DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on July 1, 2021, has been entered.

Status of Claims
Claims 1, 10, and 16 are amended.
Claims 1-20 are pending.

Response to Remarks
35 U.S.C. § 101
Applicant’s arguments, see pp. 12-13, filed July 1, 2021, with respect to claims 1-20 have been fully considered and are persuasive.  The rejection of June 16, 2021 has been withdrawn. 



35 U.S.C. § 103
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 10-15 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Per Claims 10-15: Independent claim 10 has been amended to recite “wherein the processor maintains a counter related to a number of times the contactless card exchanges data”.  However, the originally-filed specification does not provide adequate support for the processor maintaining a counter.  Rather, the originally-filed specification, at ¶ 24 describes “a memory 102 of the contactless card includes card data 103, a counter 104 . . .”.  Therefore, it is the memory, rather than the processor (as claimed), of the contactless card that maintains the counter.  Therefore, independent claim 10 is inadequately supported by the originally-filed specification.  Claims 11-15 are rejected by reason of their dependency from independent claim 10.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1-5, 8-12, and 14-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Pub. No. 2019/0122214 to Chau et al. in view of U.S. Patent Pub. No. 2014/0337175 to Katzin et al. and U.S. Patent Pub. No. 2015/0073995 to Hayhow et al.
Per Claim 1: Chau discloses:
An apparatus, comprising: (see Chau at ¶ 50: FIG. 4 is a functional block diagram illustrating the mobile communication device 400 that may be used to implement the customer computing devices (e.g., the customer computing device 110) of FIG. 1.)
a display device; (see Chau at ¶ 52: The mobile communication device 400 also includes conventional components, such as the display device 430)
a processor circuit, wherein the processor circuit is operable to present a graphical user interface on the display device; (see Chau at ¶ 50: The mobile communication device 400 includes a central processing unit (CPU) 410.)
a transceiver coupled to the processor circuit and operable to communicate with external devices; (see Chau at ¶ 54: In a typical embodiment, the network transmitter 450 and network receiver 460 are implemented as a network transceiver 470.)
a card reader circuit coupled to the processor circuit, and be operable to emit and receive signals within a signal field; and (see Chau at ¶ 13: For example, the customer computing device 110 may be implemented as an NFC device configured to read the tag ID 144 from the tag 142 when the tag 142 is implemented as an NFC object. Such an NFC device may also be configured to read the tag ID 144 when the tag 142 is implemented as an RFID object (e.g., a passive high frequency RFID tag). The tag reader 150 includes hardware and/or software components required to establish the communication link 146 and read the tag ID 144.)
a memory coupled to the processor circuit and operable to store an unlock-lock application having instructions which when executed by the processor circuit, causes the processor circuit to: (see Chau at ¶ 51: The mobile communication device 400 also contains the memory 420. The memory 420 may store instructions and data to control operation of the CPU 410.)
receive, via the card reader circuit, the [[encrypted]] data from the contactless payment card, wherein the contactless payment card is locked to prevent use in a card present transaction (see Chau at ¶ 13: In other words, the customer computing device 110 communicates with the tag 142 (using the tag's operating frequency) over the wireless communication link 146. For example, the customer computing device 110 may be implemented as an NFC device configured to read the tag ID 144 from the tag 142 when the tag 142 is implemented as an NFC object. Such an NFC device may also be configured to read the tag ID 144 when the tag 142 is implemented as an RFID object (e.g., a passive high frequency RFID tag). The tag reader 150 includes hardware and/or software components required to establish the communication link 146 and read the tag ID 144.)
cause the [[encrypted]] data to be forwarded to an authentication server to authenticate and unlock the contactless payment card; (see Chau at ¶ 28: In block 240 (see FIG. 2), the customer application 152 initiates unlocking the tagged credit card 140. The customer application 152 may initiate unlocking the tagged credit card 140 by using the tag ID 144 to obtain the token 156 (e.g., from the electronic wallet 154) and sending access request information (including the token 156) to the wallet control function 180 of the payment authorization computing system 130 (illustrated by an arrow “L3”). Optionally, the access request information may include the tag ID 144, authentication information, auxiliary account information (e.g., loyalty points), and the like.)
