DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Notice to Applicant
This communication is in response to the Request for Continued Examination (RCE) filed 6/16/22.  Claims 1, 3-5, 18, and 20-24 have been amended.  Claims 10-17 and 27-33 are withdrawn.  Claim 34 is cancelled.  Claims 1-33 are pending.  Claims 1-9 and 18-26 are rejected.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/16/22 has been entered.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-9 and 18-26 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "the processing device" in the last step of the claim.  There is insufficient antecedent basis for this limitation in the claim. Examiner suggests changing “the processing device” to “the mobile device.”
Claims 1 and 18 recite “a mobile device” at line 3. It is unclear if this is the same “a mobile device” recited in the preamble, or different.
Claims 1 and 18 recite “a financial transaction” at the end of the claims. It is unclear if this is the same as the “a single financial transaction” recited earlier in the claims, or a different transaction.
Claims 18 and 22 recite the limitation "the receiving device" in lines 6 & 16 of claim 18 and line 7 of claim 22.  There is insufficient antecedent basis for this limitation in the claims.
Claims 2-9, 19-21, and 23-26 incorporate the deficiencies of claims 1 and 18, through dependency, and are therefore also rejected. 

Claim Objections
Claims 8 and 25 are objected to because of the following informalities:  change “and local data authentication” to “and the local data authentication….”  Appropriate correction is required.
Claim 18 is objected to because of the following informalities:  a semicolon is missing at the end of line 10.  Appropriate correction is required.
Claim 23 is objected to because of the following informalities:  delete typo “e” at line 2.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-7 and 18-24 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Wankmueller (US 2008/0040285 A1) in view of Royyuru et al. (US 2010/0185545 A1) in view of Manessis et al. (US 2009/0055893 A1), and further in view of Neville et al. (US 2011/0276496 A1).
(A) Referring to claim 1, Wankmueller discloses A method for generating a payment cryptogram in a mobile device lacking a secure element, comprising (para. 15 of Wankmueller): 
establishing, by a mobile device, a connection to a remote system via a first communication channel (para. 12, 13, & 26 of Wankmueller; note transactions performed over a computer network, such as the Internet and that the mobile device can communicate the dynamic authentication code directly to an authorization processor at an authorization location over a communication network, such as a wireless communications network, the Internet, or a combination thereof.);
receiving, by a receiving device of the mobile device, a card profile from the remote system via a second communication channel, wherein the card profile includes at least payment credentials corresponding to a payment account and a profile identifier (para. 29, 32 & 33 of Wankmueller; The user of the mobile device visits a website specified by the user's issuer bank and the user requests the dynamic authorization code generator application be installed on the user's mobile device. The user is prompted for a PIN to be associated with the application and the user's Mobile Device Identifier. The user may also be prompted for his or her financial account identifier, or this data may be determined through some other approach. Account secret data, such as an encryption key or key pair, is generated and associated with the user's financial account identifier. At least a portion of this secret data (for example the encryption key or one or more of the keys in a key pair) is then stored in an authorization database record associated with the user's financial account identifier.); 
receiving, by an input device of the mobile device, a mobile personal identification number (PIN) input by a user of the mobile device (para. 14 of Wankmueller; once the mobile device is activated, the user is prompted to enter an identification PIN using a keypad, keyboard, or some other technique for receiving user input into the mobile processing device.); 
transmitting, by a transmitting device of the mobile device, a key request to the remote system, wherein the key request includes at least the profile identifier (para. 15-17, 32 & 33 of Wankmueller; The user is prompted for a PIN to be associated with the application and the user's Mobile Device Identifier. The user may also be prompted for his or her financial account identifier, or this data may be determined through some other approach. Account secret data, such as an encryption key or key pair, is generated and associated with the user's financial account identifier. Personalization data is then generated based on data associated with the secret data previously generated. For example, the encryption key or one or more of the keys in a key pair may be encrypted, such as with triple-DES, using the PIN and a Mobile Device Identifier, previously entered by the user, as the temporary key to create the personalization data.); 
receiving a single use key, wherein the single use key includes at least an application transaction counter and a generating key (para. 16-19 and 33 of Wankmueller; key 120 is held within a chip authentication program (CAP) data file 125, together with an application profile identifier, an application transaction counter, and other data. ); 
generating, by the mobile device, a payment cryptogram valid for a single financial transaction based on at least the received single use key and the mobile PIN (para. 16, 24, 32, 33, and Fig. 1 of Wankmueller; note steps 101, 103, 120, and 112 of Fig. 1).
