DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed 28 JUN 2021 has been entered. Claims 1-20 remain pending in the application. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11 JUN 2021 in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a 
Claims 1-13 and 16-20 are drawn to a system which is within the four statutory categories (i.e. a machine). Claims 14-15 are drawn to a method which is within the four statutory categories (i.e., a process).
Since the claims are directed toward statutory categories, it must be determined if the claims are directed towards a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea). Based on consideration of all of the relevant factors with respect to the claim as a whole, claims 1-20 are determined to be directed to an abstract idea. The rationale for this determination is explained below:  
With respect to claims 1, 14, and 15:
Claims 1, 14, and 15 are drawn to an abstract idea without significantly more. The claims recite storing a first cryptographic data comprising single use keys and a long term use key, storing a second cryptographic data, generating a Consumer Device Cardholder Verification Method Dynamic Number (CDN) from the first cryptographic data and an application cryptogram based on the CDN and the long term use key, embodying a security architecture for an application, causing the second cryptographic data to be deleted on rebooting of the computing device, replenishing at least the second cryptographic data, and 
The limitations of storing a first cryptographic data comprising single use keys and a long term use key, storing a second cryptographic data, generating a Consumer Device Cardholder Verification Method Dynamic Number (CDN) from the first cryptographic data and an application cryptogram based on the CDN and the long term use key, embodying a security architecture for an application, causing the second cryptographic data to be deleted on rebooting of the computing device, replenishing at least the second cryptographic data, and performing an action using the first and second cryptographic data, as stated, are processes that, under its broadest reasonable interpretation, cover Mental Processes such as concepts performed in the human mind (including an observation, evaluation, judgment, opinion). For example, but for the “computing device”, “cryptographic data”, “security architecture”, “volatile storage”, “non-volatile storage”, and “cryptogram” language, “storing”, “generating”, “embodying”, “replenishing”, and “preforming” in the context of this claim encompass the mental processes. The series of steps including storing cryptographic data, generating a CDN and an application cryptogram, embodying a security architecture, replenishing cryptographic data, and performing an action using cryptographic 
This judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements – computing device, cryptographic data, security architecture, volatile storage, non-volatile storage, and cryptogram. The computing device, cryptographic data, security architecture, volatile storage, non-volatile storage, and cryptogram are recited at a high-level of generality (i.e., performing generic functions of an interaction) such that it amounts no more than mere instructions to apply the exception using a generic computer component, merely implementing an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea - see MPEP 2106.05(f). The (volatile and non-volatile) storages are used for storing, replenishing, or manipulating the (cryptographic) data without any technical details, which is surely at a high-level of generality and furthermore the added elements are also recited at a high-level of generality, not being related to the other 
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception, reaffirming that the limitations are not indicative of integration into a practical application: Generally linking the use of the judicial exception to a particular technological environment or field of use. As discussed above with respect to 
With respect to claims 2-13 and 16-20:
Dependent claims 2-13 and 16-20 include additional limitations, for example, replenishing at least second cryptographic data from a source, using a first or second part of the first cryptographic data, using keystores, using cryptographic keys, performing an action, generating encrypted volatile integers, providing verification of user, using verification data, and performing cryptographic operations, but none of these limitations are deemed significantly more than the abstract idea because, as stated above, they require no more than generic computer structures or signals to be executed, and do not recite any Improvements to the functioning of a computer, e.g., a modification of conventional Internet hyperlink protocol to dynamically produce a dual-source hybrid webpage, as discussed in DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1258-59, 113 USPQ2d 1097, 1106-07 (Fed. Cir. 2014) (see MPEP § 2106.05(a)); Improvements to any other technology or technical field, e.g., a modification of conventional rubber-
	Thus, taken alone, the additional elements do not amount to significantly more than the above-identified judicial exception (the abstract idea). Furthermore, looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology, and their collective functions merely provide conventional computer implementation or implementing the judicial exception on a generic computer. 
Therefore, whether taken individually or as an ordered combination, claims 2-13 and 16-20 are nonetheless rejected 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for 
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 9, and 12-19 are rejected under 35 U.S.C. 103 as being unpatentable over Bradshaw et al. (US 9,558,080 B2; hereinafter Bradshaw) in view of Collinge et al. (WO 2015/160385 A1; already of record in IDS; hereinafter Collinge), and in further view of Momchilov et al. (US 2016/0191499 A1; hereinafter Momchilov).