receive an unlock indication that the contactless payment card has been unlocked enabling the contactless payment card for use in a card present transaction, wherein the unlock indication indicates the contactless payment card has been authenticated; (see Chau at ¶ 33: Optionally, the wallet control function 180 may send an access granted notification (not shown) to the customer application 152 and/or the tag 142. The access granted notification (not shown) indicates that the tagged credit card 140 has been unlocked. The customer application 152 may optionally display a notification to the customer 112 (e.g., on the display device 430 illustrated in FIG. 4) that the tagged credit card 140 has been unlocked.)
require a subsequent unlock operation in response to an authentication server automatically re-locking the contactless card to prevent further card present transactions per a default setting. (see Chau at 35: After the transaction is completed, the credit card account 148 (and the credit card 140) returns to being locked. This may occur without any additional action on the part of the system 100. Alternatively, in optional block 292 (see FIG. 2), the system 100 may lock the credit card account 148 (and the credit card 140).)
However, Chau fails to disclose, but Katzin, an analogous art of reducing credit card fraud, discloses:
obtain user preferences for uses of the contactless payment card in payment card transactions when unlocked, wherein the user preferences are permitted [[contactless]] payment card use restrictions; (see Katzin at ¶ 152: For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).)
present a representation of the identified user preferences of the contactless card in the graphical user interface presented on the display device; (see Katzin at ¶ 152: For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).)
enable completion of a card present transaction according the obtained user preferences including a permitted contactless payment card use restriction; and (see Katzin at ¶ 156: If the device determines that the purchase transaction is permitted by the purchase control settings of the user and/or bonded wallet users (1740, option “No”), the device may generate a card authorization request, 1741, and provide the card authorization request for purchase transaction authorization (see FIG. 57A).)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to include the purchasing restrictions disclosed in Katzin.  One of ordinary skill in the art would have been motivated to do so to further reduce fraudulent credit card transactions.
However, the combination of Chau and Katzin fails to disclose, but Hayhow, an analogous art of reading information from a contactless card, discloses:
in response to a communication with a contactless payment card, transmit an indication, via the card reader circuit, to the contactless payment card to generate encrypted data using a master key and a counter value as inputs to a cryptographic algorithm; (see Hayhow at ¶ 56: If the transaction processor 220 determines, at step S328, that the financial transaction can be approved offline, at step S330 the transaction processor 220 transmits to the payment card 210 a Generate Application Cryptogram command, requesting an offline Transaction Certificate (TC) from the payment card 210.  See also ¶ 58: If the payment card 210 determines, at step S332, that the transaction can be approved offline, the payment card 210 generates an offline certificate TC from a cryptographic key of the payment card 210 and from a message authentication code that is generated from the Terminal Verification Results, the adjusted/preliminary authorization amount and unpredictable number received from the payment terminal 200, the transaction date, the account number and a transaction counter internal to the payment card 210. The payment card 210 may generate the offline certificate TC by (i) generating a cryptographic session key from the payment card cryptographic master key and the transaction counter, (ii) applying the Terminal Verification Results, adjusted/preliminary authorization amount, unpredictable number, transaction date, account number and transaction counter and the session key as inputs to a cryptographic algorithm, (iii) signing the resulting offline cryptogram with a private cryptographic key of the payment card 210, and (iv) incorporating the offline cryptogram into the offline certificate TC. Since the cryptographic session key is generated from the payment card cryptographic master key and the transaction counter, the cryptographic session key is uniquely associated with the payment card 210.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to use a contactless card and send an instruction to generate encrypted data to the contactless card using the card reading techniques disclosed in Hayhow.  As in Hayhow, it is within the capabilities of one of ordinary skill in the art to use a device, such as the customer computing device, to send a message to the contactless card to generate encrypted data with the predicted result of requesting and receiving data from the contactless card.

