DETAILED ACTION
Continued Examination Under 37 CFR 1.114
1.         A request for continued examination (“RCE”) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 06/14/2021 has been entered. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Acknowledgements
This communication is in response to claim amendments and applicant’s remarks filed on 07/27/2021.
Claims 1, 6, 9, 13, 16, 22, and 24 have been amended.
Claims 2, 4-5, 8, 10, 12, 15, 19-20, 23, and 25-29 have been cancelled.
Claims 30-35 have been added.
Claims 1, 3, 6-7, 9, 11, 13-14, 16-18, 21-22, 24, and 30-35 are pending and are presented for examination on the merits.
Claim Objections
Claim 30 is objected to because of the following informalities:  
          The claim limitation “the information request is received is received in an application selection command” should be “the information request is received in an application selection command”.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 35 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 35 recites a limitation “wherein the hashed value is preceded by a tag assigned for interoperability level data when the hashed value is transmitted by the communication device to the access device”. This limitation only recites 



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1.	Determining the scope and contents of the prior art.

3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 1, 3, 6-7, 9, 11, 13, 14, 16-18, 21, 22, 24, 32 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Shastry et al. (US 20160036790), in view of Guglani (US 20180268403), further in view of Kim (US 20060144943), and Hayhow (US 20150073995).
Regarding claims 1 and 9, Shastry discloses:
          a data processor (paragraph [0072] of Shastry);
          a non-transitory computer readable medium coupled to the data processor, the non-transitory computer readable medium comprising code, executable by the data processor (paragraph [0079] of Shastry);
           responsive to receiving a command, generating, by the communication device, a unique identifier (UID) (By disclosing, “Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language …. The software code may be stored as a series of instructions, or commands on a computer readable medium” (paragraph [0079] of Shastry); “the user may be required to authenticate the untrusted mobile application 110 with the payment network cloud service system. To that end, the untrusted mobile application 110 may ; 
           generating, by the communication device using a cryptogram generation module in a memory in the communication device, a cryptogram by encrypting at least the transaction level data, and a unique identifier of the communication device (By disclosing, “Using the first cryptographic key, the trusted mobile application 108 may create an identity verification cryptogram (step S156 in FIG. 1B). That is, the trusted mobile application 108 may encrypt the user data (i.e. account credentials) using the first cryptographic key” (paragraph [0044] of Shastry); and “The trusted mobile application 108 may provide the account credentials (i.e. user data) such as the primary account number (PAN), the expiration date, the name on the account, the billing address, the device identifier and the like to the payment network cloud service system 104” (paragraph [0043] of Shastry))(Note: the Examiner interpret the “primary account number (PAN), expiration date of a payment account, user name, billing address” in the prior art to be the “transaction level data” and the “device ID” in the prior art to be the “unique identifier”); 
           transmitting, by the communication device, the transaction level data, and the unique identifier to the access device (By disclosing, “The trusted mobile application 108 may provide the account credentials (i.e. ; and 
           transmitting, by the communication device, the cryptogram to the access device (By disclosing, “The server computer receives the user data associated with the user and the identity verification cryptogram from a second mobile application” (paragraph [0005] of Shastry)), 
            wherein the access device or a remote server computer in communication with the access device validates the cryptogram before allowing the interaction to proceed, byPage 2 of 12 KILPATRICK TOWNSEND 74525703 1decrypting the cryptogram to obtain the transaction level data, and the unique identifier (By disclosing, “The payment network cloud service system 104 may decrypt the identity verification cryptogram to obtain decrypted credentials” (paragraph [0050] of Shastry)), 
            comparing, the received transaction level data, and the unique identifier received from the communication device with the transaction level data, and the unique identifier obtained from the cryptogram to determine if the received cryptogram is valid (By disclosing, “The payment network cloud service system 104 may decrypt the identity verification cryptogram to obtain decrypted credentials, may compare the decrypted credentials to ; and          
            Shastry does not disclose:
            receiving, by the communication device from the access device via the short range communication channel, an anti-collision command;
           receiving, by the communication device from the access device via the short range communication channel, an information request comprising transaction level data, the transaction level data comprising data relating to application selection and/or transaction processing; 
            responsive to receiving the anti-collision command, generating a random value, by the communication device, wherein the random value is a PUPI (pseudo unique PICC identifier); 
             generating a cryptogram by encrypting at least the transaction level data and the PUPI; 
            transmitting, by the communication device via the short range communication channel, the PUPI to the access device; 
            transmitting, by the communication device via the short range communication channel, the cryptogram to the access device; 
allowing the transaction to proceed if the received cryptogram is valid,
           wherein the access device is a point of sale terminal,
          wherein the short range communication channel is an NFC channel, and
          wherein the communication device is a payment card.
          However, Guglani teaches:
           receiving, by the communication device from the access device via the short range communication channel, an information request comprising transaction level data, the transaction level data comprising data relating to application selection and/or transaction processing (By disclosing, “the mobile device 104 can receive transaction data for the transaction in accordance with a second transaction protocol” (paragraph [0062] of Guglani); the transaction data is transmitted from the access device to the mobile device via NFC (paragraph [0062]-[0063] of Guglani); and the transaction data is used for generating a cryptogram for transaction processing (paragraph [0082] of Guglani)); 
