DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claims Status
Claims 1, 9, and 13 are amended, no new claims are added, and no claims are canceled, and claims 1-20 are pending, per Applicant’s amendment filed on April 23, 2021.

Response to Arguments
Applicant’s arguments with respect to rejections of claims 1-20 Under USC 102(a)(1),  filed on April 23, 2021 (see pages 7 and 8) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.  A new ground of rejection added to overcome amendments to the claims.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 9 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Wong et al. (US 20150180836 A1, hereinafter, Wong), and further in view of Ceipidor et al. (U. B. Ceipidor, C. M. Medaglia, A. Marino, S. Sposato and A. Moroni, "KerNeeS: A protocol for mutual authentication between NFC phones and POS terminals for secure payment transactions," 2012 Ceipidor).

Regarding to claims 1, 9 , 13 and 20,  taking claim 9 as exemplary,  Wong teaches A portable communication device comprising: a processor; and  a computer readable medium, the computer readable medium comprising code, executable by the processor to implement a method comprising: initiating communication between a portable communication device comprising a token and a first limited use key, and an access device, wherein the access device is a point of sale terminal; ([Abstract] enhancing the security of a communication device (i.e. portable communication device) when conducting a transaction using the communication device may include using a limited-use key (LUK) ( i.e. first limited use key)  to generate a transaction cryptogram, and sending a token instead of a real account identifier.; [0311] A contactless payment can be initiated by the consumer tapping portable communication device 1201 to a contactless reader (e.g., a NFC reader), or otherwise communicating with the contactless reader (e.g., displaying a QR code or bar code) of the access device.)receiving from a remote server ( ([0044] A dynamic account parameter may be an account parameter that has a limited lifespan, and which once expired, can no longer be used to conduct a transaction until the account parameter is replenished, refreshed, or renewed (i.e. a second limited use key received by the portable device). [0051]The dynamic set of data may include one or more keys (i.e. second limited use key and further key updates as needed to complete a transaction) , information associated with the one or more keys, and/or other dynamic data that has a limited lifespan, and are repeatedly refreshed or replenished during the lifetime of an account. The dynamic set of data can be used for or relates to on-device generation of dynamic transaction cryptograms, or represent dynamic transaction data during payment transactions; [0052] for example, the dynamic set of data may include a limited-use key (LUK) that is used as an encryption key to generate a transaction cryptogram during a transaction. (//examiner note: a portable device receiving dynamic account parameters data update, including second limited user key, during a transaction discloses the inherent capability of the system receiving the second limit use key via the access device.))wherein the portable communication device is in short range communication or in contact with the access device; [0311] A contactless payment can be initiated by the consumer tapping portable communication device 1201 to a contactless reader (e.g., a NFC reader), or otherwise communicating with the contactless reader (e.g., displaying a QR code or bar code) of the access device.) and replacing the first limited use key with the second limited use key.  ([0163] When the mobile application of portable communication device 701 receives the new set of account parameters (e.g., new LUK and new key index associated with the LUK), the mobile application delete (i.e. replacing the first limited use key with the second limited use key) the previous set of account parameters and associated transaction verification log details and usage tracking, and store the new set of account parameters.)
Wong doesn’t explicitly teach via the access device,  Ceipidor from analogues endeavor teaches via the access device, ( [Page 120, Sec. XII. CONCLUSIONS, 2nd and 3rd ¶] The strength of KerNees is that allows to perform the mutual authentication between two devices whereof in fact KerNees allows it to receive authentication information from the other entity (the POS terminal); In this manner POS and NFC phone also share the secret key for encrypt card number, cardholder name, expiry date and issue date.)
Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teaching of Ceipidor to the teachings of Wong in order to provide a higher level of security, for devices that have reduced/limited processing capabilities to protect sensitive bank data of the cardholder, as taught by Ceipidor. The combining of the teachings would have yielded predictable results to one of ordinary skills in the art. 

Claims 1 and 13 related to method claims are rejected based on same rational as the device of claim 9.

Claim 20 related to a device claim is rejected based on same rational as the device of claim 9.

Regarding to claim 2, the combination of Wong and Ceipdor teach the method of claim 1. Wong teaches wherein the portable communication device is in a form of a wearable device.  [0032] a portable communication device may be in the form of a mobile device such as 
Regarding to claim 10, it is rejected based on same rational as claim 2.

Regarding to claim 3, the combination of Wong and Ceipdor teach the method of claim 1. Wong teaches wherein the second limited use key is received by the portable communication device after an authorization response message is received by the access device. ([00195] the transaction log information sent to the remote server may include an authentication code computed over at least the transaction log using the LUK. If the transaction log information in the replenishment request matches the transaction log information at the remote computer, process 1000 may continue to block 1002, and communication device may receive a new LUK (i.e. second limit use key) and a new key index associated with the new LUK (i.e. the remote server matching a LUK value and other data in a transaction log of the portable device issue an authorization request and issue a new LUK)

Regarding to claim 4, the combination of Wong and Ceipdor teach the method of claim 1. Wong teaches wherein the access device is configured to generate and transmit authorization request messages and receive authorization response messages.  ([0087] Access device 160 or a merchant computer coupled to access device 160 may then generate an authorization request message including the account identifier or token, and additional information such as a transaction cryptogram and other transaction data;  [0090] Acquirer 174 then sends the authorization response message to the merchant computer and/or access device 

Regarding to claim 17, it is rejected based on same rational as claim 4.

