Acknowledgements
Examiner is withdrawing finality and vacating the previous office action.
This communication is in response to applicant’s response filed on 05/17/2021.
Claims 9-10 has been cancelled.
Claims 1-8 and 11-12 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Regarding applicant’s arguments:	
Regarding applicant’s arguments under Claim Rejections - 35 USC § 103 that Faith (US 20090319784) in view of Brown
Regarding applicant’s arguments under Claim Rejections - 35 USC § 103 that Faith (US 20090319784) in view of Brown (US 20090006262) does not disclose “computing at least one piece of payment means comparison data from the piece of payment means reference data and from at least one encryption key of the payment means,” examiner respectfully agrees with applicant’s arguments and has issued a new grounds of rejections for claims 7, 8, and 12.
Applicant argues dependent claims 2-5 are allowable based on their dependence upon allowable base claims, examiner respectfully argues applicant’s arguments are moot in light of the new grounds of rejection made to claim 1.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-6, and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Faith (US 20090319784) in view of Poznansky (US 20120153028).

Regarding Claims 1, 6, and 11, Faith teaches a first iteration of: obtaining a current piece of payment means data from a memory of the payment means, the current piece of payment means data being part of payment data of the payment means configured to be transmitted to a processing server to carry out a payment transaction (Paragraphs 0027 and 0037 teach an initial data string (e.g., personalized information including one or more of the following data elements: account number (e.g., a primary account number or PAN), an account sequence number, an expiration date, a CVV value) is altered (e.g., encrypted) to form a first data string); generating a following piece of payment means data as a function of the current piece of payment means data and as a function of an encryption key of the payment means (Paragraphs 0027 and 0039 teach the first data string may be an encrypted form of the initial data string; the first data string may be further altered (e.g., encrypted) to form a second data string; the initial data string in FIG. 2 can then be represented by D(0) in FIG. 3; as shown in block 330, the initial data string can then be altered (e.g., encrypted) using one or more uniquely derived keys using an encryption algorithm such as a triple DES or DES algorithm); replacing the current piece of payment means data by the following piece of payment means data within the memory of the payment means (Paragraphs 0028, 0039-0041, and Figs. 3 and 4 teach a first dynamic verification value is then and a second, subsequent iteration of the obtaining, generating and replacing, using the following piece of payment means data generated in the first iteration as the current piece of payment means data in the second, subsequent iteration (Paragraphs 0031-0032 and 0049 teach when a second, subsequent transaction is conducted using the portable consumer device, the previously formed second data string can be used as input data for generating a third data string that can be used to form a second dynamic verification value; it may be formed using the same or different process that is used to form the first dynamic verification value from the second data string; once created, the second dynamic verification value can be used to authenticate the portable consumer device in a second transaction; when a second transaction is conducted using the portable consumer device, a second dynamic verification value may be formed by the portable consumer device; the second dynamic verification value may be formed using the previously described second data string D(2); as shown in FIG. 4, the second data string D(2) can be 
However, Faith does not explicitly teach generating a following piece of payment means data, the generating comprising: filling an intermediate value as a function of size of the current piece of payment means data and of the size of the encryption key, by padding the current piece of payment means data; encrypting the intermediate value by means of the encryption key, delivering an encrypted intermediate value; and selecting, within the encrypted intermediate value, a portion of the encrypted intermediate value, the size of which is equal to the size of the current piece of payment means data, delivering the following piece of payment means data.
Poznansky from same or similar field of endeavor teaches generating a following piece of payment means data, the generating comprising: filling an intermediate value as a function of size of the current piece of payment means data and of the size of the encryption key, by padding the current piece of payment means data (Paragraphs 0055-0056 teach a CVV generator unit is part of the transaction card operation system software, and it generates a new CVV code, based on time windows; the XOR gate will enable to choose the private key (i.e., CVV code) used and then we will multiply the private key with the card ID (i.e., the CVV is padded using the card ID or PAN)); encrypting the intermediate value by means of the encryption key, delivering an encrypted intermediate value (Paragraph 0056 teaches the result (i.e., product and selecting, within the encrypted intermediate value, a portion of the encrypted intermediate value, the size of which is equal to the size of the current piece of payment means data, delivering the following piece of payment means data (Paragraphs 0056 teaches then from the huge number 12 binary digits will be cut in some point of the number; the precise location can be synchronized with the time segment; for example, if the first 10 minute of the real time will be the time operation the system will cut the (10+2) MSB (Most Significant Bits) binary bits of the number etc.; the 12 digits binary number will be translated to a 3 decimal digits that will compose the new dynamic CVV code for the present time segment).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in Faith, which teaches generating a following piece of payment means data, to incorporate the teachings of Poznansky, which teaches filling an intermediate value as a function of size of the current piece of payment means data and of the size of the encryption key, by padding the current piece of payment means data; encrypting the intermediate value by means of the encryption key, 
There is motivation to combine Poznansky into Faith because the dynamic Card Verification Value code generator provides improved security for transactions because by using the modulation operation with the public key stored on the transaction card to generate the new CVV, a fraudulent user will not be able to calculate the correct dynamic CVV code thus any transaction requests from the fraudulent user will be denied.
Regarding Claim 1, Faith teaches a method for encrypting a piece of payment means data, this method being implemented by a payment means comprising a data processor (Paragraph 0009 teaches a method comprising altering a first data string to form a second data string, and forming a first dynamic verification value using at least a portion of the second data string; the first dynamic verification value is used to authenticate a portable consumer device in a first transaction; the method also includes altering the second data string to form a third data string, and forming a second dynamic verification value using at least a portion of the third data string; the second dynamic verification value is used to authenticate the portable consumer device in a second transaction).
Regarding Claim 6, Faith teaches a payment means comprising encryption means that can be actuated iteratively, wherein the payment means comprises a data payment processor (Paragraph 0064 teaches the 
Regarding Claim 11, Faith teaches a non-transitory computer readable memory comprising a computer program stored thereon, including program code instructions for implementing a method for encrypting a piece of payment means data, when the program is executed by a processor of a payment means (Paragraph 0010 teaches a computer readable medium; the computer readable medium comprises code for altering a first data string to form a second data string, and code for forming a first dynamic verification value using at least a portion of the second data string; the first dynamic verification value is used to authenticate a portable consumer device in a first transaction; the computer readable medium further comprises code for altering the second data string to form a third data string and code for forming a second dynamic verification value using at least a portion of the third data string; the second dynamic verification value is used to authenticate the portable consumer device in a second transaction).

