DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after allowance or after an Office action under Ex Parte Quayle, 25 USPQ 74, 453 O.G. 213 (Comm'r Pat. 1935). Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, prosecution in this application has been reopened pursuant to 37 CFR 1.114.  Applicant's submission filed on 4/26/2022 has been entered.

Examiner's Statement of Reason for Allowance

Claims 1, 4-6, 8-16 and 18-23 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is directed a method including receiving, by a server computer, a request message from a token requestor computer on behalf of a user device. The request message comprising a first current token tracking value and a first function index value. The server computer can determine a second function index value. The server computer can then compare the first function index value to the second function index value. If the first function index value and the second function index value match, the server computer can determine a function based on the first function index value and a stored function table associated with the user device. The server computer can then determine a second current token tracking value based on the function, then compare the first current token tracking value to the second current token tracking value. The server computer can generate a response message in response to the comparing.
The closest prior art, as previously recited, are Batra (US 9,033,218), Hammad (US 2010/0293382 A1), Tarhan et al.  (US 2010/0205448 A1) and Sahasrabudhe et al.  (US 20050271209 A1) in which, Batra disclose a dynamic code may be validated by comparing the dynamic code to a verification code. The card may generate the dynamic code using a random object and a function. The random object may be generated using a random object generator. The function may be determinable using a function determination object and a look-up-table (LUT), the function determination object associable to exponents and operators, listed in the LUT that may be combined with base variables to determine the function. The dynamic code may be determined by substituting portions of the random object for the base variables in the function. The card may communicate the dynamic code, the random object and an identifier to a remote processing facility. The remote processing facility may use the identifier to determine the function, use the random object to determine a verification code and compare the verification code to the dynamic code; and in which Hammad teaches verification of portable consumer devices are disclosed. In one implementation, a verification token is coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display; and in which Tarhan teaches provide authentication of a user using two-factor authentication to enhance security. In such embodiment, a user presents login information and a valid token, wherein the token may be generated by a portable authentication device that comprises a processor, a memory, and/or an activation interface; and in which Sahasrabudhe teaches authentication in a wireless network including sending, from a terminal to a wireless network a request for access authorization. The method includes transmitting from a server a return message. The return message is composed using a default sequence number value. The method includes initiating a resynchronization procedure based on receipt of the return message by the terminal and storing a sequence number in the terminal and in the server; and sending from the server, an authentication continuation message to the terminal.
However, none of Batra (US 9,033,218), Hammad (US 2010/0293382 A1), Tarhan et al.  (US 2010/0205448 A1) and Sahasrabudhe et al.  (US 20050271209 A1) teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent Claims 1 and 11.  For example, none of the cited prior art teaches or suggest the steps of Claim 1 and similarly Claim 11: receiving, by a server computer, a request message from a token requestor computer on behalf of a user device, the request message comprising a first control token tracking value, a first current token tracking value and a first function index value; determining, by the server computer, a second function index value; comparing, by the server computer, the first function index value to the second function index value; if the first function index value and the second function index value match, retrieving, by the server computer, a second control token tracking value from storage in a token service computer, and determining, by the server computer, a function based on the first function index value and a stored function table associated with the user device; determining, by the server computer, a second current token tracking value based on the function; comparing, by the server computer, the first current token tracking value to the second current token tracking value; and generating, by the server computer, a response message in response to the comparing, and wherein the method further comprises: in response to determining that the first current token tracking value matches the second current token tracking value, comparing, by the server computer, the first control token tracking value to the second control token tracking value; comparing, by the server computer, the first current token tracking value and the second control token tracking value; and if the first current token tracking value and the second control token tracking value match, then determining, by the server computer, that the user device is a malicious user device; generating, by the server computer, a replacement control token tracking value; storing, by the server computer, the replacement control token tracking value in the token service computer; and generating, by the server computer, a replay attack alert message comprising at least the replacement control token tracking value.

Therefore the claims are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KARI L SCHMIDT/Primary Examiner, Art Unit 2439