DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination (RCE) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on September 19, 2022 has been entered.
 
Acknowledgements
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to the RCE filed on September 19, 2022.
Claims 1-21 are pending.
Claims 1-21 are examined.
This Office Action is given Paper No. 20221103 for references purposes only.

Claim Rejections - 35 USC § 112, 2nd paragraph
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

Claims 1-8 and 21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 1 recites “a processor configured to decrypt.” This phrase is vague and indefinite because it is unclear whether this refers to “the processor” previously recited, or to “a second processor.” For purposes of applying the prior art only, Examiner will interpret as “the processor.”

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 6-7, 9-10, 14-15, 17, and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hurley (US 2015/0095219) in view of Srivastava et al. (US 2017/0308895).

Claims 1, 9, 17
Hurley discloses: 
a secure element (secure element, see [0018]) locally installed on the computing device (electronic device, see [0018]) and comprising a payment application (payment application, see [0066]) hosted by a wallet provider (wallet application, see [0030]);
a processor (processor, see [0022]) configured to initiate a payment transaction (transaction, see abstract) with a merchant (merchant, see abstract) via the payment application of the secure element; and
a network interface configured to receive a session key (access key, see [0027]) shared with a manufacturer (e.g. Apple, see [0026]) of the secure element (secure element, see [0027]) from a digital enablement service (e.g. Apple, see [0026]), receive an encrypted merchant public key (merchant key, see [0028]) of the merchant from the wallet provider (e.g. Apple, see [0028]) that hosts the payment application, and receive transaction data (transaction data, see [0042]) for settling the payment transaction with the merchant based on a payment card stored in the payment application; 
and dynamically generate, via the secure element, a cryptogram (re-encrypted payment card data, see [0046]) that remotely authenticates the transaction data and sign (signature, see [0076]) the cryptogram via the secure element with a signature based on the decrypted merchant public key (merchant key, see [0046]), wherein the cryptogram is signed locally by the secure element and the signature is verifiable by a merchant private key (merchant private key, see [0076]) that corresponds to the merchant public key,
wherein the processor is further configured to control the network interface to transmit (transmitted, see [0046]) the dynamically generated cryptogram (re-encrypted payment card data, see [0046]) to a computing system associated with the merchant (merchant, see [0046]).
Hurley does not disclose:
an encrypted merchant public key;
a processor… service.
Srivastava teaches:
an encrypted merchant public key (encrypted session key, see [0036]);
a processor configured to decrypt the encrypted merchant public key (decrypt the encrypted session key, see [0036]) from the wallet provider with the session key (using the server encryption key, see [0036]) from the digital enablement service.
Hurley discloses a secure element installed on a computing device, a processor to initiate a payment transaction, an interface to receive a session key, generating a cryptogram, and transmitting the cryptogram. While Hurley discloses receiving a merchant key, Hurley does not disclose that the merchant key is encrypted. Additionally, Hurley does not disclose decrypting the encrypted merchant key with a session key. However, Srivastava teaches encrypting a session key and decrypting said key with another key. It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the initiation of online payments using an electronic device identifier of Hurley with the encrypted key and decrypting of said key of Srivastava because 1) a need exists for secure and convenient use of a commerce credential for conducting payment of a transaction (see Hurley [0003]); and 2) a need exists for generation of secure application cryptograms without the use of user authentication (see Srivastava [0004]). Encrypting the merchant key ensures another layer of security, and decrypting the key allows access to the information to complete the transaction.

Claims 2, 10
Furthermore, Hurley discloses:
display a user interface (interface, see [0029]) which includes a plurality of payment options corresponding to a plurality of payment cards (payment cards, see [0024]) of the cardholder stored in a digital wallet (wallet, see [0030]) installed on the computing device, and receive a selection of a payment card (select a credential, see [0018]) from among the plurality of payment cards via the user interface.