With respect to claim 1:
a computing device comprising: (See at least Bradshaw: Abstract)
a non-volatile storage device... for storing first ... data, wherein the first ... data comprises [one or more single use keys and a long term use key], ...; (See at least Bradshaw: Abstract; Figs. 1-2 & 4-6; col. 1, lines 6-17; col. 6, lines 5-9)
a volatile storage device for storing second ... data; and...(See at least Bradshaw: Abstract; Figs. 1-2 & 4-6; col. 1, lines 6-17; col. 6, lines 5-9)
wherein the computing device embodying a security architecture for an application, the security architecture being configured to cause the second ... data to be deleted on rebooting of the computing device,... (By disclosing, the recovery occurs by identifying pages that were in the volatile memory at the time of the crash. For each of these pages, the recovery determines whether to recover the page into the volatile memory (content of which is deleted on rebooting) from either the intermediate non-volatile memory or the storage, and then performs the recovery. In some embodiments in which the computing system is transaction-enabled, the recovery also identifies transactions that were active at the time of the crash, and undoes the actions of each of those transactions. principles described herein build on top of ARIES and reduce 
	However, Bradshaw does not teach explicitly ...cryptographic data, ...comprising two or more proxies for physical payment cards, each of the two or more proxies comprising keystores, ...one or more single use keys and a long term use key, ...each of the keystores to securely store a key while enabling the key stored therein to be utilized, ...a processor programmed to generate: a Consumer Device Cardholder Verification Method Dynamic Number (CDN) from the first cryptographic data, and an application cryptogram based at least partially on the CDN and on the long term use key for processing of a transaction, and ...the CDN being utilized to enhance security for the application.
	Collinge, directed to method and system for generating an advanced storage key in a mobile device without secure elements and thus in the same field of endeavor, teaches
cryptographic data. (By disclosing, the memory 212 may also include a mobile payment application (MPA) 404. The MPA 404 may be an application program configured to perform the functions of the mobile device 104 discussed herein, such as the receipt and storage of payment credentials, validation of RNS messages, and generation of application cryptograms for use in conducting payment transactions. Additional features of the MPA 404 may include traditional features of a digital wallet or other similar application program. See at least Collinge: paragraph(s) [0098], [0068]-[0069], [0008]-[0009], [0039], [0060], [0063], [0065] & [0153])
...a non-volatile storage device comprising two or more proxies for physical payment cards, each of the two or more proxies comprising keystores for storing first cryptographic data (By disclosing, a payment card may be a physical card that may be provided to a merchant, or may be data (proxies) representing the associated transaction account (e.g., as stored in a communication device, such as a smart phone or computer). Payment credentials provisioned to the mobile device 104 may be securely stored in storage in the mobile device 104, such as a card database, which may be data storage on the mobile device 104 that is configured to store data associated with one or more transaction accounts and/or payment cards. See at least Collinge: paragraph(s) [0030], [0039] & [0054])
...one or more single use keys and a long term use key (By disclosing, the term "payment credentials" may refer to any data used by the mobile device 104 and/or transaction management server 02 in the transmission and validation of payment information used in a payment transaction using the methods and systems discussed herein, including, but not limited to, payment details, payment credentials, single use keys, session keys, application cryptograms, card master keys (long term use key), etc. See at least Collinge: paragraph(s) [0036], [0057], [0059] & [0082])
...each of the keystores to securely store a key while enabling the key stored therein to be utilized (By disclosing, the generating of an advanced storage key, as discussed in more detail below, may utilize unique device information, unique MPA information, and randomly generated information in order to identify a secure storage key that can be used to securely store data in the mobile device 104. See at least Collinge: paragraph(s) [0039])
...a processor programmed to generate: a Consumer Device Cardholder Verification Method Dynamic Number (CDN) from the first cryptographic data, and an application cryptogram based at least partially on the CDN and on the long term use key for processing of a transaction; (By disclosing, the mobile device 104 may be configured to generate an advanced storage key (CDN) generating of an advanced storage key may utilize unique device information, unique MPA information, and randomly generated information (cryptographic data) in order to identify a secure storage key that can be used to securely store data in the mobile device 104. In addition, the application cryptograms may each be generated by the mobile device 104 using separate session keys and additional data. The application cryptograms, generated using data stored in the mobile device 104, such as in storage secured via the advanced storage key (CDN) and associated with the MPA, may ensure that the application cryptograms authenticate the mobile device 104 (Consumer Device Cardholder Verification Method) and the specific instance of the MPA. See at least Collinge: paragraph(s) [0039]-[0041] & [0008]-[0009])
...the CDN being utilized to enhance security for the application (By disclosing, the application cryptograms, generated using data stored in the mobile device 104, such as in storage secured via the advanced storage key (enhancing security for the application) and associated with the MPA, may ensure that the application cryptograms authenticate the mobile device 104 and the specific instance of the MPA. See at least Collinge: paragraph(s) [0039]-[0041] & [0008]-[0009]. In addition, it is the CDN being utilized to enhance security for the application” is an intended result. No patentable weight is given.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the crash recovery using non-volatile memory of Bradshaw to incorporate the generating an advanced storage key in a mobile device without secure elements teachings of Collinge for the benefit of using of multiple values to build an advanced storage key in a mobile device without a secure element for use in the secure storage of data in the mobile device. (See at least Collinge: paragraph(s) [0002]-[0009])
However, Bradshaw and Collinge do not teach explicitly ...a non-volatile storage device for storing first cryptographic data and ...a volatile storage device for storing second cryptographic data.