             transmitting, by the communication device via the short range communication channel, the cryptogram to the access device (By disclosing, “The reader of the merchant's access device can scan the new two-dimensional barcode including the encoded cryptogram” ([0033] of Guglani); and “Contactless element 104F may be capable of transferring ; and
            allowing the transaction to proceed if the received cryptogram is valid (By disclosing, “If the cryptograms match, this may indicate that the mobile device and/or the user are authenticated such that the transaction may proceed” (paragraph [0034] of Guglani); and
          wherein the access device is a point of sale terminal (By disclosing, “Exemplary access devices include point of sale (POS) terminals” ([0020] of Guglani)),
          wherein the short range communication channel is an NFC channel (By disclosing, “Contactless element 104F may be capable of transferring and receiving data using a short range wireless communication capability, for example, using NFC or other contactless mechanisms and protocols described above” ([0039] of Guglani)).
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of generating a cryptogram based on transaction data and validating the cryptogram in view of Guglani to include techniques of receiving, by the communication device from the access device via the short range communication channel, an information request comprising transaction level data, the transaction level data comprising data relating to application selection and/or transaction processing; allowing the transaction to proceed if the received cryptogram is valid, wherein the access device is a point of sale terminal, and wherein the short range communication channel is an NFC channel.  Doing so would results in an improved invention because this would allow a cryptogram to be generated upon receiving the transaction data at proximity of a merchant location from the access device of the merchant when the client is present at a merchant location, thus reducing the possibility of long distance relay attack.
          Kim teaches:
          receiving, by the communication device from the access device via the short range communication channel, an anti-collision command (By disclosing, “For the type B method, the anti-collision method of the contactless cards that satisfy the ISO 14443 type B standard makes use of an optional value called a Pseudo Unique Proximity card Identifier (PUPI), which each card generates separately. When the contactless cards approach an effective region of the reader, the reader requests the cards to generate a random value having a set scope, the cards each generate PUPI values different from each other” ([0007] of Kim));
          responsive to receiving the anti-collision command, generating a random value, by the communication device, wherein the random value is a PUPI (pseudo unique PICC identifier) (By disclosing, “For the type B ;
          the PUPI is a unique identifier of the communication device (By disclosing, “When the contactless cards approach an effective region of the reader, the reader requests the cards to generate a random value having a set scope, the cards each generate PUPI values different from each other” ([0007] of Kim)); and 
          transmitting, by the communication device via the short range communication channel, the PUPI to the access device (By disclosing, “When the contactless cards approach an effective region of the reader, the reader requests the cards to generate a random value having a set scope, the cards each generate PUPI values different from each other, and the reader selects a card by calling one of the received PUPI values.” ([0007] of Kim)).
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of generating, by the communication device using a cryptogram  in view of Kim to include techniques of receiving, by the communication device from the access device via the short range communication channel, an anti-collision command; responsive to receiving the anti-collision command, generating a random value, by the communication device, wherein the random value is a PUPI (pseudo unique PICC identifier); generating, by the communication device using a cryptogram generation module in a memory in the communication device, a cryptogram by encrypting at least the transaction level data, and the PUPI; and transmitting, by the communication device via the short range communication channel, the transaction level data and the PUPI to the access device.  Doing so would result in an improved invention because this would reduce the confusion possibility by the access device when more than one contactless card approach the access device at the same time, because the PUPI is a unique identifier of the contactless card, so the access device can identify the card based on the PUPI.
          And Hayhow teaches:
wherein the communication device is a payment card (By disclosing, “The transaction authorization may provide a confirmation that the payment card generated the online cryptogram from the adjusted authorization amount and the cryptographic key” (paragraph [0014] of Hayhow)).
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Shastry in view of Hayhow to include techniques of using a payment card as the communication device. Doing so would result in an improved invention because this would allow a user initiate a transaction with a contactless card when a mobile phone is not at hand, thus improving the functionality of the claimed invention.
.
Regarding claims 3 and 11, Shastry also discloses:
         the access device validates the cryptogram (By disclosing, The payment network cloud service system 104 may decrypt the identity verification cryptogram to obtain decrypted credentials, may compare the decrypted credentials to the user data received from the untrusted mobile application 110 (step S168 in FIG. 1B). If the decrypted credentials match the user data received from the untrusted mobile application 110, the payment network cloud service system 104 may validate that the identity verification cryptogram is generated 
         Shastry does not expressly disclose:
         the access device is programmed to reject the interaction if it cannot validate the cryptogram.
          However, Guglani teaches:
         the access device is programmed to reject the interaction if it cannot validate the cryptogram (By disclosing, “the access device may decrypt the cryptogram using the unique code or a separate decryption key related to the unique code (e.g., a private key in a key pair) at 710. …, if the information has been improperly encrypted or decrypted, the payment information identified may be invalid and the transaction will not be authorized” (paragraph [0082] of Guglani)). 
         Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Shastry in view of Guglani to include techniques of rejecting the transaction if it cannot validate the cryptogram as disclosed by Guglani.  Doing so would result in an improved invention because this would allow the transaction being rejected before sending the decrypted information to the issuer for further processing, thus saving the energy consumption of data transmission and data processing. 

