DETAILED ACTION
The following claims are pending in this office action: 1-2 and 4-23
The following claims are amended: 1, 4-6, 8, 11-13, 15-16 and 18
The following claims are new: 21-23
The following claim is cancelled: 3
Claims 1-2, 4-21 and 23 are rejected. 
Claim 22 is objected to.  
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 05/04/2022 has been entered.  
Previous Objections and Rejections Withdrawn
The 35 U.S.C. Section 112(b) rejections to claims 13-20 are withdrawn based on the amendments. 
The nonstatutory double patenting rejection to claims 1-2 and 14-20 are withdrawn based on the amendments.  The additional amendments make it so that the claim subject matter is patentably distinct from the subject matter claimed in Shpurov et al. (US App. 16/715,189).  For example, nowhere in Shpurov does the reference teach that the token of the registration request is associated with a predefined geographic location and a predefined time, and that the registration request includes a first or a second signature to the registration request.  As the registration request is the matter to which the claims are directed, whereas the allocation request is the matter to which the claims of Shpurov are directed, the claim subject matter of the two applications are patentably distinct.  
Examiner’s interpretation of the terms “computing system” and “peer computing systems” as generic placeholders, and thus the associated interpretations under 35 U.S.C. 112(f) are withdrawn.  The claim term “computing unit” (or in this case “computing system”) when read in light of the specification connotes sufficient, definite structure to one of skill in the art to preclude application of 32 U.S.C. 112(f).  See MPEP 2181 Sec. I.A.
Allowable Subject Matter
Claims 22 would be allowable if rewritten to overcome the rejections under 35 U.S.C. 112(b) set forth in this Office action and to include all of the limitations of the base claim.
RESPONSE TO ARGUMENTS
Applicant’s arguments filed in the amendment filed 05/04/2022 have been fully considered but are moot in view of new grounds of rejection necessitated by amendment. 
Independent claims 1 and 12 are amended to recite, among other limitations “a first digital token indicative of a prior authentication associated with the device, and the first digital token being associated with at least one of a predetermined temporal period or a predetermined geographic location”, “obtain a second digital token associated with at least one of a network address of the device or an application cryptogram of the application program”, and “based on a determination that the first digital token corresponds to the second digital token…approve the registration request”.   These limitations and other amended elements necessitate a new ground of rejection which now includes Good et al. (US Pub. 2017/0270521) below and is rejected accordingly.  
Independent claim is 13 has been amended to recite, among other limitations, “first digital token indicative of a prior authentication associated with the device, and the first digital token being associated with at least one of a predetermined temporal period or a predetermined geographic region”, “obtaining a second digital token associated with at least one of a network address of the device or an application cryptogram of the application program”, and “based on a determination that the first corresponds to the second digital token… approving the registration request”.  These limitations and other amended elements necessitate a new ground of rejection which now include Good et al. (US Pub. 2017/0270521) and Bengochea (US Pub. 2016/0065593) below and is rejected accordingly.  
New claim 21 recites “validate the first digital signature based on at least the public cryptographic key and the code challenge”. This limitation necessitates a new ground of rejection which now includes Crocker et al. (US Pub. 2015/0312331) below and is rejected accordingly.  
New claim 23 recites “validate the first digital token based on a determination that the apparatus receives the registration request during the predetermined temporal interval and on the determination that the predetermined geographic region includes a geographic location associated with the registration request”.  This limitation necessitates a new ground of rejection which now includes Hassan et al. (US Pub. 2020/0322791) below and is rejected accordingly.  
Dependent claims 2, 4-11, and 14-20 depend on independent claims 1 and 13.  The amended elements in the independent claims necessitate a new ground of rejection which now include Good et al. (US Pub. 2017/0270521) and Bengochea (US Pub. 2016/0065593) below, and so any additional features to the dependent claims are rejected accordingly.
In regards to applicant’s comments regarding impermissible hindsight, any sections citing Applicant’s specification are cited only to explain the broadest meaning of the terms of the claims in view of the specification.  Claims must be given their broadest reasonable interpretation in light of the specification.  See MPEP 2111.  
Claim Objections
Claim 22 is objected to because of the following informalities:
Claim 22 recites the limitation “a determination that the first digital token corresponds to the second digital token” (claim 22, ln. 10-11).  This appears to be a typographical error and results an issue regarding antecedent basis.  Examiner suggests replacing the limitation with “the determination that the first digital token corresponds to the second digital token” to conform with the same formatting in claim 5, ln. 13-14.  
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4 and 7-12 are rejected under 35 U.S.C. 103 as being unpatentable over Ragononi et al. (US Pub. 2019/0280875) (hereinafter “Ragononi”) in view of Adams et al. (US Pub. 2017/0272413) (hereinafter “Adams”), in view of Circenis et al. (US Pub. 2004/0054908) (hereinafter “Circenis”) and in view of Good et al. (US Pub. 2017/0270521) (hereinafter “Good”).