Regarding Claim 3, the combination of Faith and Poznansky teaches all the limitations of claim 1 above; and Faith further teaches wherein said encryption function is a verification code (Paragraphs 0027-0028 and 0037 teach an initial data string (e.g., a CVV value) is altered (e.g., encrypted) to form a first data string; a first dynamic verification value is then formed using at least a portion of the second data string; for example, in one embodiment of the invention, a portion of the second data string is selected, and the selected portion of the second data 

Regarding Claim 4, the combination of Faith and Poznansky teaches all the limitations of claim 1 above; however the combination does not explicitly teach wherein the method further comprises displaying said following piece of payment means data on a screen of said payment means.
Poznansky further teaches wherein the method further comprises displaying said following piece of payment means data on a screen of said payment means (Paragraphs 0054 teaches the transaction card displays the new CVV code at the card LCD display).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Faith and Poznansky to include the further teachings of Poznansky to display said following piece of payment means data on a screen of said payment means.
There is motivation to further combine Poznansky into the combination of Faith and Poznansky because the display allows the user to see and use the new dynamic CVV for card-not-present transactions. 

Regarding Claim 5, the combination of Faith and Poznansky teaches all the limitations of claim 1 above; and Faith further teaches wherein the method further comprises transmitting said following piece of payment means data to a payment terminal (Paragraph 0029 teaches the first dynamic verification value is then used to authenticate a portable consumer device in a first transaction; the first transaction can be a purchase transaction, a money transfer transaction, etc.; the first dynamic verification value can be transmitted from an access device such as a POS (point of sale) terminal to a computer apparatus operated by a service provider such as an issuer (e.g., an issuing bank), or a payment processing organization).

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Faith (US 20090319784) in view of Poznansky (US 20120153028) in view of Chastain (20150319151) in further view of Hinz (20150071441).