Wankmueller does not expressly disclose transmitting, by the transmitting device of the processing device, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction; storing, in a memory of the mobile device, the card profile; receiving, by the receiving device of the mobile device, a single use key from the remote system via the second communication channel.
Royyuru discloses transmitting, by the transmitting device of the processing device, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction (para. 5, 22, and 47 of Royyuru; the use of NFC and/or other relatively short range communications between a mobile device and a POS device such as when a user of the mobile device scans or waves the mobile device in front of or near the POS device when paying for goods or services.).  
Manessis discloses storing, in a memory of the mobile device, the card profile (para. 39 of Manessis; A payment device 102, may comprise a radio-frequency contactless element 104. The radio-frequency contactless element 104 may include a computer chip (not shown) configured to store a transaction counter, an account identifier, which may comprise an account number, an expiration date, and encryption keys. Examples of payment devices include contact-based or contactless smartcards such as credit, debit or prepaid cards, wireless phones, PDAs (personal digital assistants), key fobs, software, etc.).
Neville discloses receiving, by the receiving device of the mobile device, a single use key from the remote system via the second communication channel (para. 46 & 30 of Neville; the customer's device (e.g., the customer's mobile payment device) contacts the bank to receive single-use session keys).
At the time of the invention, it would have been obvious to a person of ordinary skill in the art to combine the aforementioned features of Royyuru, Manessis, and Neville within Wankmueller.  The motivation for doing so would have been to facilitate communication between electronic devices in close proximity (para. 22 of Royyuru), for authentic payments (para. 6 of Manessis), and for increased security (para. 46 of Neville).
(B) Referring to claim 2, Wankmueller discloses wherein the payment cryptogram is an application cryptogram or a dynamic card validation code (para. 19 of Wankmueller).  
(C) Referring to claim 3, Wankmueller discloses wherein receiving the card profile includes receiving an encrypted message including the card profile via the first communication channel, generating a mobile session key, and decrypting the message using the generated mobile session key to obtain the included card profile (para. 15-18 of Wankmueller).  
(D) Referring to claim 4, Wankmueller discloses wherein receiving the single use key includes receiving an encrypted message including the single use key via the first communication channel, generating a mobile session key, and decrypting the message using the generated mobile session key to obtain the included single use key (para. 15-18 of Wankmueller).  
(E) Referring to claim 5, Wankmueller discloses further comprising: receiving, by the input device of the mobile device, an indication of use of the received single use key; transmitting, by the transmitting device of the mobile device, an activation request, wherein the activation request includes at least the profile identifier; and receiving, by the receiving device of the mobile device, an indication of activation of the single use key (para. 14, 32, and 33 of Wankmueller).  
(F) Referring to claim 6, Wankmueller discloses wherein the payment credentials and generated payment cryptogram are transmitted to the point-of-sale terminal in response to receiving the indication of activation of the single use key (para. 5, 19, and 24 of Wankmueller).  
(G) Referring to claim 7, Wankmueller discloses wherein the payment cryptogram is generated in response to receiving the indication of activation of the single use key (para. 19, 32, and 33 of Wankmueller).  
