Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Arguments
In communications filed on 1/13/2021, claims 1-16, and 18-25 are presented for examination. Claims 1, 10, 12, 18, 24, and 25 are independent.
Amended claim(s): 1, 10, 12, 15, 18, 20, 21, 24, and 25.
Applicants’ arguments, see Applicant Arguments/Remarks filed 1/13/2021, with respect to claim(s) rejected under prior art have been fully considered and are unpersuasive. Schibuk explicitly discloses creating a virtual smart card (VSC) on a user device and downloading credentials from a server to configure the VSC with the credentials, thus disclosing the ‘reconfiguration’ as recited in the claims (Note: Per Applicant’s disclosure ¶13, ‘reconfiguration’ is storing credential information on the virtual card). Schibuk does not explicitly disclose ‘requesting’ the server for credentials, although Schibuk does explicitly disclose receiving the credentials from the server (See, Schibuk: Fig. 8, ¶122-¶127, i.e., the credential download from the venue onto the mobile 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-3, 4, 6, 10-14, 16, 18, 21, 24, and 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20090132813 A1 (hereinafter ‘Schibuk’) in view of US 20080058014 A1 (hereinafter ‘Khan’) in view of US 20140040139 A1 (hereinafter ‘Brud’).

As regards claim 1, Schibuk (US 20090132813 A1) discloses: A data processing apparatus for a user device for use in a computer network, the data processing apparatus comprising at least one processor, and at least one memory including computer program code, wherein the at least one memory and the computer program code are configured, with the at least one processor (Schibuk: Fig. 1, Abstract, ¶6, ¶226, ¶255, ¶36, ¶100, ¶122, 
create a virtual smart card entity to enable a user of the user device to request for access to at least one service provider host in the computer network, (Schibuk: Figs 3-4, ¶36, ¶100, i.e., the digital resume created and stored on the user device; ¶122, ¶134-¶144, ¶146-¶153, ¶184, i.e., creating virtual smartcard (VSC) on a user device such as phone and installing credentials in the VSC wherein the VSC is used for performing various services that require authentication such as online transactions, user authentication)
determine a…request for access to the at least one service provider; (Schibuk: ¶39, i.e., determining an access request)
in response to…request, (Schibuk: ¶39, i.e., responding to the request for access)
However, Schibuk does not but in analogous art, Brud teaches ‘new’ request for access (Brud: Abstract, Figs. 3A-3B, 11A-11B, ¶47-¶54, i.e., whenever the user wants to perform a transaction (i.e., new) with a merchant, a OTP is requested; the wallet application for performing secure application wherein temporary credentials are stored on the wallet for performing transactions; ¶78-¶92, i.e., whenever user wants to perform a secure transaction service (i.e., new), the provider provides 
Brud is analogous art because it pertains to using virtual/software wallet/card for performing secure transaction services.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify Schibuk et al to include providing a one time temporary credential to an application wallet in response to conducting a secure transaction as taught by Brud with the motivation to perform secure transactions (Brud: Abstract, Figs. 3A-B, 11A-11B, ¶47-¶54, ¶78-¶92)  
Schibuk et al combination further discloses: request credential information for reconfiguration of the created virtual smart card entity from a credential management server, (Schibuk: Figs. 3, 4, 8, ¶122-¶127, ¶146-¶153, i.e., the credential download from the venue onto the mobile device wherein the credentials are downloaded into a digital resume/virtual smart card on the phone and wherein the credentials are updated on a digital resume/VSC. Note: Per Applicant’s disclosure ¶13, ‘reconfiguration’ is storing credential information on the virtual card.)
However, Schibuk does not explicitly state the credentials are received from the server based on a ‘request’. 

Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify Schibuk to include requesting to the server, by the device, for provisioning credentials for a soft/virtual card on the device as taught by Khan with the motivation to efficiently and quickly provision soft cards on the user device (Khan: ¶6-¶7)
Schibuk et al combination further discloses: receive, at the user device from the credential management server, the requested credential information for reconfiguration of the created virtual smart entity for the new request for access to the at least one service provider host, wherein the credential information  restricts at least one of a number of times a credential can be used or a lifetime of the credential, (Schibuk: Figs. 8-9, ¶36, ¶122, ¶134-¶144, ¶184-¶185, i.e., the creation of VSC and transferring of credentials to the VSC from a service provider; ¶25-¶27, ¶146-¶153, i.e., the credential has a limited life span and can be checked against a revocation 
reconfigure the created virtual smart card entity at the user device according to the received credential information for the new request for access to the at least one service provider host, and (Schibuk: Figs. 8-9, ¶36, ¶122, ¶134-¶153, ¶184-¶185, configuring the VSC with credentials. See also, Khan: Figs. 2, 3B, ¶29-¶33, ¶45. See also, Brud: Abstract, Figs. 3A-B, 11A-11B, ¶47-¶54, ¶78-¶92. Khan: Figs. 2 (step 207), 3B (step 325A, i.e., requesting new credentials for an already existing virtual card), ¶29-¶33, ¶45)
send a request from the user device for access to the at least one service provider host using the reconfigured virtual smart card entity. (Schibuk: Figs. 8-10, ¶36, ¶122, ¶134-¶153, ¶184-¶185, i.e., using the VSC to perform transactions with the device/system of a 3rd party. See also, Khan: Figs. 2, 3B, ¶29-¶33, ¶45)

