authentication reads to track 2 data. 

Neither Wang nor Hopkins III explicitly teach the limitation of:
	at least one of token account information, an M/Chip application cryptogram, M/Chip data, a Mag stripe application cryptogram, and track 2 data

Smets, from a same or analogous art, teaches: 	
	at least one of token account information, an M/Chip application cryptogram, M/Chip data, a Mag stripe application cryptogram, and track 2 data ([0069] PayPass data resembles data read from the physical magstripe (for PayPass -MagStripe) or data read from the contact chip (for PayPass-M/Chip) but with subtle differences, so if the issuer would validate PayPass data as if it were originating from magstripe or contact chip, the validation may fail. [0104] Service code validation for the detection of Integrated circuit technology (2 or 6 in 1st digit) must not be performed on track 1 or track 2 data returned from a PayPass chip).
	It would be obvious to one skilled in the art at the time of the applicant’s invention to combine the CVM system of Wang with the display and verification of Smets and Hopkins. Adding multiple types of cardholder verification methods to a mobile device, gives users much more flexibility, saves time and is more secure than previous methods. As Smets states:
	[0003] Technology has further developed to provide payment cards which operate contactlessly--under EMV, these are covered under the ISO/IEC 14443 standard. Using such cards, the account number can be read automatically from the card by a POS terminal, generally using a short range wireless technology such as Radio Frequency Identification (RFID)--this approach is generally referred to as "contactless" or "proximity" payment. This is typically enabled by embedding of an RFID tag in a card body together with a suitable antenna to allow transmission and receipt of wireless signals--the transmissions may be powered by a radio frequency interrogation signal emitted by a proximity reader in the POS terminal. 


	In regards to claim 8, the mobile device of claim 8 corresponds generally to method claim 4, and recite similar features in method form, and therefore is rejected under the same rationale.







Response to Arguments
Applicant’s arguments with respect to claims 1, 3, 5, 7, and 17 have been considered but are moot because the amended claims to not overcome the prior art of record. Examiner has 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Each of the prior art listed in the PTO-892 and not directly recited in this office action, disclose anticipation and/or obviousness to combine concerning the applicant’s claims and are therefore included.
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TERRY N MURRAY whose telephone number is (313)446-6556.  The examiner can normally be reached on Monday-Thursday 6 AM-4 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-



/T.N.M./Examiner, Art Unit 3685                                                                                                                                                                                                        
/STEVEN S KIM/Primary Examiner, Art Unit 3685