Momchilov, directed to shared secret vault for applications with single sign on and thus in the same field of endeavor, teaches 
...a non-volatile storage device for storing first cryptographic data and ...a volatile storage device for storing second cryptographic data. (By disclosing, the vault database 220 and the passcode-encrypted vault key 214 may be stored in persistent storage while the unlock-key-encrypted vault key 216 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Bradshaw and Collinge to incorporate the shared secret vault for applications with single sign on teachings of Momchilov for the benefit of providing more flexibility, security, and functionality for managed computing devices and/or computer software, particularly in instances in which one or more mobile applications are provided for accessing enterprise resources. (See at least Momchilov: paragraph(s) [0006])
Examiner’s Note: 
(1)  The limitations “for storing first cryptographic data” in claim 1, line 3, “enabling the key stored therein to be utilized” in lines 5-6, “for processing of a transaction” in line 12, and “to cause the second cryptographic data material to be deleted lost on rebooting of the computing device” in lines 14-15 are an intended use. No patentable weight is given. The recitation of the intended use of the claimed invention does not 
(2)	The limitation “the CDN being utilized to enhance security for the application” in claim 1, lines 15-16 are an intended result of claim limitation of step of retrieving and does not results in a structural difference. See MPEP 2111.04.
With respect to claim 14:
	Bradshaw teaches a method of preparing and performing an application on a computing device having non-volatile storage and volatile storage, the method comprising: (See at least Bradshaw: Abstract)
storing first ... data in the non-volatile storage, ..., and storing second ... data in the volatile storage, wherein the second ... data is deleted on rebooting of the computing device,...; (By disclosing, the recovery occurs by identifying pages that were in the volatile memory at the time of the crash. For each of these pages, the recovery determines whether to recover the page into the volatile memory from either the intermediate non-volatile memory or the storage, and then performs the recovery. In some embodiments in which the 
replenishing at least the second ... data from a source external to the computing device but accessible by a computing network;... (By disclosing, for each of these pages, the recovery determines whether to recover the page into the volatile memory from either the intermediate non-volatile memory or the storage (external source), and then performs the recovery. See at least Bradshaw: Abstract; col. 4, lines 37-51) 
the application performing an action using the first ... data and, if available, the second ... data, wherein an output of the action indicates whether the second ... data was available. (By disclosing, if normal forward processing is further modified to include snapshots (also referred to as "checkpoints") into non-volatile memory 202, the recovery time may be further reduced especially if the snapshots to non-volatile memory 202 are frequent, and more frequent that the 
	However, Bradshaw does not teach ...cryptographic data, ...the non-volatile storage comprising two or more proxies for physical payment cards, each of the two or more proxies comprising keystores, ...wherein the first cryptographic data comprises one or more single use keys and a long term use key, each of the keystores to securely store a key while enabling the key stored therein to be utilized, ...generating a Consumer Device Cardholder Verification Method Dynamic Number (CDN) from the first cryptographic data; generating an application cryptogram based at least partially on the CDN and on the long term use key for processing of a transaction, and ...wherein the CDN is utilized to enhance security for the application.