Per Claim 10: Claim 10 recites subject matter similar to that discussed above in connection with claim 1.  Claim 10 further recites, and Chau further discloses:
A system, comprising: (see Chau at Abstract: A system implementing multi-factor authentication for use with a mobile communication device.)
a mobile device including a mobile device processor, a mobile device memory, a transceiver, a display device, and a card reader circuit, the card reader circuit is operable to communicate with the contactless payment card via the communications interface, and (see Chau at FIG. 4: mobile communication device 400, processor 410, memory 420, transceiver 470, display device 430.  See also ¶ 13: For example, the customer computing device 110 may be implemented as an NFC device configured to read the tag ID 144 from the tag 142 when the tag 142 is implemented as an NFC object. Such an NFC device may also be configured to read the tag ID 144 when the tag 142 is implemented as an RFID object (e.g., a passive high frequency RFID tag). The tag reader 150 includes hardware and/or software components required to establish the communication link 146 and read the tag ID 144.)
the mobile device memory stores programming code including an instance of an unlock-lock application (e.g., customer application 152), wherein the programming code when executed by the mobile device processor causes the mobile device processor to perform functions (see Chau at ¶ 15: The customer computing device 110 implements a customer application 152 and may optionally implement an electronic wallet 154.)
However, Chau fails to disclose, but Hayhow discloses:
a contactless payment card, including a processor, a memory storing programming code, and a communications interface operable to support at least one of near field communication, Bluetooth, or Wi-Fi communication protocol, wherein the processor maintains a counter related to a number of times the contactless card exchanges data; and (see Hayhow at ¶ 36: As discussed, the payment card 210 may have a contact form factor and/or a contactless form factor, and may be implemented as a plastic smartcard, chip card or integrated circuit card that includes a built-in micro-controller and protected memory.  See also ¶ 28: If the payment card 210 has a contactless form factor, the payment card interface 208 may comprise a wireless interface that allows the payment terminal 200 to communicate with the payment card 210 via a wireless protocol, such as ISO 14443.  See also ¶ 58: If the payment card 210 determines, at step S332, that the transaction can be approved offline, the payment card 210 generates an offline certificate TC from a cryptographic key of the payment card 210 and from a message authentication code that is generated from the Terminal Verification Results, the adjusted/preliminary authorization amount and unpredictable number received from the payment terminal 200, the transaction date, the account number and a transaction counter internal to the payment card 210. The payment card 210 may generate the offline certificate TC by (i) generating a cryptographic session key from the payment card cryptographic master key and the transaction counter, (ii) applying the Terminal Verification Results, adjusted/preliminary authorization amount, unpredictable number, transaction date, account number and transaction counter and the session key as inputs to a cryptographic algorithm, (iii) signing the resulting offline cryptogram with a private cryptographic key of the payment card 210, and (iv) incorporating the offline cryptogram into the offline certificate TC. Since the cryptographic session key is generated from the payment card cryptographic master key and the transaction counter, the cryptographic session key is uniquely associated with the payment card 210.)
in response to a request received, via the communications interface, from the mobile device, generate encrypted data using a master key and the counter value as inputs to a cryptographic algorithm; and (see Hayhow at ¶ 56: If the transaction processor 220 determines, at step S328, that the financial transaction can be approved offline, at step S330 the transaction processor 220 transmits to the payment card 210 a Generate Application Cryptogram command, requesting an offline Transaction Certificate (TC) from the payment card 210.  See also ¶ 58: If the payment card 210 determines, at step S332, that the transaction can be approved offline, the payment card 210 generates an offline certificate TC from a cryptographic key of the payment card 210 and from a message authentication code that is generated from the Terminal Verification Results, the adjusted/preliminary authorization amount and unpredictable number received from the payment terminal 200, the transaction date, the account number and a transaction counter internal to the payment card 210. The payment card 210 may generate the offline certificate TC by (i) generating a cryptographic session key from the payment card cryptographic master key and the transaction counter, (ii) applying the Terminal Verification Results, adjusted/preliminary authorization amount, unpredictable number, transaction date, account number and transaction counter and the session key as inputs to a cryptographic algorithm, (iii) signing the resulting offline cryptogram with a private cryptographic key of the payment card 210, and (iv) incorporating the offline cryptogram into the offline certificate TC. Since the cryptographic session key is generated from the payment card cryptographic master key and the transaction counter, the cryptographic session key is uniquely associated with the payment card 210.)
emit, via the communications interface, a signal containing encrypted data usable to authenticate the contactless card, (see Hayhow at ¶ 59: The payment card 210 responds to the payment terminal 200 with the offline certificate TC, at step S352.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to use a contactless card and send an instruction to generate encrypted data to the contactless card using the card reading techniques disclosed in Hayhow.  As in Hayhow, it is within the capabilities of one of ordinary skill in the art to use a device, such as the customer computing device, to send a message to the contactless card to generate encrypted data with the predicted result of requesting and receiving data from the contactless card.

