DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 07/13/2022 has been entered.


Status of claims
This office action is in response to the amendment received on 07/13/2022.
Claims 1,3-6,8. 10-13, 15 and 17-20 were amended.
Claims 2, 9 and 16 were canceled.
Claims 1, 3-8, 10-15 and 17-21 are pending.
Claims 1, 3-8, 10-15 and 17-21 were examined.

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claims 1, 3-8 and 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over Van Os et al. (US 2015/0348029 A1) in view of Tussy (US 2018/0181737 A1). 
Claims 15 and 17-21 are rejected under 35 U.S.C. 103 as being unpatentable over Van Os et al. (US 2015/0348029 A1) in view of Tussy (US 2018/0181737 A1) and in further view of Bateman et al. (US 2006/0236302 A1).

With respect to claims 1, 8 and 15, Van Os et al. teach a system for managing personal device security comprising: a magnetic stripe card having at least one of personal and account data permanently and physically embedded thereon, a computing device coupled to an exterior of the magnetic stripe card, the computing device inclusive of at least one integrated sensor; a second computing device in communication with the computing device via a network; and at least one processor integrated into the computing device; a computer program product for managing personal device security by a computing device having one or more processors, the computer program product comprising a non-transitory computer-readable storage medium having computer-readable program code portions stored therein (see Fig. 1A, device 100, memory 142, chip 104, paragraphs [0142]-[0144], magnetic card, paragraph [0195]; remote server, paragraph [0877]); and a method (User interface for payments) comprising: 
coupling1 the computing device having at least one integrated sensor to an exterior of a magnetic stripe card having at least one of personal and account data permanently and physically embedded thereon (see Fig. 5D, camera entry affordance 542 "through taking a picture of the credit card, paragraph [0195]. "in response to receiving the request… the device links the payment account to the respective device and provides an indication (e.g., 558 of FIG. SH) that the payment account has been linked to the respective device.", paragraph [0196]); 
detecting, by the computing device, that data associated with at least one of a chip and a magnetic stripe of the magnetic stripe card has been at least attempted to be read more than a predetermined number of times within a predefined interval of time, wherein the detecting is performed using the at least one integrated sensor; (see Fig. 7F, "failed attempts at authenticating using the fingerprint sensor." paragraph [0264]; "In some embodiments, the electronic device determines whether a predetermined number of attempts to receive authorization to proceed with the payment transaction using the fingerprint sensor has been reached.", paragraph [0265]).

Although Van Os et al. disclose transmitting an authorization request after a predetermined number of attempts has been reached and additional biometric inputs (see paragraph [0151]; Figs. 7F and 7L, paragraphs [0265] and [0298]), Van Os et al. do not explicitly disclose a method, system and computer program product comprising: responsive to the detecting, receiving, by the computing device, information from the at least one integrated sensor associated with activity of the magnetic stripe card during the at least attempted reading; transmitting, by the computing device via a network, the received information to a second computing device; comparing, by the second computing device, the received information against stored information; and changing an operational state of the magnetic stripe card according to a response received by the computing device from the second computing device based upon the comparison. 

However, Tussy discloses a method, system and computer program product (Facial recognition authentication system including path parameters) comprising: 
responsive to the detecting, receiving, by the computing device, information from the at least one integrated sensor associated with activity of the magnetic stripe card during the at least attempted reading (see Embodiment in which authentication imaging "begins… by touching the touchscreen of the user device", paragraph [0215]; FIG. 4, "once enrollment is complete, the authentication server 120 may later receive credentials from a user attempting to authenticate with the system as shown in step 420", paragraph [0092]; FIG. 8, the user via the mobile device 112 obtains several authentication images in step 810 while moving the mobile device 112 to different positions relative to the user's head. Using facial detection in step 812, the mobile device 112 detects the user's face in each of the authentication images, crops the images, and sends the images to the authentication server 120...In another embodiment, the mobile device 112 performs facial recognition to obtain the authentication biometrics and sends the authentication biometrics to the server 120.", paragraph [0092]); 
transmitting, by the computing device via a network, the received information to a second computing device (see Fig. 8, mobile device sends the users/biometrics to server 120, paragraph [0092]); 
comparing, by the second computing device, the received information against stored information (see Fig. 4, step 430 "the authentication server 12- verifies that the credentials received from mobile device sufficiently correspond with the information obtained during enrollment", Fig. 9, step 910 and paragraph [0094]); and 
changing an operational state of the magnetic stripe card according to a response received by the computing device from the second computing device based upon the comparison (see Fig. 4, step 440, grant or deny access based on the verification in step 430, paragraph [0102]). 

Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the facial recognition as disclosed by Tussy in the method, system and computer program product of Van Os et al., the motivation being to provide enhanced security for authenticating a user who has a mobile device (see Tussy, paragraph [0111]).