Regarding claims 6 and 13, Shastry also discloses:
generating the cryptogram comprises encrypting the transaction level data and the unique identifier using an authorizing entity cryptographic key (By disclosing, “Upon verification, the payment network cloud service system 104 may send a first payment token and a first cryptographic key to the trusted mobile application 108” (paragraph [0043] of Shastry); and “Using the first cryptographic key, the trusted mobile application 108 may create an identity verification cryptogram” (paragraph [0044] of Shastry)), and 
          wherein the access device or the remote server computer uses a corresponding authorizing entity cryptographic key to validate the cryptogram (By disclosing, “The server computer validates that the identity verification cryptogram is generated using the user data and the cryptographic key sent to the first mobile application” (paragraph [0005] of Shastry)). 
          Shastry does not disclose:
          the unique identifier is a PUPI.
          However, Kim teaches:
          the unique identifier is a PUPI (By disclosing, “For the type B method, the anti-collision method of the contactless cards that satisfy the ISO 14443 type B standard makes use of an optional value called a Pseudo Unique Proximity card Identifier (PUPI), which each card generates separately. When the contactless cards approach an effective region of the reader, the reader requests the cards to generate a random value having a set scope, the cards each generate PUPI values different from each other” ([0007] of Kim)).
 Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of generating the cryptogram comprises encrypting the transaction level data and the unique identifier using an authorizing entity cryptographic key, in view of Kim to include techniques of generating the cryptogram comprises encrypting the transaction level data and the PUPI using an authorizing entity cryptographic key.  Doing so would result in an improved invention because this would leverage the advantages of using PUPI as an identifier of the communication device (e.g. reduce the confusion possibility by the access device when more than one contactless card approach the access device at the same time, etc.).

Regarding claims 7 and 14, Shastry also discloses:
         the authorizing entity cryptographic key and the corresponding authorizing entity cryptographic key are symmetric keys (By disclosing, “the application encryption key may include a symmetric encryption key” (paragraph [0036] of Shastry)).