As per claim 1, Ragononi teaches an apparatus comprising: a communication interface, ([Ragononi, para. 0107; para. 0115] embodiments described include networks, such as a LAN networking environment connected to the LAN through a network interface for communications)
 a memory storing instructions; and ([Ragononi, para. 0111] the system memory includes computer storage media storing instructions) 
at least one processor coupled to the communications interface and the memory, the at least one processor being configured to execute the instructions to: ([Ragononi, para. 0116; para. 0107]  instructions are executed by the processor of the computer which are connected to the communications interface and the memory)
receive, from a device via the communications interface, a message (the message as a registration request is taught by Adams below) and a first digital signature applied to the message, the message comprising a public cryptographic key ([Ragononi, para. 0082; Fig. 5] the customer device sends the message MSG and a digital signature of the customer [a digital signature applied to the message] to the issuer server [the apparatus].  The message as a registration request generated by an application program executed at the device and associated with the apparatus, and the registration request comprising a public cryptographic is taught by Adams below.  The public cryptographic key being generated by the application program is taught by Circenis below.  The registration request comprising a first digital token indicative of a prior authentication associated with the device, and the first digital token being associated with at least one of a predetermined temporal period or a predetermined geographic region is taught by Good below) 
based on the validation of the first digital signature, approve the message ([Ragononi, para. 0068] the check( ) function used to check the integrity of the message [validation], the digital signature of the message generated by the first customer device [first digital signature], and generates an output that indicates whether or not the message is authentic [approve the message].  The message as a registration request is taught by Adams below) and apply a second digital signature to the message and the first digital signature, ([para. 0055-0056] the issuer server [apparatus] receives the message from the customer device, and applies a second signature to the message; the message is the same message as described in para. 0082: the public key of the customer and a digital ticket; [para. 0121] all embodiments [i.e. Fig. 2A: validation of the customer signature, and Fig. 1A: applying a second digital signature] can be combined in any way and/or combination; the message as a registration request is taught by Adams below) the second digital signature being indicative of the approval of message by the apparatus; and ([Para. 0048] a digital signature of the transferring party ensures that the transferring party [the issuer server/apparatus] is not able to repudiate a transfer [indicative of approval of the message as repudiate is an antonym of approval].  The message as a registration request is taught by Adams below) 
transmit, via the communications interface, the message, the first digital signature, and the second digital signature to a computing system, the computing system performing operations that validate the first digital signature and the second digital signature, and based on the validation of the first and second digital signatures, ([Ragononi, para. 0057-0058] the issuer sends a ticket registration message [the registration request and the first signature: see para. 0066] as well as the digital signature of the issuer server [the second digital signature] to the TCA server [a computing system]; the TCA server checks the integrity of the ticket registration message [first signature] and the digital signature; the message as a registration request is taught by Adams below) performing operations that record the public key of the customer within an element of a distributed ledger. ([Para. 0061] the TCA server inserts the record into the publicly viewable transaction ledger [an element of a distributed ledger] which includes the public key of the customer device.  The public key of the customer device as a public key of an application program running on the customer device is taught by Circenis below)
Ragononi does not clearly teach receive, from a device via the communications interface, a registration request; the registration request being generated by an application program executed at the device, the registration request comprising a public cryptographic key of the application program; the registration request comprising a public cryptographic key of the application program; the registration request comprising a first digital token indicative of a prior authentication associated with the device, and the first digital token being associated with at least one of a predetermined temporal period or a predetermined geographic region; validate the first digital signature based on at least on the public cryptographic key of the application program, and obtain a second digital token associated with at least one of a network address of the device or an application cryptogram of the application program; and based on a determination that the first digital token corresponds to the second digital token, approve the registration request. 
However, Adams teaches receive from a device via the communications interface, ([Adams, para. 0024; para. 0055] a communications component [communications interface] allows a user device to communicate with a program provider server) a registration request; ([para. 0055] the device communicates registration request data [a registration request] to the program provider server)
the registration request being generated by an application program executed at the device, ([Adams, para. 0054; para. 0055] the program provider application on the device generates the program provider registration request) and associated with the apparatus ([para. 0055] the program provider registration request is suitable data that may be used by the program provider subsystem [the apparatus] for provisioning on the device, and so is associated with the program provider subsystem) and the registration request comprising a public cryptographic key ([Para. 0031; para. 0055] the program provider application on the device, and accessed by the device includes a public key of the program provider application, a program provider key that is included in the registration request data.  A public cryptographic key of the application program is more clearly taught by Circenis below)
Ragononi and Circenis are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi with the teachings of Adams to include receive, from a device via the communications interface, a registration request; the registration request being generated by an application program executed at the device, and associated with the apparatus and the registration request comprising a public cryptographic key.  One of ordinary skill in the art would have been motivated to make this modification because an application allows the system to dictate the way in which data (such as loyalty credential data) may be communicated by the program provider subsystem. (Adams, para. 0024)
Ragononi in view of Adams does not clearly teach the request comprising a public cryptographic key of the application program; the registration request comprising a first digital token indicative of a prior authentication associated with the device, and the first digital token being associated with at least one of a predetermined temporal period or a predetermined geographic region; and validate the first digital signature based on at least on the public cryptographic key of the application program, and obtain a second digital token associated with at least one of a network address of the device or an application cryptogram of the application program; and based on a determination that the first digital token corresponds to the second digital token, approve the registration request.  
However, Circenis teaches a public cryptographic key of the application program; and ([Circenis, Fig. 3, para. 0030] a application public key 130 of application 120 is described that may be used to validate digital signatures.  A registration request comprising a public cryptographic key was taught by Adams above) 
validate the first digital signature based on the public cryptographic key of the application program.  ([Circenis, Fig. 3, para. 0030; para. 0036] the validation computer uses the application public key to validate the digital signature)
Ragononi, Adams and Circenis are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams with the teachings of Circenis to include a public cryptographic key of the application program; and validate the first digital signature based on the public cryptographic key of the application program.  One of ordinary skill in the art would have been motivated to make this modification because such a public-private key pair may be used to authenticate the source of data being transferred by means of a digital signature, and allows for a high level of confidence that the data signed has not been modified. (Circenis, para. 0027)
Ragononi in view of Adams and Circenis does not clearly teach the registration request comprising a first digital token indicative of a prior authentication associated with the device, and the first digital token being associated with at least one of a predetermined temporal period or a predetermined geographic region; obtain a second digital token associated with at least one of a network address of the device or an application cryptogram of the application program; and based on a determination that the first digital token corresponds to the second digital token, approve the registration request.  
However, Good teaches the registration request ([Good, para. 0058; Fig. 4] “At 402 the notification engine 116 receives a request from customer 112a, for example, to enroll”) comprising a first digital token ([para. 0058] “from token A”) indicative of a prior authentication ([para. 0021] in a transaction, it is determined whether the payment account is authorized [an authentication], and a notification [a prior authorization] is submitted after authorization) … ([para. 0037] the token includes notification rules, which indicate transmission of a notification [a prior authentication]) associated with the device, ([para. 0020] “communication devices 114a-b … is associated with a token issued to a respective one of the customers”) and the first digital token being associated with at least one of a predetermined temporal period or a predetermined geographic region; ([para. 0038] a notification is generated when a token is not used within a defined geographic location, and when the token is used within a predefined time period, and so the digital token is associated with such parameters)
obtain a second digital token ([Good, para. 0058] the notification engine access [receives] the child token from data structure 118 [in an embodiment, a separate entity from the notification engine – see para. 0032]) associated with at least one of a network address of the device or an application cryptogram of the application program; ([para. 0036] the child token contains a unique device ID for each of the communication devices [network address]; [para. 0020] the tokens are account identifiers for providing account credentials [cryptogram] for the e-wallet payment application [of the payment application])
and based on a determination that the first digital token corresponds to the second digital token, approve the registration request.  ([Good, para. 0059; Fig. 4] “determine whether or not token A is a parent of [corresponds to] token B”; if token A is determined to be a parent to token B, enrollment is completed)
Ragononi, Adams, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams and Circenis with the teachings of Good to include the registration request comprising a first digital token indicative of a prior authentication associated with the device, and the first digital token being associated with at least one of a predetermined temporal period or a predetermined geographic region; obtain a second digital token associated with at least one of a network address of the device or an application cryptogram of the application program; and based on a determination that the first digital token corresponds to the second digital token, approve the registration request.  One of ordinary skill in the art would have been motivated to make this modification because the use of tokens can enable transactions involving the computing device with greater security without a sacrifice to efficiency or convenience [for example by tracking the transactions.  (Good, para. 0082)