Per Claim 16: Claim 16 recites subject matter similar to that discussed above in connection with claim 1.  Claim 16 recites a non-transitory computer-readable storage medium having computer-readable program code embodied therewith, which Chau discloses (see ¶ 53: Such instructions may be stored on one or more non-transitory computer-readable media.)
Per Claims 2 and 17: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claims 1 and 16, from which claims 2 and 17 depend, respectively.  However, Chau fails to disclose, but Katzin discloses:
drive a display device to present a graphical user interface with a plurality of user preferences for setting a limiting use of the contactless card. (see Katzin at ¶ 152: With reference to FIG. 16B, in some implementations, the virtual wallet application may provide an interface via which user may efficiently set purchase controls for transactions. For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to include purchasing restrictions as disclosed in Katzin.  One of ordinary skill in the art would have been motivated to do so to decrease the number of fraudulent credit card transactions.

Per Claim 3: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 1, from which claim 3 depends.  However, Chau fails to disclose, but Katzin discloses:
present, via a graphical user interface, a plurality of limiting uses of the contactless card for a selection of a user preference that sets a limiting use of the contactless card. (see Katzin at ¶ 152: With reference to FIG. 16B, in some implementations, the virtual wallet application may provide an interface via which user may efficiently set purchase controls for transactions. For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to include purchasing restrictions as disclosed in Katzin.  One of ordinary skill in the art would have been motivated to do so to decrease the number of fraudulent credit card transactions.

Per Claim 4: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 3, from which claim 4 depends.  However, Chau fails to disclose, but Katzin discloses:
wherein the plurality of limiting uses includes one or more of: a geographical location, a geo-fenced area, a merchant name, a price threshold, a time threshold, a day of a week, a time range within a day, a zip code, an area code; a merchant category, or a product category. (see Katzin at ¶ 152: In some situations, the virtual wallet may provide a graphical user interface component (e.g., 1622) to facilitate user input entry. For example, the virtual wallet may display a map of the world when the user wishes to place a geographic restriction on a purchase control, and the user may touch the map at the appropriate sport (e.g., 1623, 1624) to set the locations from which transaction may be allowed (or alternatively, blocked).)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to include purchasing restrictions as disclosed in Katzin.  One of ordinary skill in the art would have been motivated to do so to decrease the number of fraudulent credit card transactions.

Per Claim 5: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 3, from which claim 5 depends.  However, Chau fails to disclose, but Katzin discloses:
receive, via a graphical user interface, a selection of a user preference that sets the limiting use of the contactless card. (see Katzin at ¶ 152: With reference to FIG. 16B, in some implementations, the virtual wallet application may provide an interface via which user may efficiently set purchase controls for transactions. For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to include purchasing restrictions as disclosed in Katzin.  One of ordinary skill in the art would have been motivated to do so to decrease the number of fraudulent credit card transactions.

Per Claim 8: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 1, from which claim 8 depends.  However, Chau fails to disclose, but Katzin discloses:
wherein the memory is operable to store a plurality of user preference settings of the unlock-lock application and further instructions which when executed by the processor circuit, cause the processor circuit, to: (see Katzin at ¶ 152: With reference to FIG. 16B, in some implementations, the virtual wallet application may provide an interface via which user may efficiently set purchase controls for transactions. For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).)
present on the graphical user interface a menu of user preference settings for selection by a user, wherein the user preference settings are permitted uses the contactless card, when unlocked, in card present transactions; (see Katzin at ¶ 152: With reference to FIG. 16B, in some implementations, the virtual wallet application may provide an interface via which user may efficiently set purchase controls for transactions. For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).  See also FIG. 16B: proximity, spend limit, geography, product frequency, and overall spend purchase controls are user preference settings for selection by a user.)
receive an indication of a selection of one or more of the user preference settings presented in the menu; and (see Katzin at ¶ 152: With reference to FIG. 16B, in some implementations, the virtual wallet application may provide an interface via which user may efficiently set purchase controls for transactions. For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).  See also FIG. 16B: proximity, spend limit, geography, product frequency, and overall spend purchase controls have a user-selected user preference.)
provide, to a server operable to manage user preferences of the unlock-lock application, user preference settings indicated as selected for permitted use of the unlocked contactless card in card present transactions. (see Katzin at ¶ 152: In some situations, the virtual wallet may provide a graphical user interface component (e.g., 1622) to facilitate user input entry.  See also ¶ 155: Upon obtaining all restriction parameters for a given purchase control setting, the device may store the finalized purchase control setting to a database (e.g., a local database, a cloud storage database, etc.), 1730.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau present, display, and store purchase controls as disclosed in Katzin.  One of ordinary skill in the art would have been motivated to do so to reduce the number of fraudulent credit card transactions.

