DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Notice to Applicant
This communication is in response to the amendment filed 11/23/21.  Claims 1, 3-5, 8, 18, 20-23, and 25 are amended.  Claims 10-17 and 27-33 are withdrawn.  Claim 34 is cancelled.  Claims 1-33 are pending.  Claims 1-9 and 18-26 are rejected.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-9 and 18-26 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Applicant has amended claims 1, 5, 18, 22, and 23 to recite “a processing device” that has a receiving device, input device, and transmitting device. Applicant also argues at page 17 of the response 
In particular, Applicant does not point to, nor was the Examiner able to find support for this newly added language within the specification as originally filed.  As such, Applicant is respectfully requested to clarify the above issues and to specifically point out support for the newly added limitations in the originally filed specification and claims. 
Applicant is required to cancel the new matter in the reply to this Office Action.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the 

Claims 1-7 and 18-24 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Wankmueller (US 2008/0040285 A1) in view of Royyuru et al. (US 2010/0185545 A1) in view of Manessis et al. (US 2009/0055893 A1), and further in view of Neville et al. (US 2011/0276496 A1).
(A) Referring to claim 1, Wankmueller discloses A method for generating a payment cryptogram in a mobile device lacking a secure element, comprising (para. 15 of Wankmueller): 
receiving, by a receiving device of a processing device, a card profile from a remote system, wherein the card profile includes at least payment credentials corresponding to a payment account and a profile identifier (para. 29, 32 & 33 of Wankmueller; The user is prompted for a PIN to be associated with the application and the user's Mobile Device Identifier. The user may also be prompted for his or her financial account identifier, or this data may be determined through some other approach. Account secret data, such as an encryption key or key pair, is generated and associated with the user's financial account identifier. At least a portion of this secret data (for example the encryption key or one or more of the keys in a key pair) is then stored in an authorization database record associated with the user's financial account identifier.); 
receiving, by an input device of the processing device, a mobile personal identification number (PIN) input by a user of the mobile device (para. 14 of Wankmueller; once the mobile device is activated, the user is prompted to enter an identification PIN using a keypad, keyboard, or some other technique for receiving user input into the mobile processing device.); 
transmitting, by a transmitting device of the processing device, a key request to the remote system, wherein the key request includes at least the profile identifier (para. 15-17, 32 & 33 of Wankmueller; The user is prompted for a PIN to be associated with the application and the user's Mobile Device Identifier. The user may also be prompted for his or her financial account identifier, or 
receiving a single use key, wherein the single use key includes at least an application transaction counter and a generating key (para. 16-19 and 33 of Wankmueller; key 120 is held within a chip authentication program (CAP) data file 125, together with an application profile identifier, an application transaction counter, and other data. ); 
generating, by the processing device, a payment cryptogram valid for a single financial transaction based on at least the received single use key and the mobile PIN (para. 24, 32, 33, and Fig. 1 of Wankmueller; note steps 101, 103, 120, and 112 of Fig. 1).
Wankmueller does not expressly disclose transmitting, by the transmitting device of the processing device, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction; storing, in a memory of the processing device, the card profile; receiving, by the receiving device of the processing device, a single use key from the remote system.
Royyuru discloses transmitting, by the transmitting device of the processing device, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction (para. 5, 22, and 47 of Royyuru; the use of NFC and/or other relatively short range communications between a mobile device and a POS device such as when a user of the mobile device scans or waves the mobile device in front of or near the POS device when paying for goods or services.).  

Neville discloses receiving, by the receiving device of the processing device, a single use key from the remote system (para. 46 of Neville; the customer's device (e.g., the customer's mobile payment device) contacts the bank to receive single-use session keys).
At the time of the invention, it would have been obvious to a person of ordinary skill in the art to combine the aforementioned features of Royyuru, Manessis, and Neville within Wankmueller.  The motivation for doing so would have been to facilitate communication between electronic devices in close proximity (para. 22 of Royyuru), for authentic payments (para. 6 of Manessis), and for increased security (para. 46 of Neville).
(B) Referring to claim 2, Wankmueller discloses wherein the payment cryptogram is an application cryptogram or a dynamic card validation code (para. 19 of Wankmueller).  
(C) Referring to claim 3, Wankmueller discloses wherein receiving the card profile includes receiving an encrypted message including the card profile, generating a mobile session key, and decrypting the message using the generated mobile session key to obtain the included card profile (para. 15-18 of Wankmueller).  
(D) Referring to claim 4, Wankmueller discloses wherein receiving the single use key includes receiving an encrypted message including the single use key, generating a mobile session key, and decrypting the 
(E) Referring to claim 5, Wankmueller discloses further comprising: receiving, by the input device of the processing device, an indication of use of the received single use key; transmitting, by the transmitting device of the processing device, an activation request, wherein the activation request includes at least the profile identifier; and receiving, by the receiving device of the processing device, an indication of activation of the single use key (para. 14, 32, and 33 of Wankmueller).  
(F) Referring to claim 6, Wankmueller discloses wherein the payment credentials and generated payment cryptogram are transmitted to the point-of-sale terminal in response to receiving the indication of activation of the single use key (para. 5, 19, and 24 of Wankmueller).  
(G) Referring to claim 7, Wankmueller discloses wherein the payment cryptogram is generated in response to receiving the indication of activation of the single use key (para. 19, 32, and 33 of Wankmueller).  
(H) Referring to claim 18, Wankmueller discloses A system for generating a payment cryptogram in a mobile device lacking a secure element, comprising (para. 12-15 of Wankmueller): 
a processing device (para. 12-14 of Wankmueller);  
P00801-US-DIVAttorney Docket No. a receiving device of the processing device configured to receive a card profile from a remote system, wherein the card profile includes at least payment credentials corresponding to a payment account and a profile identifier (para. 29, 32 & 33 of Wankmueller; The user is prompted for a PIN to be associated with the application and the user's Mobile Device Identifier. The user may also be prompted for his or her financial account identifier, or this data may be determined through some other approach. Account secret data, such as an encryption key or key pair, is generated and associated with the user's financial account identifier. At least a portion of this secret data (for example the encryption key or one 
an input device of the processing device configured to receive a mobile personal identification number (PIN) input by a user of the mobile device (para. 14 of Wankmueller; once the mobile device is activated, the user is prompted to enter an identification PIN using a keypad, keyboard, or some other technique for receiving user input into the mobile processing device.); and 
a transmitting device of the processing device configured to transmit a key request to the remote system, wherein the key request includes at least the profile identifier (para. 15-17, 32 & 33 of Wankmueller; The user is prompted for a PIN to be associated with the application and the user's Mobile Device Identifier. The user may also be prompted for his or her financial account identifier, or this data may be determined through some other approach. Account secret data, such as an encryption key or key pair, is generated and associated with the user's financial account identifier. Personalization data is then generated based on data associated with the secret data previously generated. For example, the encryption key or one or more of the keys in a key pair may be encrypted, such as with triple-DES, using the PIN and a Mobile Device Identifier, previously entered by the user, as the temporary key to create the personalization data.), wherein 
the receiving device is further configured to receive a single use key, wherein the single use key includes at least an application transaction counter and a generating key (para. 16-19 and 33 of Wankmueller; key 120 is held within a chip authentication program (CAP) data file 125, together with an application profile identifier, an application transaction counter, and other data. ).
the processing device is configured to generate a payment cryptogram valid for a single financial transaction based on at least the received single use key and the mobile PIN (para. 24, 32, 33, and Fig. 1 of Wankmueller; note steps 101, 103, 120, and 112 of Fig. 1).

