DETAILED ACTION
Acknowledgements
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to the Amendment filed on February 24, 2022.
Claims 1-21 are pending.
Claims 1-21 are examined.
This Office Action is given Paper No. 20220607 for references purposes only.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 6-7, 9-10, 14-15, 17, and 19-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over Wong et al. (US 2015/0339664) in view of Glatt (US 2014/0012762).

Claims 1, 9, 17
Wong discloses: 
a secure element (secure element, see [0023]) locally installed on the computing device (communication device, see [0023]) and comprising a payment application (mobile wallet application, see [0084, 0087]) hosted by a wallet provider (wallet provider, see [0079, 0084]);
a network interface configured to receive an encrypted merchant public key (signature key, see [0165]) from a remote hardware security module (access device, see [0089]) associated with the secure element and receive transaction data (transaction data, see [0162]) for settling a payment transaction between a merchant (merchant, see [0089, 0237]) and a cardholder (cardholder, see [0102]) of the computing device based on a payment card (payment card, see [0234]) stored in the payment application; 
and dynamically generate, via the secure element, a cryptogram (generate transaction cryptogram, see [0161]) that remotely authenticates the transaction data (dynamic transaction data, see [0162]) and sign the cryptogram (signature, see [0165]) via the secure element with a signature based on the decrypted merchant public key (signature key, see [0165]), wherein the cryptogram is signed locally by the secure element and not externally by the wallet providers;
wherein the processor is further configured to control the network interface to transmit (send, see [0173]) the dynamically generated cryptogram (cryptogram, see [0173]) to a computing system associated with the merchant (access device, see [0032, 0173]).
Wong does not disclose:
An encrypted merchant public key;
A processor… element;
The signature… key.
Glatt teaches:
an encrypted merchant public key (encrypted public key, EPK, see [0059]);
a processor configured to decrypt the encrypted merchant public key (decrypt the encrypted public key, see [0060]) based on a session key (private key, see [0060]) that is shared with the secure element by the remote hardware security module (device manufacturer or acquirer, see [0060]) associated with the secure element;
the signature is verifiable by a merchant private key (private key, see [0060]) that corresponds to the merchant public key.
Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself – that is in the substitution of the encrypted public key of Glatt for the signature key of Wong. Thus, the simple substitution of one known element for another, producing predictable results, renders the claim obvious.
Wong discloses a secure element on a computing device, receiving a key from a remote hardware module, dynamically generating a cryptogram, and transmitting the cryptogram to a merchant system. Wong does not disclose an encrypted merchant public key, decrypting the encrypted merchant public key based on a session key, and verifying the signature with a merchant private key, but Glatt does. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to combine the offline authentication of Wong with the encrypted merchant public key, decrypting the encrypted merchant public key based on a session key, and verifying the signature with a merchant private key of Glatt because 1) a need exists for maintaining security with conducting transactions (see Wong [0006]); and 2) a need exists for reducing development time for adding payment processing to a device (see Glatt [0026]). 

Claims 2, 10
Furthermore, Wong discloses:
display a user interface which includes a plurality of payment options corresponding to a plurality of payment cards (more than one payment card, see [0234]) of the cardholder stored in a digital wallet (mobile wallet application, see [0084, 0087]) installed on the computing device, and receive a selection of a payment card (selects the card, see [0200]) from among the plurality of payment cards via the user interface.

Claims 6, 14
Furthermore, Glatt teaches:
encrypt the transaction data (encrypt transaction data, see [0061]), via the secure element, to generate a transaction payload, and sign the transaction payload with the merchant public key (see [0062]).

Claims 7, 15
Furthermore, Glatt teaches:
receive the transaction data, via the secure element, from a web browser (via world wide web, see [0039]) on the computing device.

Claim 19
Furthermore, Wong discloses:
a consumer device cardholder verification method (CDCVM) module (CDCVM performed, see [0192, 0203]) which authenticates a user of the computing device, and transmits authentication information (CDCVM verified indicator, see [0230]) of the user authentication to the processor chip of the secure element.

Claim 20
Furthermore, Wong discloses:
the processor chip of the secure element is further configured to generate the transaction cryptogram based on the authentication information (CDCVM verified indicator, see [0230]) received from the CDCVM.

Claim 21
Furthermore, Glatt teaches:
The processor is configured to decrypt the encrypted merchant public key (encrypted public key, see [0059]) with a session key that is stored within the secure element via a manufacturer (at time of manufacture, see [0059]) of one or more of the secure element and the computing device.

Claims 3-5, 8, 11-13, 16, and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over Wong et al. (US 2015/0339664), in view of Glatt (US 2014/0012762), and further in view of Collinge (WO 2018/031856).

