Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is in response to the response to election/restriction filed 4/13/2022.  Claims 1-13 and 16 are pending.  Claims 8-13 are withdrawn pursuant to election on 4/13/2022.  Claims 1-7 and 16 are under examination. Claims 1 (a method) and 7 (a machine) are independent. 

Response to Arguments
Applicant's arguments filed 4/13/2022 have been fully considered but they are not persuasive. 
On page 1 of the response Applicant asserts that the restriction should be withdrawn because “the Examiner would have to search in only two main groups (i.e., H04W12/069 and H04L63/067) to examine all pending claims.”
Applicant’s argument is not persuasive. 
The listing of separate classes for the various groups to be restricted is the normal method of establishing burden by the USPTO.  Applicant’s remarks, if persuasive, would entirely obviate all restriction requirements and contradict the practice set forth in MPEP 808.02.  
While there may certainly be claim sets that do not present a “significant burden” even though separately classified, the present claims would be a significant burden.  For example, independent claims 1 and 7 are directed to a mobile computing device, whereas claim 8 is directed to a server.  In other words, the claims are specifically drafted to have mutually exclusive elements.  To the extent that group 2 (claims 8-13) is not an obvious variant of group 1 (claims 1-7 and 16), examining both groups would present a significant burden as each group requires different limitations, requiring independent searches and considerations. 
Applicant’s argument is not persuasive. 


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5, and 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dean et al., US 2020/0314644 (filed 2017-07), in view of Collinge et al., US 2013/0262317 (published 2013-10).
As to claims 1 and 7, Dean discloses a method/machine comprising: 
receiving, at a mobile computing device, from a server system, and storing, by the mobile computing device, in memory associated with the mobile computing device: 
one or more application sequence counter values; (“The key index may include time information (e.g., a timestamp) indicating when the LUK is generated, and/or may include a replenishment counter value indicating the number of times that the LUK has been renewed or replenished for a particular account,” Dean ¶ 47. “Once the mobile application of portable communication device 201 receives terminal transaction data S210, the mobile application may increment its Application Transaction Counter (ATC)” Dean ¶ 72)
one or more limited use credentials (LUCs), (“The LUK may be associated with a set of one or more limited-use thresholds that limits the usage of the LUK, where once the usage of the LUK has exhausted or exceeded the set of one or more limited-use thresholds, a further transaction conducted using that LUK will be declined even if the underlying account is still in good standing.” Dean ¶ 45) each LUC being bound to a corresponding one of the application sequence counter values; (Dean ¶¶ 47 and 72 and Figure 5) … an account token; (“account ID or token” Dean ¶ 60)
subsequently receiving, by the mobile computing device, (“the request for data may occur in any of the messages that pass from the access device 260 to the portable communication device 201 in FIG. 2 (e.g., steps S202, S206, S210, S214).” Dean ¶ 89) an authentication request from a terminal; (“In response to receiving the account data request S214 from access device 260, portable communication device 201 may send the account data S216 stored at the location indicated by the AFL to access device 260.” Dean ¶ 79, requesting authentication via account data.)
in response to receiving the authentication request, determining, by the mobile computing device, that no LUC is available for fulfilling the request; and (“If the access device 360, the portable communication device 201, or a remote computer determines that the LUK is expired or will expire very soon, then the access device 260 may send a request for a new LUK” Dean ¶ 80.  Also Dean ¶¶ 91 and 107)
in response to determining that no LUC is available (“the portable communication device 201 may include an indication that the current LUK (an example of a first limited use key) present on the portable communication device is expired or otherwise needs to be replenished. The portable communication device 201 can do this on its own” Dean ¶ 80) for fulfilling the request: (“In step S306, the portable communication device 310 transmits an LUK status to the access device 320. In some embodiments, the current LUK status may be passed in any of the messages from the portable communication device 310 to the access device 260 in FIG. 2 (e.g., steps S204, S208, S212, S216).” Dean ¶ 90)
transmitting, (In step S306, the portable communication device 310 transmits an LUK status to the access device 320. In some embodiments, the current LUK status may be passed in any of the messages from the portable communication device 310 to the access device 260 in FIG. 2 (e.g., steps S204, S208, S212, S216)…. a new LUK which may be sent to …. the portable communication device 101, 201 in any of the steps shown in FIG. 2 (e.g., in steps S202, S206, S210, and/or S214).. Dean ¶ 90.) 
by the mobile computing device, to the terminal, the account token and an application cryptogram generated from an … credential …; and ( “in some embodiments, an account identifier or token, and additional information (e.g., a transaction cryptogram, account parameters, etc.) can be transmitted to access device 160 in APDU responses that are responsive to a series of APDU commands received from access device 160. Access device 160 or a merchant computer coupled to access device 160 may then generate an authorization request message” Dean ¶ 60. Also Dean ¶¶ 80, 91 and 107. All responses by the communication device include the LUK status, the token, and a cryptogram.)