As per claim 2, Ragononi in view of Adams, Circenis and Good teaches claim 1.  
Ragononi also teaches wherein the at least one processor is further configured to apply the second digital signature to the registration request and to the first digital signature using a private cryptographic key of the apparatus.  ([Ragononi, para. 0056] the issuer server [the apparatus] signs the message [applies the second signature] using the private key of the issuer server)

As per claim 4, Ragononi in view of Adams, Circenis and Good teaches claim 1.  
Ragononi in view of Adams, Circenis and Good does not clearly teach wherein the registration request comprises registration data generated by the application program executed at the device, the registration data comprising the network address of the device and the application cryptogram.
However, Adams teaches wherein the registration request comprises registration data ([Adams, para. 0055] the registration request sent to the program provider includes personalization data [registration data]) generated by the application program executed at the device, ([para. 0054] the personalization data is collected the application running on the device) the registration data comprising the network address of the device ([para. 0024, para. 0054] the personalization includes device identification information that includes an address of the device) and the application cryptogram. ([Para. 0031; para. 0055] the user personalization data is signed using a program provider key, a key associated with the application)  
Ragononi, Adams, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Circenis and Good with the teachings of Adams to include wherein the registration request comprises registration data generated by the application program executed at the device, the registration data comprising a network address of the device and an application cryptogram associated with the application program.  One of ordinary skill in the art would have been motivated to make this modification because personal data collected from the owner of an electronic device may be used by the program provider subsystem to register personalized credentials without the manual entry of a substantial amount of information.  (Adams, para. 0003; para. 0019)

As per claim 7, Ragononi in view of Adams, Circenis and Good teaches claim 4.  
Ragononi in view of Circenis and Good does not clearly teach wherein the device is operable by a user and the registration data comprises profile data associated with the user, and further wherein the at least one processor is further configured to store at least a portion of the registration data within the memory.
However, Adams teaches wherein the device is operable by a user and the registration data comprises profile data associated with the user, and further wherein the at least one processor is further configured to store at least a portion of the registration data within the memory. ([Adams, para. 0054; para. 0055; para. 0056] the user device sends to the program provider subsystem user personalization data [profile data associated with the user].  The program provider subsystem receives user personalization data for use to define credential data to provide a loyalty account card.  The program provider memory component is used to store such personalization data and associated credential data [see para. 0025]) 
Ragononi, Adams, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Circenis and Good with the teachings of Adams to include wherein the device is operable by a user and the registration data comprises profile data associated with the user, and further wherein the at least one processor is further configured to store at least a portion of the registration data within the memory.  One of ordinary skill in the art would have been motivated to make this modification because personal data collected from the owner of an electronic device may be used by the program provider subsystem to register personalized credentials without the manual entry of a substantial amount of information.  (Adams, para. 0003; para. 0019)

As per claim 8, Ragononi in view of Adams, Circenis and Good teaches claim 4.  
Ragononi also teaches wherein the computing system performs operations that record, within the element of the distributed ledger, the public cryptographic key ([Ragononi, para. 0060] the public key of the customer device, is incorporated into a record by the TCA server; [para. 0061] the record is inserted into the publicly viewable transaction ledger – a distributed ledger) at least one of (i) a portion of the registration data or (ii) a hash value representative of the portion of the registration data. ([Para. 0060] data describing the purchase ticket [a portion of the registration data], and a hash of the message [see para. 0058] is stored within the ledger)
Ragononi in view of Adams and Good does not clearly teach the public cryptographic key of the executed application program.  
However, Circenis teaches a public cryptographic key of the executed application program; and ([Circenis, Fig. 3, para. 0030; para. 0006] a application public key 130 of application 120 is described that may be used to validate digital signatures where the application is executed) 
Ragononi, Adams, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams and Good with the teachings of Circenis to include the public cryptographic key of the executed application program.  One of ordinary skill in the art would have been motivated to make this modification because such a public-private key pair may be used to authenticate the source of data being transferred by means of a digital signature, and allows for a high level of confidence that the data signed has not been modified. (Circenis, para. 0027)