Claims 3, 11
Wong in view of Glatt discloses the limitations above. Wong in view of Glatt does not disclose:
Retrieve… device.
Collinge discloses:
retrieve the merchant public key (key pair, see figure 7, p 17) from a remote key management service via a wallet service provider (wallet provider, see p 9) of a digital wallet (wallet, see p 9) installed on the computing device.
Wong in view of Glatt discloses a secure element on a computing device, receiving an encrypted merchant public key from a remote hardware module, decrypting the encrypted merchant public key based on a session key, dynamically generating a cryptogram that is signed locally, and transmitting the cryptogram to a merchant system. Wong in view of Glatt does not disclose retrieving the merchant public key from a remote management service, but Collinge does. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to combine the offline authentication of Wong, in view of Glatt, with the retrieving the merchant public key from a remote management service of Collinge because a need exists for a tokenization approach that provides additional benefits in transaction control for merchants and customers (see Collinge p 3). Retrieving the merchant public key from a remote management service allows for the public key to be maintained by a third party, which is convenient.

Claims 4, 12
Furthermore, Glatt teaches:
the session key (private key, see [0060]) is hidden (stored in security element, see [0060]) from the wallet service provider.

Claims 5, 13
Furthermore, Collinge teaches:
transmit an identifier (unique identifier, see p 13) to the remote key management system; and
receive a response from the remote key management system which includes the merchant public key (merchant key pair, see p 13) corresponding to the identifier.

Claims 8, 16
Wong in view of Glatt discloses the limitations above. Wong in view of Glatt does not disclose:
The merchant… system.
Collinge teaches:
the merchant public key comprises an encryption key (merchant key pair, see p 13, figure 7) held by a relaying agent (transaction scheme key management services, see p 13) of the merchant which is positioned on a network route between the computing device and a merchant computing system.
Wong in view of Glatt discloses a secure element on a computing device, receiving an encrypted merchant public key from a remote hardware module, decrypting the encrypted merchant public key based on a session key, dynamically generating a cryptogram that is signed locally, and transmitting the cryptogram to a merchant system. Wong in view of Glatt does not disclose the merchant public key is held by a relying agent, but Collinge does. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to combine the offline authentication of Wong, in view of Glatt, with the merchant key is held by a relying agent of Collinge because a need exists for a tokenization approach that provides additional benefits in transaction control for merchants and customers (see Collinge p 3). Having the merchant key held by a relying agent allows for convenience to the user and merchant. 

Claim 18
Wong in view of Glatt discloses the limitations above. Wong in view of Glatt does not disclose:
The processor… key.
Collinge discloses:
the processor chip is configured to generate a digital remote secure payment (DSRP) payload (DSRP cryptogram, see p 10, 15-16) based on the received transaction data, and sign (signature, see p 16, 19) the DSRP payload with the merchant public key.
Wong in view of Glatt discloses a secure element on a computing device, receiving an encrypted merchant public key from a remote hardware module, decrypting the encrypted merchant public key based on a session key, dynamically generating a cryptogram that is signed locally, and transmitting the cryptogram to a merchant system. Wong in view of Glatt does not disclose generating a digital remote secure payment, but Collinge does. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to combine the offline authentication of Wong, in view of Glatt, with the generating a digital remote secure payment of Collinge because a need exists for a tokenization approach that provides additional benefits in transaction control for merchants and customers (see Collinge p 3). Generating a digital remote secure payment ensures that the transaction data remains secure.

Response to Arguments
Applicant argues that the prior art does not teach the amendments.
Please see new mapping.

Claim Interpretation
The prior art made of record and not relied upon is considered pertinent to Applicant's disclosure (see attached form PTO-892).
Chen (US 7,096,494) discloses a cryptographic system and method for electronic transactions.
After careful review of the original specification and unless expressly noted otherwise by Examiner, Examiner concludes that Applicant is not his own lexicographer.  See MPEP § 2111.01 IV.
Examiner hereby adopts the following definitions under the broadest reasonable interpretation standard. In accordance with In re Morris, 127 F.3d 1048, 1056, 44 USPQ2d 1023, 1029 (Fed. Cir. 1997), Examiner points to these other sources to support her interpretation of the claims.1 Additionally, these definitions are only a guide to claim terminology since claim terms must be interpreted in context of the surrounding claim language. Finally, the following list is not intended to be exhaustive in any way:
configuration “(1) (A) (software) The arrangement of a computer system or component as defined by the number, nature, and interconnections of its constituent parts.” “(C) The physical and logical elements of an information processing system, the manner in which they are organized and connected, or both.  Note: May refer to hardware configuration or software configuration.”  IEEE 100 The Authoritative Dictionary of IEEE Standards Terms, 7th Edition, IEEE, Inc., New York, NY, Dec. 2000.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry of a general nature or relating to the status of this application or concerning this communication or earlier communications from Examiner should be directed to Chrystina Zelaskiewicz whose telephone number is 571.270.3940. Examiner can normally be reached on Monday-Friday, 9:30am-5:00pm. If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, Abhishek Vyas can be reached at 571-270-1836.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://portal.uspto.gov/external/portal/pair <http://pair-direct.uspto.gov>. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free).
/CHRYSTINA E ZELASKIEWICZ/Primary Examiner, Art Unit 3621                                                                                                                                                                                                                                                                                                                          





    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 While most definition(s) are cited because these terms are found in the claims, Examiner may have provided additional definition(s) to help interpret words, phrases, or concepts found in the definitions themselves or in the prior art.