Dean does not disclose:
one or more emergency credentials;  and 
… generated from an emergency credential of said one or more emergency credentials 
updating, by the mobile computing device, a current application sequence counter. 

Collinge discloses:
one or more emergency credentials;  and (“In step 1704, at least the storage key, an authentication component, and static payment credentials may be provisioned to the mobile device 104, wherein the static payment credentials are associated with a payment account.” Collinge ¶ 138.)
… generated from an emergency credential of said one or more emergency credentials ; and (see Collinge Fig. 17, mobile device requesting new LUCs.  “a chip authentication program (CAP) token may be received from the mobile device 104.” Collinge ¶ 139. “The processing device is configured to generate a chip authentication program (CAP) token, wherein the CAP token is based on at least the authentication component and the at least one additional credential.” Collinge ¶ 14.)
Updating, by the mobile computing device, (“the encrypted payload may be decrypted using the KSTORAGE and stored in the storage 304.” Collinge ¶ 85) a current application sequence counter. (“As part of the encrypted payload, the payment credentials management system 704 may generate a session key unpredictable number (KSUN), a cloud unpredictable number (UNCLOUD), and may identify and/or store a plurality of dynamic card validation code (CVC3) keys and the KSTORAGE. The encrypted payload may include at least one CVC3 key, the KSUN, and the application transaction counter” Collinge ¶ 83)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Dean with Collinge by provisioning an authentication component for use in generating a replenishment request to obtain further limited use keys.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Dean with Collinge in order to generate the authentication material suggested in Dean ¶ 91 for LUC refresh, using known LUC replenishment authentication component of Collinge, thereby obtaining new limited use credentials using known security methods and allowing authentication of a device requesting permission for financial transactions. 

As to claim 5, Dean in view of Collinge discloses the method of claim 1 and further discloses:
… determining, by the mobile computing device, (see Collinge Fig. 17, mobile device requesting new LUCs.) that the authentication request relates to a zero- value transaction; … is in response to determining that the authentication request relates to a zero-value transaction. (“the LUK update request may be in the form of an authorization request message such as an ISO 8583 message, but may contain no amount, zero dollars, or a nominal amount (e.g., $0.03) to indicate that it is not requesting authorization for a transaction, but is requesting a new LUK.” Dean ¶ 91)

Dean in view of Collinge does not disclose:
in response to receiving the authentication request,
wherein transmitting the account token and the application cryptogram.

Dean further suggests that the LUK request can be responsive to a network determination that the LUK should be renewed, as claimed:
in response to receiving the authentication request,
(“an indication that the current LUK (an example of a first limited use key) present on the portable communication device is expired or otherwise needs to be replenished. The portable communication device 201 can do this on its own or may do this in response to a query from the access device 260 (e.g., in steps S202, S206, S210, and/or S214). If the access device 360, the portable communication device 201, or a remote computer determines that the LUK is expired or will expire very soon, then the access device 260 may send a request for a new LUK (an example of a second limited use key) to the token platform 180” Dean ¶ 80. Step S214 being analogous to an authentication request.)
wherein transmitting the account token and the application cryptogram. (“an indication that the current LUK (an example of a first limited use key) present on the portable communication device is expired or otherwise needs to be replenished. The portable communication device 201 can do this on its own or may do this in response to a query from the access device 260 (e.g., in steps S202, S206, S210, and/or S214).” Dean ¶ 80)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Dean in view of Collinge with Dean by utilizing the zero dollar message of Dean ¶ 91 for a query to the mobile device for an indication of whether the current LUK is expired or needs to be replenished.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Dean in view of Collinge with Dean in order to utilize existing communication messages to accomplish renewing of limited use credentials, thereby maintaining compatibility with older systems while providing new functionality for newly capable systems. 

Claim 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dean et al., US 2020/0314644 (filed 2017-07), in view of Collinge et al., US 2013/0262317 (published 2013-10) and Saint et al., US 2016/0065370 (2015-08).
	As to claim 2, Dean in view of Collinge discloses the method of claim 1 but does not further disclose:
receiving an LUC master key with which the stored LUCs are encrypted; and storing the LUC master key only in a volatile memory device of the mobile computing device.