	Collinge, directed to method and system for generating an advanced storage key in a mobile device without secure elements and thus in the same field of endeavor, teaches 
...cryptographic data. (By disclosing, the memory 212 may also include a mobile payment application (MPA) 404. The MPA 404 may be an application program configured to perform the functions of the mobile device 104 discussed herein, such as the 
...the non-volatile storage comprising two or more proxies for physical payment cards, each of the two or more proxies comprising keystores (By disclosing, a payment card may be a physical card that may be provided to a merchant, or may be data (proxies) representing the associated transaction account (e.g., as stored in a communication device, such as a smart phone or computer). Payment credentials provisioned to the mobile device 104 may be securely stored in storage in the mobile device 104, such as a card database, which may be data storage on the mobile device 104 that is configured to store data associated with one or more transaction accounts and/or payment cards. See at least Collinge: paragraph(s) [0030], [0039] & [0054])
...wherein the first cryptographic data comprises one or more single use keys and a long term use key, each of the keystores to securely store a key while enabling the key stored therein to be utilized; (By disclosing, the term "payment credentials" may refer to any data used by the mobile device 104 
...generating a Consumer Device Cardholder Verification Method Dynamic Number (CDN) from the first cryptographic data;
generating an application cryptogram based at least partially on the CDN and on the long term use key for processing of a transaction; and (By disclosing, the mobile device 104 may be configured to generate an advanced storage key (CDN) for use in securely storing data, such as the payment credentials, in a database or memory in the mobile device 104. The generating of an advanced storage key may utilize unique device information, unique MPA information, and randomly generated information (cryptographic data) in order to identify a secure storage key that can be used to securely store data in the mobile device The application cryptograms, generated using data stored in the mobile device 104, such as in storage secured via the advanced storage key (CDN) and associated with the MPA, may ensure that the application cryptograms authenticate the mobile device 104 (Consumer Device Cardholder Verification Method) and the specific instance of the MPA. See at least Collinge: paragraph(s) [0039]-[0041] & [0008]-[0009])
...wherein the CDN is utilized to enhance security for the application. (By disclosing, the application cryptograms, generated using data stored in the mobile device 104, such as in storage secured via the advanced storage key (enhancing security for the application) and associated with the MPA, may ensure that the application cryptograms authenticate the mobile device 104 and the specific instance of the MPA. See at least Collinge: paragraph(s) [0039]-[0041] & [0008]-[0009]. In addition, it is noted that the limitation “the CDN being utilized to enhance security for the application” is an intended result. No patentable weight is given.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the crash recovery using non-volatile memory of Bradshaw to incorporate the generating an advanced storage key 
However, Bradshaw and Collinge do not teach explicitly ... storing first cryptographic data in the non-volatile storage and ... storing second cryptographic data in the volatile storage.
Momchilov, directed to shared secret vault for applications with single sign on and thus in the same field of endeavor, teaches 
...storing first cryptographic data in the non-volatile storage and ... storing second cryptographic data in the volatile storage. (By disclosing, the vault database 220 and the passcode-encrypted vault key 214 may be stored in persistent storage while the unlock-key-encrypted vault key 216 and the unlock key storage 241a-c may be stored in volatile memory. As a result, on loss of power or reboot the unlock keys stored by the applications will be lost and each application may need to prompt the user to enter his passcode to re-register the application with the shared vault 210 and acquire the unlock key 222. See at least Momchilov: paragraph(s) [0069]-[0070])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to 
Examiner’s Note: 
(1)	The limitations “wherein the second cryptographic data is deleted on rebooting of the computing device” in claim 14, lines 5-6, “enabling the key stored therein to be utilized” in line 8, “for processing of a transaction” in line 14 are an intended use. No patentable weight is given. The recitation of the intended use of the claimed invention does not serve to differentiate the claim from the prior art. MPEP § 2103 I C states that language that suggests or makes optional but does not require steps to be performed or does not limit a claim to a particular structure does not limit the scope of a claim or claim limitation. An example of such language includes statements of intended use or field of use (MPEP §2103 I C).
(2)	The limitation “wherein the CDN is utilized to enhance security for the application” in claim 14, line 18 are an 
With respect to claim 15:
	Bradshaw teaches a method of preparing and performing an application on a computing device having non-volatile storage and volatile storage, the method comprising: (See at least Bradshaw: Abstract)
storing first cryptographic data in the non-volatile storage, ..., and storing second ... data in the volatile storage, wherein the second ... data is deleted on rebooting of the computing device, and wherein the first ... data comprises a first and a second part, ...; ... (By disclosing, the recovery occurs by identifying pages that were in the volatile memory at the time of the crash. For each of these pages, the recovery determines whether to recover the page into the volatile memory from either the intermediate non-volatile memory or the storage, and then performs the recovery. In some embodiments in which the computing system is transaction-enabled, the recovery also identifies transactions that were active at the time of the crash, and undoes the actions of each of those transactions. principles described herein build on top of ARIES and reduce recovery time by restoring pages into the volatile memory 201 from the non-volatile memory 202, as well as from the storage 203 (external source). See at least Bradshaw: Abstract; col. 1,  
the application performing an action using the first ... data, wherein the first part of the ... data is used to perform the action and the second part of the ... data is also used to perform the action if a use condition is met, wherein an output of the action indicates which parts of the first ... data were used. (By disclosing, the system constructs a mapping (act 413) that identifies a location of a recovery version of each page (first or second part) within the intermediate non-volatile memory for each page that has a recovery version within the intermediate non-volatile memory. In a transactional system, the system determines which transactions were prepared at the time of the crash (act 511). Referring to FIG. 3, the identification of the pending transactions may be performed during the analysis phase 311 in the example below. The system then prepares each of the transactions that were prepared at crash time (act 512) prior to loading the pages from the recovery source into the volatile memory (act 412). See at least Bradshaw: col. 7, lines 3-5, 13-24 & 56-60; col. 8, lines 11-20)