Per Claim 9: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 8, from which claim 9 depends.  However, Chau fails to disclose, but Katzin discloses:
wherein the indication of the selection of one or more of the user preference settings includes: a time range selection, wherein the time range selection identifies a time range during which the contactless card remains unlocked; a radius selection, wherein the radius selection identifies a distance from a user's location in which the contactless is permitted to be used in a card-present transaction; or a merchant code selection, wherein the merchant code selection identifies a category of goods or services provided by merchants assign a merchant code selected via the merchant code selection. (see Katzin at ¶ 152: For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to include purchasing restrictions as disclosed in Katzin.  One of ordinary skill in the art would have been motivated to do so to decrease the number of fraudulent credit card transactions.

Per Claim 11: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 10, from which claim 11 depends.  However, the combination of Chau and Katzin fails to disclose, but Hayhow discloses:
generate an encrypted data using the cryptographic algorithm stored in the memory of the contactless card, wherein the cryptographic algorithm uses one of: a number of times the contactless card is used in a card present transaction or a number of times the contactless card is authenticated. (see Hayhow at ¶ 58: If the payment card 210 determines, at step S332, that the transaction can be approved offline, the payment card 210 generates an offline certificate TC from a cryptographic key of the payment card 210 and from a message authentication code that is generated from the Terminal Verification Results, the adjusted/preliminary authorization amount and unpredictable number received from the payment terminal 200, the transaction date, the account number and a transaction counter internal to the payment card 210. The payment card 210 may generate the offline certificate TC by (i) generating a cryptographic session key from the payment card cryptographic master key and the transaction counter, (ii) applying the Terminal Verification Results, adjusted/preliminary authorization amount, unpredictable number, transaction date, account number and transaction counter and the session key as inputs to a cryptographic algorithm, (iii) signing the resulting offline cryptogram with a private cryptographic key of the payment card 210, and (iv) incorporating the offline cryptogram into the offline certificate TC. Since the cryptographic session key is generated from the payment card cryptographic master key and the transaction counter, the cryptographic session key is uniquely associated with the payment card 210.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to use a contactless card and send an instruction to generate encrypted data to the contactless card using the card reading techniques disclosed in Hayhow.  As in Hayhow, it is within the capabilities of one of ordinary skill in the art to use a device, such as the customer computing device, to send a message to the contactless card to generate encrypted data with the predicted result of requesting and receiving data from the contactless card.

Per Claim 12: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 10, from which claim 12 depends.  Chau further discloses:
generate, based on a verification of the decrypted data, the unlock indication that the contactless card is unlocked; and (see Chau at ¶ 33: Optionally, the wallet control function 180 may send an access granted notification (not shown) to the customer application 152 and/or the tag 142.)
output the unlock indication to the mobile device. (see Chau at ¶ 33: The customer application 152 may optionally display a notification to the customer 112 (e.g., on the display device 430 illustrated in FIG. 4) that the tagged credit card 140 has been unlocked.)
However, the combination of Chau and Katzin fails to disclose, but Hayhow discloses:
an authentication server coupled to a memory storing a cryptographic algorithm, the authentication server operable to execute programming code, wherein the authentication server when executing the programming code is operable to: (see Hayhow at ¶ 24: Each issuer server 300 is associated with and administered by a respective financial institution.)
receive the encrypted data from the mobile device, wherein the mobile device is authorized to communicate with the authentication server; (see Hayhow at ¶ 63: At step S338, the acquirer server 270 directs the Authorization Request Message to the issuer server 300, over the payment network 108, for validation.)
decrypt the encrypted data; (see Hayhow at ¶ 64: At step S340, the issuer server 300 verifies that the payment card 210 generated the online cryptogram ARQC. To do so, the issuer server 300 may (i) recover the payment card's session key by applying the account number, payment card internal transaction counter and a card issuer cryptographic master key as inputs to a suitable cryptographic algorithm, (ii) decrypt the online cryptogram ARQC with the recovered session key, (iii) compute a message authentication code from the Issuer Authorization Data, and (iv) compare the computed message authentication code against the decrypted cryptogram.)
verify the decrypted data to authenticate the contactless card; (see Hayhow at ¶ 64: At step S340, the issuer server 300 verifies that the payment card 210 generated the online cryptogram ARQC. To do so, the issuer server 300 may (i) recover the payment card's session key by applying the account number, payment card internal transaction counter and a card issuer cryptographic master key as inputs to a suitable cryptographic algorithm, (ii) decrypt the online cryptogram ARQC with the recovered session key, (iii) compute a message authentication code from the Issuer Authorization Data, and (iv) compare the computed message authentication code against the decrypted cryptogram.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to include decrypting and authenticating the credit card data received using the techniques disclosed in Hayhow.  As in Hayhow, it is within the capabilities of one of ordinary skill in the art to use a server to authenticate the cryptogram, and therefore the payment card, being used to make a transaction with the predicted result of securing a financial transaction.

