DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on November 14, 2022 has been entered.
 
Acknowledgment and Response to Remarks
This Action is in response to the request for continued examination and the amendments filed on October 12, 2022 and November 14, 2022. Claims 1-5 and 8-18 are pending. Claims 6-7 are cancelled by Applicant. Claims 9-18 are withdrawn by Applicant’s election. Claims 1-5 and 8 have been fully examined.
With respect to the 103 rejections, Applicant is of the opinion that the dCVV as taught by Dana fails to include the PIN, as recited in feature of claim 1: “transmitting the first transaction-specific code, and also transmitting the chip information, and the transaction information without being part of the first transaction-specific code and without including the PIN…” The examiner respectively notes that Applicant’s argument contradicts itself as Applicant states that “dCVV of Dana fails to include the PIN” However, also Applicant’s claim recites “transmitting…without including the PIN” Therefore, neither of the dCVV of Dana and the claimed transaction-specific code include a PIN.  
Applicant further argues that the dCVV of Dana is not generated using UDK (i.e. PIN). The examiner respectfully disagrees and notes that Dana refers to dCVV as verification value. Dana, at least in [0022], [0027]-[0030], [0041], [0045] teaches generating verification values using the UDK.
Applicant also argues that Dana fails to teach transmitting the first transaction-specific code, and also transmitting the chip information, and the transaction information without being part of the first transaction-specific code and without including the PIN to a server with separate access to the PIN. The examiner respectfully disagrees and notes that Dana , at least in  [0067]-[0068], [0070] teaches transmitting the generated first verification value or dCVV (i.e., transaction specific-code) and the payment data (which is not part of the dCVV) and the PIN verification data (i.e., not the PIN)) to a back end server. In addition, Dana at least in [0035], [0040], [0042] teaches database 74 that stores user defined UDKs and is accessed by back end server 72.
The examiner also notes that Dana at least in [0029], [0070] and [0072] teaches that the back end server generates a second dCVV or verification value (i.e., second transaction Specific code) and if the second verification value matches with the first verification value, the transaction is authenticated.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-5 and 8 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
With respect to Claim 1, the amended claim recites “…protect a PIN during transmission by using a result of the combining of the PIN with the chip information and the transaction information to generate a first transaction-specific code prior to transmission…” However, after the “transmitting” step the claim further recites “generating the first transaction-specific code by independently generating a second transaction-specific code, independent of the generating of the first transaction-specific code, using the received chip information, the received transaction information, and the received PIN information”
The above amended claim recitation implies that the first transaction-specific code (ARQC) is generated twice, once before the transmitting and once after the transmitting in addition to the generation of the second transaction-specific code. The Specification is silent to the claim recitation. 
According to the Specification (PGPub [0081]-[0084]) 
…the integrated circuit on the chip card then concatenates data associated with the transaction and the PIN and performs a cryptographic operation on the result of the concatenation using a card-specific key in order to generate a first ARQC…

…the point-of-sale terminal 504 transmits an authorization request that includes the first ARQC and all data elements used to generate the first ARQC other than the PIN to the acquirer server device 506. … the acquirer server device transmits the authorization request, including the data elements and the ARQC, to the payment network server device 508.

…the payment network server device 508 forwards the authorization request, including the data elements and the ARQC, to the issuer server device 510. Then, in a sixth data flow (6), the issuer server device 510 retrieves the PIN from memory and then processes the data elements together with the retrieved PIN in order to generate a second ARQC…

…the second ARQC is then compared to the first ARQC to determine whether there is a match…