However, Bradshaw does not teach ...cryptographic data, ...the non-volatile storage comprising two or more proxies for physical payment cards, each of the two or more proxies comprising keystores, ...the first cryptographic data comprising 
	Collinge, directed to method and system for generating an advanced storage key in a mobile device without secure elements and thus in the same field of endeavor, teaches 
...cryptographic data. (By disclosing, the memory 212 may also include a mobile payment application (MPA) 404. The MPA 404 may be an application program configured to perform the functions of the mobile device 104 discussed herein, such as the receipt and storage of payment credentials, validation of RNS messages, and generation of application cryptograms for use in conducting payment transactions. Additional features of the MPA 404 may include traditional features of a digital wallet or other similar application program. See at least Collinge: paragraph(s) [0098], [0068]-[0069], [0008]-[0009], [0039], [0060], [0063], [0065] & [0153])
...the non-volatile storage comprising two or more proxies for physical payment cards, each of the two or more proxies comprising keystores (By disclosing, a payment card may be a physical card that may be provided to a merchant, or may be data (proxies) representing the associated transaction account (e.g., as stored in a communication device, such as a smart phone or computer). Payment credentials provisioned to the mobile device 104 may be securely stored in storage in the mobile device 104, such as a card database, which may be data storage on the mobile device 104 that is configured to store data associated with one or more transaction accounts and/or payment cards. See at least Collinge: paragraph(s) [0030], [0039] & [0054])
...the first cryptographic data comprising one or more single use keys and a long term use key, each of the keystores to securely store a key while enabling the key stored therein to be utilized (By disclosing, the term "payment credentials" may refer to any data used by the mobile device 104 and/or transaction management server 02 in the transmission and validation of payment information used in a payment transaction using the methods and systems discussed herein, including, but not limited to, payment details, payment credentials, single use keys, session keys, application cryptograms, card master keys (long term use key), etc. In addition, the generating of an advanced storage key, as discussed in more detail below, may utilize unique device information, unique MPA information, and randomly generated information in order to identify a secure 
...generating a Consumer Device Cardholder Verification Method Dynamic Number (CDN) from the first cryptographic data;
generating on the CDN and an application cryptogram based at least partially on the long term use key for processing of a transaction; and (By disclosing, the mobile device 104 may be configured to generate an advanced storage key (CDN) for use in securely storing data, such as the payment credentials, in a database or memory in the mobile device 104. The generating of an advanced storage key may utilize unique device information, unique MPA information, and randomly generated information (cryptographic data) in order to identify a secure storage key that can be used to securely store data in the mobile device 104. In addition, the application cryptograms may each be generated by the mobile device 104 using separate session keys and additional data. The application cryptograms, generated using data stored in the mobile device 104, such as in storage secured via the advanced storage key (CDN) and associated with the MPA, may ensure that the application cryptograms authenticate the mobile device 104 (Consumer Device Cardholder Verification Method) and the specific instance of the MPA. See at least Collinge: paragraph(s) [0039]-[0041] & [0008]-[0009])
...wherein the CDN is utilized to enhance security for the application. (By disclosing, the application cryptograms, generated using data stored in the mobile device 104, such as in storage secured via the advanced storage key (enhancing security for the application) and associated with the MPA, may ensure that the application cryptograms authenticate the mobile device 104 and the specific instance of the MPA. See at least Collinge: paragraph(s) [0039]-[0041] & [0008]-[0009]. In addition, it is noted that the limitation “the CDN being utilized to enhance security for the application” is an intended result. No patentable weight is given.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the crash recovery using non-volatile memory of Bradshaw to incorporate the generating an advanced storage key in a mobile device without secure elements teachings of Collinge for the benefit of using of multiple values to build an advanced storage key in a mobile device without a secure element for use in the secure storage of data in the mobile device. (See at least Collinge: paragraph(s) [0002]-[0009])
However, Bradshaw and Collinge do not teach explicitly ... storing first cryptographic data in the non-volatile storage and ... storing second cryptographic data in the volatile storage.

...storing first cryptographic data in the non-volatile storage and ... storing second cryptographic data in the volatile storage. (By disclosing, the vault database 220 and the passcode-encrypted vault key 214 may be stored in persistent storage while the unlock-key-encrypted vault key 216 and the unlock key storage 241a-c may be stored in volatile memory. As a result, on loss of power or reboot the unlock keys stored by the applications will be lost and each application may need to prompt the user to enter his passcode to re-register the application with the shared vault 210 and acquire the unlock key 222. See at least Momchilov: paragraph(s) [0069]-[0070])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Bradshaw and Collinge to incorporate the shared secret vault for applications with single sign on teachings of Momchilov for the benefit of providing more flexibility, security, and functionality for managed computing devices and/or computer software, particularly in instances in which one or more mobile applications are provided for accessing enterprise resources. (See at least Momchilov: paragraph(s) [0006])
Examiner’s Note: 
(1)	The limitations “wherein the second cryptographic data is deleted on rebooting of the computing device” in claim 15, lines 5-6, “enabling the key stored therein to be utilized” in line 9, “to perform the action” in lines 15 and 16 are an intended use. No patentable weight is given. The recitation of the intended use of the claimed invention does not serve to differentiate the claim from the prior art. MPEP § 2103 I C states that language that suggests or makes optional but does not require steps to be performed or does not limit a claim to a particular structure does not limit the scope of a claim or claim limitation. An example of such language includes statements of intended use or field of use (MPEP §2103 I C).