Claims 6, 14
Furthermore, Hurley discloses:
encrypt the transaction data (re-encrypted payment card data, see [0046]), via the secure element, to generate a transaction payload, and sign (signature, see [0076]) the transaction payload with the decrypted merchant public key (merchant key, see [0046]).

Claims 7, 15
Furthermore, Hurley discloses:
receive the transaction data, via the secure element, from a web browser (browser, see [0023, 0040])  on the computing device.

Claim 21
Furthermore, Hurley discloses:
the session key (access key, see [0027]) is stored within the secure element via a manufacturer (e.g. Apple, see [0026]) of one or more of the secure element and the computing device.

Claims 3-5, 8, 11-13, 16, and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hurley (US 2015/0095219), in view of Srivastava et al. (US 2017/0308895), and further in view of Collinge (WO 2018/031856).

Claims 3, 11
Hurley in view of Srivastava discloses the limitations above. Hurley in view of Srivastava does not disclose:
Retrieve… device.
Collinge teaches:
retrieve the encrypted merchant public key (key pair, see figure 7, p 17) from a remote key management service via the wallet provider (wallet provider, see p 9) of the payment application (wallet, see p 9) on the secure element.
Hurley in view of Srivastava discloses a secure element installed on a computing device, a processor to initiate a payment transaction, an interface to receive a session key, receiving an encrypted key, decrypting the encrypted key, generating a cryptogram, and transmitting the cryptogram. Hurley in view of Srivastava does not disclose retrieving the encrypted merchant public key from a remote service, but Collinge does. It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the initiation of online payments using an electronic device identifier of Hurley, in view of Srivastava, with the retrieved key from Collinge because a need exists for a tokenization approach that provides additional benefits in transaction control for merchants and customers (see Collinge p 3). Retrieving the merchant public key from a remote management service allows for the public key to be maintained by a third party, which is convenient.

Claims 4, 12
Furthermore, Hurley discloses:
the session key (access key, see [0027]) is hidden from the wallet provider (on secure element, see [0027]).

Claims 5, 13
Furthermore, Collinge teaches:
transmit an identifier (unique identifier, see p 13) to the remote key management system; and
receive a response from the remote key management system which includes the merchant public key (merchant key pair, see p 13) corresponding to the identifier.

Claims 8, 16
Hurley in view of Srivastava discloses the limitations above. Hurley in view of Srivastava does not disclose:
The merchant… system.
Collinge teaches:
the encrypted merchant public key comprises an encryption key (merchant key pair, see p 13, figure 7) held by a relaying agent (transaction scheme key management services, see p 13) of the merchant which is positioned on a network route between the computing device and a merchant computing system.
Hurley in view of Srivastava discloses a secure element installed on a computing device, a processor to initiate a payment transaction, an interface to receive a session key, receiving an encrypted key, decrypting the encrypted key, generating a cryptogram, and transmitting the cryptogram. Hurley in view of Srivastava does not disclose the encryption key held by a relaying  agent, but Collinge does. It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the initiation of online payments using an electronic device identifier of Hurley, in view of Srivastava, with the encryption key held by a relying agent from Collinge because a need exists for a tokenization approach that provides additional benefits in transaction control for merchants and customers (see Collinge p 3). Having the merchant key held by a relying agent allows for convenience to the user and merchant. 

Claim 18
Hurley in view of Srivastava discloses the limitations above. Hurley in view of Srivastava does not disclose:
The processor… key.
Collinge teaches:
the processor chip is configured to generate a digital remote secure payment (DSRP) payload (DSRP cryptogram, see p 10, 15-16) based on the received transaction data, and sign (signature, see p 16, 19) the DSRP payload with the decrypted merchant public key.
Hurley in view of Srivastava discloses a secure element installed on a computing device, a processor to initiate a payment transaction, an interface to receive a session key, receiving an encrypted key, decrypting the encrypted key, generating a cryptogram, and transmitting the cryptogram. Hurley in view of Srivastava does not disclose generating a DSRP payload, but Collinge does. It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the initiation of online payments using an electronic device identifier of Hurley, in view of Srivastava, with the generated DSRP payload from Collinge because a need exists for a tokenization approach that provides additional benefits in transaction control for merchants and customers (see Collinge p 3). Generating a digital remote secure payment ensures that the transaction data remains secure.