Regarding claim 16, Shastry discloses:
          responsive to a command, the communication device determines a unique identifier (By disclosing, “Any of the software components or functions described in this application, may be implemented as software ; 
           generates, using a cryptogram generation module in a memory in the communication device, a cryptogram by encrypting the transaction level data, and the unique identifier (By disclosing, “Using the first cryptographic key, the trusted mobile application 108 may create an identity verification cryptogram (step S156 in FIG. 1B). That is, the trusted mobile application 108 may encrypt the user data (i.e. account credentials) using the first cryptographic key” (paragraph [0044] of Shastry); and “The trusted mobile application 108 may provide the account credentials (i.e. user data) such as the primary account number (PAN), the expiration date, the name on the account, the billing address, the device identifier and the like to the payment network cloud service system 104” (paragraph [0043] of Shastry))(Note: the Examiner interpret the “primary account number (PAN), expiration date of a payment account, user name, billing address” ; 
           receiving, by the assess device from the communication device, the transaction level data, the unique identifier of the communication device, and the cryptogram that was generated by encrypting the transaction level data, and the unique identifier (By disclosing, “The trusted mobile application 108 may provide the account credentials (i.e. user data) such as the primary account number (PAN), the expiration date, the name on the account, the billing address, the device identifier and the like to the payment network cloud service system 104” (paragraph [0043] of Shastry); and “The server computer receives the user data associated with the user and the identity verification cryptogram from a second mobile application” (paragraph [0005] of Shastry))(Note: the Examiner interprets the “payment network cloud service system 104” to be the “access device”); and 
            Shastry does not disclose:
             providing, by the access device to the communication device via the short range communication channel, an anti-collision command;
           providing, by the access device to the communication device via the short range communication channel, an information request comprising transaction level data comprising data relating to application selection and/or transaction processing;
             wherein responsive to the anti-collision command, the communication device generates a random value, wherein the random value is a PUPI (pseudo unique PICC identifier); 
             generates a cryptogram by encrypting the transaction level data and the PUPI; 
            receiving, by the access device from the communication device via the short range communication channel, the PUPI 
           generating an authorization request message comprising the transaction level data; and 
           transmitting the authorization request message to an authorizing entity computer, wherein the authorizing entity computer approves or declines the authorization request message;
            wherein the access device is a point of sale terminal,
            wherein the short range communication channel is an NFC channel, and
           wherein the communication device is a payment card.
           However, Guglani teaches:
           providing, by the access device to the communication device via the short range communication channel, an information request comprising transaction level data comprising data relating to application selection and/or transaction processing (By disclosing, “the mobile device 104 can receive transaction data for the transaction in accordance with a second transaction protocol” (paragraph ; 
             receiving, by the access device from the communication device via the short range communication channel, the cryptogram (By disclosing, “The reader of the merchant's access device can scan the new two-dimensional barcode including the encoded cryptogram” ([0033] of Guglani); and “Contactless element 104F may be capable of transferring and receiving data using a short range wireless communication capability, for example, using NFC or other contactless mechanisms and protocols described above” ([0039] of Guglani)); 
          generating an authorization request message comprising the transaction level data (See at least paragraph [0025] of Guglani); 
         transmitting the authorization request message to an authorizing entity computer, wherein the authorizing entity computer approves or declines the authorization request message (See at least paragraph [0033]-[0034] and [0026] of Guglani); 
          wherein the access device is a point of sale terminal (By disclosing, “Exemplary access devices include point of sale (POS) terminals” ([0020] of Guglani)); and
          wherein the short range communication channel is an NFC channel (By disclosing, “Contactless element 104F may be capable of transferring and receiving data using a short range wireless communication capability, for example, using NFC or other contactless mechanisms and protocols described above” ([0039] of Guglani)).
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of generates, using a cryptogram generation module in a memory in the communication device, a cryptogram by encrypting the transaction level data, and the unique identifier; and receiving, by the assess device from the communication device, the transaction level data, the unique identifier, and the cryptogram that was generated by encrypting the transaction level data, and the unique identifier, in view of Guglani to include techniques of receiving, by the communication device from the access device via the short range communication channel, an information request comprising transaction level data, the transaction level data comprising data relating to application selection and/or transaction processing; generating an authorization request message comprising the transaction level data; and transmitting the authorization request message to an authorizing entity computer, wherein the authorizing entity computer approves or declines the authorization request message, wherein the access device is a point of sale terminal, and wherein the short range communication channel is an NFC channel.  Doing so would results in an improved invention because this would allow a cryptogram to be generated upon receiving the transaction data at proximity of a merchant location from the access device of the merchant when the client is present at a merchant location, thus reducing the possibility of long distance relay attack. Doing so would also allow the authorizing entity perform further processing steps (e.g., fraud detection, standalone authorization, etc.) (paragraph [0054] of Guglani).
          Kim teaches:
          providing, by the access device to the communication device via the short range communication channel, an anti-collision command (By disclosing, “For the type B method, the anti-collision method of the contactless cards that satisfy the ISO 14443 type B standard makes use of an optional value called a Pseudo Unique Proximity card Identifier (PUPI), which each card generates separately. When the contactless cards approach an effective region of the reader, the reader requests the cards to generate a random value having a set scope, the cards each generate PUPI values different from each other” ([0007] of Kim));
          wherein responsive to the anti-collision command, the communication device generates a random value, wherein the random value is a PUPI (pseudo unique PICC identifier) (By disclosing, “For the type B method, the anti-collision method of the contactless cards that ;
          the PUPI is a unique identifier of the communication device (By disclosing, “When the contactless cards approach an effective region of the reader, the reader requests the cards to generate a random value having a set scope, the cards each generate PUPI values different from each other” ([0007] of Kim)); and 
          receiving, by the access device from the communication device via the short range communication channel, the PUPI (By disclosing, “When the contactless cards approach an effective region of the reader, the reader requests the cards to generate a random value having a set scope, the cards each generate PUPI values different from each other, and the reader selects a card by calling one of the received PUPI values.” ([0007] of Kim)).
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of generates, using a cryptogram generation module in a memory in the communication device, a cryptogram by encrypting at least the transaction level data, and an unique identifier of the communication device; and receiving, by the access device from the communication device via the short range communication channel, the transaction level data, and the cryptogram that was generated by encrypting the transaction level data, and the unique identifier, in view of Kim to include techniques of providing, by the access device to the communication device via the short range communication channel, an anti-collision command; wherein responsive to the anti-collision command, the communication device generates a random value, wherein the random value is a PUPI (pseudo unique PICC identifier); generates, using a cryptogram generation module in a memory in the communication device, a cryptogram by encrypting at least the transaction level data, and the PUPI; and receiving, by the access device from the communication device via the short range communication channel, the transaction level data, the PUPI and the cryptogram that was generated by encrypting the transaction level data, and the PUPI.  Doing so would result in an improved invention because this would reduce the confusion possibility by the access device when more than one contactless card approach the access device at the same time.
          And Hayhow teaches:
          wherein the communication device is a payment card (By disclosing, “The transaction authorization may provide a confirmation that the payment card generated the online cryptogram from the adjusted 
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Shastry in view of Hayhow to include techniques of using a payment card as the communication device. Doing so would result in an improved invention because this would allow a user initiate a transaction with a contactless card when a mobile phone is not at hand, thus improving the functionality of the claimed invention.

