DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This communication is in response to the applicant’s request for continued examination filed on 09/21/2021. Claims 1, 5, and 17 have been amended. Claims 9-16 have been cancelled. Claims 1-8 and 17 are currently pending and have been examined.


Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C.
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the
statutory basis for the rejection will not be considered a new ground of rejection if the prior art
relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness
rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459
(1966), that are applied for establishing a background for determining obviousness under 35
U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or
nonobviousness.

Claims 1, 3, 5, 7, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US20190362334) and Hopkins, III (US 10140479).

Regarding claim 1, Wang teaches: A method for on-the-fly cardholder verification method (CVM) selection during a secure payment transaction comprising: 
	receiving, by a consumer mobile device (mobile device) running a mobile payment application (Alipay) via an input component from a cardholder (fingerprint or password), selection of a payment account for a secure payment transaction and an instruction to pay via one of contactless (contactless/carryon wearable device), barcode, secure remote commerce (SRC) or digital secure remote payment (DSRP) (S205 in Fig. 6, [0005] Because the mobile device is introduced, currently, there is a device-based cardholder verification method (consumer device CVM, CD-CVM) or device cardholder verification, in which a device checks an identity of the cardholder in a form of a fingerprint or a digital password. Alipay launches a wearable device PIN-less function for an online transaction, and uses a feature that a carry-on wearable device can represent the identity of the cardholder, thereby adding a verification factor. [0136] Specifically, when the user needs to perform a transaction, the user selects a card required for the transaction on the payment device, where the card may be one or more of cards registered with the issuing bank host and already associated with the check device). 	