(2)	The limitations “if a use condition is met” in claim 15, line 16 are an optional language. Claim scope is not limited by claim language that suggests or makes optional but does not require steps to be performed, or by claim language that does not limit a claim to a particular structure. See MPEP 2111.04, I.
(3)	The limitation “wherein the CDN is utilized to enhance security for the application” in claim 15, line 18 are an intended result of claim limitation of step of retrieving 
With respect to claim 2:
	Bradshaw, Collinge, and Momchilov teach the computing device of claim 1, as stated above.
Bradshaw further teaches wherein the security architecture is adapted such that at least the second [cryptographic] data is replenished from a source external to the computing device but accessible by a computing network, wherein the application is adapted to perform an action using the first [cryptographic] data and, if available, the second [cryptographic] data, wherein an output of the action indicates whether the second [cryptographic] data was available. (By disclosing, for each of these pages, the recovery determines whether to recover the page into the volatile memory from either the intermediate non-volatile memory or the storage (external source), and then performs the recovery. See at least Bradshaw: Abstract; col. 4, lines 37-51)
	Furthermore, Collinge, in the same field of endeavor, further teaches ...cryptographic data, as stated above, and actions performed based on data. (See at least Collinge: paragraph(s) [0102], [0098], [0068]-[0069], [0008]-[0009], [0039], [0060], [0063], [0065] & [0153])
With respect to claim 3:
the computing device of claim 1, as stated above.
Bradshaw further teaches wherein the security architecture is adapted such that the first [cryptographic] data comprises a first and a second part, wherein the application is adapted to perform an action using the first [cryptographic] data, wherein the second part of the first [cryptographic] data is only used if a use condition is met, wherein if the use condition is not met, only the first part of the [cryptographic] data is used, wherein an output of the action indicates which parts of the first [cryptographic] data were used. (By disclosing, as stated above with respect to claim 15, the system constructs a mapping (act 413) that identifies a location of a recovery version of each page (first or second part) within the intermediate non-volatile memory for each page that has a recovery version within the intermediate non-volatile memory. In a transactional system, the system determines which transactions were prepared at the time of the crash (act 511). Referring to FIG. 3, the identification of the pending transactions may be performed during the analysis phase 311 in the example below. The system then prepares each of the transactions that were prepared at crash time (act 512) prior to loading the pages from the recovery source into the volatile memory (act 412). See at least Bradshaw: col. 7, lines 3-5, 13-24 & 56-60; col. 8, lines 11-20)
...cryptographic data, as stated above, and actions performed based on data. (See at least Collinge: paragraph(s) [0102], [0098], [0068]-[0069], [0008]-[0009], [0039], [0060], [0063], [0065] & [0153])
With respect to claims 4 and 16:
	Bradshaw, Collinge, and Momchilov teach the computing device of claim 1 and the method of claim 15, as stated above.
Collinge, in the same field of endeavor, further teaches wherein the non-volatile storage comprises keystores provided by an operating system of the computing device, and the first cryptographic data comprises cryptographic keys. (By disclosing, payment credentials provisioned to the mobile device 104 may be securely stored in storage in the mobile device 104, such as a card database, discussed in more detail below. In some embodiments, the mobile device 104 may be configured to generate an advanced storage key for use in securely storing data, such as the payment credentials, in a database or memory in the mobile device 104. The first session key 308 and second session key 310 may be additional keys that are used by the processing unit 204 in the generation of the application cryptograms transmitted to the point of sale 110 as part of the conducting of a payment transaction using the mobile device 104. See at 
With respect to claims 5 and 17:
	Bradshaw, Collinge, and Momchilov teach the computing device of claim 4 and the method of claim 16, as stated above.
Collinge, in the same field of endeavor, further teaches wherein the cryptographic keys comprise one or more of one or more single use keys and a long term use key. (By disclosing, the term "payment credentials" may refer to any data used by the mobile device 104 and/or transaction management server 02 in the transmission and validation of payment information used in a payment transaction using the methods and systems discussed herein, including, but not limited to, payment details, payment credentials, single use keys, session keys, application cryptograms, card master keys, etc. See at least Collinge: paragraph(s) [0036], [0057], [0059] & [0082])
With respect to claims 6 and 18:
	Bradshaw, Collinge, and Momchilov teach the computing device of claim 5 and the method of claim 17, as stated above.