As regards claim 12, Schibuk (US 20090132813 A1) discloses: A non-transitory computer program product stored on a computer- readable medium comprising computer-readable program code operable to cause a user device to create a virtual smart card 
a credential information storage, and at least one interface for input of credential information for reconfiguration of the created virtual smart card entity and received by the user device from a credential management server, (Schibuk: Figs. 8-9, ¶36, ¶122, ¶134-¶153, ¶184-¶185, i.e., the creation of VSC and transferring of credentials to the VSC from a service provider)
However, Schibuk does not but in analogous art, Khan teaches: in response to a request, from the user device to the credential management server, for credential information (Khan: Figs. 2, 3B, ¶29-¶33, ¶45, i.e., provisioning of the credentials for the software/virtual card by the server upon request from the user device)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify Schibuk to include requesting to the server, by the device, for provisioning credentials for a soft/virtual card on the device as taught by Khan with the motivation to efficiently and quickly provision soft cards on the user device (Khan: ¶6-¶7) 

Brud is analogous art because it pertains to using virtual/software wallet/card for performing secure transaction services.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify Schibuk et al to include providing a one time temporary credential to an application wallet in response to conducting a secure transaction as taught by Brud with the motivation to perform secure transactions (Brud: Abstract, Figs. 11A-11B, ¶47-¶48, ¶78-¶92)  
Schibuk et al combination further discloses: wherein credential information stored in the credential information storage is reconfigurable according to credential information ibtained from the credential management server for each new request for access to the at least one service provider server, 
wherein the received credential information restricts at least one of a number of times a credential can be used or a lifetime of the credential, and (Schibuk: Figs. 8-9, ¶36, ¶122, ¶134-¶144, ¶184-¶185, i.e., the creation of VSC and transferring of credentials to the VSC from a service provider; ¶25-¶27, ¶146-¶153, i.e., the credential has a limited life span and can be checked against a revocation list. See also, Khan: Figs. 2 (step 207), 3B (step 325A, i.e., requesting new credentials for an already existing virtual card), ¶29-¶33, ¶45. See also, Brud: Abstract, Figs. 11A-11B, ¶47-¶48, ¶78-¶92)
wherein the created virtual smart card entity is reconfigurable based on the received credential information for use by the user device in association with sending the new request for access the to at least one service provider server. (Schibuk: Figs. 8-10, ¶36, ¶122, ¶134-¶144, ¶184-¶185, i.e., using the VSC to perform transactions with the device/system of a 3rd party. See also, Khan: Figs. 2 (step 207), 3B (step 325A, i.e., requesting new credentials for an already existing virtual card), ¶29-¶33, ¶45. See also, Brud: Abstract, Figs. 11A-11B, ¶47-¶48, ¶78-¶92)

Claims 10, 18, 24, and 25 recite substantially the same features as recited in claims 1 and 12 above. Claims 10, 18, 24, and 25 are rejected based on the aforementioned rationale discussed in the rejection of claims 1 and 12.

As regards claim 2, Schibuk et al combination discloses the data processing apparatus of claim 1, wherein the credential information comprises a certificate issued by a certificate authority. (Schibuk: ¶6, ¶16-¶17, ¶36)

As regards claim 3, Schibuk et al combination discloses the data processing apparatus of claim 1, wherein the credential information comprises at least one use restriction on the credential (Schibuk: ¶25-¶27, i.e., restriction on the credential)

As regards claim 5, Schibuk et al combination discloses the data processing apparatus of claim 1, configured to send the credential information from the virtual smart card entity to the at least one service provider host. (Schibuk: ¶6, ¶29-¶30, i.e., providing the secured data to another party)

claim 6, Schibuk et al combination discloses the data processing apparatus of claim 5, configured to send a public key associated with the data processing apparatus with the credential information to the at least one service provider host. (Schibuk: ¶3, i.e., distributing the public key in a certificate)

As regards claim 11, Schibuk et al combination discloses the data processing apparatus of claim 1, configured to use time limited authenticators (Schibuk: ¶17, ¶26-¶27, ¶151) and time limited certificates for requests for access. (Schibuk: ¶17, ¶26-¶27, ¶151, ¶158)

As regards claim 13, Schibuk et al combination discloses the virtual smart card entity of claim 12, wherein the received credential information comprises a certificate issued by a certificate authority and the credential information storage is configurable to store the latest certificate received from the certificate authority in response to a request for a certificate by the user device. (Schibuk: Figs. 8-10, ¶34, ¶36, ¶92-¶94, ¶98, ¶122, ¶134-¶144, ¶185)

As regards claim 14, Schibuk et al combination discloses the virtual smart card entity of claim 12, wherein the received 