Examiner notes that the phrase ‘A method for on-the-fly cardholder verification method (CVM) selection during a secure payment transaction’ is listed in the preamble. A preamble is generally not accorded any patentable weight where it merely recites the purpose of a process or the intended use of a structure, and where the body of the claim does not depend on the preamble for completeness but, instead, the process steps or structural limitations are able to stand alone. See In re Hirao, 535 F.2d 67, 190 USPQ88, USPQ 478, 481 (CCPA 1951).
	transmitting, by the consumer mobile device to a merchant (whitelist merchant) device, a request (initiated by a mobile device) for the secure payment (QuickPass) transaction (Fig. 7, [0004] Currently, for some industries and merchants that have a relatively large proportion of small-amount services and require a high checkout speed, the UnionPay launches a QuickPass online small-amount quick service (a small-amount signature-free and password-free service), and the merchants may apply for the service to become a whitelist merchant. When the whitelist merchant initiates an online transaction lower than a standard limit in a QuickPass manner, an integrated circuit (integrated circuit, IC) card used by a cardholder or a mobile device earning IC card information supports the small-amount quick service by default without jumping to a password input interface or perform signature verification, that is, there is no need to perform cardholder verification in a PBOC procedure, thereby implementing payment at sight for the cardholder. [0056] CD-CVM: A CDCVM is a specific cardholder verification manner for a QuickPass transaction initiated by a mobile device and currently the CDCVM is usually (including but is not limited to) a digital password and a fingerprint of a wallet application. [0194] In this embodiment of the present invention, the RF circuit 710 may be configured to send or receive information, or send or receive a signal to be processed by the processor 720 in a call process).
receiving, by the consumer mobile device from the merchant device, a request for payment account (PIN-less identifier) data ([0004] For a transaction that is initiated by the whitelist merchant and that satisfies conditions (QuickPass and lower than the limit), an acquirer adds a PIN-less identifier to the transaction and marks that the transaction belongs to the small-amount quick service, so that an issuing bank performs PIN-less authorization on the transaction). 
	receiving, by the consumer mobile device via an input component, selection of a CVM comprising one of a flexible CDCVM (on-consumer-device CVM) with mobile PIN (Personal Identification Number) or a flexible CDCVM with DLA (device-level authentication) from the displayed list (e.g. CVM list) by the cardholder; ([0056] CD-CVM: A CDCVM is a specific cardholder verification manner for a QuickPass transaction initiated by a mobile device and currently the CDCVM is usually (including but is not limited to) a digital password and a fingerprint of a wallet application. If a mobile phone and a PoS machine both support the CDCVM in a CVM list, a result of the CDCVM is used as a cardholder verification result (the CDCVM has a highest priority in the CVM list), and an online PIN or signature does not need to be provided again. Compared with a digital password, a fingerprint is more convenient in actual use and provides better user experience (both the two manners belong to the CDCVM). 
	Examiner notes that one of ordinary skill in the art would understand from reading the reference that Wang does not teach away from requiring a PIN only that under some circumstances (i.e. Wang [0085]) a PIN does not need to be entered and that a fingerprint (according to Wang) is more efficient.  Further, one of ordinary skill in the art, from reading the specification, would understand that a fingerprint, reads to ‘device level authentication’ 
	[listing], by the consumer mobile device via [an indicator], a plurality of cardholder verification methods (CVMs) for selection by a cardholder ([Table 1] If a CVM list exists and an amount X or an amount Y in the CVM list is not zero, application 
	Examiner notes that one of ordinary skill in the art, from reading the reference would understand that during cardholder verification methods, the cardholder must either input a fingerprint or a digital password on the touch screen of the display device.
	receiving, by the consumer mobile device via an input component, [selection of a CVM] from the displayed list by the cardholder; ([0017] According to the transaction method provided in the second aspect, the PIN-less identifier is stored in the check device, and the PIN-less identifier and information about the card in the payment device are separately stored. After a card is selected for each transaction, authorization is applied for from the check device, and two-factor verification is implemented after the payment device and the check device verify each other. In this way, even if the payment device is lost or the information about the card is thieved, because the check device further needs to be verified for a small-amount PIN-less transaction, unauthorized payment is not performed, thereby achieving higher security and better user experience).
	Examiner notes that one of ordinary skill in the art, from reading the reference would understand that during cardholder verification methods, the cardholder must either input a choice of cards (CVM’s) on the touch screen of the display device.
	prompting, by the consumer mobile device via the mobile payment application, the cardholder to [identifier data] in accordance with the selected CVM ([0017] According to the transaction method provided in the second aspect, the PIN-less identifier is stored in the check device, and the PIN-less identifier and information about the card in the payment device are separately stored. After a card is selected for each transaction, authorization is applied for from the check device, and two-factor verification is implemented 
	Examiner notes that one of ordinary skill in the art, from reading the reference would understand that during cardholder verification methods, the cardholder must either input a choice of cards (CVM’s) on the touch screen of the display device.
	generating, by the consumer mobile device, a cryptogram in accordance with the selected CVM, wherein the cryptogram comprises CVM entry information; and ([0065] FIG. 2 is a schematic flowchart of existing contactless payment qPBOC. As shown in FIG. 2, after transaction preprocessing and application selection are completed, an initial transaction processing procedure is entered. In this process, after obtaining an authorization amount entered by a cashier, a PoS machine first performs a series of checks, for example, checks whether a currency unit meets a regulation and whether the authorization amount exceeds a CVM limit of the PoS machine. After it is checked that requirements are met, a user is required to show a card. The PoS machine sends, to the card, a GPO instruction together with transaction information such as the authorization amount and the ATC and a PoS machine parameter such as a PoS machine transaction attribute, so that the card performs operations, for example, performs risk management, determines a transaction type (offline/online/rejection), and generates a related cryptogram).
	transmitting, by the consumer mobile device to the merchant device, transaction data including payment account data and the cryptogram ([0053] Authorization request cryptogram (authorization request cryptogram, ARQC): an application cryptogram generated when it is determined that online authorization is required during a transaction performed by using an IC card, and generated by encrypting such information as an authorization amount and an application transaction counter by using a key that is preset in the 
	determining, by the consumer mobile device, that at least one of the payment transaction is a low-value transaction and that velocity checks failed, or that the payment transaction is a high value transaction (HVT); ([0085] Optionally, the PIN-less answer information may further include a PIN-less limit corresponding to the PIN-less identifier, and the PIN-less limit is used to define an amount of a PIN-less permission, so that the card may be PIN-less for a transaction below the corresponding PIN-less limit.)
	Examiner notes that one of ordinary skill in the art from reading the reference, would understand that since the applicant has not defined ‘low-value’ nor ‘high-value’, the terms are relative and do not differentiate from prior art that includes any ‘value’. Examiner further notes that the phrase “velocity checks are enabled and failed” is a contingent limitation.  That is, this limitation only occurs if a certain condition is met, in this case, when velocity checks are enabled and fail.  The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met.  Accordingly, as drafted, the step of “determining velocity checks” need not be performed, nor taught by the prior art, if the velocity checks are not enabled and/or fail.  Claim scope is not limited by claim language that suggests or makes optional but does not require steps to be performed.  See MPEP 2111.04, and Ex parte Schulhauser, Appeal 2013-007847 (PTAB April 28, 2016) (precedential).
	wherein a LVT comprises a payment transaction that does not exceed a predetermined threshold amount or that is a defined as a low risk transaction, and wherein a HVT comprises a payment transaction exceeding the predetermined threshold amount or that is defined as a high risk transaction ([0004-0005] concerning ‘small-amount quick service transactions’ which clearly is below a certain -predetermined- limit “For a transaction that is initiated by the whitelist merchant and that satisfies conditions (QuickPass and lower than the limit), an acquirer adds a PIN-less identifier to the transaction and marks that the transaction belongs to the small-amount quick service, so that an issuing bank performs PIN-less authorization on the transaction.” Further ‘risk management’ is involved as Wang introduces a ‘risk management system’ in paragraph [0064]. ‘Small-amount’ transactions bypass password protection as not necessary for small amounts because “a risk that a password is peeked at when the password is entered is avoided, thereby achieving higher security and better user experience.”
	Conversely, any transaction not covered by the ‘small-amount’ or ‘low risk’ transaction would therefore be inferred to be a ‘high value’ or ‘high risk’ transaction since no other options are given.