Per Claim 14: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 10, from which claim 14 depends.  Chau further discloses:
an unlock-lock server (e.g., payment authorization entity 132) operable to manage user preferences of the unlock- lock application executing on the mobile device processor, wherein the unlock- lock server is operable to: (see Chau at ¶ 8: FIG. 1 is block diagram of a system 100 that includes a customer computing device 110 (e.g., a cellular telephone or similar mobile device) operated by a customer 112, a merchant computing system 120 operated by a merchant 122, and a payment authorization computing system 130 operated by a payment authorization entity 132.)
However, Chau fails to disclose, but Katzin discloses:
a payment account component operable to authorize purchases involving the contactless card, wherein the payment account component is operable to maintain a maximum transaction amount threshold for use in authorizing or denying purchases involving the contactless card; and (see Katzin at ¶ 176: An issuer server, e.g., 2308 a-n, of the issuer may maintain details of the user's card account.)
8Appl. No. 16/863,179Docket No.: 1988.0305 Response Dated October 30, 2020Examiner: Khatri, Nilesh B.receive, from the mobile device, user preference settings indicated as selected, permitted uses of the unlocked contactless card in card present transactions; (see Katzin at ¶ 155: Upon obtaining all restriction parameters for a given purchase control setting, the device may store the finalized purchase control setting to a database (e.g., a local database, a cloud storage database, etc.), 1730.)
derive a maximum transaction amount threshold from the user preference settings; (see Katzin at ¶ 155: In some implementations, the data structure may also include an indication of whether the restriction parameter value represents an upper bound or lower bound of the range of allowed values for that a parameter. The device may append the data structure for the restriction parameter to a data structure for the overall purchase control setting, 1727.)
forward, to the payment account component, a maximum transaction amount threshold derived from the user preference settings; and (see Katzin at ¶ 155: Upon obtaining all restriction parameters for a given purchase control setting, the device may store the finalized purchase control setting to a database (e.g., a local database, a cloud storage database, etc.), 1730.)
forward the maximum transaction amount threshold to the mobile device for presentation in the graphical user interface. (see Katzin at FIG. 16B: Presents overall spend 1617, i.e., the maximum transaction amount, in graphical user interface)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the unlock-lock server disclosed in Chau with the operations performed in Katzin.  One of ordinary skill in the art would have been motivated to do so to decrease fraudulent credit card transactions.

Per Claim 15: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 10, from which claim 15 depends.  Chau further discloses:
wherein the contactless card when unauthenticated is locked which makes the contactless card unusable in a card present transaction and authenticated indicates the contactless card is valid and unlocked which makes that contactless card usable in a card present transaction. (see Chau at ¶ 20: By default, access to the credit card account 148 is locked by the payment authorization computing system 130 and is only temporarily unlocked (when appropriate) for each transaction separately. In other words, before the customer 112 can use the credit card 140, the payment authorization computing system 130 must unlock access to the credit card account 148.)

Per Claim 18: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 16, from which claim 18 depends.  However, Chau fails to disclose, but Katzin discloses:
present, via a graphical user interface, a plurality of limiting uses of the contactless card for selection user preferences for the contactless card when unlocked, wherein the plurality of limiting uses includes one or more of: a geographical location, a geo-fenced area, a merchant name, a price threshold, a time threshold, a day of a week, a time range within a day, a zip code, an area code; a merchant category, or a product category; (see Katzin at ¶ 152: With reference to FIG. 16B, in some implementations, the virtual wallet application may provide an interface via which user may efficiently set purchase controls for transactions. For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).)
receive, via the graphical user interface, a selection of at least one of the plurality of limiting uses; and (see Katzin at ¶ 152: With reference to FIG. 16B, in some implementations, the virtual wallet application may provide an interface via which user may efficiently set purchase controls for transactions. For example, the user may enter a purchase controls settings screen (“JDOE1”) 1611, wherein the user may add restriction parameters to the purchase control setting. For example, the user interface on the left of FIG. 16B shows a purchase control that only allows in-person (see 1612) transactions below $50 (see 1613) to be made from US or Taiwan (see 1614), when made for clothes or shoes (see 1615), and not more than once a month (see 1616), and given that the user's overall spend for the time frame (1 mo) is less than $1500 (see 1617).)
store the selection as a user preference of the contactless card, when unlocked. (see Katzin at ¶ 155: Upon obtaining all restriction parameters for a given purchase control setting, the device may store the finalized purchase control setting to a database (e.g., a local database, a cloud storage database, etc.), 1730.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to include purchasing restrictions as disclosed in Katzin.  One of ordinary skill in the art would have been motivated to do so to decrease the number of fraudulent credit card transactions.

