DETAILED ACTION
Acknowledgements
The amendment filed 11/30/2021 is acknowledged.
Claims 1-2, 4, 6-14 and 16-22 are pending.
Claims 1-2, 4, 6-14 and 16-22 have been examined.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/30/2021 has been entered.


Response to Amendment/Arguments
Claims 1, 14 and 22 are amended.

Regarding applicant’s arguments on Claim Rejections - 35 U.S. C. § 112(a), the arguments are moot in light of the amendments.

Regarding applicant’s arguments on Claim Rejections - 35 U.S. C. § 112(b),
Regarding applicant’s arguments on Claim Rejections - 35 U.S. C. § 101, the arguments are moot in light of the amendments.

Regarding applicant’s arguments on Claim Rejections - 35 U.S.C. §103, the arguments are moot in light of the new ground rejection.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and
103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for
the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale
supporting the rejection, would be the same under either status.

The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained through the invention is not identically disclosed or described as set
forth in section 102, if the differences between the subject matter sought to be patented and the prior
art are such that the subject matter as a whole would have been obvious at the time the invention was
made to a person having ordinary skill in the art to which said subject matter pertains. Patentability
shall not be negatived by the manner in which the invention was made.

Claims 1-2, 4, 6-14 and 16-22 are rejected under 35 U.S.C. 103 as being unpatentable over US Application Publication US2012/0271768A1 (“Kang”) in view of US Application Publication US20130191290A1 (“Glendenning”), in further view of US Application Publication US20140229386A1 (“Tervo et al.”), US20150134540A1 (“Law et al.”) and US20130254125A1 (“Sanders”).

Regarding claims 1, 14 and 22, Kang teaches:
A server system associated with a card issuer or card program manager, the server system comprising: (Fig. 1 items 116 and 120)
a memory; (Fig. 3 item 395; paras 0011, 0025)
at least one processor coupled to the memory and configured to execute program code stored in the memory to cause the server system to: (Fig. 3 item 390; paras 0011, 0025)
receiving at the server system associated with a card issuer or card program manager a transaction request, the transaction request containing data to identify the customer account number; (paras 0011-0013, 0023)
determining by the server system a mobile computing device associated with the customer account number; (paras 0029, 0041)
transmitting by the server system to the mobile computing device a payment request, the payment request comprising: (Fig. 2b item 280; paras 0038, 0044)
(i) [first data] (para 0044)
(ii) transaction data specifying the transaction (para 0044)
receiving by the server system a payment authorisation message; (paras 0047-0048)
Kang does not teach:
generating, at a server system associated with a card issuer or card program manager, an identifier of each individual instance of an application, each individual instance of the application being bound to one of multiple mobile computing devices associated with the same customer account number; 
registering, at the server system, one or multiple financial accounts nominated via one of the individual instances of the application, each financial account being registered to the specific mobile computing device used to nominate the financial account; 
generating a plurality of virtual cards, comprising one virtual card for each nominated financial account and unique to the mobile computing device used to nominate the financial account; 
(i) the first data is a requesting entity certificate signed with a private key of the card issuer or card program manager, 
signed with the private key [of issuer],
message is a cryptogram
decrypting by the server system, the electronic cryptogram to determine whether payment has been authorised by the mobile computing device in relation to the payment request,
wherein the cryptogram is created using a symmetric key stored on the mobile computing device and the server system has access to a copy of the symmetric key. 
However, Glendenning teaches:
(i) first data is a requesting entity certificate signed with a private key of the card issuer or card program manager, and (abs, paras 0010, 0024-0025)
signed with the private key [of issuer] (para 0028)
message is cryptogram (abs; para 0011)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filling
date of the invention to modify the Payment Transaction Processing Using of Band Authentication of Kang by adding the feature of having issuer signature on the transaction data, and generating a cryptogram for the payment authorization message in accordance with the teaching of Glendenning. This modification allows mobile device to authenticating the transaction data and improves the data security.  Hence, the modification reduces frauds opportunity. (Glendenning para 0014).