With respect to claim 15 and 17-21, it appears that the scope of the claims is incommensurate with the scope of independent claims 1 and 8 and their dependent claims. Specifically, while claims 1 and 8 are directed to a method and a system performed/comprised by multiple devices (i.e. a magnetic stripe card, a computing device, a second computing device), claim 15 is directed to a computer program product comprising a non-transitory computer-readable storage medium having computer-readable program code portions stored therein, in which these “portions” are recited as being “executable” by multiple devices. A fair reading of the subject matter of claim 15 in light of the specification (particularly paragraphs [0092]-[0094]) would lead one of ordinary skill in the art to reasonably determine that these claimed portions/instructions “can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network.” Although Van Os et al. disclose an “app store” (see Fig. 4A and paragraphs [0307]-0310]) and “mini-applications that are, optionally downloaded and user by a user” (see paragraph [0208]), the combination of Van Os et al. and Tussy does not explicitly disclose a computer program product in which a “medium” comprising a non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising: executable portions that perform functions by “a computing device” and by a “second computing device”. 
Bateman et al., however, disclose a product (System and method for unified visualization of two-tiered applications) in which a “medium” comprising a non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising: executable portions that perform functions by “a computing device” and by a “second computing device” (see applications 105 download, paragraph [0026]; Fig. 1, repository 114, two-tiered structure with a “client portion” and a “server portion”, paragraph [0028]).
9.	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the repository as disclosed by Tussy in the computer program product of Van Os et al. and Tussy, the motivation being to assist in the development of applications for selected devices and terminals with their respective runtime environment, as well as being capable of assisting the selection from a variety of back-end data sources (see Bateman et al, paragraph [0004]).



With respect to claims 3 and 10, the combination of Van Os et al. and Tussy teaches all the subject matter of the method and system as described above with respect to claims 1 and 8. With respect to claim 17, the combination of Van Os et al., Tussy and Bateman et al. teaches all the subject matter of the computer program product as described above with respect to claim 15. Furthermore, Van Os et al. disclose a method, system and computer program product wherein the at least one integrated sensor includes at least one of a camera and a fingerprint scanner (see using a camera of the device by selecting camera entry affordance 542, paragraph [0191]; "the device determines... whether the user is currently authorizing the device to proceed with the payment transaction ( e.g., the user has placed a finger on a fingerprint sensor for authorization)"). 

11.	With respect to claims 4 and 11, the combination of Van Os et al. and Tussy teaches all the subject matter of the method and system as described above with respect to claims 1 and 8. With respect to claim 18, the combination of Van Os et al., Tussy and Bateman et al. teaches all the subject matter of the computer program product as described above with respect to claim 15. Furthermore, Tussy disclose a method, system and computer program product wherein, the sensor includes a camera, and the received information includes an image of an individual associated with the activity of the magnetic stripe card captured by the camera (see Fig. 2, camera 276, paragraph [0067]; FIG. 4, "once enrollment is complete, the authentication server 120 may later receive credentials from a user attempting to authenticate with the system as shown in step 420", paragraph [0092]; FIG. 8, the user via the mobile device 112 obtains several authentication images in step 810 while moving the mobile device 112 to different positions relative to the user's head. Using facial detection in step 812, the mobile device 112 detects the user's face in each of the authentication images, crops the images, and sends the images to the authentication server 120...In another embodiment, the mobile device 112 performs facial recognition to obtain the authentication biometrics and sends the authentication biometrics to the server 120.", paragraph [0092]).

11.	With respect to claims 5 and 12, the combination of Van Os et al. and Tussy teaches all the subject matter of the method and system as described above with respect to claims 1 and 8. With respect to claim 19, the combination of Van Os et al., Tussy and Bateman et al. teaches all the subject matter of the computer program product as described above with respect to claim 15. Furthermore, Van Os et al. disclose a method, system and computer program product wherein the at least one integrated sensor includes a fingerprint scanner, and the received information includes a fingerprint scan of an individual associated with the activity of the magnetic stripe card detected by the fingerprint scanner (see Fig. 28A, biometric/fingerprint sensor2803, paragraph [0945]). 

With respect to claims 6 and 13, the combination of Van Os et al. and Tussy teaches all the subject matter of the method and system as described above with respect to claims 1 and 8. With respect to claim 20, the combination of Van Os et al., Tussy and Bateman et al. teaches all the subject matter of the computer program product as described above with respect to claim 15. Furthermore, Tussy disclose a method, system and computer program product wherein the comparing of the received information to the stored information includes determining whether the activity is associated with an authorized user of the magnetic stripe card (see Fig. 4, step 430 "the authentication server 12- verifies that the credentials received from mobile device sufficiently correspond with the information obtained during enrollment", Fig. 9, step 910 and paragraph [0094]).

