Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-7 and 9-20 are pending.  Claims 1, 5, 16, 17, and 20 have been amended on 2/22/2021.  Claims 1 (a method), 17 (a machine), and 20 (a non-transitory CRM) are independent.

Response to Arguments
Applicant’s arguments, see page 7, filed 2/22/2021, with respect to the double patenting rejection of claims 1-7 and 9-20 have been fully considered and are persuasive.  The double patenting rejection of claims 1-7 and 9-20 has been withdrawn. 
Applicant’s arguments, see page 8, filed 2/22/2021, with respect to the rejection(s) of claim(s) 1-4, 9-10, 12-15, 17, 18, and 20 under Wong in view of Collinge have been fully considered and are persuasive.  Wong in view of Collinge does not disclose: “determining, by the user device, that an encrypted limited use purchase credential (LUPC) is available for the transaction account that has been selected”.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Wong, in view of Cardina, and Collinge.


Allowable Subject Matter
Claims 5-7, 11, 16, and 19 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
As to claims 5-7, Wong, in view of Cardina, and Collinge render the features of claim 1 obvious but do not further disclose the additional features of claim 5, which depends on claim 1.  While Hird was previously cited in rejecting the features of claim 5, it would not have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify Wong in view of Cardina and Collinge with Hird.  This is for at least the reason that the particular manner and number of modifications to combine Wong in view of Cardina, Collinge and Hird would not have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention.

As to claims 16 and 19, Wong, in view of Cardina, and Collinge render the features of claims 1 and 17 obvious but do not further disclose the additional features of claims 16 and 19, which depend on claims 1 and 17, respectively.  While Hird was previously cited in rejecting the features of claims 16 and 19, it would not have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify Wong in view of Cardina and Collinge with Hird. This is for at least the reason that the particular manner and number of modifications to combine Wong in view of Cardina, Collinge and Hird would not have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention.

As to claim 11, Wong, in view of Cardina, and Collinge render the features of claim 1 obvious but do not further disclose the additional features of claim 11, which depends on claim 1.  While Federspiel was previously cited in rejecting the features of claims 16 and 19, it would not have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify Wong in view of Cardina and Collinge with Federspiel. This is for at least the reason that the particular manner and number of modifications to combine Wong in view of Cardina, Collinge and Federspiel would not have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 9-10, 12-15, 17, 18, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wong et al., US 2015/0339664 (filed 2015-05), in view of Cardina et al., US 2012/0116902 (filed 2011-03), and Collinge et al., US 2013/0262317 (published 2013-10).

(regarding the processor/memory of claim 17, see Wong ¶ 185 and figure 10) 
A method comprising: 
Displaying, by a user device, a prompt for a selection of a transaction account; (“To make a payment account provisioned in mobile application 1012 ready for payment, the user may first select to pay using this payment account…. the user launches mobile application 1012, selects the card or account to use for payment, navigates to payment screen for the selected card or account and selects to pay.” Wong ¶ 200)
…
retrieving, by a user device, the … (LUPC) (“The new set of account parameters 430 may include a new key index, a new LUK, new signature key and associated certificates, etc., and in some embodiments, may also include a new set of one or more limited-use thresholds associated with the account parameters or LUK that may have different usage limits than the previous thresholds. MAP 470 then forwards the data as the new set of account parameters 432 to the mobile application of portable communication device 401.” Wong ¶ 144) while the user device is connected to a network; (see Wong Figure 1, MAP is connected to communication device through network 192.) 
wirelessly connecting (“Examples of contactless interface 108 may include one or more radio frequency (RF) transceivers (e.g., may be referred to as contactless interface transceivers) that can send and receive communications using near-field 
generating, by the user device, a cryptogram from the LUPC key (“a transaction cryptogram generated with a LUK.” Wong ¶ 97. See also: “Offline data authentication may refer to an offline process (e.g., without network connectivity)” Wong ¶ 58. “The transaction cryptogram 520 may be generated by encrypting dynamic transaction data 516 using the LUK 514 as an encryption key in encryption function 518. The dynamic transaction data 516 may include, for example, some or all of the terminal transaction data 310 provided from the access device to the mobile application of the portable communication device during execution of the transaction.” Wong ¶ 162) in response to wirelessly connecting with the point of sale; (“access device 260 may send, to the mobile application of portable communication device 201, the terminal transaction data 210 requested by the mobile application.” Wong ¶ 110.)
sending, by the user device, the cryptogram to the point of sale (“At block 808, the communication device may send the transaction cryptogram and the signature to the access device to request access to a good or service associated with the transaction.” Wong ¶ 173)
wherein the cryptogram is used to authorize a purchase through the wiles connection between the user device and the point of sale (Wong ¶ 173, transmission to access device. “At the time of a transaction, the secure element communicates directly 