Kang and Glendenning do not teach:
generating, at a server system associated with a card issuer or card program manager, an identifier of each individual instance of an application, each individual instance of the application being bound to one of multiple mobile computing devices associated with the same customer account number; 
registering, at the server system, one or multiple financial accounts nominated via one of the individual instances of the application, each financial account being registered to the specific mobile computing device used to nominate the financial account; 
generating a plurality of virtual cards, comprising one virtual card for each nominated financial account and unique to the mobile computing device used to nominate the financial account; 
decrypting by the server system, the electronic cryptogram to determine whether payment has been authorised by the mobile computing device in relation to the payment request,
wherein the cryptogram is created using a symmetric key stored on the mobile computing device and the server system has access to a copy of the symmetric key.

decrypting by the server system, the electronic cryptogram to determine whether payment has been authorised by the mobile computing device in relation to the payment request, (para 0045)
wherein the cryptogram is created using a symmetric key stored on the mobile computing device and the server system has access to a copy of the symmetric key. (para 0045)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filling
date of the invention to modify the combined system of Kang and Glendenning by encrypting/decrypting messages between mobile device and server with symmetric key in accordance with the teaching of Tervo et al.. This modification improves data security and optimizes the performance. (Tervo et al. para 0005).

Kang, Glendenning and Tervo et al. do not teach:
generating, at a server system associated with a card issuer or card program manager, an identifier of each individual instance of an application, each individual instance of the application being bound to one of multiple mobile computing devices associated with the same customer account number; 
registering, at the server system, one or multiple financial accounts nominated via one of the individual instances of the application, each financial account being registered to the specific mobile computing device used to nominate the financial account; 
generating a plurality of virtual cards, comprising one virtual card for each nominated financial account and unique to the mobile computing device used to nominate the financial account; 
However, Law et al. teaches:
registering, at the server system, one or multiple financial accounts nominated via one of the individual instances of the application, each financial account being registered to the specific mobile computing device used to nominate the financial account; (para 0081)
generating a plurality of virtual cards, comprising one virtual card for each nominated financial account and unique to the mobile computing device used to nominate the financial account; (Fig. 4 item 405; paras 0081 and 0084).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filling
date of the invention to modify the combined system of Kang, Glendenning and Tervo et al. by implementing virtual card that associated with nominated financial account and mobile device in accordance with the teaching of Law et al.. This modification improves data security by preventing sensitive financial data from exposing. (Law et al. para 0042).

Kang, Glendenning, Tervo et al. and Law et al. do not explicitly disclose:
generating, at a server system associated with a card issuer or card program manager, an identifier of each individual instance of an application, each individual instance of the application being bound to one of multiple mobile computing devices associated with the same customer account number; 
However, Sanders discloses:
generating, at a server system associated with a card issuer or card program manager, an identifier of each individual instance of an application, each individual instance of the application being bound to one of multiple mobile computing devices associated with the same customer account number; (para 0053)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filling date of the invention to modify the combined system of Kang, Glendenning, Tervo et al. and Law et al. by generating an identifier for an application instance of a computing device in accordance with the teaching of Sanders. This modification enables the server to identify the association of an application instance and a device.

With respect to “message generated by the mobile computing device upon receipt of: a selection of a virtual card from among the plurality of virtual cards; and a user authorization in response to a prompt 
(i) requesting entity certificate data, 
(ii) payment entity certificate data associated with the selected virtual card, (Kang para 0047)
(iii) transaction data, and 
(iv) mobile computing device data being the identifier of the individual instance of the application bound to the mobile computing device;”, it describes the received message.  However, the description of the received message is not used to perform any of the recited steps/functions.  Therefore, it is non-functional descriptive material. (See MPEP 2111.05 I-III) ( In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994)).