Wang does not explicitly teach the displaying a list of CVM, choosing from the list and inputting cardholder identification data, however, Hopkins, III  from a same or analogous art, teaches:
	displaying, by the consumer mobile device via a display component, a plurality of cardholder verification methods (CVMs) for selection by a cardholder (Fig. 1, 5b, and Claim 7: A method of providing multi-factor authentication of an authenticatable user according to claim 1, further comprising the step of displaying said list of authentication options to the user via a graphical user interface for confirmation by the user. Column 7, Lines 10-23: the electronic tag reader 214 recognizes multiple unique tag identifiers. In this embodiment, a list is generated of the authentication action associated with individual tag 
	receiving, by the consumer mobile device via an input component, selection of a CVM comprising one of a flexible CDCVM (on-consumer-device CVM) with mobile PIN (Personal Identification Number) or a flexible CDCVM with DLA (device-level authentication) from the displayed list by the cardholder; (Column 7, Line 56 - Column 8, Line 2: In one embodiment, the user 202 is requested to provide a predetermined biometric feature, such as a fingerprint 206, as a biometric authentication factor. The user provides the requested biometric feature (e.g., fingerprint 206) to a biometric reader 208 operably coupled to the multi-factor authentication terminal 204. The biometric feature (e.g., 206) is then processed to generate a unique biometric identifier, which once generated, is stored in temporary memory. In another embodiment, the user 202 is requested to provide a personal identification number (PIN) to be authenticated. The user 202 provides the requested PIN information using the keypad 216 operably coupled to the multi-factor authentication terminal 204. Once the PIN information is entered, it is stored in temporary memory. 	
	Examiner notes that one of ordinary skill in the art, from reading the reference would understand that during cardholder verification methods, the cardholder must either input a fingerprint or a digital password on the touch screen of the display device.
	prompting, in response to the determination, by the consumer mobile device via the mobile payment application, the cardholder to provide cardholder identification data in accordance with the selected CVM (Fig. 4, 5a-5c, Column 2, Lines 55-65: The user provides the requested PIN information using a keypad coupled to the multi-factor authentication terminal. Once the PIN information is entered, it is stored in temporary memory).
	generating, by the consumer mobile device, a cryptogram in accordance with the selected CVM, wherein the cryptogram (unique tag identifier) comprises CVM entry information; (Column 10, Line 59 - Column 11, Line 23:  As used herein, an authentication action refers to a series of process steps associated with the authentication of a user. In one embodiment, the list comprises a unique tag identifier associated with authenticating the user for access to a physical facility. In another embodiment, the list comprises a unique tag identifier for authenticating the user for access to a restricted information processing system. In yet another embodiment, the list comprises a unique tag identifier for authenticating the user for access to a restricted information repository. In one embodiment, the list comprises a unique tag identifier for authenticating the user for the provision of information associated with the user. In various embodiments, the associated information comprises medical information, law enforcement information, or information processing system information associated with the user. In another embodiment, the list comprises a unique tag identifier for authenticating the user for the initiation of a financial transaction. It will be apparent to those of skill in the art that it would be possible to have many different unique tag identifiers associated with a single electronic tag, with each in turn associated with a different authentication action).
	Examiner notes that one of ordinary skill in the art, from reading the reference would understand that in order to maintain security for the recited sensitive data, the information would be encrypted into a unique tag identifier cryptogram).
	receiving, by the consumer mobile device, via the input component, the authenticating, by the consumer mobile device, the mobile PIN and the cardholder identification data; (Column 2, Lines 50-60: The biometric feature is then processed to generate a unique biometric identifier, which is then stored in temporary memory. In another embodiment, the user is requested to provide a personal identification number (PIN) to be authenticated. The user provides the requested PIN information using a keypad coupled to the multi-factor authentication terminal. Once the PIN information is entered, it is stored in temporary memory.)