Claims 19-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hurley (US 2015/0095219), in view of Srivastava et al. (US 2017/0308895), and further in view of Wong et al. (US 2015/0339664).

Claim 19
Hurley in view of Srivastava discloses the limitations above. Hurley in view of Srivastava does not disclose:
A consumer… element.
Wong teaches:
a consumer device cardholder verification method (CDCVM) module (CDCVM performed, see [0192, 0203]) which authenticates a user of the computing device, and transmits authentication information (CDCVM verified indicator, see [0230]) of the user authentication to the processor chip of the secure element.
Hurley in view of Srivastava discloses a secure element installed on a computing device, a processor to initiate a payment transaction, an interface to receive a session key, receiving an encrypted key, decrypting the encrypted key, generating a cryptogram, and transmitting the cryptogram. Hurley in view of Srivastava does not disclose a CDCVM module authenticating a user, but Collinge does. It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to combine the initiation of online payments using an electronic device identifier of Hurley, in view of Srivastava, with the CDCVM module authenticating a user from Collinge because a need exists for a tokenization approach that provides additional benefits in transaction control for merchants and customers (see Collinge p 3). A CDCVM module authenticating a user will provide additional security to a transaction.

Claim 20
Furthermore, Wong teaches:
the processor chip of the secure element is further configured to generate the transaction cryptogram based on the authentication information (CDCVM verified indicator, see [0230]) received from the CDCVM.

Response to Arguments
Applicant argues that the prior art does not teach the amendments.
Please see new mapping.

Claim Interpretation
The prior art made of record and not relied upon is considered pertinent to Applicant's disclosure (see attached form PTO-892).
Lingappa (US 2015/0332262) discloses a master applet for secure remote payment processing. 
After careful review of the original specification and unless expressly noted otherwise by Examiner, Examiner concludes that Applicant is not his own lexicographer.  See MPEP § 2111.01 IV.
Examiner hereby adopts the following definitions under the broadest reasonable interpretation standard. In accordance with In re Morris, 127 F.3d 1048, 1056, 44 USPQ2d 1023, 1029 (Fed. Cir. 1997), Examiner points to these other sources to support her interpretation of the claims.1 Additionally, these definitions are only a guide to claim terminology since claim terms must be interpreted in context of the surrounding claim language. Finally, the following list is not intended to be exhaustive in any way:
configuration “(1) (A) (software) The arrangement of a computer system or component as defined by the number, nature, and interconnections of its constituent parts.” “(C) The physical and logical elements of an information processing system, the manner in which they are organized and connected, or both.  Note: May refer to hardware configuration or software configuration.”  IEEE 100 The Authoritative Dictionary of IEEE Standards Terms, 7th Edition, IEEE, Inc., New York, NY, Dec. 2000.

Conclusion
Any inquiry of a general nature or relating to the status of this application or concerning this communication or earlier communications from Examiner should be directed to Chrystina Zelaskiewicz whose telephone number is 571.270.3940. Examiner can normally be reached on Monday-Friday, 9:30am-5:00pm. If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, Kambiz Abdi can be reached at 571-272-6702.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://portal.uspto.gov/external/portal/pair <http://pair-direct.uspto.gov>. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free).
/CHRYSTINA E ZELASKIEWICZ/Primary Examiner, Art Unit 3688                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              






    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 While most definition(s) are cited because these terms are found in the claims, Examiner may have provided additional definition(s) to help interpret words, phrases, or concepts found in the definitions themselves or in the prior art.