As regards claim 16, Schibuk et al combination discloses the virtual smart card entity of claim 12, wherein the created virtual smart card entity comprises information of at least one key. (Schibuk: ¶131)

As regards claim 19, Schibuk et al combination discloses the method of claim 18, comprising requesting for the credential information from a certificate authority. (Schibuk: Figs. 8-10, ¶34, ¶36, ¶92-¶94, ¶98, ¶122, ¶134-¶144, ¶185)

As regards claim 21, Schibuk et al combination discloses the method of claim 18, comprising sending the credential information from the reconfigured virtual smart card entity to the at least one service provider host together with a public key associated with the data processing apparatus. (Schibuk: ¶3, i.e., distributing the public key in a certificate)

As regards claim 24, Schibuk et al combination discloses the method of claim 18, comprising requesting for credential information from the credential management server for each new 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 4, 15, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Schibuk in view of Khan in view of Brud in view of US 20070157021 A1 (hereinafter ‘Whitfield’).

As regards claim 4, Schibuk et al combination discloses the data processing apparatus of claim 3. However, Schibuk et al do not but in analogous art, Whitfield teaches: wherein the credential information is further arranged to restrict use of a credential in relation to at least one of a geographical location of use of the credential, IP address associated with the use of the credential, time of use of the credential, type of the request for access where the credential is used, and type of the service requested using the credential. (Whitfield: Abstract, ¶¶61-64, ¶96, i.e., certificates have use restrictions such as based on location, time, service)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify 

Claims 15 and 20 recite substantially the same features recited above and are rejected based on the aforementioned rationale discussed in the rejection.

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Schibuk in view of Khan in view of Brud in view of US 20030076961 A1 (hereinafter ‘Kim’).

As regards claim 7, Schibuk et al combination discloses the data processing apparatus of claim 1. However, Schibuk does not but in analogous art, Kim (US 20030076961 A1) teaches: configured to use at least one authentication parameter for authentication to the credential management server to obtain the credential information from the credential management server. (Kim: Figs. 1, 4A (steps S404-S420), ¶35-¶36, user receiving certificate from the server in response to sending the server authentication information)


Claims 8-9, 22-23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Schibuk in view of Khan in view of Brud in view of Kim in view of US 20080028206 A1 (hereinafter ‘Sicard’).

As regards claim 8, Schibuk et al combination discloses the data processing apparatus of claim 7. However, Schibuk et al do not but in analogous art, Sicard (US 20080028206 A1) teaches temporary PKI keys i.e., ephemeral, thus teaching: wherein the at least one authentication parameter is ephemeral. (Sicard: ¶8-¶10, i.e., the temporary public/private key pairs of a credential set wherein the pairs are used to provide certificate and user access)
Before the effective date of the invention, it would have been obvious to one of ordinary skill in the art to modify Schibuk to include public/private key pairs of a credential set 

As regards claim 9, Schibuk et al combination discloses data processing apparatus of claim 7. However, Schibuk et al do not but in analogous art, Sicard (US 20080028206 A1) teaches: configured to generate an ephemeral key pair for the authentication. (Sicard: ¶8-¶10, i.e., the temporary public/private key pairs of a credential set wherein the pairs are used to provide certificate and user access)
Before the effective date of the invention, it would have been obvious to one of ordinary skill in the art to modify Schibuk to include public/private key pairs of a credential set as taught by Sicard with the motivation to perform user access (Sicard: ¶8-¶10) 

As regards claim 22, Schibuk et al combination discloses the method of claim 18. However, Schibuk does not but in analogous art, Kim (US 20030076961 A1) teaches: comprising using at least one…authentication parameter for authentication to the credential management server to obtain the credential information from the credential management server. (Kim: Figs. 1, 4A (steps S404-S420), ¶35-¶36, user receiving certificate 
Before the effective date of the invention, it would have been obvious to one of ordinary skill in the art to modify Schibuk to include sending authentication information to a server to receive certificate from the server with the motivation to utilize variety of secure services provided by the authentication system using the issued certificate (Kim: ¶36)
However, Schibuk et al do not but in analogous art, Sicard (US 20080028206 A1) teaches temporary PKI keys i.e., ephemeral, thus teaching: ephemeral authentication. (Sicard: ¶8-¶10, i.e., the temporary public/private key pairs of a credential set wherein the pairs are used to provide certificate and user access)
Before the effective date of the invention, it would have been obvious to one of ordinary skill in the art to modify Schibuk to include public/private key pairs of a credential set as taught by Sicard with the motivation to perform user access (Sicard: ¶8-¶10)

As regards claim 23, Schibuk et al combination discloses the method of claim 22, comprising generating an ephemeral key pair for the authentication. (Sicard: ¶8-¶10, i.e., the 
Before the effective date of the invention, it would have been obvious to one of ordinary skill in the art to modify Schibuk to include public/private key pairs of a credential set as taught by Sicard with the motivation to perform user access (Sicard: ¶8-¶10) 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995.  The examiner can normally be reached on Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the 






/SYED A ZAIDI/Primary Examiner, Art Unit 2432