DETAILED ACTION
This Office Action is in response to the communication filed on 08/30/2019.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner's Amendment
An Examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicants, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner's amendment was given in a discussion with David Raczkowski (Reg. No. 52,145) on 05/07/2021.
The application has been amended as follows:
1. (Currently Amended) A method comprising:
receiving, at an authentication computer, an authentication request message, wherein the authentication request message includes a user device identifier that uniquely identifies a user device to the authentication computer, authentication data associated with an access device, and a received cryptogram, wherein the authentication data includes a timestamp, an access device identifier  and uniquely identifies the access device to the authentication computer, wherein the received cryptogram is generated from the access device identifier and a user device credential;
selecting the user device credential from a set of user device credentials using the user device identifier and based on a portion of the timestamp, the user device credential selected to correspond to [[a]]the user device, wherein the user device credential is registered with the authentication computer in association with the user device, wherein the selecting the user device credential comprises dividing the portion of the timestamp by a number of user device credentials in the set of user device credentials and using a remainder from the dividing;
in response to the selecting the user device credential, generating a generated cryptogram using the access device identifier and the user device credential, wherein the generating the generated cryptogram includes: generating a user device cryptogram using the access device identifier and the user device credential, selecting an access device credential stored at the authentication computer using the user device identifier, and generating the generated cryptogram using the user device cryptogram and the access device credential, wherein the access device credential comprises a user credential provided to the access device;

based on the received cryptogram and the generated cryptogram matching, transmitting an authentication response message to the access device to instruct the access device that the user device is authenticated, thereby causing the access device to proceed with a process for granting access to the user device.
3. (Currently Amended) The method of claim 1, wherein selecting the user device credential comprises: determining [[a]]the portion of [[a]]the timestamp included in the authentication data; and using the portion of the timestamp to select the user device credential from [[a]]the set of user device credentials according to one or more predetermined rules.
4. (Canceled).
5. (Canceled).
6. (Currently Amended) The method of claim [[5]]1, wherein before the authentication request message is received, the method comprises, as part of a registration process: selecting a first prompt from a first list; providing the first prompt to the user device; receiving a first response to the first prompt from the user device; and storing the first response to the first prompt in a first set associated with the user device identifier, wherein the access device credential is selected from the first set.

a memory;
one or more processors; and
a non-transitory computer readable medium storing a plurality of instructions for controlling the one or more processors to perform operations comprising:
receiving an authentication request message, wherein the authentication request message includes a user device identifier that uniquely identifies a user device to the authentication computer, authentication data associated with an access device, and a received cryptogram, wherein the authentication data includes a timestamp, an access device identifier corresponding to the access device and uniquely identifies the access device to the authentication computer, wherein the received cryptogram is generated from the access device identifier and a user device credential;
selecting the user device credential from a set of user device credentials using the user device identifier and based on a portion of the timestamp, the user device credential selected to correspond to [[a]]the user device, wherein the user device credential is registered with the authentication computer in association with the user device, wherein the selecting the user device credential comprises dividing the portion of the timestamp by a number of user device credentials in the set of user device credentials and using a remainder from the dividing;
in response to the selecting the user device credential, generating a generated cryptogram using the access device identifier and the user device credential, wherein the generating the generated cryptogram includes: generating a user device cryptogram using the access device identifier and the user device credential, selecting an access device credential stored at the authentication computer using the user device identifier, and generating the generated cryptogram using the user device cryptogram and the access device credential, wherein the access device credential comprises a user credential provided to the access device;
comparing the received cryptogram and the generated cryptogram; and
based on the received cryptogram and the generated cryptogram matching, transmitting an authentication response message to the access device to instruct the access device that the user device is authenticated, thereby causing the access device to proceed with a process for granting access to the user device.
11. (Currently Amended) The authentication computer of claim 10, wherein the operations further  comprising: verifying the access device 
12. (Currently Amended) The authentication computer of claim 10, wherein selecting the user device credential comprises: determining [[a]]the portion of [[a]]the timestamp included in the authentication data; and using the portion of the timestamp to select the user device credential from [[a]]the set of user device credentials according to one or more predetermined rules.
13. (Canceled).
14. (Canceled).
15. (Currently Amended) The authentication computer of claim [[14]]10, wherein before the authentication request message is received, the operations further comprising, as part of a registration process: selecting a first prompt from a first list; providing the first prompt to the user device; receiving a first response to the first prompt from the user device; and storing the first response to the first prompt in a first set associated with the user device identifier, wherein the access device credential is selected from the first set.
16. (Currently Amended) The authentication computer of claim 15, wherein the operations further  comprising: selecting a second prompt 
17. (Currently Amended) The authentication computer of claim 10, wherein the authentication request message includes a third cryptogram created by signing at least a portion of the authentication data using a third user credential, the operations further comprising: selecting a fourth user credential using the user device identifier; generating a fourth cryptogram using at least the portion of the authentication data and the fourth user credential; and comparing the third cryptogram and the fourth cryptogram to determine the authentication response message.
Allowable Subject Matter
Claims 1-3, 6-12, and 15-18 are allowed.
Prior art found:
US 2011/0258452 discloses a system which allows the usage of devices containing PKI private keys to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. 

US 2014/0310182 discloses a method comprising: transmitting, by the mobile device, a request to a server for one or more tokens; receiving, by the mobile device, one or more tokens from the server; generating, by the mobile device, a single use code in dependence on a received token; generating, by the mobile device, code data by encoding information, wherein said information is for use in a transaction and comprises the generated single use code, an identification number and/or expiry information; and displaying, by the mobile 
US 2013/0041823 discloses a method that includes presenting a payment card to an access device, obtaining additional data, encrypting the additional data, and passing the encrypted additional data to the access device.
US 2013/0304648 discloses a system for using a payment processing network as an authorization engine to access secure physical areas. A keycard with a cryptogram generator is presented by a user to an access device, and the access device or associated computer sends an access request message formatted like a payment authentication request message to an aggregator/acquirer and payment processing network. The payment processing network validates the cryptogram and returns an access response message, again formatted like a payment authorization response message, indicating that the keycard is authentic. 
The following is an examiner's statement of reasons for allowance:


.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMIE C LIN whose telephone number is (571)272-7752.  The examiner can normally be reached on M-F 9:00AM -5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/AMIE C. LIN/Primary Examiner, Art Unit 2436