As per claim 9, Ragononi in view of Adams, Cirenis and Good teaches claim 1.  
Ragononi also teaches receive, via the communications interface, confirmation data indicative of the recordation of the public cryptographic key within the element of the distributed ledger; and ([Ragononi, para. 0060; para. 0062] the public key of the customer device, a public application key implemented by an application, and so a public cryptographic key of the application program executed by the device, is incorporated into a record by the TCA server; after storing the record in the ledger, the TCA server sends a message back to the issuer server confirming that the transaction was accepted by the TCA server and recorded in the memory of the ledger.  The public cryptographic key of the application program is more clearly taught by Circenis below)
transmit the confirmation data to the device via the communications interface, the executed application program causing the device to present a portion of the confirmation data within a digital interface. ([Ragononi, para. 0063] after obtaining the confirmation from the TCA server, the issuer server provides the same message to the user device, and allowing the user device to use the transaction ID [a portion of the confirmation data] to confirm that the transaction has been recorded.  [Para. 0098-0099] the customer device includes a user interface that may display transaction data)
Ragononi in view of Adams and Good does not clearly teach the public cryptographic key of the application program.  
However, Circenis teaches the public cryptographic key of the application program ([Circenis, Fig. 3, para. 0030] an application public key 130 of application 120 is described that may be used to validate digital signatures)
Ragononi, Adams, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams and Good with the teachings of Circenis to include the public cryptographic key of the application program.  One of ordinary skill in the art would have been motivated to make this modification because such a public-private key pair may be used to authenticate the source of data being transferred by means of a digital signature, and allows for a high level of confidence that the data signed has not been modified. (Circenis, para. 0027)

As per claim 10, Ragononi in view of Adams teaches claim 9. 
Ragononi in view of Circenis and Good does not clearly teach wherein the device is operable by a user, and the confirmation data confirms a registration of the user as a member of a loyalty program associated with the distributed ledger.
However, Adams teaches wherein the device is operable by a user, and the confirmation data confirms a registration of the user as a member of a loyalty program associated with the distributed ledger.  ([Adams, para. 0020] a system where registration of a device operable by a user is disclosed.  The system allows registration of a user as a member of a loyalty program.  [Para. 0059] device registration notification data [confirmation data], confirmation of the registration, is stored in a distributed network-coupled storage system [a distributed ledger – see para. 0083]) 
Ragononi, Adams, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Circenis and Good with the teachings of Adams to include wherein the device is operable by a user, and the confirmation data confirms a registration of the user as a member of a loyalty program associated with the distributed ledger.  One of ordinary skill in the art would have been motivated to make this modification because a loyalty account or enrollment account for a user allows for facilitating transactions that benefits the user due to such enrollment/loyalty account. (Adams, para. 0019)

	As per claim 11, Ragononi in view of Adams teaches claim 1.  
	Ragononi also teaches wherein the computing system performs operations that receive the message, the first digital signature ([Ragononi, para. 0082] the customer device signs the message and sends it to the issuer server [the apparatus]; the issuer server sends the message including the customer device signature to the TCA server [the computing system]; the message as a registration request is taught by Adams below) and the second digital signature from the apparatus; ([Para. 0055; para. 0056] the issuer server [apparatus] receives the message from the customer device, and applies a second signature to the message.  The message is the same message as described in para. 0082: the public key of the customer and a digital ticket) 
	validate the second digital signature; and ([Ragononi, para. 0046; para. 0058] the second digital signature is verified by the corresponding public key: a cryptographic key of the computing system.  The TCA server uses the public key of the issuer to determine whether or not the message is authentic.  Using a cryptographic key of a computing system instead of the apparatus is taught by Adams below)
	based on the validation of the first and second digital signatures, transmit the public cryptographic key to one or more peer computing systems, the one or more peer computing systems performing operations that record the public cryptographic key within the element of the distributed ledger. ([Ragononi, para. 0061; para. 0072] after the validation step, the TCA server inserts a record that includes the public cryptographic key into the ledger; the distributed ledger is arranged such that it is contain on other servers, and thus, the record is transmitted to one or more peer computing systems.  The public cryptographic key as the public cryptographic key of the application program is taught by Circenis below)
	Ragononi in view of Circenis and Good does not clearly teach receive the registration request; validate a signature using a public cryptographic key of the computing system; and a public cryptographic key of the application program.  
	However, Adams teaches receive the registration request, ([Adams, para. 0054; para. 0055] the program provider application on the device generates the program provider registration request which is received by the program provider)  
validate a signature using the public cryptographic key of the computing system.  ([Adams, para. 0059] signature of signed tracking data contains a public certificate/key of a program provider that enables validation of the signature.  The public key is a public key of the computing system as both the program provider of Adams is associated with the loyalty program [see Adams, para. 0019] and the computing system is associated with loyalty program [see instant application, para. 016] in the same way)
Ragononi, Adams, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Circenis and Good with the teachings of Adams to include receive the registration request and validate a signature using a public cryptographic key of the computing system.  One of ordinary skill in the art would have been motivated to make this modification because the public certificate enables validation of a personalized program provider credential on a user device. (Adams, para. 0059)
Ragononi in view of Adams and Good does not clearly teach the public cryptographic key of the application program.  
However, Circenis teaches the public cryptographic key of the executed application program; and ([Circenis, Fig. 3, para. 0030; para. 0006] a application public key 130 of application 120 is described that may be used to validate digital signatures where the application is executed) 
Ragononi, Adams, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams and Good with the teachings of Circenis to include the public cryptographic key of the executed application program.  One of ordinary skill in the art would have been motivated to make this modification because such a public-private key pair may be used to authenticate the source of data being transferred by means of a digital signature, and allows for a high level of confidence that the data signed has not been modified. (Circenis, para. 0027)

	As per claim 12, this method has language that is identical or substantially similar to the steps performed by the apparatus of claim 1, and thus is rejected with the same rationale applied against claim 1.  

Claims 13-14 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ragononi in view of Adams, in view of Bengochea (US Pub. 2016/0065593) (hereinafter “Bengochea”), in view of Circenis and in view of Good.