Regarding Claim 2, the combination of Faith and Poznansky teaches all the limitations of claim 1 above; however the combination does not explicitly teach wherein generating a following piece of payment means data comprises the implementing of an encryption function such that the following piece of payment means data depends on the encryption function said encryption function comprising the obtaining of: the square of the current piece of payment means data; and the square modulo the encryption key.
Chastain from same or similar field of endeavor teaches wherein generating a following piece of payment means data comprises the implementing of an encryption function such that the following piece of payment means data depends on the encryption function (Paragraphs 0054-0055 and 0032 teach the UICC (i.e., payment means) can receive the derived encryption key from the remote management server and include a temporary encryption key generator that applies a one-way function to generate a temporary encryption key from the derived encryption key, wherein the UICC can be a secure element such as various types of smart cards and the one-way function can be the Rabin function).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Faith and Poznansky to incorporate the teachings of Chastain to generate a following piece of payment means data using an encryption function such that the following piece of payment means data depends on the encryption function.
There is motivation to combine Chastain into the combination of Faith and Poznansky because through encryption and/or modification by the SDP according to a temporary encryption key that is generated from a derived encryption key stored by the secure element, the secure services platform enables the secure delivery of data (Chastain Paragraph 0049).
However, the combination Faith, Poznansky, and Chastain does not explicitly teach said encryption function comprising the obtaining of: the square of the current piece of payment means data; and the square modulo the encryption key.
said encryption function comprising the obtaining of: the square of the current piece of payment means data; and the square modulo the encryption key (Paragraph 0006-0007 teach a known public-key encryption method is the Rabin method, which utilizes modular exponentiation as its basis, wherein in the Rabin method the secret key consists of two prime numbers p and q, chosen in practice to be sufficiently large, which are linked with each other via a certain congruent condition, and a product n=p*q of the two prime numbers p and q defines the modulus n and simultaneously represents the public key; and according to the Rabin method, a plaintext M (i.e., payment means data) to be transmitted is encrypted by modular squaring and applying the modulo operation, i.e., the ciphertext C results from the plaintext M according to the following formula:  C=M2 mod n).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Faith, Poznansky, and Chastain to incorporate the teachings of Hinz for the encryption function to comprise obtaining the square of the current piece of payment means data and the square module the encryption key.
There is motivation to combine Hinz into the combination of Faith, Poznansky, and Chastain since the computation of the encryption is substantially simpler, i.e., less compute-intensive, in the Rabin method than in the RSA method, the Rabin method is preferable to the RSA method in particular where the entity carrying out the encryption, i.e., the transmitter of an encrypted message, has only limited processor power, as is the case for example with a limited-resource RFID .


Claims 7-8 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Faith (US 20090319784) in view of Poznansky (US 20120153028) in further view of Brown (US 20090006262).