In various embodiments, the authentication information stored in temporary memory is submitted by the multi-factor authentication terminal to a multi-factor authentication module. The multi-factor authentication module receives the submitted authentication information and then compares it to authentication information associated with the user. In one embodiment, the multi-factor authentication module is operable to access a database comprising an index cross-referencing the unique tag identifier to the user's authentication information. In various embodiments, the multi-factor authentication module is operable to access a database comprising an index cross-referencing the biometric identifier or the PIN to the user's authentication information. If the submitted authentication information matches the user's authentication information, then the user is authenticated.

	In reference to other independent claims, Claims 5 and 17, the claims are significantly similar to claim 1, however, they further recite “a storage device operably connected to the mobile device processor, wherein the storage device comprises a mobile wallet application and processor executable instructions which when executed cause the mobile device processor to:” and “receive a request for payment account data from the merchant device.” 

Wang teaches:
	a storage device operably connected to the mobile device processor, ([0168] Optionally, the payment device 300 may further include a storage unit 340, and the storage unit 340 may be configured to store code executed by the sending unit 310, the receiving unit 320, and the processing unit 330.)
	wherein the storage device comprises a mobile wallet application and processor executable instructions (e.g. implementing code) which when executed cause the mobile device processor to: ([0212] It should be noted that in an embodiment of the present invention, the receiving unit 810 may be implemented by a receiver, the processing unit 820 may be implemented by a processor, the sending unit 830 may be implemented by a 
	Examiner notes that one of ordinary skill in the art, from reading the reference, would understand that the mobile wallet application is merely code that when executed can cause the processor to perform the functions as noted in the limitation. Therefore, Examiner notes that the memory device of the stated prior art, reads to the limitation.
receive a request for payment account data from the merchant device ([0004] Currently, for some industries and merchants that have a relatively large proportion of small-amount services and require a high checkout speed, the UnionPay launches a QuickPass online small-amount quick service (a small-amount signature-free and password-free service), and the merchants may apply for the service to become a whitelist merchant. When the whitelist merchant initiates an online transaction lower than a standard limit in a QuickPass manner, an integrated circuit (integrated circuit, IC) card used by a cardholder or a mobile device earning IC card information supports the small-amount quick service by default without jumping to a password input interface or perform signature verification, that is, there is no need to perform cardholder verification in a PBOC procedure, thereby implementing payment at sight for the cardholder. For a transaction that is initiated by the whitelist merchant and that satisfies conditions (QuickPass and lower than the limit), an acquirer adds a PIN-less identifier to the transaction and marks that the transaction belongs to the small-amount quick service, so that an issuing bank performs PIN-less authorization on the transaction.)