	As per claim 13, Ragononi teaches an apparatus comprising a communications interface; ([Ragononi, para. 0107; para. 0115] embodiments described include networks, such as a LAN networking environment connected to the LAN through a network interface for communications)
a memory storing instructions; and ([Ragononi, para. 0111] the system memory includes computer storage media storing instructions) 
at least one processor coupled to the communications interface and to the memory, the at least one processor being configured to execute the instructions to: ([Ragononi, para. 0116; para. 0107]  instructions are executed by the processor of the computer which are connected to the communications interface and the memory)
receive, from a computing system via the communications interface, a message, a first digital signature applied to the message, ([Ragononi, para. 0082] the customer device sends and the issuer server receives the message MSG and a digital signature of the customer [a digital signature applied to the message] to the issuer server [a computer system]; the issuer server sends the message including the customer device signature to the TCA server [the apparatus]; the message as a registration request is taught by Adams below) a second digital signature applied to the message and to the first digital signature, ([Ragononi, para. 0055-0056] the issuer server receives the message from the customer device, and applies a second signature to the message which includes the first signature; the message is the same message as described in para. 0082: the public key of the customer and a digital ticket; [para. 0057-0058] the message including the first and second signatures are transmitted to the TCA server [the apparatus]; the message as a registration request is taught by Adams below), and the second digital signature being indicative of an approval of the message by the computing system; ([Para. 0048] a digital signature of the transferring party ensures that the transferring party [the issuer server/apparatus] is not able to repudiate a transfer [indicative of approval of the message as repudiate is an antonym of approval.  The registration request being generated by an application program executed at a device, the registration request comprising a first public cryptographic key and a digital signature being indicative of an approval of the registration request by the computer system is taught by Adams below.  The public cryptographic key being generated by the application program is taught by Circenis below.  A digital token associated with at least one of a predetermined temporal period or a predetermined geographic region is taught by Good below)
validate the first digital signature using the first public cryptographic key, ([Ragononi, para. 0046; para. 0105] a message signed using a private key can be verified using the corresponding public key, which includes a public/private key of applications that implement a signed message; [para. 0084; para. 0091] the TCA server receives the message and verifies the signature of the message using the public key provided by the customer device) and validate the second digital signature using a second public cryptographic key of the computing system; and ([para. 0046; para. 0058] the second digital signature is verified by the corresponding public key: a cryptographic key of the computing system.  The TCA server uses the public key of the issuer to determine whether or not the message is authentic.  Using a cryptographic key of a computing system instead of the apparatus is taught by Adams below)
based on the validation of the first and second digital signatures, approve the message ([Ragononi, para. 0057-0058] the issuer sends a ticket registration message [the registration request and the first signature: see para. 0066] as well as the digital signature of the issuer server [the second digital signature] to the TCA server [a computing system]; the TCA server checks the integrity of the ticket registration message [first signature] and the digital signature; the message as a registration request is taught by Adams below) ,and transmit, via the communications interface, the first public cryptographic key to one or more peer computing systems, the one or more peer computing systems performing operations that record the first public cryptographic key within an element of a distributed ledger. ([para. 0061; para. 0072] after the validation step, the TCA server inserts a record that includes the public cryptographic key into the ledger; the distributed ledger is arranged such that it is contained on other servers, and thus, the record is transmitted to one or more peer computing systems.  Based on a determination that the first code challenge corresponds to the second code challenge, approve the registration request is taught by Bengochea below)
Ragononi does not clearly teach receive, from a computing system via the communications interface, a registration request, the registration request being generated by an application program executed at a device and associated with the apparatus, the registration request comprising a first public cryptographic key of the application program, a digital token associated with at least one of a predetermined temporal period or a predetermined geographic region, and a challenge code generated by the apparatus; obtain a second code challenge associated with at least one of a network address of the device or an application cryptogram of the application program; and based on a determination that the first code challenge corresponds to the second code challenge, approve the registration request.
However, Adams teaches receive, from a computing system via the communications interface, ([Adams, para. 0024; para. 0055] a communications component [communications interface] allows a user device to communicate with a program provider server) a registration request, ([para. 0055] the device communicates registration request data [a registration request] to the program provider server)
the registration request being generated by an application program executed at a device ([Adams, para. 0054; para. 0055] the program provider application on the device generates the program provider registration request) and associated with the apparatus, ([para. 0055] the program provider registration request is suitable data that may be used by the program provider subsystem [the apparatus] for provisioning on the device, and so is associated with the program provider subsystem)  the registration request comprising a first public cryptographic key, ([Para. 0031; para. 0055] the program provider application on the device, and accessed by the device includes a public key of the program provider application, a program provider key that is included in the registration request data.  A public cryptographic key of the application program is more clearly taught by Circenis below)
Ragononi and Adams are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi with the teachings of Adams to include receive, from a device via the communications interface, a registration request; the registration request being generated by an application program executed at the device, and the registration request comprising a public cryptographic key.  One of ordinary skill in the art would have been motivated to make this modification because an application allows the system to dictate the way in which data [such as loyalty credential data] may be communicated by the program provider subsystem. (Adams, para. 0024)
Ragononi in view of Adams does not clearly teach the request comprising a public cryptographic key of the application program and the registration request comprising a digital token associated with at least one of a predetermined temporal period or a predetermined geographic region, and a first code challenge generated by the apparatus; obtain a second code challenge associated with at least one of a network address of the device or an application cryptogram of the application program; and based on a determination that the first code challenge corresponds to the second code challenge, approve the registration request.
However, Bengochea teaches the registration request comprising a first code challenge generated by the apparatus; ([Bengochea, para. Fig. 2; para. 0039] “the hash generating module 114 of the computing device 113 [the apparatus] may generate the first hash value 119 [a first challenge code] which may be sent … along with the registration request”)
obtain a second code challenge associated with at least one of a network address of the device or an application cryptogram of the application program; and ([Bengochea, para. Fig. 2; para. 0041] “the second hash value 107 [second code challenge] may be generated based on the encrypted received registration secret”;  [para. 0037] the registration secret includes identification information [network address of the device – see para. 0031] and an encrypted [cryptogram – see para. 0032] client challenge; [para. 0036] the client challenge is a request from an application running on the computing device [application cryptogram])
based on a determination that the first code challenge corresponds to the second code challenge, approve the registration request.  ([Bengochea, para. Fig. 2; para. 0040] “The matching determining module 108 determines whether the two hash values … match and, upon determining that they do match, the registering module 110 of the computer system may register the computing device”)
Ragononi, Adams, and Bengochea are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams with the teachings of Bengochea to include a first code challenge generated by the apparatus; obtain a second code challenge associated with at least one of a network address of the device or an application cryptogram of the application program; and based on a determination that the first code challenge corresponds to the second code challenge, approve the registration request.  One of ordinary skill in the art would have been motivated to make this modification because using such verifications on the registration service side, the system can insure that the computing device was indeed the device that issued the original registration request. (Bengochea, para. 0046)
Ragononi in view of Adams and Bengochea does not clearly teach the registration request comprising a digital token associated with at least one of a predetermined temporal period or a predetermined geographic region; and a public cryptographic key of the application program.  
However, Circenis teaches a public cryptographic key of the application program; and ([Circenis, Fig. 3, para. 0030] an application public key 130 of application 120 is described that may be used to validate digital signatures.  A registration request comprising a public cryptographic key was taught by Adams above) 
Ragononi, Adams, Bengochea and Circenis are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams, and Bengochea with the teachings of Circenis to include a public cryptographic key of the application program.  One of ordinary skill in the art would have been motivated to make this modification because such a public-private key pair may be used to authenticate the source of data being transferred by means of a digital signature, and allows for a high level of confidence that the data signed has not been modified. (Circenis, para. 0027)
Ragononi in view of Adams, Bengochea, and Circenis does not clearly teach the registration request comprising a digital token associated with at least one of a predetermined temporal period or a predetermined geographic region,
However, Good teaches the registration request ([Good, para. 0058; Fig. 4] “At 402 the notification engine 116 receives a request from customer 112a, for example, to enroll”) comprising a first digital token ([para. 0058] “from token A”) associated with at least one of a predetermined temporal period or a predetermined geographic region; ([para. 0038] a notification is generated when a token is not used within a defined geographic location, and when the token is used within a predefined time period, and so the digital token is associated with such parameters)
Ragononi, Adams, Bengochea, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams, Bengochea and Circenis with the teachings of Good to include the registration request comprising a digital token associated with at least one of a predetermined temporal period or a predetermined geographic region.  One of ordinary skill in the art would have been motivated to make this modification because the use of tokens can enable transactions involving the computing device with greater security without a sacrifice to efficiency or convenience (for example by tracking the transactions).  (Good, para. 0082)
	
