DETAILED ACTION
Status of Claims
This is a first office action on the merits in response to the application filed on 4 February 2022.
Claims 21-40 are currently pending and been considered by the examiner.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8 February 2022 was considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 21-40 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 21-27 are directed to a method, claims 28-34 are directed to a non-transitory computer-readable storage medium, and claims 35-40 are directed to a computer-implemented system. Therefore, these claims fall within the four statutory categories of invention. 
The claim(s) recite(s) the abstract idea of risk mitigation. Specifically, the claims recite
“sending, by a mobile computing device, an application authorization request to a predetermined server by using a credit authorization system application on the mobile computing device”, “wherein the application public key certificate and the application private key are used to complete a credit payment transaction” which recite the process of performing risk mitigation in the form of performing authorization of credit payment using received security credentials which is grouped within the “certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because the claims encompass the process of performing an economic transaction. Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claim(s) such as “receiving, by the mobile computing device, an application public key certificate and an application private key that are sent by the predetermined server”, “storing, by the mobile computing device, the application public key certificate and the application private key in a credit payment application on the mobile computing device”, “sending, by the mobile computing device, a credit payment data acquisition request to the predetermined server”, “receiving, by the mobile computing device, credit payment data sent by the predetermined server”, and “enabling, by the mobile computing device, a credit payment function of the mobile computing device based on the credit payment data” merely use(s) a computer as a tool to perform an abstract idea, specifically, the process of process of performing risk mitigation in the form of performing authorization of credit payment using received security credentials. The use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of  “receiving, by the mobile computing device, an application public key certificate and an application private key that are sent by the predetermined server”, “storing, by the mobile computing device, the application public key certificate and the application private key in a credit payment application on the mobile computing device”, “sending, by the mobile computing device, a credit payment data acquisition request to the predetermined server”, “receiving, by the mobile computing device, credit payment data sent by the predetermined server”, and “enabling, by the mobile computing device, a credit payment function of the mobile computing device based on the credit payment data” used to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of performing an economic transaction. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of performing an economic transaction. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
           Dependent claims 22-27, 29-34, and 36-40 further describe the abstract idea of risk mitigation. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Specifically, Claims 22, 29, and 36 merely further describe the contents of the credit payment data used to perform the authorized transaction, claims 23-26, 30-33, and 37-40 merely further describe additional information being gathered to perform the process of risk mitigation, and claims 27 and 34 merely describes additional steps required to perform the abstract idea using a computer or processor. Therefore, as the dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea the dependent claims are also not patent eligible.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 21-24, 28-31, and 35-38 is/are rejected under 35 U.S.C. 103 as being unpatentable over Fisher (US 20130073373 A1) in view of Smith et al. (US 20130232083 A1).

In regards to Claims 21, 28, and 35, Fisher discloses:
A computer-implemented method, comprising: sending, by a mobile computing device, an application authorization request to a predetermined server by using a credit authorization system application on the mobile computing device (See Fisher: Para. [0079] – “a user first waves a mobile communication device 530 (e.g., a NFC device or device having an attached sticker) across (or near) a POS terminal 540. The POS terminal 540 identifies the technology associated with the mobile communication device, a payment method, user credentials, and payment credentials. Irrespective if t mobile communication device is a NFC-Phone or includes an attached sticker, the mobile communication device sends to the POS Terminal 540 payment credentials including optional credentials (e.g., WalletID). As shown in FIG. 6B, using optional credentials (e.g., WalletID), contact is made with a transaction server 510 to request payment credentials.” – Fisher discloses sending via a mobile device, a request for transaction authentication to a management server via a POS); 
receiving and storing authentication information from the predetermined server that is used to complete a credit payment transaction (See Fisher: Fig. 11B – Fisher discloses the POS terminal receiving credit payment data sent by the management server) 
sending, by the mobile computing device, a credit payment data acquisition request to the predetermined server (See Fisher: Para. [0079] – “a user first waves a mobile communication device 530 (e.g., a NFC device or device having an attached sticker) across (or near) a POS terminal 540. The POS terminal 540 identifies the technology associated with the mobile communication device, a payment method, user credentials, and payment credentials. Irrespective if t mobile communication device is a NFC-Phone or includes an attached sticker, the mobile communication device sends to the POS Terminal 540 payment credentials including optional credentials (e.g., WalletID). As shown in FIG. 6B, using optional credentials (e.g., WalletID), contact is made with a transaction server 510 to request payment credentials.” – Fisher discloses a payment transaction request functioning as both an authorization request as well a credential request. Therefore, Fisher disclose an invention performing both the steps of sending an authorization request and a credit payment data acquisition request simultaneously); 
receiving credit payment data sent by the predetermined server (See Fisher: Fig. 11B – Fisher discloses the POS terminal receiving credit payment data sent by the management server); and
enabling, by the mobile computing device, a credit payment function of the mobile computing device based on the credit payment data (See Fisher: Para. [0079] – Fisher discloses the mobile computing device enabling a credit payment function by providing a PIN associated with the credit payment data).