Regarding claim 3, Wang teaches: The method of claim 1, wherein the plurality of cardholder verification methods (CVMs) comprises: 
	on-consumer-device CVM (CDCVM) always with mobile personal identification number (PIN), CDCVM always with device-level authentication (DLA), flexible CDCVM with mobile PIN, flexible CDCVM with DLA, and card-like CVM ([0010] With reference to the first aspect, in a first possible implementation of the first aspect, the modifying, by the payment device, a cardholder verification method CVM list of the card includes, setting, in the CVM list of the card, a service condition of an online personal identification number PIN to be that a transaction amount is greater than a PIN-less limit, where the PIN-less limit corresponds to the PIN-less identifier. [0011] With reference to the first aspect or the first possible implementation of the first aspect in a second possible implementation of the first aspect, the modifying, by the payment device, a cardholder verification method CVM list of the card includes: adding a device cardholder verification method CDCVM to a CVM type in the CVM list of the card, and recording a result of the CDCVM as that verification succeeds. [0017] According to the transaction method provided in the second aspect, the PIN-less identifier is stored in the check device, and the PIN-less identifier and information about the card in the payment device are separately stored. After a card is selected for each transaction, authorization is applied for from the check device, and two-factor verification is implemented after the payment device and the check device verify each other).
	Examiner considers that one skilled in the art would understand from reading the reference that flexible CDCVM with DLA is equivalent to two-factor authentication.
	In regards to claim 7, the mobile device of claim 7 corresponds generally to method claim 3, and recite similar features in method form, and therefore is rejected under the same rationale.

Claims 2, 4, 6, and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US20190362334), Hopkins, III (US 10140479) and Smets (US 20140263625). 

Regarding claim 2, Wang teaches: The method of claim 1, further comprising: 
	receiving, by the consumer mobile device, a transaction completed confirmation message; and (Fig. 4, [0067] After the issuing bank host performs verification and feeds back a transaction authorization result, the PoS machine notifies the cardholder of the transaction result. [0068] FIG. 4 is a schematic flowchart of a small-amount PIN-less transaction performed by using an existing mobile device card. Mobile device card payment is SE-based mobile payment, that is, a card required for a transaction is bound to a mobile device).
	displaying, by the consumer mobile device, [information] on the display component ([0197] The display unit 740 may be configured to display information input by the user or information provided for the user, and various menus of the device).

Neither Wang nor Hopkins III explicitly recited the limitation of:
	displaying, by the consumer mobile device, the transaction completed confirmation message on the display component 

However, Smets, from a same or analogous art, teaches:
	displaying, by the consumer mobile device, the transaction completed confirmation message on the display component ([0156] The v3.0 architecture that lies as the basis of the diagram below can usefully be extended for personal readers by: [0157] the reader confirming directly the amount and transaction type to the display, [0158] the reader providing ODA related data such as CDA signatures, DOL and certificate data to the server so that it may verify the correctness of the reader processing).
	It would be obvious to one skilled in the art at the time of the applicant’s invention to combine the CVM system of Wang with the display and verification of Smets and Hopkins. 
	[0003] Technology has further developed to provide payment cards which operate contactlessly--under EMV, these are covered under the ISO/IEC 14443 standard. Using such cards, the account number can be read automatically from the card by a POS terminal, generally using a short range wireless technology such as Radio Frequency Identification (RFID)--this approach is generally referred to as "contactless" or "proximity" payment. This is typically enabled by embedding of an RFID tag in a card body together with a suitable antenna to allow transmission and receipt of wireless signals--the transmissions may be powered by a radio frequency interrogation signal emitted by a proximity reader in the POS terminal.	In regards to claim 6, the mobile device of claim 6 corresponds generally to method claim 2, and recite similar features in method form, and therefore is rejected under the same rationale.

	In regards to claim 6, the mobile device of claim 6 corresponds generally to method claim 2, and recite similar features in method form, and therefore is rejected under the same rationale.