Regarding Claims 7, 8, and 12, Faith teaches obtaining a piece of payment means reference data from a memory of said processing server, said piece of payment means reference data corresponding to the last piece of payment means data previously received from a payment means and verified by said processing server (Paragraphs 0068, 0066, and 0037 teach the server computer may store the verification value and any values used to generate the verification value so that it is up to date for the next transaction that is conducted; the server computer may thereafter retrieve the consumer's personal information from the consumer database; the initial data string (i.e., consumer’s personal information) may be comprise personalized information including one or more of the following data elements: account number (e.g., a primary account number or PAN), an account sequence number, an expiration date, a CVV value); and comparing the current piece of payment means data with the data of said set of reference data, and, when said current piece of payment means data is identical to one piece of data of the set of reference data, delivering an assertion of validity of said current piece of payment means data and storing said current piece of payment data in the memory of processing server, as the last piece of payment means data received from the payment means and verified by the processing server (Paragraphs 0030 and 0068 teach if the re-generated first dynamic verification value is the same as the first dynamic verification value received from the access device, or if it is within an expected range of expected first dynamic verification values, the service provider may determine that the portable consumer device that sent the first dynamic verification value is authentic; it may be possible for the server computer to cycle through a reasonable number of additional dynamic verification values to determine if a generated verification value matches the received verification value; if a match is found, the server computer may store the verification value and any values used to generate the verification value so that it is up to date for the next transaction that is conducted).
However, Faith does not explicitly teach computing at least one piece of payment means comparison data from the piece of payment means reference data and from at least one encryption key of the payment means, the number of computed pieces of payment means comparison data being determined as a function of a predetermined time period, delivering a set of reference data.
Poznansky from same or similar field of endeavor teaches computing at least one piece of payment means comparison data from the piece of payment means reference data and from at least one encryption key of the payment means (Paragraphs 0055-0057 teach the same operation that takes place at the transaction card (i.e., product of the CVV code multiplied by the PAN is 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in Faith, which teaches generating a following piece of payment means data to compare to the received following piece of payments data from the user card, to incorporate the teachings of Poznansky, which teaches generating the following piece of payment means data.
There is motivation to combine Poznansky into Faith because of the same reasons provided above for claims 1, 6, and 11 above.
However, the combination of Faith and Poznansky does not explicitly teach the number of computed pieces of payment means comparison data being determined as a function of a predetermined time period, delivering a set of reference data.
Brown from same or similar field of endeavor teaches the number of computed pieces of payment means comparison data being determined as a function of a predetermined time period, delivering a set of reference data (Paragraphs 0064 teaches a sliding dynamically-sized window on the server can predict which pre-computed values are valid at any given time, based on the last valid transaction number received, the date/time of that transaction, etc. 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Faith and Poznansky to incorporate the teachings of Brown for the number of computed pieces of payment means comparison data to be determined as a function of a predetermined time period, delivering a set of reference data.
	There is motivation to combine Brown into the combination of Faith and Poznansky because large data tables would not need to be stored for each customer and card. The server limits each value to one use, and the location and time of each use are logged. The management of the valid-number window on the server can be set up such that unused numbers expire a fixed time after a later number is received. The timer prevents copies of magnetic data track data from being accepted in a decision making process to authorize the transactions after a fixed period of time (Brown Paragraph 0084-0085). A loss of synchronization would not be cause for disallowing a valid transaction, or passing all fraudulent, out-of-window, transactions. If a transaction was not found in the window and, a certain time has elapsed since the last valid synchronized transaction, then the transaction can be approved while continue searching for the next “n” windows to see whether the approved transaction was a valid transaction. If it was a valid transaction, then the system can resynchronize with the card, and future transactions in the near 
	Regarding Claim 7, Faith teaches a method for verifying the validity of a piece of payment means data, this method being implemented by a processing server comprising a data processor (Paragraph 0066 teaches server computer independently generates the first dynamic verification value; if the received first dynamic verification value and the independently generated verification value match, or if the received verification value is otherwise expected, the transaction may be authorized).
	Regarding Claim 8, Faith teaches a processing server comprising means of cryptographic processing capable of enabling a verification of the validity of a piece of payment means data, wherein the processing server comprises a data processor (Paragraph 0060 teaches the server computer may also have a processor and a computer readable medium, which comprises code or instructions that the processor can execute).
	Regarding Claim 12, Faith teaches a non-transitory computer readable memory comprising a computer program stored thereon including program code instructions for implementing a method for verifying the validity of a piece of payment means data, when the program is executed by a processor of a processing server (Paragraph 0060 teaches the server computer may also have a processor and a computer readable medium, which comprises code or instructions that the processor can execute).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
de Oliveira et al. (US 20110246369) teaches a validation Card Verification Value (vCVV) is a card account number validation cryptogram that may be used in the validation cryptogram generation. The vCVV may be calculated using the Dynamic CVV Algorithm and the Key Derivation Methodology similar to those used for chip cards (Paragraph 0106).
Faith et al. (US 20100027786) teaches a method is disclosed that includes generating a uniquely derived data string using personalized information and a first encryption algorithm, generating at least one uniquely derived key using the uniquely derived data string, and creating a dynamic verification value using a second encryption algorithm using the at least one uniquely derived key, wherein the first encryption algorithm is different than the second encryption algorithm.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:00 pm CST (M-F).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492.  The fax 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.P.J./Examiner, Art Unit 3685

/JAY HUANG/Primary Examiner, Art Unit 3685