However, Fisher fails to explicitly disclose:
receiving and storing, by the mobile computing device, an application public key certificate and an application private key; 
receiving credit payment data by the mobile computing device

However, in a similar field of endeavor, Smith discloses:
receiving and storing, by a mobile device, both an application public key certificate and an application private key (See Smith: Para. [0007] – “generating, by a generating device, an integrated circuit card (ICC) RSA key pair including an ICC public key and an ICC private key; generating, by the generating device, an ICC master key based on at least a master key identifier; transmitting, by a transmitting device, the ICC public key, the ICC private key, the ICC master key, and the master key identifier to a mobile device for storage in a secure element … generating, by the generating device, an ICC public key certificate based on certification of the ICC public key by the issuer private key; creating, by the processing device, a post issuance script configured to store mobile cloud account data in the secure element of the mobile device, wherein the mobile cloud account data includes at least the issuer public key certificate, the MCA, and the ICC public key certificate”) and 
receiving credit payment data by a mobile device (See Smith: Para. [0059] – Smith discloses receiving credit payment data in the form of a post issuance script which contains payment data)

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the method of receiving and storing security credentials in the form of a public key certificate and a private key as well as sensitive credit payment data via a mobile device as disclosed by Smith to receive and store the credentials and payment data used by the invention disclosed by Fisher increasing the overall security of the invention both through leverage of more advanced security technology in the form of public/private key encryption as well as via data consolidation within the mobile device which limits the number of transmission of sensitive payment credential data.

Regarding Claims 22, 29, and 36, the combination discloses:
wherein the credit payment data includes a payment card number, a credit limit, an available limit, and a transaction authentication code (TAC) sub-key (See Fisher: Para. [0079] – “The POS terminal 540 identifies the technology associated with the mobile communication device, a payment method, user credentials, and payment credentials … As shown in FIG. 6B, using optional credentials (e.g., WalletID), contact is made with a transaction server 510 to request payment credentials. The POS terminal 540 determines if a security code prompt (e.g., a PIN) is needed? If yes, a prompt is made for the security code (PIN) on the POS terminal 540 and the process continues with processing of the payment” – Fisher discloses that the credit payment data used to complete a transaction includes a payment method, user credentials, and a PIN. It is clear to one of ordinary skill in the art that such data would encompasses the claimed payment card number, credit limit, available limit, and a TAC when considered under broadest reasonable interpretation). 

Regarding Claims 23, 30, and 37, the combination discloses: 
wherein before sending the application authorization request, the method comprises: obtaining device parameter information of the mobile computing device (See Fisher: Fig. 11A – Fisher discloses a determination of technology regarding the mobile device’s parameters); 
sending the device parameter information to the predetermined server (See Fisher: Fig. 11A and 11B – Fisher discloses the device parameter information, specifically NFC information, being sent to the management server via the POS); 
receiving credit payment enabling information sent by the predetermined server; and determining that the mobile computing device meets a hardware condition for enabling credit payment (See Fisher: Fig. 11B – Fisher discloses the management server sending payment credentials, which enable a transaction to be performed, in response to the mobile computing device containing the proper NFC technology.).

Regarding Claims 24, 31, and 38, the combination discloses:
wherein the device parameter information includes at least one of a device model, a read-only memory (ROM) version, a system model, or an application version (See Fisher: Para. [0079] – “The POS terminal 540 identifies the technology associated with the mobile communication device”), and 
wherein the credit payment enabling information includes a credit payment application enabling page (See Fisher: Para. [0079] – “The POS terminal 540 determines if a security code prompt (e.g., a PIN) is needed? If yes, a prompt is made for the security code (PIN) on the POS terminal 540 and the process continues with processing of the payment”). 

Claims 25-26, 32-33, and 39-40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Fisher in view of Smith in further view of Chen et al. (US 20180324170 A1).

Regarding Claims 25, 32, and 39, the combination of Fisher and Smith fails to disclose:
wherein before sending the application authorization request, the method comprises: obtaining user identity information corresponding to the mobile computing device; 
sending the user identity information to the predetermined server; 
receiving security authentication success information sent by the predetermined server; and 
determining that the mobile computing device meets a security authentication condition for enabling credit payment.

However, in a similar field of endeavor, Chen discloses obtaining user identity information via a mobile phone which is sent to a server to provide authentication (See Chen: Para. [0133])

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the method of obtaining user identity information and performing a server side authentication check as disclosed by Chen as an additional authentication method to be coupled with the authorization request disclosed by the combination increasing the overall security strength of the invention by leveraging an additional anti-fraud security vector.


Regarding Claims 26, 33, and 40, the combination discloses:
wherein the user identity information includes at least one of an ID card number, a name, a bank card number, or an email address (See Chen: Para. [0133] – “The user's identity information may be user's login account, or user ID allocated to the user by the server, or user ID acquired when the user registers in the server”).

Claims 27 and 34 is/are rejected under 35 U.S.C. 103 as being unpatentable over Fisher in view of Smith in further view of Deluca et al. (US 20170090910 A1).

Regarding Claims 27 and 34, the combination of Fisher and Smith fails to explicitly disclose:
wherein before sending the application authorization request, the method comprises: sending a request for predetermined installation files to the predetermined server, wherein the predetermined installation files include the credit payment application; receiving the predetermined installation files sent by the predetermined server; and installing the predetermined installation files on the mobile computing device.

However, in a similar field of endeavor, Deluca discloses a mobile device sending a request for installation files to a file server, receiving said files, and installing said files on a mobile device (See Deluca: Para. [0028])

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to perform the method of requesting, receiving, and installing installation files as disclosed by Deluca before sending the authorization request of the combination increasing the efficiency of the invention by preventing compatibility issues due to improperly installed firmware prior to sending authorization requests.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Tan (US 20100057579 A1) generally discloses a method for providing a customer with an electronic purse on a portable storage device for storing credit with a merchant to perform transactions.
Al-Herz et al. (US 20120239580 A1), generally discloses a virtual account based digital cash protocol employing two pairs of private and public keys which are certified separately.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS K PHAN whose telephone number is (571)272-6748.  The examiner can normally be reached on M-F 8 am-5 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NICHOLAS K PHAN/Examiner, Art Unit 3685                                                                                                                                                                                                                                              

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685