Regarding claim 4, Wang teaches: The method of claim 1, wherein the transaction data further comprises 
	at least one of token account information, an [QuickPass], a Mag stripe (magnetic field induction) application cryptogram, and track 2 data (two factor authentication), ([0003] QuickPass is a brand defined based on the PBOC 2.0/3.0 standard, and currently has two mobile payment modes: a secure module (secure element, SE)-based mobile payment mode and a host card emulation (host card emulation, HCE)-based mobile payment mode. UnionPay Cloud QuickPass implements card emulation in a mobile device based on HCE and is compatible with logic of a PBOC technology. [0061] Near field communication (near field communication, NFC): NFC is a short-distance wireless connection technology, by using which communication between electronic devices within a short distance is implemented through magnetic field induction based on a radio frequency identification technology. [0009] According 
	Examiner notes that one of ordinary skill in the art, would understand from reading the reference that QuickPass is equivalent to M/Chip. Also, that two-factor authentication reads to track 2 data. 

Neither Wang nor Hopkins III explicitly teach the limitation of:
	at least one of token account information, an M/Chip application cryptogram, M/Chip data, a Mag stripe application cryptogram, and track 2 data

However, Smets, from a same or analogous art, teaches: 	
	at least one of token account information, an M/Chip application cryptogram, M/Chip data, a Mag stripe application cryptogram, and track 2 data ([0069] PayPass data resembles data read from the physical magstripe (for PayPass -MagStripe) or data read from the contact chip (for PayPass-M/Chip) but with subtle differences, so if the issuer would validate PayPass data as if it were originating from magstripe or contact chip, the validation may fail. [0104] Service code validation for the detection of Integrated circuit technology (2 or 6 in 1st digit) must not be performed on track 1 or track 2 data returned from a PayPass chip).
	It would be obvious to one skilled in the art at the time of the applicant’s invention to combine the CVM system of Wang with the display and verification of Smets and Hopkins. Adding multiple types of cardholder verification methods to a mobile device, gives users much more flexibility, saves time and is more secure than previous methods. As Smets states:
	[0003] Technology has further developed to provide payment cards which operate contactlessly--under EMV, these are covered under the ISO/IEC 14443 standard. Using such cards, the account number can be read automatically from the card by a POS terminal, generally using a short range wireless technology such as Radio Frequency Identification (RFID)--this approach is generally referred to as "contactless" or 


	In regards to claim 8, the mobile device of claim 8 corresponds generally to method claim 4, and recite similar features in method form, and therefore is rejected under the same rationale.
Response to Arguments
Applicant argues on pages 9-14 of the response that the combination of Wang, Hopkins and Smet does not overcome the applicant’s newly amended claims. Specifically the combination does not teach or suggest:
“a secure transaction method that requires, after the consumer mobile device receives a CVM selection from the cardholder of either a flexible CDCVM with mobile PIN or a flexible CDCVM with DLA, determining, by the consumer mobile device, that at least one of the payment transaction is a low-value transaction (LVT) and that velocity checks failed, or that the payment transaction is a high value transaction (HVT). wherein a LVT comprises a payment transaction that does not exceed a predetermined threshold amount or that is a defined as a low risk transaction, and wherein a HVT comprises a payment transaction exceeding the predetermined threshold amount or that is defined as a high risk transaction, then prompting in response to the determination ... the cardholder to provide a mobile PIN and cardholder identification data in accordance with the selected CVM, next receiving ... the mobile PIN and the cardholder identification data from the cardholder, and authenticating ... the mobile PIN and the cardholder identification data before generating ... a cryptogram in accordance with the selected CVM, wherein the cryptogram comprises CVM entry information, and lastly transmitting ... to the merchant device, transaction data including payment account data and the cryptogram, as now required by independent claims 1, 5 and 17.”

In reference to the portion that teaches: 
“determining, by the consumer mobile device, that at least one of the payment transaction is a low-value transaction (LVT) and that velocity checks failed, or that the payment transaction is a high value transaction (HVT), wherein a LVT comprises a payment transaction that does not exceed a predetermined threshold amount or that is a defined as a low risk transaction, and wherein a HVT comprises a payment transaction exceeding the predetermined threshold amount or that is defined as a high risk transaction.”


Examiner acknowledges the applicant’s arguments but respectfully disagrees as Wang teaches in For a transaction that is initiated by the whitelist merchant and that satisfies conditions (QuickPass and lower than the limit), an acquirer adds a PIN-less identifier to the transaction and marks that the transaction belongs to the small-amount quick service, so that an issuing bank performs PIN-less authorization on the transaction.” Further ‘risk management’ is involved as Wang introduces a ‘risk management system’ in paragraph [0064]. ‘Small-amount’ transactions bypass password protection as not necessary for small amounts because “a risk that a password is peeked at when the password is entered is avoided, thereby achieving higher security and better user experience.”