	Bradshaw teaches wherein when performing an action using first [cryptographic] data, the application uses one of [the single use keys], if available, and [the long term use key] if no [single use key] is available, and wherein when the [long term use key] is used in performance of the action, the output of the action indicates that [the long term use key] was used. (By disclosing, as stated above with respect to claim 14, if normal forward processing is further modified to include snapshots (also referred to as "checkpoints") into non-volatile memory 202, the recovery time may be further reduced especially if the snapshots to non-volatile memory 202 are frequent, and more frequent that the snapshots to storage 203. This checkpointing is an optimization that reduces the size of the log. The checkpointing thus reduces the number of redo and undo actions that have to be performed during crash recovery. See at least Bradshaw: col. 6, lines 39-48; col. 7, lines 56-60)
Collinge, in the same field of endeavor, further teaches ...first cryptographic data, ...the single use keys, ...the long term use key. (By disclosing, a card master key may be used in place of the PIN, such as the first card master key 612. In such an embodiment, the processing unit 504 of the transaction management server 102 may be configured to generate a second session key 608 based on the second card master key 614 that corresponds to the second session key 310 generated by the mobile device 104 using the single use key 306 and the PIN 314. In some instances, the second session key 608 may also be based on the corresponding single use key 604. See at least Collinge: paragraph(s) [0036], [0057], [0059] & [0082])
With respect to claims 7 and 19:
the computing device of claim 4 and the method of claim 16, as stated above.
Collinge, in the same field of endeavor, further teaches wherein the security architecture is adapted to use cryptographic keys only when injection into the keystores was completed within a predetermined time. (By disclosing, the payment credentials 304 (cryptographic keys) may include, for example, a transaction account number, security code, expiration date (within a predetermined time), cardholder name, authorized user name, tracking data, card layout description data, digit counts, bitmaps, etc. See at least Collinge: paragraph(s) [0058])
With respect to claim 9:
	Bradshaw, Collinge, and Momchilov teach the computing device of claim 1, as stated above.
Bradshaw further teaches wherein the computing device is a mobile computing device. (See at least Bradshaw: col. 4, lines 37-45)
With respect to claim 12:
	Bradshaw, Collinge, and Momchilov teach the computing device of claim 1, as stated above.
Collinge, in the same field of endeavor, further teaches wherein the application for execution on the mobile computing device is a payment application. (By disclosing, the mobile 
With respect to claim 13:
	Bradshaw, Collinge, and Momchilov teach the computing device of claim 12, as stated above.
Collinge, in the same field of endeavor, further teaches wherein the action comprises generation of a cryptogram in performance of a transaction. (By disclosing, the conveyance of payment credentials to the point of sale 1 10 may include the transmission of two or more application cryptograms. See at least Collinge: paragraph(s) [0040]-[0041])
Claims 8 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Bradshaw in view of Collinge and in further view of Momchilov, as applied to claims 1 and 15, and in still further view of Thanos et al. (US 2016/0204935 A1; hereinafter Thanos).
With respect to claims 8 and 20:
Bradshaw, Collinge, and Momchilov teach the computing device of claim 1 and the method of claim 15, as stated above.
However, Bradshaw, Collinge, and Momchilov do not teach wherein the second cryptographic data comprises encrypted volatile integers generated for one time use, and wherein the 
Thanos, directed to systems and methods with cryptography and tamper resistance software security and thus in the same field of endeavor, teaches wherein the second cryptographic data comprises encrypted volatile integers generated for one time use, and wherein the computing device is adapted to request one or more volatile integers on reboot of the device.. (By disclosing, initialization can include sequences involving booting, rebooting, starting and restarting of an application. In addition, the password authentication device produces the one-time password based upon at least one of (i) a random number generator, and (ii) current time combined with a random value. See at least Thanos: paragraph(s) [0043] & [0046]; page 6, col. Right, lines 10-13)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Bradshaw, Collinge, and Momchilov to incorporate the systems and methods with cryptography and tamper resistance software security teachings of Thanos for the benefit of providing security techniques that uses, databases, or other data or file management mechanisms to store application user information, authenticating and authorizing access by a 
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Bradshaw in view of Collinge, as applied to claims 1 and 3, and in further view of Ylonen (US 2015/0222604 A1; hereinafter Ylonen).
With respect to claim 10:
Bradshaw, Collinge, and Momchilov teach the computing device of claim 3, as stated above.
However, Bradshaw, Collinge, and Momchilov do not teach wherein the security architecture provides for verification of a user at a mobile computing device, and wherein the first cryptographic data comprises completed verification data and uncompleted verification data, and wherein the action uses the completed verification data if the user was verified at the mobile computing device and uses the uncompleted verification data if the user was not verified at the mobile computing device.