	According to the Specification, the first ARQC is generated once and the second ARQC is generated once, and then the two are compared. Therefore, the new language constitutes new matter.
Dependent claims 2-5 and 8 are also rejected for incorporating the limitations of the independent claim 1 from which they depend.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-5 and 8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
With respect to claim 1, the claim recites “protecting the PIN from exposure during a transmission of the PIN…to generate a first transaction-specific code prior to transmission…” In this claim recitation, the second transmission is interpreted as referring to the “transmission of the PIN”
However, there is no “transmission of the PIN” step in the claim, as the only transmission step recites “transmitting the first transaction-specific code, and also transmitting the chip information, and the transaction information without being part of the first transaction-specific code and without including the PIN”
Therefore, the claim recitation “prior to transmission” lacks antecedent basis as it is not clear which “transmission” it is referring to. 
Dependent claims 2-5 and 8 are also rejected for incorporating the limitations of the independent claim 1 from which they depend.
	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Dana (US Patent Publication No. 2010/0179909), in view of Rajarajan et al. (ICRTAC-CPS 2018).
With respect to claim 1, Dana teaches:
receiving, by the at least one processor, a request for executing a transaction using a card that includes an embedded chip; ([0024]-[0025])
obtaining, by the at least one processor, chip information from the embedded  chip, ([0025], [0046])
the chip information being card-specific information. ([0056], [0075])
receiving, by the at least one processor, a user input that includes the PIN; ([0047], [0068])
combining the PIN with the chip information and transaction information about the executed transaction; (concatenation [0026], [0049], ATC (i.e., transaction information) is combined in generating verification values or dCVV: [0022], [0027]-[0030], [0041], [0045], [0060], [0067]-[0068])
…using a result of the combining of the PIN with the chip information and the transaction information to generate a first transaction-specific code prior to transmission; (first verification value: [0027], [0041]-[0042], [0044]-[0045], [0050]-[0052], generating dCVV from the UDK [0060], [0063], [0065]-[0067])  
The examiner notes that the claim recitation “…to generate a transaction-specific code” indicates intended use of the result of the combining and therefore does not further limit the scope of the claim.
transmitting the first transaction-specific code, and also transmitting the chip information, and the transaction information without being part of the first transaction-specific code and without including the PIN, to a verification server… (transmitting the generated first verification value or dCVV (i.e., transaction specific-code) and the payment data (which is not part of the dCVV) and the PIN verification data (i.e., not the PIN) [0067]-[0068], [0070])
…a verification server that has separate access to data (user defined UDK is stored in database 74 accessed by server 72: FIGs. 7-8, [0035], [0040], [0042])
requesting an authentication of the transaction based on the generated first transaction-specific code; (FIGs. 7-8, [0069], [0070], [0072])
retrieving with the verification server PIN information corresponding to the chip information from a card information database, (data resides in a database coupled to the back end (i.e., server): [0025], the back end computer (i.e., server) receives user defined UDK from the database [0028])
generating the first transaction-specific code by independently generating a second transaction-specific code, independent of the generating of the first transaction-specific code, using the received chip information, the received transaction information, and  the received PIN information retrieved from the card information database corresponding to the chip information, (FIGs. 7-8, back end computer generates a second verification value [0023], [0029], [0070], [0072])
authenticating the transaction when the first and second transaction-specific codes match. (FIGs. 7-8, [0023], [0029], [0070], [0072])
Dana does not explicitly teach:
protecting the PIN from exposure during a transmission of the PIN… 
…a verification server that has separate access to the PIN;
authenticating the transaction when the first and second transaction-specific codes match.
However, Rajarajan et al. teach:
protecting the PIN from exposure during a transmission of the PIN…  (Page 56, section D)
…a verification server that has separate access to the PIN; (server has the PIN number stored, Page 56, Section D)
…authentication performed by using the separately accessible PIN…(server verifies against its database copy of the PIN, Page 56, Section E)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the PIN number authentication scheme, as taught by Rajarajan et al., into the transaction authentication as taught by Dana, in order to prevent sending the PIN to the server and using a copy of the PIN at the server for verification. (Rajarajan et al. Page 56, Section D)

Claims 2-5 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Dana, and Rajarajan et al., in view of Han et al. (US Patent No. 10,366,378).
With respect to claim 2, Dana and Rajarajan et al. teach the limitations of claim 1.
Moreover, Dana teaches:
determining a first number of characters included in the result of the combining; (FIG. 2, [0049], predetermined length) 
when the determined number of characters is less than a predetermined number, adding at least one character to the result of the combining such that a resultant character sequence has a second number of characters that is equal to the predetermined number; (Padding 204, FIG. 2, [0049])
Dana and Rajarajan et al. do not explicitly teach:
performing a message authentication code (MAC) operation with respect to the resultant character sequence in order to generate the transaction-specific code. 
However, Han et al. teach:
performing a message authentication code (MAC) operation with respect to the resultant character sequence in order to generate the transaction-specific code. (Col. 35 ll. 3-22)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the MAC tokenization technique of Han et al., into the transaction authentication as taught by Dana and Rajarajan et al., in order to generate a transaction-specific code for authentication the transaction. (Han et al. Abstract, Col. 6 ll. 4-25)
With respect to claim 3, Dana, Rajarajan et al., and Han et al. teach the limitations of claim 2.
Moreover, Dana teaches:
wherein the predetermined number is a multiple of 16. (128 bits or 64 bits [0049]) 
With respect to claim 4, Dana, Rajarajan et al., and Han et al. teach the limitations of claim 2.
Moreover, Han et al. teach:
wherein the transaction-specific code includes an application request cryptogram (ARQC). (Col. 22 ll. 30-57)
With respect to claim 5, Dana, and Rajarajan et al., teach the limitations of claim 1.
Dana and Rajarajan et al. do not explicitly teach:
wherein the chip information includes information that relates to a currency code.
However, Hun et al. teach:
wherein the chip information includes information that relates to a currency code. (monetary indicator: Col. 11 l. 65-Col. 12 l. 5, Col. 15 ll. 9-34)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the monetary indicator as part of the chip data, as taught by Han et al., into the transaction authentication as taught by Dana and Rajarajan et al., in order to process currency data as part of the transaction. (Han et al. Abstract, Col. 3 ll. 28-42)
With respect to claim 8, Dana and Rajarajan et al. teach the limitations of claim 1.
Moreover, Dana teaches:
when the transmitted chip information is used by the verification server to generate a verification code that matches with the transmitted transaction-specific code, the received response includes an indication that the transaction is authenticated; (FIG. 8, items 720-755, [0072])
when the transmitted chip information is used by the verification server to generate a verification code that does not match with the transmitted transaction-specific code, the received response …indicating that the transaction is not authenticated. (FIG. 8, items 720-755, [0072])
Dana and Rajarajan et al. do not explicitly teach:
the received response includes a message indicating that the transaction is not authenticated.
However, Han et a. teach:
the received response includes a message indicating that the transaction is not authenticated. (Fig. 3, item 330 Col. 35 l. 66-Col. 36 l. 15, Col. 52 ll. 16-19)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the notifications, as taught by Han et al., into the transaction authentication as taught by Dana and Rajarajan et al., in order to notify a user and/or a merchant about an unauthorized transaction attempt. (Han et al. Abstract)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIMA ASGARI whose telephone number is (571)272-2037. The examiner can normally be reached M-F 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571)272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SIMA ASGARI/Examiner, Art Unit 3685                                                                                                                                                                                                        
/STEVEN S KIM/Primary Examiner, Art Unit 3685