DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are pending.

Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged.

Claim Objections
Claim 9 is objected to because of the following informalities. Claim 9 recites the limitation “receiving, from the authentication server, a result from the authentication server, the result indicating …”. It appears the limitation “from the authentication server” was unintentionally included within the claim twice as a typographical error. Examiner suggests amending the claim to recite “receiving, from the authentication server, a result indicating …” instead. Appropriate correction is required.
Claims 10-15 are also objected to as they depend from claim 9.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending application 17/184,963. Claims 1-20 are disclosed by claims 1-20 of copending application 17/184,963. Although the claims at issue are not identical, they are not patentably distinct from each other. copending application 17/184,963 differs from the claims at issue because it recites the additional features of receiving, from the authentication server, a permissions vector of the first account, the permissions vector comprising a plurality of entries, determining, based on the permissions vector of the first account, that the first account is permitted access to the resource, and granting the first account access to the resource based on the result that the authentication server decrypted the cryptogram and the permissions vector of the first account. Since copending application 17/184,963 and the claims at issue of the present application perform similar functions, it would have been obvious to a person of ordinary skill in the art to modify claims 1-20 of copending application 17/184,963 by removing the additional features. It is well settled that omission of an element and its function is an obvious expedient if the remaining elements perform the same function as before. In re Karison, 136 USPQ 184 (CCPA 1963) Also note Ex parte Rainu, 168 USPQ 375 (Bd. App. 1969). Thus, omission of a reference element whose function is not needed would be obvious to one of ordinary skill in the art.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.

The claims have been evaluated for patent subject matter eligibility under 35 U.S.C. 101 using the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).

Claims 1-8:
Step 1
Claims 1-8 are directed to a computer-implemented system (i.e. machine). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 1 recites (i.e., sets forth or describes) an abstract idea of granting a request based upon a received result. Specifically, but for the additional elements, claim 1 under its broadest reasonable interpretation recites limitations grouped within the “mental processes” grouping of abstract ideas because the claim recites a process that deals with concepts performed in the human mind. For instance, the claimed determine, based on the result, that the contactless card is verified and access to the resource and grant access to the resource based on the contactless card being verified is an example of concepts performed in the human mind because it involves concepts practically performed in the human mind. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). 
a processor circuit
a memory storing instructions which when executed by the processor circuit, cause the processor circuit to: 
receive a request to access a resource
receive, from a contactless card, encrypted data
transmit the encrypted data to an authentication server
receive, from the authentication server, a result that the authentication server decrypted the encrypted data
determine, based on the result, that the contactless card is verified and access to the resource
grant access to the resource based on the contactless card being verified

Step 2A Prong Two
Claim 1 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements “processor circuit”, “memory storing instructions”, “contactless card” and “authentication server” above merely serve as a tool to perform the abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Further, the additional elements “receive a request to access a resource”, “receive … encrypted data”, “transmit the encrypted data” and “receive … a result that the authentication server decrypted the encrypted data” amount to mere data gathering, which is a form of insignificant extra-solution activity.

Step 2B
The additional elements, taken individually and in combination, do not result in claim 1, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “receiving or transmitting data over a network” is a well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amounting to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 2-8 have also been analyzed according to the 2019 PEG. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons:
Claim 2 recites additional details of the type of data included in the encrypted data. Therefore, it recites additional abstract ideas.
Claim 3 recites additional details of the type of data included in the results. Therefore, it recites additional abstract ideas.
Claim 4 recites additional details of the type of data included in the results. Therefore, it recites additional abstract ideas.
Claim 5 recites the additional element of “initiate a near-field communication (NFC) exchange with the contactless card … in the NFC exchange”. However, this additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea. The claim also recites the additional element of “receive the encrypted data”. However, this additional element fails to recite a practical application or significantly more than the abstract idea because it is insignificant extra-solution activity as it is mere data gathering (See MPEP 2106.05(g)) and well-understood, routine, and conventional activity as it is receiving or transmitting data over a network (See MPEP 2106.05(d)(II)).
Claim 6 recites the additional element of “one or more wireless interfaces configured to operate in accordance with an NFC protocol, a Bluetooth protocol, a Wi-Fi protocol, or a combination thereof, the processor circuit is configured to … via the one or more wireless interfaces”. However, this additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea. The claim also recites the additional element of “receive the encrypted data”. However, this additional element fails to recite a practical application or significantly more than the abstract idea because it is insignificant extra-solution activity as it is mere data gathering (See MPEP 2106.05(g)) and well-understood, routine, and conventional activity as it is receiving or transmitting data over a network (See MPEP 2106.05(d)(II)).
Claim 7 recites additional details of the type of data included in the resource. Therefore, it recites additional abstract ideas.
Claim 8 recites the additional element of “wherein the instructions are further configured to cause the processor circuit to … on a graphical user interface (GUI) of a display device of the computing device”. However, this additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea. The claim also recites the additional element of “provide an indication that the access is granted”. However, this additional element fails to recite a practical application or significantly more than the abstract idea because it is insignificant extra-solution activity as it is mere data gathering (See MPEP 2106.05(g)) and well-understood, routine, and conventional activity as it is receiving or transmitting data over a network (See MPEP 2106.05(d)(II)).