Wong does not disclose:
Determining, by the user device, that an encrypted limited use purchase credential (LUPC) is available for the transaction account that has been selected.
An encrypted LUPC
decrypting, by the user device, the encrypted LUPC using a data encryption key (DEK) based dynamic key to create an LUPC;

Cardina discloses: 
Determining, by the user device, that an … limited use purchase credential (LUPC) is available (“At block 285, a determination is made as to whether a timeout threshold has been reached for the temporary account number…. a number of uses may be determined at block 285. Each temporary account number and related data may be valid for only a limited number of uses.” Cardina ¶¶ 40-41) for the transaction account that has been selected. (“At block 220, the selection of an account is detected.” Cardina ¶ 31. See Cardina Figure 2.)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Wong with Cardina by including the validity check for the selected account, as shown in Cardina Figure 2.  It would have been obvious to a 

Wong in view of Cardina does not disclose:
An encrypted LUPC
decrypting, by the user device, the encrypted LUPC using a data encryption key (DEK) based dynamic key to create an LUPC;

Collinge discloses:
An encrypted LUPC (“step 1004 may include the provisioning of the single use key 118, the single use key 118 may be encrypted using a random key (e.g., or suitable key other than the mobile key 604), and then the encrypted single use key may be encrypted using the mobile [key] 604 and provisioned to the mobile payment application 106” Collinge ¶ 99.)
decrypting, by the user device, the encrypted LUPC using a data encryption key (DEK) based dynamic key to create an LUPC; (“At step 1208, the mobile payment application 106 may decrypt the message using the generated mobile session key and may validate the message. The mobile payment application 106 may also decrypt the single use key 118 using the random key included in the decrypted message, and may validate the decrypted single use key 118.” Collinge ¶ 110.)



As to claim 2, Wong in view of Cardina and Collinge discloses the method of claim 1 and further discloses: 
further comprising obfuscating, by the processor, encryption protocols used to decrypt the LUPC. (“To provide additional security, mobile application 1012 may obfuscate and protect stored keys by an accepted mechanism, such as key wrapping. Code and data in the mobile application 1012 may be obfuscated in order to protect the code against reverse engineering.” Wong ¶ 195)

As to claim 3, Wong in view of Cardina and Collinge discloses the method of claim 1 and further discloses:  
further comprising deleting, by the user device, (“When the mobile application of portable communication device 401 receives the new set of account parameters, the mobile application delete the previous set of account parameters and associated transaction verification log details and usage tracking, and store the new set of account limited-use thresholds associated with the current set of account parameters have been exhausted or is about to be exhausted, the mobile application of portable communication device 401 may send an account parameters replenishment request 422 to MAP 470 to replenish the set of account parameters available to the mobile application.” Wong ¶ 141)
the LUPC after a predetermined duration. (“For example, the on-device set of one or more limited-use thresholds configured on the portable communication device may include a time-to-live and a number of transactions that will trigger LUK replenishment initiated by the portable communication device”  Wong ¶ 55)

As to claim 4, Wong in view of Cardina and Collinge discloses the method of claim 1 and further discloses: 
further comprising deleting, by the user device, (“When the mobile application of portable communication device 401 receives the new set of account parameters, the mobile application delete the previous set of account parameters and associated transaction verification log details and usage tracking, and store the new set of account parameters.” Wong ¶ 145, ¶ 242, 253. Where the process discussed in ¶ 145 is instantiated in response to exhaustion of the limited-use threshold: “When the mobile application determines that the set of one or more limited-use thresholds associated with the current set of account parameters have been exhausted or is about to be exhausted, the mobile application of portable communication device 401 may send an and a number of transactions that will trigger LUK replenishment initiated by the portable communication device”  Wong ¶ 55)

As to claim 9, Wong in view of Cardina and Collinge discloses the method of claim 1 and further discloses: 
further comprising detecting, by the user device, the point of sale.  (“access device 260 may initiate a transaction by sending an available applications request 202 to portable communication device 201 to request information on which payment application(s)” Wong ¶ 106, detection via request from contactless reader.)