Regarding claim 17,  Shastry does not disclose:
          wherein transmitting the authorization request message to the authorizing entity computer comprises transmitting the authorization request message to the authorizing entity computer via a processing network and a transport computer. 
          However, Guglani teaches:
          wherein transmitting the authorization request message to the authorizing entity computer comprises transmitting the authorization request message to the authorizing entity computer via a processing network and a transport computer (By disclosing, “The reader of the merchant's access device can scan the new two-dimensional barcode including the encoded cryptogram, and can generate an authorization request message for the transaction. The authorization request message can then be routed to the issuer of the account used to conduct the . 
         Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Shastry in to include transmitting the authorization request message to the authorizing entity computer via a processing network and a transport computer as disclosed by Guglani.  Doing so would result in an improved invention because this allow the processing network perform various processing steps before routing the authorization request message to the authorizing entity.

Regarding claim 18, Shastry also discloses:
          the access device, the transport computer, the processing network, or the authorizing entity computer validates the cryptogram (By disclosing, The payment network cloud service system 104 may decrypt the identity verification cryptogram to obtain decrypted credentials, may compare the decrypted credentials to the user data received from the untrusted mobile application 110 (step S168 in FIG. 1B). If the decrypted credentials match the user data received from the untrusted mobile application 110, the payment network cloud service system 104 may validate that the identity verification cryptogram is generated using the account credentials received from the untrusted mobile application 110” (paragraph [0050] of Shastry)). 
          Shastry does not expressly discloses:
validates the cryptogram before allowing the interaction to proceed.
          However, Guglani teaches:
          validates the cryptogram before allowing the interaction to proceed (By disclosing, “If the cryptograms match, this may indicate that the mobile device and/or the user are authenticated such that the transaction may proceed” (paragraph [0034] of Guglani)).
          Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Shastry in view of Guglani to include techniques of validating the cryptogram before allowing the interaction to proceed.  Doing so would results in an improved invention because the generated cryptogram can be used to make sure the authenticity of a transaction device therefore improve the security level of the transaction.