Claims 9-15:
Step 1
Claims 9-15 are directed to a computer-implemented method (i.e. process). Therefore, these claims fall within the four statutory categories of invention.


Step 2A Prong One
Claim 9 recites (i.e., sets forth or describes) an abstract idea of granting a request based upon a received result. Specifically, but for the additional elements, claim 9 under its broadest reasonable interpretation recites limitations grouped within the “mental processes” grouping of abstract ideas because the claim recites a process that deals with concepts performed in the human mind. For instance, the claimed determining whether to grant access to the resource or process the payment based on the result is an example of concepts performed in the human mind because it involves concepts practically performed in the human mind. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). 
receiving, by processing circuitry, a request to access a resource or process a payment
receiving, from a contactless card via a wireless interface, encrypted data based on the request
transmitting the encrypted data to an authentication server
receiving, from the authentication server, a result from the authentication server, the result indicating whether the contactless card is authenticated or not authenticated based on the encrypted data
determining whether to grant access to the resource or process the payment based on the result

Step 2A Prong Two
Claim 9 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements “processing circuit”, “contactless card”, “wireless interface” and “authentication server” above merely serve as a tool to perform the abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Further, the additional elements “receiving … a request to access a resource or process a payment”, “receiving … encrypted data based on the request”, “transmitting the encrypted data” and “receiving … a result … the result indicating whether the contactless card is authenticated or not authenticated based on the encrypted data” amount to mere data gathering, which is a form of insignificant extra-solution activity.

Step 2B
The additional elements, taken individually and in combination, do not result in claim 9, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea. Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. MPEP 2106.05(d)(II) indicates that “receiving or transmitting data over a network” is a well-understood, routine, conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the additional elements amounting to mere data gathering are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 10-15 have also been analyzed according to the 2019 PEG. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons:
Claim 10 recites additional details of the type of data included in the encrypted data. Therefore, it recites additional abstract ideas.
Claim 11 further recites the abstract ideas of access control as well as granting or not granting a request based upon a received result. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” groupings of abstract ideas.
Claim 12 recites additional details of the type of data included in the encrypted data. Therefore, it recites additional abstract ideas.
Claim 13 further recites the abstract ideas of payment control as well as granting or not granting a request based upon a received result. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” groupings of abstract ideas.
Claim 14 recites the additional element of “initiating a near-field communication (NFC) exchange with the contactless card; and … in the NFC exchange”. However, this additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea. The claim also recites the additional element of “receiving the encrypted data”. However, this additional element fails to recite a practical application or significantly more than the abstract idea because it is insignificant extra-solution activity as it is mere data gathering (See MPEP 2106.05(g)) and well-understood, routine, and conventional activity as it is receiving or transmitting data over a network (See MPEP 2106.05(d)(II)).
Claim 15 recites the additional element of “on a graphical user interface (GUI) of a display device”. However, this additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea. The claim also recites the additional element of “presenting an indication of the result”. However, this additional element fails to recite a practical application or significantly more than the abstract idea because it is insignificant extra-solution activity as it is mere data gathering (See MPEP 2106.05(g)) and well-understood, routine, and conventional activity as it is creating output data as well as receiving or transmitting data over a network (See MPEP 2106.05(d)(II)).

Claims 16-20:
Step 1
Claims 16-20 are directed to a computer-implemented system (i.e. machine). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 16 recites (i.e., sets forth or describes) an abstract idea of encryption of information as well as authentication of users. Specifically, but for the additional elements, claim 16 under its broadest reasonable interpretation recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas because the claim recites a process that deals with fundamental economic principles or practices as well as managing personal behavior or relationships or interactions between people. For instance, the claimed authentication of a user as well as receiving encrypted data and generating decrypted data is an example of fundamental economic principles or practices because it involves mitigating risk. Further, the claimed receiving encrypted data and generating decrypted data is an example of managing personal behavior or relationships or interactions between people because it involves keeping interactions between people secure. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). 
one or more servers comprising: memory configured to store instructions
processing circuitry configured to process the instructions, that when executed, cause the processing circuitry to:
receive, via a computing device, encrypted data to authenticate a user of a contactless card to access a resource, the encrypted data generated by the contactless card with an encryption algorithm and a key
generate decrypted data by applying a decryption algorithm and a second key to the encrypted data
authenticate the user based on the decrypted data
send a result comprising an indication the user is authenticated to the computing device

Step 2A Prong Two
Claim 16 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements “one or more servers comprising: memory configured to store instructions”, “processing circuitry configured to process the instructions, that when executed, cause the processing circuitry to” and “computing device” above merely serve as a tool to perform the abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. 