Saint discloses:
receiving (“a provisioning response message including a blinded static server computer public key and encrypted response data is received from server computer. Typically, the blinded static server computer public key may be a blinded form of the static server computer public key used at step 404 to generate the first shared secret.” Saint ¶ 108) an LUC master key (the session key, derived from keying material in Saint ¶ 108, see Saint ¶¶ 109-110) with which the stored LUCs are encrypted; (“the encrypted response data is decrypted using the second session key to obtain … payload data. …. The payload data or payment credentials can include …, a limited use key (LUK) that can be used to conduct future transactions” Saint ¶ 112) and storing the LUC master key only in a volatile memory device of the mobile computing device. (“key materials such as shared secrets, session keys, and the like, may be destroyed or otherwise rendered inaccessible (e.g., encrypted) at the server computer and/or user device when they are no longer needed locally.” Saint ¶ 171).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Dean in view of Collinge with Saint by provisioning the LUC keys encrypted with a ‘master LUC key’ in the manner described by Saint.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Dean in view of Collinge with Saint in order to securely provide the payment credentials to a terminal, thereby preventing unauthorized parties from obtaining and utilizing the payment credentials. 


Claims 3, 6, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dean et al., US 2020/0314644 (filed 2017-07), in view of Collinge et al., US 2013/0262317 (published 2013-10) and Wong et al., US 2015/0339664 (2015-05).
	As to claim 3, Dean in view of Collinge discloses the method of claim 1 but does not further disclose:
each emergency credential is bound to a corresponding one of the application sequence counter values and the application cryptogram is generated from both the emergency credential and its corresponding application sequence counter value

Wong discloses:
each emergency credential is bound to a corresponding one of the application sequence counter values (“replenishment request 422 may include some or all of the information contained in the transaction verification log” Wong ¶ 142. “If the transaction log information in the replenishment request matches the transaction log information at the remote computer, process 800 may continue to block 802, and communication device may receive a new LUK and a new key index associated with the new LUK” Wong ¶ 178.  Information in transaction log must match what is expected.) and the application cryptogram is generated from both the emergency credential and its corresponding application sequence counter value (“The transaction verification log may be associated with and/or may include the key index corresponding to the LUK or set of account parameters used in the logged transactions, and a sequence counter value associated with the key index or set of account parameters indicating the number of times the LUK or set of account parameters have been replenished.” Wong ¶ 137. Replenishment request includes the ‘replenishment counter’ discussed throughout Wong.).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Dean in view of Collinge with Wong by performing the replenishment using the transaction log validation (Wong) for the authentication component of Collinge (Collinge ¶ 138).  It would have been obvious to a person of ordinary skill in the art to combine Dean in view of Collinge with Wong in order to validate that the credential request comes from a system with the expected key states, thereby preventing spoofed key requests. 

As to claim 6, Dean in view of Collinge discloses the method of claim 1 and further discloses:
subsequent to transmitting the application cryptogram to the terminal and updating the current application sequence counter: (“As part of the encrypted payload, the payment credentials management system 704 may generate a session key unpredictable number (KSUN), a cloud unpredictable number (UNCLOUD), and may identify and/or store a plurality of dynamic card validation code (CVC3) keys and the KSTORAGE. The encrypted payload may include at least one CVC3 key, the KSUN, and the application transaction counter” Collinge ¶ 83).
…
transmitting, by the mobile computing device, a request, to a server system, for one or more additional LUCs (see Collinge Fig. 17, mobile device requesting new LUCs.  “a chip authentication program (CAP) token may be received from the mobile device 104.” Collinge ¶ 139.) 

Dean in view of Collinge does not disclose: 
detecting, by the mobile computing device, that communication over the internet is possible; and 
in response to detecting that communication over the internet is possible,
and one or more additional emergency credentials, wherein the request comprises the current application sequence counter value. 