As per claim 14, Ragononi in view of Adams, Bengochea, Circenis, and Good teaches claim 13.
Ragononi in view of Bengochea, Circenis and Good does not clearly teach wherein the registration request comprises registration data generated by the application program executed at the device, the registration data comprising a network address of the device and an application cryptogram associated with the application program.
However, Adams teaches wherein the registration request comprises registration data ([Adams, para. 0055] the registration request sent to the program provider includes personalization data [registration data]) generated by the application program executed at the device, ([para. 0054] the personalization data is collected the application running on the device) the registration data comprising the network address of the device ([para. 0024, para. 0054] the personalization includes device identification information that includes an address of the device) and an application cryptogram associated with the application program. ([Para. 0031; para. 0055] the user personalization data is signed using a program provider key, a key associated with the application)  
Ragononi, Adams, Bengochea, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Bengochea, Circenis and Good with the teachings of Adams to include wherein the registration request comprises registration data generated by the application program executed at the device, the registration data comprising a network address of the device and an application cryptogram associated with the application program.  One of ordinary skill in the art would have been motivated to make this modification because personal data collected from the owner of an electronic device may be used by the program provider subsystem to register personalized credentials without the manual entry of a substantial amount of information.  (Adams, para. 0003; para. 0019)


As per claim 17, Ragononi in view of Adams, Bengochea, Circenis, and Good teaches claim 14.
Ragononi in view of Circenis and Good does not clearly teach wherein the device is operable by a user and the registration data comprises profile data associated with the user. 
However, Adams teaches wherein the device is operable by a user and the registration data comprises profile data associated with the user. ([Adams, para. 0054; para. 0055; para. 0056] the user device sends to the program provider subsystem user personalization data [profile data associated with the user].  The program provider subsystem receives user personalization data for use to define credential data to provide a loyalty account card) 
Ragononi, Adams, Bengochea, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Bengochea, Circenis and Good with the teachings of Adams to include wherein the device is operable by a user and the registration data comprises profile data associated with the user.  One of ordinary skill in the art would have been motivated to make this modification because personal data collected from the owner of an electronic device may be used by the program provider subsystem to register personalized credentials without the manual entry of a substantial amount of information.  (Adams, para. 0003; para. 0019)

As per claim 18, Ragononi in view of Adams, Bengochea, Circenis, and Good teaches claim 14.
Ragononi also teaches based on the validation of the first and second digital signatures, generate a registration object that includes the public cryptographic key ([Ragononi, para. 0058; para. 0060] once the TCA server receives the registration message, it checks the integrity of the message [the first and second digital signatures] and incorporates the public key of the customer device [a public application key implemented by an application, and so a public cryptographic key of the application program executed by the device] into a record [a registration object] by the TCA server; [para. 0061] the record is inserted into the publicly viewable transaction ledger – a distributed ledger; a public cryptographic key of the application program is taught by Circenis below) and at least one of (i) a portion of the registration data or (ii) a hash value representative of the portion of the registration data; and ([Para. 0060] data describing the purchase ticket [a portion of the registration data], and a hash of the message [see para. 0058] is also incorporated into the record)
transmit, via the communications interface, the registration object to the one or more peer computing systems, the one or more peer computing systems being configured to perform operations that record the registration object within the element of the distributed ledger. ([Ragononi, para. 0061; para. 0072] after the validation step, the TCA server inserts a record that includes the public cryptographic key into the ledger; the distributed ledger is arranged such that it is contained on other servers, and thus, the record is transmitted to one or more peer computing systems)
Ragononi in view of Adams, Circenis and Good does not clearly teach based on the determination that the first code challenge corresponds to the second code challenge generate a registration object, and the public cryptographic key of the application program.  
However, Bengochea teaches based on the determination that the first code challenge corresponds to the second code challenge generate a registration object ([Bengochea, para. Fig. 2; para. 0040] “The matching determining module 108 determines whether the two hash values … match and, upon determining that they do match, the registering module 110 of the computer system may register the computing device [generate a registration object]”)
Ragononi, Adams, Bengochea, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams with the teachings of Bengochea to include based on the determination that the first code challenge corresponds to the second code challenge generate a registration object.  One of ordinary skill in the art would have been motivated to make this modification because using such verifications on the registration service side, the system can insure that the computing device was indeed the device that issued the original registration request. (Bengochea, para. 0046)
Ragononi in view of Adams, Bengochea, and Good does not clearly teach the public cryptographic key of the application program.  
However, Circenis teaches the public cryptographic key of the application program. ([Circenis, Fig. 3, para. 0030] an application public key 130 of application 120 is described that may be used to validate digital signatures)
Ragononi, Adams, Bengochea, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams, Bengochea and Good with the teachings of Circenis to include the public cryptographic key of the application program.  One of ordinary skill in the art would have been motivated to make this modification because such a public-private key pair may be used to authenticate the source of data being transferred by means of a digital signature, and allows for a high level of confidence that the data signed has not been modified. (Circenis, para. 0027)