Step 2B
The additional elements, taken individually and in combination, do not result in claim 16, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 17-20 have also been analyzed according to the 2019 PEG. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons:
Claim 17 recites additional details of the type of data included in the encrypted data. Therefore, it recites additional abstract ideas.
Claim 18 recites additional details of the type of data included in the results. Therefore, it recites additional abstract ideas.
Claim 19 recites additional details of the type of data included in the results. Therefore, it recites additional abstract ideas.
Claim 20 recites additional details of the type of data included in the resource. Therefore, it recites additional abstract ideas.










Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 9-15 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by US 2020/0286071 A1 to Oepping (hereinafter "Oepping").

Claim 9: 
Oepping discloses:
receiving, by processing circuitry, a request to access a resource or process a payment (paras 40-41, 61, 64-65, 70-71)
receiving, from a contactless card via a wireless interface (para 34), encrypted data based on the request (paras 41-44, 51, 61, 67)
transmitting the encrypted data to an authentication server (paras 44, 61, 67, 87)
receiving, from the authentication server, a result from the authentication server, the result indicating whether the contactless card is authenticated or not authenticated based on the encrypted data (paras 44, 61, 68-69, 87)
determining whether to grant access to the resource or process the payment based on the result (paras 6-7, 36-37, 44, 69)

Claim 10: 
Oepping discloses all limitations of claim 9. Oepping further discloses:
wherein the encrypted data comprises permissions data encrypted by the contactless card performing an encryption operation with a key stored on the contactless card (para 61)

Claim 11: 
Oepping discloses all limitations of claim 10. Oepping further discloses:
granting the access to the resource if the result indicates the contactless card is authenticated (paras 6-7, 36-37, 44, 69)
preventing the access to the resource if the result indicates the contactless card is not authenticated (paras 6-7, 36-37, 44, 69)

Claim 12: 
Oepping discloses all limitations of claim 9. Oepping further discloses:
wherein the encrypted data comprises payment data encrypted by the contactless card perform an encryption operation with a key stored on the contactless card (paras 6-7, 36-37, 41-43, 51, 61, 66)

Claim 13: 
Oepping discloses all limitations of claim 12. Oepping further discloses:
enabling the payment if the result indicates the contactless card is authenticated (paras 6-7, 36-37, 44, 69)
preventing the payment if the result indicates the contactless card is not authenticated (paras 6-7, 36-37, 44, 69)

Claim 14: 
Oepping discloses all limitations of claim 9. Oepping further discloses:
initiating a near-field communication (NFC) exchange with the contactless card; and receiving the encrypted data in the NFC exchange (para 34)

Claim 15: 
Oepping discloses all limitations of claim 9. Oepping further discloses:
presenting an indication of the result on a graphical user interface (GUI) of a display device (paras 39, 48, 52, 64)







Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-8 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2020/0286071 A1 to Oepping (hereinafter "Oepping") in view of US 2017/0134176 A1 to Kim et al. (hereinafter "Kim").

Claim 1: 
Oepping discloses:
a processor circuit (paras 32, 47, 84-85)
a memory storing instructions which when executed by the processor circuit, cause the processor circuit to (paras 32, 47, 84-85)
receive a request to access a resource (paras 40-41, 61, 64-65, 70-71)
receive, from a contactless card, encrypted data (paras 41-44, 51, 61, 67)
transmit the encrypted data to an authentication server (paras 44, 61, 67, 87)
receive, from the authentication server, a result that the authentication server [authenticated] the encrypted data (paras 44, 61, 68-69, 87)
determine, based on the result, that the contactless card is verified and access to the resource (paras 44, 61, 68-69, 87)
grant access to the resource based on the contactless card being verified (paras 6-7, 36-37, 44, 69)
Oepping does not disclose:
authentication server decrypted the encrypted data
Kim, an analogous art of authentication, discloses:
authentication server decrypted the encrypted data (Fig.6 item 620, Fig.8 item 820; paras 50, 53)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the System of Oepping to include the authentication server decrypting the encrypted data in place of authenticating the encrypted data, as disclosed in Kim. One or ordinary skill in the art would have been motivated to do so in order to improve security (Kim, paras 2-6]).