With respect to claims 7 and 14, the combination of Van Os et al. and Tussy teaches all the subject matter of the method and system as described above with respect to claims 1 and 8. With respect to claim 21, the combination of Van Os et al., Tussy and Bateman et al. teaches all the subject matter of the computer program product as described above with respect to claim 15. Furthermore, Tussy disclose a method, system and computer program product wherein, based upon the comparison, a notification is provided to an owner of the magnetic stripe card, further comprising receiving an indication from the owner of the magnetic stripe card in response to the notification, and wherein the changing of the operational state of the magnetic stripe card is based on the received indication (see paragraph [0121]: "The email address may then further enhance the security of the system. For example, if a user unsuccessfully attempts to login via the authentication system a predetermined number of times, such as three times for example, then the authentication system locks the account and sends an email to the email address informing the user of the unsuccessful login attempts. The email might also include one or more pictures of the person who failed to login and GPS or other data from the login attempt. The user may then confirm whether this was a valid login attempt and reset the system, or the user may report the login attempt as fraudulent. If there is a reported fraudulent login, or if there are too many lockouts, the system may delete the account associated with the email address to protect the user's security"). 


Response to Arguments/Amendments
Claim rejections - 35 USC § 112(a)
Applicant’s amendments and arguments (see remarks, page 10, filed on 07/13/2022), with respect to the rejection of claims 1, 2-8, 10-15 and 17-21 under 35 USC § 112(a) have been fully considered. Examiner finds Applicant's arguments persuasive in view of the submitted amendments, therefore the rejection was withdrawn. 

Claim rejections - 35 USC § 112(b)
Applicant’s amendments and arguments (see remarks, pages 10 and 11, filed on 07/13/2022), with respect to the rejection of claims 6, 13 and 20 under 35 USC § 112(b) have been fully considered. Examiner finds Applicant's arguments persuasive in view of the submitted amendments, therefore the rejection was withdrawn. 

Claim rejections - 35 USC § 103
Applicant’s amendments and arguments (see remarks, pages 11-14, filed on 07/13/2022), with respect to the rejection of claims 1, 2-8, 10-15 and 17-21 under 35 USC § 103 have been fully considered but are moot because the arguments do not apply to the combination of references being used in the current rejection of the amended claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Non-Patent Literature
Ranjan (NPL FALSE, listed in PTO-892 as reference "U") discloses "Tokenization of a physical debit or credit card for payment", including a user computing device receiving financial account information directly from a physical payment card via near field communication (“NFC”), Bluetooth, Wi-Fi, radio frequency (“RF”) communication, or other appropriate network communication method.
A. Noore (NPL FALSE, listed in PTO-892 as reference "V") discloses "Highly robust biometric smart card design", including biometric sensors used for smart card applications.
Salajegheh et al. (NPL 2014, listed in PTO-892 as reference "W") disclose "Unleashing the Wild Card for mobile payment", including a card stored in a phone case.
Vats et al. (NPL 2015, listed in PTO-892 as reference "X") disclose "Fingerprint security for protecting EMV payment cards", including a biometric reader generating a biometric template, encrypt it with public key of the CHIP (DDA/CDA cards) and send it to CHIP of payment card for processing. The CHIP then decrypts the template and again encrypt template with a reference number and digital signatures of issuing authority and send it to issuer for verification.
R. Tamezheneal and S. Sumathi (NPL 2017, listed in PTO-892 as reference "U", page 2) discloses "Implementation of biometrie smart card using multibiometrics", including biometric match-on-card and match-off-card approaches.
Sanchez-Reillo et al. (NPL 2013, listed in PTO-892 as reference "V", page 2) disclose "Universal access through biometrics in mobile scenarios", including authentication of a user's identity by means of a portable device (Smartphone, PDA, tablet, etc.) jointly with the security of smartcards and contactless communications.


Patent Literature
Cox et al. (US 2008/0126260 A1) disclose point of sale transaction device with magnetic stripe emulator and biometric authentication, including if the number of failed attempts has reached a pre-defined limit, a FALSE value is returned to biometric sensor control 410, indicating that the device should not be activated.
Van Os et al. (US 2019/0080189 A1) disclose implementation of biometric authentication, including an electronic device tracking a number of failed authentication attempts, such as a number of failed sequential failed attempts without an intervening success authentication.
Burger et al. (US 2003/0220876 A1) disclose portable electronic authorization system and method, including security precautions taken in light of the multiple failed attempts to match the holder's fingerprint .
Bauchspies (US 2006/0193503 A1) discloses method and apparatus for enhanced security in biometric systems, including accumulating a first number N1 of consecutive failed match attempts prior to a successful match wherein a failed match attempt occurs when one of the sample biometric signatures does not match any of the valid biometric signatures.
Maheshwari et al. (US 2019/0057390 A1) disclose biometric system for authenticating a biometric request, including an embodiment with multiple biometric sensors, in which the biometric system retrieves, from data storage, a type of biometric input associated with a key. The biometric system 18 then checks if the received biometric input type is the same as the retrieved type of biometric input associated with the key.




Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDUARDO D CASTILHO whose telephone number is (571)270-1592. The examiner can normally be reached Mon-Fri 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/E.C./Examiner, Art Unit 3685 
/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Examiner notes that “coupling” is not lexicographically defined by the specification as filed and it shouldn’t be narrowly interpreted as “physically coupling”. Its broadest reasonable interpretation includes “the act of bringing or coming together”, i.e. pairing. See “Coupling.” Merriam-Webster.com Dictionary, Merriam-Webster, https://www.merriam-webster.com/dictionary/coupling. Accessed 1 Nov. 2022.