As per claim 19, Ragononi in view of Adams, Bengochea, Circenis and Good teaches claim 13.
Ragononi also teaches generate confirmation data indicative of the recordation of the public cryptographic key within the element of the distributed ledger; and ([Ragononi, para. 0060-0062] the public key of the customer device, a public application key implemented by an application, and so a public cryptographic key of the application program executed by the device, is incorporated into a record by the TCA server; the TCA server creates a message [confirmation data] containing the transaction ID and the ticket data indicating a record has been inserted into a publicly viewable transaction ledger that an issuer server or a customer device may use to confirm that the public. A public cryptographic key of the application program is taught by Circenis below)
transmit the confirmation data to the computing system via the communications interface. ([Ragononi, para. 0062; para. 0103] the confirmation data is sent to issuer terminal by means of a communications interface)
Ragononi in view of Adams, Bengochea and Good not clearly teach the public cryptographic key of the application program.  
However, Circenis teaches the public cryptographic key of the application program; and ([Circenis, Fig. 3, para. 0030] an application public key 130 of application 120 is described that may be used to validate digital signatures)
Ragononi, Adams, Bengochea, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams, Bengochea and Good with the teachings of Circenis to include the public cryptographic key of the application program.  One of ordinary skill in the art would have been motivated to make this modification because such a public-private key pair may be used to authenticate the source of data being transferred by means of a digital signature, and allows for a high level of confidence that the data signed has not been modified. (Circenis, para. 0027)
	 
As per claim 20, Ragononi in view of Adams, Bengochea, Circenis and Good teaches claim 19.
Ragononi in view of Bengochea, Circenis and Good does not clearly teach wherein the device is operable by a user, and the confirmation data confirms a registration of the user as a member of a loyalty program associated with the distributed ledger.
However, Adams teaches wherein the device is operable by a user, and the confirmation data confirms a registration of the user as a member of a loyalty program associated with the distributed ledger.  ([Adams, para. 0020] a system where registration of a device operable by a user is disclosed.  The system allows registration of a user as a member of a loyalty program.  [Para. 0059] device registration notification data [confirmation data], confirmation of the registration, is stored in a distributed network-coupled storage system [a distributed ledger – see para. 0083]) 
Ragononi, Adams, Bengochea, Circenis and Good are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Bengochea, Circenis and Good with the teachings of Adams to include wherein the device is operable by a user, and the confirmation data confirms a registration of the user as a member of a loyalty program associated with the distributed ledger.  One of ordinary skill in the art would have been motivated to make this modification because a loyalty account or enrollment account for a user allows for facilitating transactions that benefits the user due to such enrollment/loyalty account. (Adams, para. 0019)

Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Ragononi in view of Adams, Circenis, and Good as applied to claim 4 above and further in view of Sykora (US Pub. 2017/0357967) (hereinafter “Sykora”).

As per claim 5, Ragononi in view of Adams, Circenis, and Good teaches claim 4.  
Ragononi also teaches apply the second digital signature to message and the first digital signature.  ([Ragononi, para. 0055; para. 0056] the issuer server receives the message from the customer device, and applies a second signature to the message which includes the first signature.  The message as a registration request is taught by Sykora below)
Ragononi in view of Adams, Circenis, and Good does not clearly teach the first digital token is generated by the apparatus, and the first digital token is indicative of a prior authentication of a user associated with the device; and the at least one processor is further configured to: obtain the first digital token, the network address, and the application cryptogram from the registration request and load the second digital token from the memory based on the at least one of the network address or the application cryptogram; determine that the first digital token corresponds to the second digital token; and based on the determination that the first digital token corresponds to the second digital token, and based on the validation of the first digital signature, approve the registration request.
However, Sykora teaches the first digital token ([Sykora, para. 0030] a registration request is issued from an application on a user device to a payment system; the registration request includes a authentication token) is generated by the apparatus, and the first digital token is indicative of a prior authentication of a user associated with the device; and ([Fig. 2A, para. 0035] the authentication key token is generated from the payment system [apparatus], and received by the user device, prior to registration.  The token is received as a result of supplying user authentication information prior to the registration)
the at least one processor is further configured to: ([Sykora, para. 0023] the payment system 140 is a server system that contains at least one processor)
obtain the first digital token, the network address, and the application cryptogram from the registration request ([Sykora, para. 0030] the registration request generated includes additional information: the token, MID [network address] and digital signature issued by the application [application cryptogram]) and load the second digital token from the memory ([para. 0028] the payment system 140 stores the authenticated token 142 locally, in addition to providing it to the user computing device) based on the at least one of the network address or the application cryptogram; ([para. 0030] a corresponding registered key token [second digital token] is provided based on verifying the information in the request [the token, MID, and digital signature])
determine that the first digital token corresponds to the second digital token; and ([Sykora, para. 0030] the payment system 140 leverages the authentication token stored and determines that the sent authentication token corresponds to the stored authentication token)
based on the determination that the first digital token corresponds to the second digital token, and based on the validation of the first digital signature, approve the registration request ([Sykora, Para. 0031] based on a register key token generated and verified in the above procedure that involves determination that the sent authentication token matches the stored authentication token, that that a digital signature generated by the private key of the user device matches the corresponding public key stored in the payment system)
Ragononi, Adams, Circenis, Good and Sykora are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams, Circenis, and Good with the teachings of Sykora to the first digital token is generated by the apparatus, and the first digital token is indicative of a prior authentication of a user associated with the device; and the at least one processor is further configured to: obtain the first digital token, the network address, and the application cryptogram from the registration request and load the second digital token from the memory based on the at least one of the network address or the application cryptogram; determine that the first digital token corresponds to the second digital token; and based on the determination that the first digital token corresponds to the second digital token, and based on the validation of the first digital signature, approve the registration request.  One of ordinary skill in the art would have been motivated to make this modification because the authenticated token may be used to leverage previous trust in communication information in order to verify information in a request for registration.  (Sykora, para. 0030)