Royyuru discloses the transmitting device of the processing device is further configured to transmit, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction (para. 5, 22, and 47 of Royyuru; the use of NFC and/or other relatively short range communications between a mobile device and a POS device such as when a user of the mobile device scans or waves the mobile device in front of or near the POS device when paying for goods or services.).  
Manessis discloses a memory of the processing device storing the card profile (para. 39 of Manessis; A payment device 102, may comprise a radio-frequency contactless element 104. The radio-frequency contactless element 104 may include a computer chip (not shown) configured to store a transaction counter, an account identifier, which may comprise an account number, an expiration date, and encryption keys. Examples of payment devices include contact-based or contactless smartcards such as credit, debit or prepaid cards, wireless phones, PDAs (personal digital assistants), key fobs, software, etc.).
Nevill discloses the receiving device of the processing device is further configured to receive a single use key from the remote system (para. 46 of Neville; the customer's device (e.g., the customer's mobile payment device) contacts the bank to receive single-use session keys).
At the time of the invention, it would have been obvious to a person of ordinary skill in the art to combine the aforementioned features of Royyuru, Manessis, and Neville within Wankmueller.  The motivation for doing so would have been to facilitate communication between electronic devices in 
(I) Claims 19-24 repeat substantially the same limitations as claims 2-7, and are therefore rejected for the same reasons given above.

Claims 8 and 25 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Wankmueller (US 2008/0040285 A1) in view of Royyuru et al. (US 2010/0185545 A1), in view of Manessis et al. (US 2009/0055893 A1), in view of Neville et al. (US 2011/0276496 A1), and further in view of Li (US 2002/0153424 A1).
(A) Referring to claims 8 and 25, Wankmueller, Royyuru, Manessis, and Neville do not expressly disclose wherein the card profile is configured to utilize local data authentication, and local data authentication includes one of (1) swapping, in the payment credentials, a meaning of an expiration date and an effective date, (2) setting the expiration date as a date prior to a date of issuance, or (3) setting the effective date as a date beyond the expiration date, or setting both the expiration date and the effective date as the expiration date and effective date as defined, and setting an issuer action code configured to force the financial transaction to be an online transaction.
	Li discloses wherein the card profile is configured to utilize local data authentication, and local data authentication includes one of (1) swapping, in the payment credentials, a meaning of an expiration date and an effective date, (2) setting the expiration date as a date prior to a date of issuance, or (3) setting the effective date as a date beyond the expiration date, or setting both the expiration date and the effective date as the expiration date and effective date as defined, and setting an issuer action code configured to force the financial transaction to be an online transaction (para. 9, 21, and 24 of Li).  
.



Claims 9 and 26 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Wankmueller (US 2008/0040285 A1) in view of Royyuru et al. (US 2010/0185545 A1), in view of Manessis et al. (US 2009/0055893 A1), in view of Neville et al. (US 2011/0276496 A1) in view of Li (US 2002/0153424 A1), and further in view of Murphy et al. (US 6,226,744 B1).
(A) Referring to claims 9 and 26, Wankmueller, Royyuru, Manessis, Neville and Li do not disclose wherein the card profile further includes one RSA key pair and certificate.
Murphy discloses wherein the card profile further includes one RSA key pair and certificate (col. 5, lines 52-65 of Murphy).
At the time of the invention, it would have been obvious to a person of ordinary skill in the art to combine the aforementioned features of Murphy within Wankmueller, Royyuru, Manessis, Neville and Li.  The motivation for doing so would have to provide security (col. 5, line 52 – col. 6, line 21 of Murphy).


Response to Arguments
Applicant’s arguments with respect to claim(s) 1 and 18 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LENA NAJARIAN whose telephone number is (571)272-7072. The examiner can normally be reached Monday - Friday 9:30 am-6 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jason Dunham can be reached on 571-272-8109. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit 





/LENA NAJARIAN/Primary Examiner, Art Unit 3686