As to claim 10, Wong in view of Cardina and Collinge discloses the method of claim 1 and further discloses: 
further comprising receiving, by the user device, a personal identification number PIN. (“The CVM verified type is used to indicated the CVM method used for the transaction. The CVM method may be a passcode, biometric (e.g., fingerprint), pattern lock (e.g., for a screen lock), signature, or online PIN.”  Wong ¶ 113.)


wherein the LUPC is stored on the user device.  (“After the new set of account parameters are generated, CBPP 480 may send the new set of account parameters 430 to MAP 470. The new set of account parameters 430 may include a new key index, a new LUK, new signature key and associated certificates, etc., and in some embodiments, may also include a new set of one or more limited-use thresholds associated with the account parameters or LUK that may have different usage limits than the previous thresholds. MAP 470 then forwards the data as the new set of account parameters 432 to the mobile application of portable communication device 401.” Wong ¶ 144).

As to claim 13, Wong in view of Cardina and Collinge discloses the method of claim 1 and further discloses: 
wherein the LUPC is used for a plurality (“a limited-use key (LUK) that is associated with a first set of one or more limited-use thresholds that limits usage of the LUK.” Wong ¶ 8. See also Wong ¶ 42, time based or number of uses based) of transactions  (“At the time of a transaction, the secure element communicates directly with a contactless interface (e.g., a near-field communication (NFC) transceiver) of the portable communication device to pass payment data to a contactless reader of the access device.” Wong ¶ 2) 


wherein a transaction is completed based on the cryptogram in an online payment transaction mode. (“For example, an account may be associated with a first token that can only be used for online transactions and a second token that can only be used for cloud-based transactions, and an online transaction conducted using the cloud-based token will be declined.” Wong ¶ 66, see also ¶ 65)

As to claim 15, Wong in view of Cardina and Collinge discloses the method CRM of claim 1 and further discloses: 
further comprising generating, by the user device (a personal identification number using a PIN.  (“The CVM verified type is used to indicated the CVM method used for the transaction. The CVM method may be a passcode, biometric (e.g., fingerprint), pattern lock (e.g., for a screen lock), signature, or online PIN.”  Wong ¶ 113. A PIN that generates data.) 

Wong in view of Collinge as combined in claim 1 does not disclose: 
(PIN) based key 

Collinge further discloses: 
(PIN) based key (“In step 1610, a payment cryptogram valid for a single payment transaction may be generated, by a processing device, based on at least the received 

A person of ordinary skill in the art before the effective filing date of the claimed invention would have further modified Wong in view of Cardina and Collinge with Collinge by utilizing the PIN to derive the cryptogram (Collinge ¶ 135).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify Wong in view of Cardina and Collinge with Collinge in order to secure the credentials (Wong ¶ 61, Collinge Title) for transactions and enable user’s with devices that do not have secure elements to perform transactions (Collinge ¶¶ 4 and 7), and to prevent third parties from utilizing the user’s limited use credentials.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Badenhorst, US 20160162889, discloses the selection of a payment account and retrieving a payment credential based on the selection.
Wu, US 10,929,572 discloses a storage bridge for performing encryption tasks.
Kachare et al., US 10,846,155, discloses encrypting data transmitted between a host processor and a stoarge device over a PCIe bus.

Singh et al., US 2020/0210069, discloses a storage to network tranmission system where a switch intermediates connections between hosts. 
Gibb et al., US 2019/0163364, discloses a NVME over fabirc system where commands and responses to a storage device bypass the processor. 
Dua, US 10,872,333, discloses automatically launching a payment application based on a near-field data exchange.
Field et al., US 7,766,244, discloses account selection and generation for particular payments or merchants.
Etherredge et al., US 2010/0106581, discloses ddetermining whether to refresh limited use identifiers
Chassin, US 2012/0310774, discloses a user selecting a payment account and performing a refresh on said account parameters.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the 

                                                                                                                                                                      
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165.  The examiner can normally be reached on M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/MICHAEL W CHAO/Examiner, Art Unit 2492