Regarding claim 2, Kang in view of Glendenning, in further view of Tervo et al., Law et al. and Sanders discloses all the limitations as described above. Kang further discloses: 
wherein the transaction request is received from a client computing device via a merchant server. (Fig. 1 items 102 and 106; para 0050)

Regarding claim 4, Kang in view of Glendenning, in further view of Tervo et al., Law et al. and Sanders discloses all the limitations as described above. Kang further discloses: 
wherein transmitting a payment request to the mobile computing device comprises:
transmitting by the server system a first data packet comprising the requesting entity certificate signed with a private key of the card issuer or card program manager; and (paras 0031-0035)
separately transmitting by the server system a second data packet comprising the transaction data specifying the transaction and (para 0044)
Glendenning discloses:
signed with the private key of the card issuer or card program manager. (para 0028)

Regarding claim 6, Kang in view of Glendenning, in further view of Tervo et al., Law et al. and Sanders discloses all the limitations as described above. Kang further discloses:
whereupon receiving the payment authorisation message to authorise the transaction, the method further comprises forwarding by the server system the transaction request to a financial institution managing a customer account associated with the customer account number. (Fig. 1 items 116, 118, 120 and 122; paras 0022-0024)

Regarding claims 7 and 16, Kang in view of Glendenning, in further view of Tervo et al., Law et al. and Sanders discloses all the limitations as described above. Kang further discloses:
generating by the server system a customer profile associated with the customer account number. (para 0030)

Regarding claims 8 and 17, Kang in view of Glendenning, in further view of Tervo et al., Law et al. and Sanders discloses all the limitations as described above. Law further discloses: 
generating by the server a plurality of virtual payment cards each of which is linked to the customer profile, wherein each virtual payment card is associated with a different customer account. (paras 0081, 0084, 0135).

Regarding claim 9, Kang in view of Glendenning, in further view of Tervo et al., Law et al. and Sanders discloses all the limitations as described above. Law et al. further discloses: 
wherein each virtual payment card is linked to a unique mobile computing device. (para 0084)

Regarding claims 10 and 18, Kang in view of Glendenning, in further view of Tervo et al., Law et al. and Sanders discloses all the limitations as described above. With respect to “wherein the requesting entity certificate data comprises at least a requesting entity identifier and account details from the requesting entity certificate, the payment entity certificate data comprises a payment entity identifier and account details from a payment entity certificate, and the transaction data comprises at least the transaction amount.” describes the data, but the description of the data is not used to perform any of the 

Regarding claims 11 and 19, Kang in view of Glendenning, in further view of Tervo et al., Law et al. and Sanders discloses all the limitations as described above. Kang further discloses:
wherein the account details from the payment entity certificate are associated with a selected payment card, and wherein the selected payment card is received from a user of the mobile computing device. (paras 0037, 0046)
Law et al. discloses:
received the selected virtual payment card (Fig. 4 item 406; para 0084)

Regarding claims 12 and 20, Kang in view of Glendenning, in further view of Tervo et al., Law et al. and Sanders discloses all the limitations as described above. Kang further discloses:
forwarding by the server system the transaction request to a financial institution managing a customer account associated with the selected payment card. (Fig. 1 items 116, 118, 120 and 122; paras 0022-0024)
Law et al. discloses:
selected virtual payment card (Fig. 4; para 0084)

Regarding claims 13 and 21, Kang in view of Glendenning, in further view of Tervo et al., Law et al. and Sanders discloses all the limitations as described above. Kang further discloses:
Determining by the server system that the payment request has been authorised; and (Fig. 2(b) item 290, paras 0047-0048)
transmitting by the server system an authorisation notification to the merchant server.(Fig. 1 items 108, 116, 120; Fig. 2(b) item 292, paras 0048)


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Yingying Zhou whose telephone number is 571-272-5308.  The examiner can normally be reached on Monday-Friday 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Hayes can be reached on 571-272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/YINGYING ZHOU/Examiner, Art Unit 3685                                                                                                                                                                                                        
   /ZESHAN QAYYUM/   Primary Examiner, Art Unit 3685