Regarding to claim 5, the combination of Wong and Ceipdor teach the method of claim 1, further comprising: encrypting, using the second limited use key and by the portable communication device, transaction data for a transaction to form a cryptogram; ([0195] discloses receiving second LUK.  [00184] the transaction cryptogram 820 may be generated by encrypting dynamic transaction data 816 using the LUK 814 as an encryption key in encryption function 818.)and transmitting, by the portable communication device, the token and the cryptogram to the access device to conduct the transaction. [Abstract] the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and sending a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction.)

Regarding to claim 11, it is rejected based on same rational as claim 5.

Regarding to claim 6, the combination of Wong and Ceipdor teach the method of claim 5, wherein the transaction is an access transaction to access a location.  ([0192] At block 1004, 

Regarding to claim 7, the combination of Wong and Ceipdor teach the method of claim 1. Wong teaches wherein the portable communication device 2 does not have a secure element. ([0110 In some embodiments, the mobile application may communicate with the contactless reader using card emulation APIs of the mobile operating system of portable communication device 301, and thus the transaction can be carried out without requiring the use of a secure element (although a secure element can be used)

Regarding to claim 12, it is rejected based on same rational as claim 7.

Regarding to claim 8, the combination of Wong and Ceipdor teach the method of claim 1. Wong teaches wherein the second limited use key is received in a message from the access device, ([0162] After the new set of account parameters are generated, CBPP 780 may send the the message being one of multiple messages passing between the portable communication device and the access device in a single physical interaction between the portable communication device and the access device.  ([0192] At block 1004, a transaction (e.g., a payment transaction, access transaction, or other transaction that is performed using an account) can be initiated (i.e. to access a location that is using contactless secure buildings.), for example, by placing the communication device in proximity to a contactless reader of an access device such as a POS terminal.)

Regarding to claim 14, the combination of Wong and Ceipdor teach the method of claim 13. Wong teaches wherein the access device comprises a contactless reader, and wherein the portable communication device is capable of communicating with the contactless reader through a wireless communication medium.  ([0311] A contactless payment can be initiated by the consumer tapping portable communication device 1201 to a contactless reader (e.g., a NFC reader) (i.e. near field communication which is a wireless communication medium), or otherwise communicating with the contactless reader (e.g., displaying a QR code or 

Regarding to claim 15, the combination of Wong and Ceipdor teach the method of claim 13, further comprising: receiving, by the access device, a cryptogram and the token from the portable communication device. ([Abstract] the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and sending a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction.)

Regarding to claim 16, the combination of Wong and Ceipdor teach the method of claim 15, wherein the cryptogram is created using the second limited use key. ([0195] discloses receiving second LUK.  [00184] the transaction cryptogram 820 may be generated by encrypting dynamic transaction data 816 using the LUK 814 as an encryption key in encryption function 818.)

Regarding to claim 17, the combination of Wong and Ceipdor teach the method of claim 15, further comprising: generating, by the access device, an authorization request message comprising the cryptogram and the token; and transmitting, by the access device, the authorization request message to an authorizing entity computer.  ([0087] Access device 160 or a merchant computer coupled to access device 160 may then generate an authorization request message including the account identifier or token, and additional information such as a 

Regarding to claim 18, the combination of Wong and Ceipdor teach the method of claim 17, further comprising: receiving, an authorization response message comprising the token. ([0042] the token format may be configured to allow the entity receiving the token (i.e. portable communication device) to identify it as a token and recognize the entity that issued the token (i.e.  The access device receiving a token as part of the authorization response message); [0090] Acquirer 174 (i.e. remote server) then sends the authorization response message to the merchant computer and/or access device 160. The authorization response results, which may include transaction data for the transaction can be displayed by access device 160 (i.e. receive authorization response message), or be printed out on a physical receipt.)

Regarding to claim 19, the combination of Wong and Ceipdor teach the method of claim 15, wherein the cryptogram is generated using the second limited use key and a TDES encryption function. ([0184] For an integrated chip based transaction, the transaction cryptogram 820 may be generated by encrypting dynamic transaction data 816 using the LUK (i.e. second limited use key) 814 as an encryption key in encryption function 818.; The encryption function 806 used to generate the second encryption key 808 may be, for example, triple data 


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20130262317 A1 -SYSTEMS AND METHODS FOR PROCESSING MOBILE PAYMENTS BY PROVISONING CREDENTIALS TO MOBILE DEVICES WITHOUT SECURE ELEMENTS.  The reference discloses a method for generating and provisioning payment credentials to a mobile device lacking a secure element using limited use key and token to secure transaction.
US 20160140545 A1 - CLOUD-BASED TRANSACTIONS WITH MAGNETIC SECURE TRANSMISSION.
US 20050238174 A1 - Method And System For Secure Communications Over A Public Network
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SOLOMON AREGA whose telephone number is (571)272-0122. The examiner can normally be reached on Monday - Friday from 8:30 AM to 5:00 PM (EDT).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild, can be reached at telephone number (571)272-0122. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://portal.uspto.gov/external/portal. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 

/SOLOMON AREGA/Examiner, Art Unit 2431


/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431