Conversely, any transaction not covered by the ‘small-amount’ or ‘low risk’ transaction would therefore be inferred to be a ‘high value’ or ‘high risk’ transaction.

Further, In reference to the portion that teaches:
“then prompting in response to the determination ... the cardholder to provide a mobile PIN and cardholder identification data in accordance with the selected CVM.”


Examiner acknowledges the applicant’s arguments but respectfully disagrees as Wang teaches in [0025]…when the server determines that a transaction amount is greater than the PIN-less limit, determining that a password needs to be entered for the transaction.”

Further, In reference to the portion that teaches:
“receiving ... the mobile PIN and the cardholder identification data (e.g. card) from the cardholder.”

Examiner acknowledges the applicant’s arguments but respectfully disagrees as paragraphs [0065-0067] of Wang teach “It may be learned from FIG. 3 that, the authorization request packet includes an ARQC, an online PIN, and other transaction-related information. The online 

Further, In reference to the portion that teaches:
“Authenticating ... the mobile PIN and the cardholder identification data before generating ... a cryptogram in accordance with the selected CVM, wherein the cryptogram comprises CVM entry information, and transmitting ... to the merchant device, transaction data including payment account data and the cryptogram”

Examiner acknowledges the applicant’s arguments but respectfully disagrees as paragraph [0067] of Wang teaches “For qPBOC, an online PIN is used as an optimal CVM. In this case, after the card receives the GPO response and leaves the induction area, the PoS machine prompts a cardholder to enter an online PIN on the PoS machine, adds the online PIN, the ARQC cryptogram and other information together to an online authorization request packet, and sends the online authorization request packet to an issuing bank host for verification.”


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Each of the prior art listed in the PTO-892 and not directly recited in this office action, disclose anticipation and/or obviousness to combine concerning the applicant’s claims and are therefore included.
A US-20180068138-A1 03-2018 PALERMO; Randy (A representative card reader that communicates with a host device comprises an EMV chip interfacing circuit that facilitates transmitting and receiving data to and from a Europay, Mastercard, and Visa (EMV) chipcard)

B US-20130317928-A1 11-2013 Laracey; Kevin (systems, methods, processes, computer program code, and means for creating digital wallets for users. In some embodiments, digital wallets are created, at least in part, on information obtained from payment transactions conducted by users.)

C US-20140258108-A1 09-2014 Ekselius; Lukas (Systems and methods for product authentication and consumer interaction using secure tokens are provided)

D US-20150019439-A1 01-2015 Phillips; Simon (systems and methods for the creation and use of `electronic` or `digital` payment cards for use in digital payment transactions.)

E US-20140310182-A1 10-2014 Cummins; Oran (performing a secure transaction by displaying payment information as a code on a mobile device. More particularly, the present invention relates to obtaining payment credentials by a mobile device that does not require a secure element, generating a code comprising the payment credentials and displaying the code as payment information.)

F US-20180039968-A1 02-2018 COLLINGE; Mehdi (method and computer system for enabling payment transactions using a mobile device and a point of sale device.)

G US-20140298027-A1 10-2014 Roberts; David Anthony (implementation of mobile point-of-sale system. More particularly, but not exclusively, it relates to the implementation of a mobile point-of-sale system in which a mobile device of a merchant performs secure contactless transactions with a payment device of a customer.)

H US-20160283927-A1 09-2016 Smith; Aaron (authentication for mobile transactions. In embodiments, it relates to mobile devices acting as payment solutions or mobile Point of Sale terminals (MPOS) and to methods and apparatus for consumers transacting with these terminals to ensure that the transaction meets consumer intentions.)

I US-20170308902-A1 10-2017 Quiroga; Walter E. (systems and methods for authentication of user credentials via application extensions.)

	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TERRY N MURRAY whose telephone number is (313)446-6556. The examiner can normally be reached Monday-Thursday 6 AM-4 PM EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/T.N.M./Examiner, Art Unit 3685                                                                                                                                                                                                        
/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3685