DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the amendment filed on 11/24/2021.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative Patrick Jewik on January 7, 2022.

Claims
Please replace claims as following: 
Claim 11 (Currently amended) A server computer comprising: 
a processor; and 
a non-transitory computer-readable medium coupled to the processor, the non-transitory computer-readable medium comprising code executable by the processor for implementing a method comprising: 
receiving a request message from a token requestor computer on behalf of a user device, the request message comprising a first control token tracking value, a first current token tracking value and a first function index value; 
determining a second function index value; 
comparing the first function index value to the second function index value; 
if the first function index value and the second function index value match, retrieving a second control token tracking value from storage in a token service computer, and determining a 
determining a second current token tracking value based on the function; 
comparing the first current token tracking value to the second current token tracking value; and 
generating a response message in response to the comparing, and 
wherein the method further comprises: 
in response to determining that the first current token tracking value matches the second current token tracking value, comparing, by the server computer, the first control token tracking value to the second control token tracking value; 
comparing the first current token tracking value and the second control token tracking value; and 
if the first current token tracking value and the second control token tracking value do not match, determining that the user device is a malicious user device; 
generating a replacement control token tracking value; 
storing the replacement control token tracking value in the token service computer; and
generating a replay attack alert message comprising at least the replacement control token tracking value.





Examiner's Statement of Reason for Allowance

Claims 1, 4-6, 8-16 and 18-23 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is directed a method including receiving, by a server computer, a request message from a token requestor computer on behalf of a user device. The request message comprising a first current token tracking value and a first function index value. The server computer can determine a second function index value. The server computer can then compare the first function index value to the second function index value. If the first function index value and the second function index value match, the server computer can determine a function based on the first function index value and a stored function table associated with the user device. The server computer can then determine a second current token tracking value based on the function, then compare the first current token tracking value to the second current token tracking value. The server computer can generate a response message in response to the comparing.
The closest prior art, as previously recited, are Batra (US 9,033,218), Hammad (US 2010/0293382 A1), Tarhan et al.  (US 2010/0205448 A1) and Sahasrabudhe et al.  (US 20050271209 A1) in which, Batra disclose a dynamic code may be validated by comparing the dynamic code to a verification code. The card may generate the dynamic code using a random object and a function. The random object may be generated using a random object generator. The function may be determinable using a function determination object and a look-up-table (LUT), the function determination object associable to exponents and operators, listed in the LUT that may be combined with base variables to determine the function. The dynamic code may be determined by substituting portions of the random object for the base variables in the function. 
: receiving, by a server computer, a request message from a token requestor computer on behalf of a user device, the request message comprising a first control token tracking value, a first current token tracking value and a first function index value; determining, by the server computer, a second function index value; comparing, by the server computer, the first function index value to the second function index value; if the first function index value and the second function index value match, retrieving, by the server computer, a second control token tracking value from storage in a token service computer, and determining, by the server computer, a function based on the first function index value and a stored function table associated with the user device; determining, by the server computer, a second current token tracking value based on the function; comparing, by the server computer, the first current token tracking value to the second current token tracking value; and generating, by the server computer, a response message in response to the comparing, and wherein the method further comprises: in response to determining that the first current token tracking value matches the second current token tracking value, comparing, by the server computer, the first control token tracking value to the second control token tracking value; comparing, by the server computer, the first current token tracking value and the second control token tracking value; and if the first current token tracking value and the second control token tracking value do not match, determining, by the server computer, that the user device is a malicious user device; generating, by the server computer, a replacement control token tracking value; storing, by the server computer, the replacement control token tracking value in the token service computer; and generating, by the server computer, a replay attack alert message comprising at least the replacement control token tracking value.

Therefore the claims are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/KARI L SCHMIDT/Primary Examiner, Art Unit 2439