Claims 6, 13, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chau, Katzin, and Hayhow as applied to claims 1, 10, and 16 above, and further in view of U.S. Patent Pub. No. 2018/0158132 to Salvatore.
Per Claims 6, 13, and 19: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claims 1, 10, and 16, from which claims 6, 13, and 19 depend, respectively.  However, the combination of Chau, Katzin, and Hayhow fails to disclose, but Salvatore, an analogous art of location-based payments, discloses:
a location application operable to determine a location of the apparatus, wherein the memory is operable to store a plurality of user preference settings of the unlock-lock application and further instructions which when executed by the processor circuit, cause the processor circuit, to: (see Salvatore at ¶ 48: The mobile device 10 contains location identification software 12 for identifying and sending the mobile device's geolocation data 14 using GPS technology or other geolocation technology such as iBeacon, Eddystone, etc.  See also ¶ 55: FIG. 4 depicts a map displaying the geolocation of the mobile device and three particular merchants within a radial threshold proximity of the mobile device, according to certain embodiments of the present technology. In some embodiments, the user can specify the proximity threshold he or she prefers.)
obtain a location preference setting from the plurality of user preference settings stored in the memory; (see Salvatore at ¶ 55: In some embodiments, the user can specify the proximity threshold he or she prefers.)
obtain location data from the location application executing on the processor circuit; (see Salvatore at ¶ 52: The first step of the method involves identifying the geolocation of the mobile device 40. If the mobile device's geolocation is successfully identified (geolocation identification might be unsuccessful, for example, if the mobile device does not have reception, reception is blocked, the device is in airplane mode, etc.), the mobile device sends its geolocation information 42 across the network to the computing device.)
send the obtained location preference setting and the obtained location data to an unlock-lock server; (see Salvatore at ¶ 52: If the mobile device's geolocation is successfully identified (geolocation identification might be unsuccessful, for example, if the mobile device does not have reception, reception is blocked, the device is in airplane mode, etc.), the mobile device sends its geolocation information 42 across the network to the computing device.)
receive a list of merchants satisfying the obtained location preference setting based on the obtained location data; and (see Salvatore at ¶ 52: The computing device then retrieves the geolocations of the merchants stored in a merchant database 44 and compares the mobile device's geolocation with the merchants' geolocations 46 to determine if the mobile device is within a threshold proximity of any of the merchants' geolocations.)
present the list of merchants in the graphical user interface on the display device. (see Salvatore at ¶ 52: If a merchant located within the threshold proximity of the mobile device is selling a gift item on another members' one or more gift lists, the computing device generates and sends an alert notification 54 across the network to the mobile device. In some embodiments, the computing device also retrieves alert notification parameters from the member database 56 and generates an alert only if the parameters are met. The mobile device displays the alert notification to the user upon receipt 58.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to display merchants that satisfy a user’s geographic preferences as disclosed in Salvatore.  One of ordinary skill in the art would have been motivated to do so to enable the user to determine which stores the credit card may be used.

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chau, Katzin, and Hayhow as applied to claim 1 above, and further in view of U.S. Patent Pub No. 2002/0199103 to Dube.
Per Claim 7: The combination of Chau, Katzin, and Hayhow discloses the subject matter of claim 1, from which claim 7 depends.  However, Chau fails to disclose, but Katzin discloses:
an output device coupled to the processor circuit and operable to generate a sound or a vibration; (see Katzin at ¶ 345: I/O may employ connection protocols such as, but not limited to: audio: analog, digital, monaural, RCA, stereo, and/or the like;)
a location application operable to determine a location of the apparatus and executable by the processor, wherein the memory is operable to store a plurality of user preference settings of the unlock-lock application and further instructions which when executed by the processor circuit, cause the processor circuit, to: (see Katzin at ¶ 76: In some implementations, the virtual wallet application may utilize the location coordinates of the user device (e.g., via GPS, IP address, cellular tower triangulation, etc.) to identify merchants that are in the vicinity of the user's current location.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to include a sound output and a location application in the customer device as disclosed in Katzin.  One of ordinary skill in the art would have been motivated to do so to reduce fraudulent transactions based on the location of the customer device.
However, the combination of Chau, Katzin, and Hayhow fails to disclose, but Dube, an analogous art of e-commerce, discloses:
determine, based on location provided by the location application, a card unlock action is required to meet an imminent a card present transaction; and (see Dube at ¶ 89: When the geophysical location data for the user does not match the profile, the transaction can still be authenticated if the user is approved for mobile access. Hence, in operation 1012, the user is prompted for their mobile passphrase.)
generate, via the output device or the display device, a notification indicating the card unlock action is required. (see Dube at ¶ 89: When the geophysical location data for the user does not match the profile, the transaction can still be authenticated if the user is approved for mobile access. Hence, in operation 1012, the user is prompted for their mobile passphrase.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau and Katzin to include prompting a notification that a card unlock operation is required based on geography as disclosed in Dube.  One of ordinary skill in the art would have been motivated to do so to enable a customer to unlock the credit card when required to complete a purchase.

Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chau, Katzin, Hayhow, and Salvatore as applied to claim 19 above, and further in view of Dube.
Per Claim 20: The combination of Chau, Katzin, Hayhow, and Salvatore discloses the subject matter of claim 19, from which claim 20 depends.  However, the combination of Chau, Katzin, Hayhow, and Salvatore fails to disclose, but Dube discloses:
determine, based on the location data provided by the location application, a card unlock action is required to meet an imminent a card present transaction; (see Dube at ¶ 89: When the geophysical location data for the user does not match the profile, the transaction can still be authenticated if the user is approved for mobile access. Hence, in operation 1012, the user is prompted for their mobile passphrase.)
generate instructions to produce a notification indicating the card unlock action is required; and (see Dube at ¶ 89: When the geophysical location data for the user does not match the profile, the transaction can still be authenticated if the user is approved for mobile access. Hence, in operation 1012, the user is prompted for their mobile passphrase.)
output a notification actuation signal operable to actuate an output device or a display device according to the generated instructions. (see Dube at ¶ 89: When the geophysical location data for the user does not match the profile, the transaction can still be authenticated if the user is approved for mobile access. Hence, in operation 1012, the user is prompted for their mobile passphrase.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chau to output a notification that a card unlock is required as disclosed in Dube.  One of ordinary skill in the art would have been motivated to do so to notify a user that the user cannot perform a transaction unless and until the credit card is unlocked for use.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent Pub. No. 2015/0019442 discloses methods and devices for pre-generating session keys for securing transactions are provided. A plurality of session cryptographic keys are generated from a master cryptographic key and a respective plurality of possible values of a transaction counter. The session cryptographic keys are encrypted to provide a plurality of encrypted session cryptographic keys, which are stored in the user terminal. The master cryptographic key is deleted from the user terminal after the session keys are generated. To secure a transaction, a cryptogram is generated based on one of the encrypted session cryptographic keys and transaction data for the transaction, and the cryptogram is transmitted to a transaction terminal. The transaction counter is updated, and the encrypted session cryptographic key is deleted from the user terminal.
U.S. Patent Pub. No. 2007/0118483 discloses a method. The method comprises, at a reader, performing at least one transaction-based risk management process prior to energizing a contactless interface, initiating communication with a card utilized for the contactless transaction, receiving information associated with the card, and terminating communication with the card to authorizing the contactless transaction.
U.S. Patent Pub. No. 2010/0274722 discloses initial presentation of a payment device to a payment terminal assembly, in connection with a putative transaction, is facilitated. The payment device includes a payment device memory storing a device-side payment application, with an on-device balance, and at least one payment device processor coupled to the payment device memory. The payment terminal assembly includes a terminal memory, storing a terminal-side payment application, and at least one terminal processor coupled to the terminal memory. A first command is sent from the payment terminal assembly to the payment device to compute a cryptogram to complete the putative transaction. It is detected that the cryptogram is not received as expected. In response, an identifier of the payment device and transaction recovery data associated with the putative transaction are stored in a storage area of the terminal memory. The payment terminal assembly obtains the identifier of the payment device, upon re-presentation of the payment device to the payment terminal assembly. Upon the re-presentation of the payment device to the payment terminal assembly, the payment terminal assembly compares the obtained identifier of the payment device to contents of the storage area. Conditioned at least upon the comparing yielding a match, a second command is sent from the payment terminal assembly to the payment device. The second command instructs the payment device to re-produce the cryptogram to complete the putative transaction.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NILESH B KHATRI whose telephone number is (571)270-7083. The examiner can normally be reached 8:30 AM - 5:30 PM Monday-Friday, alternating Fridays off.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NILESH B KHATRI/Examiner, Art Unit 3685