(H) Referring to claim 18, Wankmueller discloses A system for generating a payment cryptogram in a mobile device lacking a secure element, comprising (para. 12-15 of Wankmueller): 
 a mobile device; the mobile device configured to establish a connection to a remote system via a first communication channel (para. 12, 13, & 26 of Wankmueller; note transactions performed over a computer network, such as the Internet and that the mobile device can communicate the dynamic authentication code directly to an authorization processor at an authorization location over a communication network, such as a wireless communications network, the Internet, or a combination thereof.);
P00801-US-DIVAttorney Docket No. thethe the receiving device of the mobile device configured to receive a card profile from the remote system via a second communication channel, wherein the card profile includes at least payment credentials corresponding to a payment account and a profile identifier (para. 29, 32 & 33 of Wankmueller; The user of the mobile device visits a website specified by the user's issuer bank and the user requests the dynamic authorization code generator application be installed on the user's mobile device. The user is prompted for a PIN to be associated with the application and the user's Mobile Device Identifier. The user may also be prompted for his or her financial account identifier, or this data may be determined through some other approach. Account secret data, such as an encryption key or key pair, is generated and associated with the user's financial account identifier. At least a portion of this secret data (for example the encryption key or one or more of the keys in a key pair) is then stored in an authorization database record associated with the user's financial account identifier.); 
an input device of the mobile device configured to receive a mobile personal identification number (PIN) input by a user of the mobile device (para. 14 of Wankmueller; once the mobile device is activated, the user is prompted to enter an identification PIN using a keypad, keyboard, or some other technique for receiving user input into the mobile processing device.); and 
a transmitting device of the mobile device configured to transmit a key request to the remote system, wherein the key request includes at least the profile identifier (para. 15-17, 32 & 33 of Wankmueller; The user is prompted for a PIN to be associated with the application and the user's Mobile Device Identifier. The user may also be prompted for his or her financial account identifier, or this data may be determined through some other approach. Account secret data, such as an encryption key or key pair, is generated and associated with the user's financial account identifier. Personalization data is then generated based on data associated with the secret data previously generated. For example, the encryption key or one or more of the keys in a key pair may be encrypted, such as with triple-DES, using the PIN and a Mobile Device Identifier, previously entered by the user, as the temporary key to create the personalization data.), wherein 
the receiving device is further configured to receive a single use key, wherein the single use key includes at least an application transaction counter and a generating key (para. 16-19 and 33 of Wankmueller; key 120 is held within a chip authentication program (CAP) data file 125, together with an application profile identifier, an application transaction counter, and other data. ).
the mobile device is configured to generate a payment cryptogram valid for a single financial transaction based on at least the received single use key and the mobile PIN (para. 16, 24, 32, 33, and Fig. 1 of Wankmueller; note steps 101, 103, 120, and 112 of Fig. 1).
Wankmueller does not expressly disclose the transmitting device of the mobile device is further configured to transmit, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction; a memory of the mobile device storing the card profile; the receiving device of the mobile device is further configured to receive a single use key from the remote system via the second communication channel.
Royyuru discloses the transmitting device of the mobile device is further configured to transmit, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction (para. 5, 22, and 47 of Royyuru; the use of NFC and/or other relatively short range communications between a mobile device and a POS device such as when a user of the mobile device scans or waves the mobile device in front of or near the POS device when paying for goods or services.).  
Manessis discloses a memory of the mobile device storing the card profile (para. 39 of Manessis; A payment device 102, may comprise a radio-frequency contactless element 104. The radio-frequency contactless element 104 may include a computer chip (not shown) configured to store a transaction counter, an account identifier, which may comprise an account number, an expiration date, and encryption keys. Examples of payment devices include contact-based or contactless smartcards such as credit, debit or prepaid cards, wireless phones, PDAs (personal digital assistants), key fobs, software, etc.).
Nevill discloses the receiving device of the mobile device is further configured to receive a single use key from the remote system via the second communication channel (para. 46 & 30 of Neville; the customer's device (e.g., the customer's mobile payment device) contacts the bank to receive single-use session keys).
At the time of the invention, it would have been obvious to a person of ordinary skill in the art to combine the aforementioned features of Royyuru, Manessis, and Neville within Wankmueller.  The motivation for doing so would have been to facilitate communication between electronic devices in close proximity (para. 22 of Royyuru), for authentic payments (para. 6 of Manessis), and for increased security (para. 46 of Neville).
(I) Claims 19-24 repeat substantially the same limitations as claims 2-7, and are therefore rejected for the same reasons given above.