Regarding claim 21, Shastry also discloses:
          the transaction level data is not needed for the communication device and the access device to communicate (By disclosing, “The server computer sends a cryptographic key to the mobile application after authenticating the user” which infers that the communication device and the access device can communicate other data except the transaction level data (paragraph [0005] of Shastry)); and 
         wherein the transaction level data allows the communication device and the access device to complete the interaction (paragraph [0050] and Fig. 1B of Shastry).

Regarding claim 22, Shastry also discloses:
          the transaction level data, a device identifier of the communication device, and the cryptogram are transmitted in a single message from the communication device to the access device (By disclosing, “The untrusted mobile application 110 may provide the retrieved identity verification cryptogram along with account credentials such as PAN, the expiration date, the name on the account, the billing address, the device identifier and the like to the payment network cloud service system 104 (step S166 in FIG. 1B)” (paragraph [0050] and Fig. 1B of Shastry)).
          Shastry does not disclose:
          the device identifier is the PUPI.
          However, Kim teaches:
          the device identifier is the PUPI (By disclosing, “For the type B method, the anti-collision method of the contactless cards that satisfy the ISO 14443 type B standard makes use of an optional value called a Pseudo Unique Proximity card Identifier (PUPI), which each card generates separately. When the contactless cards approach an effective region of the reader, the reader requests the cards 
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of the transaction level data, a device identifier of the communication device, and the cryptogram are transmitted in a single message from the communication device to the access device, in view of Kim to include techniques of the transaction level data, the PUPI, and the cryptogram are transmitted in a single message from the communication device to the access device.  Doing so would result in an improved invention because this would reduce the confusion possibility by the access device when more than one contactless card approach the access device at the same time.

Regarding claim 24, Shastry also discloses:
          the transaction level data comprise at least one of primary account number, a token, and/or an unpredictable number (By disclosing, “The trusted mobile application 108 may provide the account credentials (i.e. user data) such as the primary account number (PAN), the expiration date, the name on the account, the billing address, the device identifier and the like to the payment network cloud service system 104” (paragraph [0043] of Shastry)).

Regarding claim 32, Shastry discloses:
          wherein comparing is performed by the access device (By disclosing, “The payment network cloud service system 104 may decrypt the identity verification cryptogram to obtain decrypted credentials, may compare the decrypted credentials to the user data received from the untrusted mobile application 110” (paragraph [0050] of Shastry)) (Note: the “payment network cloud service system” in the prior art can be the “access device” in the claim).
          Shastry does not disclose:
           wherein the payment card is a credit card.
           However, Hayhow teaches:
          And Hayhow teaches:
          wherein the payment card is a credit card (By disclosing, “The transaction authorization may provide a confirmation that the payment card generated the online cryptogram from the adjusted authorization amount and the cryptographic key” ([0014] of Hayhow); and “A consumer might elect to use a payment terminal (e.g. point-of-sale (POS) terminal or pin-pad) and a magnetic-stripe payment card (e.g. credit card or debit card) to complete a financial transaction with a merchant (e.g. pay for a merchant's wares/services)” ([0003] of Hayhow)).
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Shastry in view of Hayhow to include techniques of wherein the payment card is a credit card. Doing so would result in an improved invention because this would allow a user initiate a transaction with a credit card when a mobile phone is not at hand, thus improving the functionality of the claimed invention.
 
Regarding claim 33, Shastry does not disclose:
          wherein the payment card complies with ISO/IEC 14443.  
          However, Kim teaches:
         wherein the contactless card complies with ISO/IEC 14443 (By disclosing, “the anti-collision method of the contactless cards that satisfy the ISO 14443 type B standard makes use of an optional value called a Pseudo Unique Proximity card Identifier (PUPI)” ([0007] of Kim)).  
           Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of the communication device is a payment card, in view of Kim to include techniques of wherein the payment card complies with ISO/IEC 14443.  Doing so would result in an improved invention because this would leverage the advantages of using ISO/IEC 14443 standard (e.g. less read range, faster data transfer speed, international standard, etc.).

Claim(s) 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shastry et al. (US 20160036790), in view of Guglani (US 20180268403), further in view of Kim (US 20060144943), Hayhow (US 20150073995), and Ward (US 20170347221). 
Regarding claim 30, Shastry does not disclose:
            However, Ward teaches:
            wherein, the information request is received in an application selection command, which includes selection of an application to use from a plurality of applications on the communication device (By disclosing, “provider application 202 associated and/or maintained with the provider server 102” ([0056] of Ward); “the provider application 202 may display respective application icons 214-224 for each of the other applications on a graphical user interface” ([0049] of Ward); and “The mobile system 200 may receive a user selection 261 associated with the one or more other applications 214-224 displayed. … The mobile system 200 may enable the selected application 220 to perform the one or more data transfers with the user account based on the data 240 sent to the selected application 220” ([0052] of Ward)).       
            Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Shastry in view of Kim to include techniques of the information request is received in an application selection command, which includes selection of an application to use from a plurality of applications on the communication device.  Doing so would result in an improved invention because this would allow the user select the . 
           