wherein the security architecture provides for verification of a user at a mobile computing device, and wherein the first cryptographic data comprises completed verification data and uncompleted verification data, and wherein the action uses the completed verification data if the user was verified at the mobile computing device and uses the uncompleted verification data if the user was not verified at the mobile computing device.. (By disclosing, the last successfully used private key is looked up from a database saved across client invocations using the hash (2002) (generally, using the hash here is optional, and with some databases the same could equivalently be achieved using the host and user directly as keys in a query). It is tested whether such key (completed verification data) was found (2003), and if so, authentication to the server is attempted using the found key (2004). If successful (2005), authentication succeeds (2010). If no key was found or authentication failed, then all available private keys (uncompleted verification data) are tried until one succeeds or there are no more keys (2006), if they all failed (2007), authentication using public key fails 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Bradshaw, Collinge, and Momchilov to incorporate the automated access, key, certificate, and credential management teachings of Ylonen for the benefit of completing any outstanding operations for such decommissioned systems in order to not leave related higher-level operations incomplete. (See at least Ylonen: paragraph(s) [0105])
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Bradshaw in view of Collinge and in further view of Momchilov and Ylonen, as applied to claim 10, and in still further view of Zimmermann (US 2018/0027006 A1; hereinafter Zimmermann).
With respect to claim 11:
Bradshaw, Collinge, Momchilov, and Ylonen teach the computing device of claim 10, as stated above.
However, Bradshaw, Collinge, Momchilov, and Ylonen do not teach wherein the completed verification data is cryptographically generated by a keystore provided by an operating system of the computing device, and wherein the 
Zimmermann, directed to system and method for securing an enterprise computing environment and thus in the same field of endeavor, teaches 
wherein the completed verification data is cryptographically generated by a keystore provided by an operating system of the computing device, and wherein the keystore is configured to only perform cryptographic operations after successful user verification. (By disclosing, the keystore API 3610 may operate within the selective encryption module 102 or the CSF 100 to generate keys and manage (e.g. control access to) keys. The keystore API 3610 may act as an integration point with key stores and key management capabilities of third parties and customers. Also, the keyserver/keystore API can interact with customer-managed keystores (such as through a gateway, proxy or the like), such as ones deployed in public cloud, private cloud, or on premises keystores of the customer. See at least Zimmermann: paragraph(s) [0479]-[0480])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Bradshaw, Collinge, Momchilov, and Ylonen to incorporate the system 

Response to Arguments
Applicant's arguments filed 28 JUN 2021 have been fully considered but they are not persuasive.
In response to applicant’s argument with respect to the 101 rejections that the pending claims cannot be seen to recite an abstract idea under Prong One of Step 2A and are therefore patent-eligible, it is noted that even though it is recited that a processor is programmed to generate a CDN and an application cryptogram and the CDN is utilized to enhance security for the application, there is no technical details of the CDN, application cryptogram, and security architecture. The first or second cryptographic data, CDN, and cryptogram are not used actively in the steps. They are all pieces of data or information without any details. Therefore, all the steps can be performed mentally, without a processor. In addition, such “improvements” described at paragraphs 2, 8-16, and 66-67 of the Specification could not be read from the claims. Therefore, the 
In response to applicant’s argument that Collinge does not appear to show generating a CDN from any cryptographic material. Collinge also fails to show generating an application cryptogram based at least partially on the CDN, it is noted that Collinge teaches that the advanced storage key is generated utilizing unique device information, unique MPA information, and randomly generated information. The advanced storage key is related to securing data storing in the mobile device. Therefore, the advanced storage key may be interpreted as a Consumer Device Cardholder Verification Method Dynamic Number (CDN), especially when the CDN is recited with a long descriptive name of the term, without any further technical details. Furthermore, the application cryptogram is generated using data stored in a storage of the mobile device, which is secured via the advanced storage key. Therefore, Collinge also teaches that the application cryptogram is generated based on the advanced storage key (CDN). (See at least Collinge: paragraph(s) [0039]-[0041])  
In response to applicant’s argument that such an arrangement may provide for a flexible approach which allows an application to be used in a wide variety of situations and with an enhanced level of security, while providing effective .

Conclusion 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Christeson (US6622243B1) teaches method for securing CMOS configuration information in non-volatile memory, including CMOS memory and flash memory. 
Henry et al. (US8838924B2) teaches microprocessor having internal secure memory, including non-secure memory and secure memory. 
Kim et al. (US 20160253670 A1) teaches electronic device providing electronic payment function and operation method thereof, including rooting, TEE, and REE.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAY C LEE whose telephone number is (571)272-3309.  The examiner can normally be reached on Monday-Friday 8-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/C.C.L./Examiner, Art Unit 3685                                                                                                                                                                                                        /NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685