Claims 8 and 25 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Wankmueller (US 2008/0040285 A1) in view of Royyuru et al. (US 2010/0185545 A1), in view of Manessis et al. (US 2009/0055893 A1), in view of Neville et al. (US 2011/0276496 A1), and further in view of Li (US 2002/0153424 A1).
(A) Referring to claims 8 and 25, Wankmueller, Royyuru, Manessis, and Neville do not expressly disclose wherein the card profile is configured to utilize local data authentication, and local data authentication includes one of (1) swapping, in the payment credentials, a meaning of an expiration date and an effective date, (2) setting the expiration date as a date prior to a date of issuance, or (3) setting the effective date as a date beyond the expiration date, or setting both the expiration date and the effective date as the expiration date and effective date as defined, and setting an issuer action code configured to force the financial transaction to be an online transaction.
	Li discloses wherein the card profile is configured to utilize local data authentication, and local data authentication includes one of (1) swapping, in the payment credentials, a meaning of an expiration date and an effective date, (2) setting the expiration date as a date prior to a date of issuance, or (3) setting the effective date as a date beyond the expiration date, or setting both the expiration date and the effective date as the expiration date and effective date as defined, and setting an issuer action code configured to force the financial transaction to be an online transaction (para. 9, 21, and 24 of Li).  
At the time of the invention, it would have been obvious to a person of ordinary skill in the art to combine the aforementioned features of Li within Wankmueller, Royyuru, Manessis, and Neville.  The motivation for doing so would have been for transaction clearing and settlement (para. 21 of Li).

Claims 9 and 26 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Wankmueller (US 2008/0040285 A1) in view of Royyuru et al. (US 2010/0185545 A1), in view of Manessis et al. (US 2009/0055893 A1), in view of Neville et al. (US 2011/0276496 A1) in view of Li (US 2002/0153424 A1), and further in view of Murphy et al. (US 6,226,744 B1).
(A) Referring to claims 9 and 26, Wankmueller, Royyuru, Manessis, Neville and Li do not disclose wherein the card profile further includes one RSA key pair and certificate.
Murphy discloses wherein the card profile further includes one RSA key pair and certificate (col. 5, lines 52-65 of Murphy).
At the time of the invention, it would have been obvious to a person of ordinary skill in the art to combine the aforementioned features of Murphy within Wankmueller, Royyuru, Manessis, Neville and Li.  The motivation for doing so would have to provide security (col. 5, line 52 – col. 6, line 21 of Murphy).

 Response to Arguments
Applicant's arguments filed 5/16/22 have been fully considered but they are not persuasive. Applicant’s arguments will be addressed hereinbelow in the order in which they appear in the response filed 5/16/22.
(1) Applicant argues that the disclosures of Wankmueller, Royyuru, Manessis, and Neville, individually or in combination, fail to disclose or suggest all the features of independent claim 1. 

(A) As per the first argument regarding communication channels, it is unclear how the language of the claims differs from the applied prior art. For example, Wankmueller discloses transactions performed over a computer network, such as the Internet and that the mobile device can communicate the dynamic authentication code directly to an authorization processor at an authorization location over a communication network, such as a wireless communications network, the Internet, or a combination thereof (see paragraphs 12, 13, 26, and 33 of Wankmueller). 
In response to applicant's argument that the references teach away and that Neville and Wankmueller do not teach storing financial information on the mobile device, the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981). Note that Manessis was relied upon to teach storing, in a memory of the mobile device, the card profile (para. 39 of Manessis; A payment device 102, may comprise a radio-frequency contactless element 104. The radio-frequency contactless element 104 may include a computer chip (not shown) configured to store a transaction counter, an account identifier, which may comprise an account number, an expiration date, and encryption keys. Examples of payment devices include contact-based or contactless smartcards such as credit, debit or prepaid cards, wireless phones, PDAs (personal digital assistants), key fobs, software, etc.).
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, the motivations to combine came directly from the references.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LENA NAJARIAN whose telephone number is (571)272-7072. The examiner can normally be reached Monday - Friday 9:30 am-6 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jason Dunham can be reached on 571-272-8109. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/LENA NAJARIAN/Primary Examiner, Art Unit 3686