Wong discloses:
detecting, by the mobile computing device, that communication over the internet is possible; and 
in response to detecting that communication over the internet is possible, (“An access device can determine whether such limited-use thresholds has been exceeded by communicating with an issuer or cloud-based payments platform when network connectivity is available, and if such limited-use thresholds have been exceeded, a new certificate authority public key can be provided to the access device.” Wong ¶ 64)
and one or more additional emergency credentials, (“a new signature key and associated certificates should be provisioned to the communication device to allow the communication device to conduct further ODA transactions. In some embodiments, the certificate authority public key may also have its own time-to-live limited-use threshold.” Wong ¶ 64. The signature key being distinct from the LUK: “may include the new set of account parameters (e.g., new key index, new LUK, new signature key” Wong ¶ 143)
wherein the request comprises the current application sequence counter value. (replenishment request, Wong ¶ 142. “The transaction verification log may be associated with and/or may include the key index corresponding to the LUK or set of account parameters used in the logged transactions, and a sequence counter value associated with the key index or set of account parameters indicating the number of times the LUK or set of account parameters have been replenished.” Wong ¶ 137. Replenishment request includes the ‘replenishment counter’ discussed throughout Wong.).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Dean in view of Collinge with Wong by performing the replenishment during periods of network connectivity to obtain new limited use credentials and a new authentication component (e.g. the emergency credential, Collinge ¶ 138).  It would have been obvious to a person of ordinary skill in the art to combine Dean in view of Collinge with Wong in order to perform key updates when messaging capabilities are available (network connectivity) to obtain new limited use credentials and associated data necessary for use.

As to claim 16, Dean in view of Collinge discloses the method of claim 1 but does not further disclose:
wherein the application cryptogram is generated from said emergency credential of the one or more emergency credentials (see Collinge Fig. 17, mobile device requesting new LUCs.  “a chip authentication program (CAP) token may be received from the mobile device 104.” Collinge ¶ 139. “The processing device is configured to generate a chip authentication program (CAP) token, wherein the CAP token is based on at least the authentication component and the at least one additional credential.” Collinge ¶ 14.)

Dean in view of Collinge does not disclose:
 and the current application sequence counter value.

Wong discloses:
and the current application sequence counter value.
(“replenishment request 422 may include some or all of the information contained in the transaction verification log” Wong ¶ 142. “The transaction verification log may be associated with and/or may include the key index corresponding to the LUK or set of account parameters used in the logged transactions, and a sequence counter value associated with the key index or set of account parameters indicating the number of times the LUK or set of account parameters have been replenished.” Wong ¶ 137. Replenishment request includes the ‘replenishment counter’ discussed throughout Wong.).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Dean in view of Collinge with Wong by performing the replenishment using the transaction log validation (Wong) for the authentication component of Collinge (Collinge ¶ 138).  It would have been obvious to a person of ordinary skill in the art to combine Dean in view of Collinge with Wong in order to validate that the credential request comes from a system with the expected key states, thereby preventing spoofed key requests. 



Claims 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dean et al., US 2020/0314644 (filed 2017-07), in view of Collinge et al., US 2013/0262317 (published 2013-10) and Freeman et al., US 2005/0123142 (2015-05).
	As to claim 4, Dean in view of Collinge discloses the method of claim 1 and further discloses:
deleting, by the mobile computing device, the matching LUC from the memory associated with the mobile computing device. (“The portable communication device 310 may then store the new LUK in favor of the previously stored LUK. In some embodiments, the previously stored LUK may be deleted so that it may not be re-used.” Dean ¶ 94)

Dean in view of Collinge does not disclose: 
subsequent to updating the current application sequence counter, determining, by the mobile computing device, that the current application sequence counter value matches the application sequence counter value of one of the LUCs; and 
in response to determining that the current application sequence counter value matches the application sequence counter value of one of the LUCs,

Freeman discloses:
subsequent to updating the current application sequence counter, (“Thf3.” Freeman ¶ 54) determining, by the mobile computing device, that the current application sequence counter value matches the application sequence counter value of one of the LUCs; and 
in response to determining that the current application sequence counter value matches the application sequence counter value of one of the LUCs,
 (“key identifier of the SKRP private key 473. When an authentic rekey request for an existing key is processed, the private key is replaced with the SKRP private key 473, because the key identifier of the S SKRP private key 473 is identical to the key identifier of the private key to be replaced” Freeman ¶ 54)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Dean in view of Collinge with Freeman by allowing for the new LUK response (Dean Fig. 3) to replace existing key indexes, (Freeman).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Dean in view of Collinge with Freeman in order to allow for the rekeying of particular LUK instances in order to renew particular keys whose use thresholds have expired (Dean ¶ 48), thereby allowing replacement of particular keys out of order based on use thresholds. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Ngo et al., US 2022/0019995, discloses deleting old single use account parameters when new account parameters are received. 
Srivastava et al., US 2019/0190704, discloses provisioning single use keys that are encrypted by a user PIN. 
Kaladgi et al., US 2016/0277363, discloses decrypting limited use keys with a user PIN.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL W CHAO/           Examiner, Art Unit 2492