Claim(s) 31 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shastry et al. (US 20160036790), in view of Guglani (US 20180268403), further in view of Kim (US 20060144943), Hayhow (US 20150073995), and Hurry (US 20170286663). 
Regarding claim 31, Shastry does not disclose:
          wherein the information request is in a get processing options command which includes point of sale terminal transaction data requested by the communication device.  
           However, Hurry teaches:
           wherein the information request is in a get processing options command which includes point of sale terminal transaction data requested by the communication device (By disclosing, “For example, the access device 125 may request that the user device 115 indicate the data (e.g., a list of files containing the data) to be used for the selected application and the functions supported. In some embodiments, the access device 125 may send a get processing options (GPO) command. The access device 125 may also provide transaction information to the user device 115 (e.g., via the GPO command). For example, the access device 125 may provide the transaction data requested by the user device 115 via a processing options data object list (PDOL)” ([0113] of Hurry)).
wherein the information request is in a get processing options command which includes point of sale terminal transaction data requested by the communication device.  Doing so would result in an improved invention because this would allow the data transfer complies with the standard EMV transaction processing policy, thus leveraging the advantages of the EMV transaction (e.g. more secure card-present transactions, global standard, PCI relief for compliant merchants, can operate in offline mode, etc.).

Claim(s) 34 and 35 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shastry et al. (US 20160036790), in view of Guglani (US 20180268403), further in view of Kim (US 20060144943), Hayhow (US 20150073995),  and Le Saint (US 20160065370). 
Regarding claim 34, Shastry does not disclose:
          wherein the random value is hashed to form a hashed random value, and the cryptogram is formed from the hashed random value.  
          However, Le Saint teaches:
          wherein the random value is hashed to form a hashed random value, and the cryptogram is formed from the hashed random value (By disclosing, a device identifier is hashed to form an updated shared secret ([0194] of Le Saint); a cryptogram key can be generated using the updated shared secret ([0196] of Le .  
            Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Shastry in view of Le Saint to include techniques of the random value is hashed to form a hashed random value, and the cryptogram is formed from the hashed random value.  Doing so would result in an improved invention because this would allow the cryptogram being generated based on a more secure hashed value, thus reducing the risk of losing important data due to cryptogram being hacked.

Regarding claim 35, Shastry does not disclose:
          wherein the hashed value is preceded by a tag assigned for interoperability level data when the hashed value is transmitted by the communication device to the access device. 
          However, Le Saint teaches:
          wherein the random value is hashed to form a hashed random value (By disclosing, a device identifier is hashed to form an updated shared secret ([0194] of Le Saint)).  (Note: Since it is unclear whether the tag is transmitted with the hashed value. For examination purposes, the examiner has interpret the hashed value is not transmitted with the hashed value. Therefore, the claim limitation “wherein the hashed value is preceded by a tag assigned for interoperability level data” is nonfunctional descriptive material. That is, the actual method of 
            Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of transmitting a unique identifier of the communication device from the communication device to the access device, in view of Le Saint to include techniques of transmitting a hashed identifier of the communication device by the communication device to the access device. Doing so would result in an improved invention because this would reduce the risk of losing the unique identifier of the communication device during the transmission by hashing the unique identifier, thus improving the security of the claimed invention.

                                            Response to Arguments
Applicant’s arguments with regard to the respect to the 35 U.S.C. § 103 rejection have been considered but are moot in view of new grounds of rejection initiated by applicant’s amendment to the claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20160307186 to Noe for disclosing verification of contactless payment card for provisioning of payment credentials to mobile device.
US 20140189359 to Marien for disclosing generating one-time password and remote authentication of transactions.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUAN ZHANG whose telephone number is (571)272-4642.  The examiner can normally be reached on Mon - Fri 10 AM-5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 5712701492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 





/DUAN ZHANG/Examiner, Art Unit 3685     

/JAY HUANG/Primary Examiner, Art Unit 3685