Claim 2: 
The combination of Oepping in view of Kim discloses all limitations of claim 1. Oepping further discloses:
wherein the encrypted data comprises permissions data encrypted by the contactless card performing an encryption operation with a key stored on the contactless card (para 61)

Claim 3: 
The combination of Oepping in view of Kim discloses all limitations of claim 2. Oepping further discloses:
wherein the results include an indication that the permissions data is verified by the authentication server (paras 44, 61, 68-69, 87)

Claim 4: 
The combination of Oepping in view of Kim discloses all limitations of claim 1. Oepping further discloses:
wherein the result includes a permissions vector comprising a plurality of entries, and one of the plurality of entries is associated with the contactless card and comprises an indication the contactless card is verified (paras 44, 61, 68-69, 87)


Claim 5: 
The combination of Oepping in view of Kim discloses all limitations of claim 1. Oepping further discloses:
initiate a near-field communication (NFC) exchange with the contactless card; and receive the encrypted data in the NFC exchange (para 34)

Claim 6: 
The combination of Oepping in view of Kim discloses all limitations of claim 1. Oepping further discloses:
one or more wireless interfaces configured to operate in accordance with an NFC protocol, a Bluetooth protocol, a Wi-Fi protocol, or a combination thereof; and the processor circuit is configured to receive the encrypted data via the one or more wireless interfaces (para 34)

Claim 7: 
The combination of Oepping in view of Kim discloses all limitations of claim 1. Oepping further discloses:
wherein the resource is a computing device (paras 40-41, 61, 64-65, 70-71)

Claim 8: 
The combination of Oepping in view of Kim discloses all limitations of claim 7. Oepping further discloses:
wherein the instructions are further configured to cause the processor circuit to provide an indication that the access is granted on a graphical user interface (GUI) of a display device of the computing device (paras 39, 48, 52, 64)

Claim 16: 
Oepping discloses:
one or more servers comprising: memory configured to store instructions (paras 32, 47, 84-85)
processing circuitry configured to process the instructions, that when executed, cause the processing circuitry to (paras 32, 47, 84-85)
receive, via a computing device, encrypted data to authenticate a user of a contactless card to access a resource (paras 44, 61, 67, 87), the encrypted data generated by the contactless card with an encryption algorithm and a key (paras 41-43, 51, 61, 66)
authenticate the user (paras 44, 61, 68-69, 87)
send a result comprising an indication the user is authenticated to the computing device (paras 44, 61, 68-69, 87)
Oepping does not disclose:
generate decrypted data by applying a decryption algorithm and a second key to the encrypted data
authenticate the user based on the decrypted data
Kim, an analogous art of authentication, discloses:
generate decrypted data by applying a decryption algorithm and a second key to the encrypted data (Fig.6 item 620, Fig.8 item 820; paras 50, 53)
authenticate the user based on the decrypted data (Fig.6 item 620, Fig.8 item 820; paras 50, 53)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the System of Oepping to include generate decrypted data by applying a decryption algorithm and a second key to the encrypted data and authenticate the user based on the decrypted data, as disclosed in Kim. One or ordinary skill in the art would have been motivated to do so in order to improve security (Kim, paras 2-6]).

Claim 17: 
The combination of Oepping in view of Kim discloses all limitations of claim 16. Oepping further discloses:
wherein the encrypted data comprises permissions data encrypted by the contactless card performing the encryption algorithm with the key stored on the contactless card (para 61)

Claim 18: 
The combination of Oepping in view of Kim discloses all limitations of claim 17. Oepping further discloses:
wherein the results include an indication that the permissions data is verified by the one or more servers (paras 44, 61, 68-69, 87)

Claim 19: 
The combination of Oepping in view of Kim discloses all limitations of claim 16. Oepping further discloses:
wherein the result includes a permissions vector comprising a plurality of entries, and one of the plurality of entries is associated with the contactless card and comprises the indication the contactless card is verified (paras 44, 61, 68-69, 87)

Claim 20: 
The combination of Oepping in view of Kim discloses all limitations of claim 16. Oepping further discloses:
wherein the resource is a device (paras 40-41, 61, 64-65, 70-71)

Conclusion
The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 9,741,036 B1 to Grassadonia et al. (hereinafter "Grassadonia") discloses a server storing confirmation that card is activated (Fig.2 items 210 and 211; 14:54 to 15:42), the server receiving a request to process payment (15:42 to 16:52), and the server authorizing the request based on confirmation that card is activated (Fig.2 item 213; 15:42 to 16:52).
US 2011/0271108 A1 to Kale et al. (hereinafter "Kale") discloses granting access to a resource (Fig.4 items 408 & 414, paras 61, 64), wherein a feature is disabled (paras 62-64), and wherein a feature is enabled (paras 61, 64).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ari Shahabi whose telephone number is (571)272-2565. The examiner can normally be reached M-F: 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Ari Shahabi/Examiner, Art Unit 3685