As per claim 6, Ragononi in view of Adams, Circenis, and Good and further in view of Sykora teaches claim 5.  
Ragononi in view of Adams, Circenis, and Good does not clearly teach wherein the at least one processor is further configured to receive authentication data from the device via the communications interface, the authentication data comprising one or more first authentication credentials of the user associated with the device and at least one of the network address of the device or the application cryptogram; load, from the memory, second authentication credentials associated with the at least one of the network address or application cryptogram; authenticate the user based on a determined correspondence between the first and second authentication credentials; and generate the first digital token based on the authentication of the user and transmit the first digital token to the device via the communications interface.  
However, Sykora teaches wherein the at least one processor is further configured to receive authentication data from the device via the communications interface, the authentication data comprising one or more first authentication credentials of the user associated with the device and at least one of the network address of the device or the application cryptogram; ([Sykora, para. 0027] the payment application of a computing device [the device] communicates authentication information containing a username and password [credentials of the user associated with the device], a machine identifier that uniquely identifies the computing device, and a digital signature issued by the application [application cryptogram – see para. 0030] to a payment system [the apparatus])   
	load, from the memory, second authentication credentials associated with the at least one of the network address or application cryptogram; ([Sykora, para. 0025] stored authentication information [in this example, captured fingerprint data] is compared against newly received authentication information)  
	authenticate the user based on a determined correspondence between the first and second authentication credentials; and ([Sykora, para. 0025; para. 0027] if there is a match, authentication of a user is determined)  
	generate the first digital token based on the authentication of the user and transmit the first digital token to the device via the communications interface.  ([Sykora, para. 0027] in response to verifying authentication information, the application receives a token from the payment system)
Ragononi, Adams, Circenis, Good and Sykora are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams, Circenis and Good with the teachings of Sykora to include wherein the at least one processor is further configured to receive authentication data from the device via the communications interface, the authentication data comprising one or more first authentication credentials of the user associated with the device and at least one of the network address of the device or the application cryptogram; load, from the memory, second authentication credentials associated with the at least one of the network address or application cryptogram; authenticate the user based on a determined correspondence between the first and second authentication credentials; and generate the first digital token based on the authentication of the user and transmit the first digital token to the device via the communications interface.  One of ordinary skill in the art would have been motivated to make this modification because such an operation would allow a user to establish trust with a system that may later be continued with a token, such that the token can leverage previous trust established. (Sykora, para. 0027; para. 0030)

Claims 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Ragononi in view of Adams, Bengochea, Circenis and Good as applied to claim 14 above and further in view of Sykora.

As per claim 15, Ragononi in view of Adams, Bengochea, Circenis and Good teaches claim 14.  
Ragononi also teaches approve the message based on the validation of the first ([Ragononi, para. 0046; para. 0105] a message signed using a private key can be verified using the corresponding public key, which includes a public/private key of applications that implement a signed message; [para. 0084; para. 0091] the TCA server receives the message and verifies [approves] the signature of the message using the public key provided by the customer device.  Approving the registration request based on the determination that the first challenge code corresponds to the second challenge code is taught by Sykora below) and second digital signatures; and ([Para. 0046; para. 0058] the second digital signature is verified by the corresponding public key: a cryptographic key of the computing system.  The TCA server uses the public key of the issuer to determine whether or not the message is authentic.)
based on the approval of message, transmit, via the communications interface, the first public cryptographic key to the one or more peer computing systems. ([Ragononi, para. 0061; para. 0072] after the validation step [after approval of the request] of the message, the TCA server inserts a record that includes the public cryptographic key into the ledger; the distributed ledger is arranged such that it is contained on other servers, and thus, the record is transmitted to one or more peer computing systems.  A message as a registration request is taught by Sykora below)
Ragononi in view of Adams, Bengochea, Circenis and Good does not clearly teach the at least one processor is further configured to: obtain the first code challenge from the registration request and load, from the memory, a second code challenge associated with at least one of the network address of the device or the application cryptogram; determine that the first code challenge corresponds to the second code challenge; approve the registration request based on the determination that the first code challenge corresponds to the second code challenge.
However, Sykora teaches the at least one processor is further configured to: ([Sykora, para. 0023] the payment system is a server system that includes at least one processor)
obtain the first code challenge, the network address, and the application cryptogram from the registration request ([Sykora, para. 0030] the registration request generated includes additional information: the token [first code challenge], MID [network address] and digital signature issued by the application [application cryptogram]) and load the second code challenge, from the memory based on the, at least one of the network address or the application cryptogram; ([Para. 0030; para. 0031] a registration request is issued from an application on a user device to a payment system includes a client register token [a first code challenge]; the application passes the client register key token with the digital signature to authenticate to the payment system.  The payment system stores a local register key token [load from the memory a second code challenge] for subsequent authorizations, comparing the client register key token sent by the client application [a first code challenge] with the locally stored register key token [a second code challenge].  [([para. 0030] a corresponding registered key token [second challenge code] is provided based on verifying the information in the request [the token, MID, and digital signature])
determine that the first code challenge corresponds to the second code challenge; ([Sykora, para. 0030; para. 0031] the payment system provides the corresponding token 146 [first code challenge], and the system 140 uses the locally stored token 146 [second challenge code] to authenticate)
approve the registration request based on the determination that the first code challenge corresponds to the second code challenge. ([Sykora, para. 0030; para. 0031] the payment system provides the corresponding token 146 [first challenge code], and the system 140 uses the locally stored token 146 [second challenge code] along with a signature [the first signature] authenticate a user)
Ragononi, Adams, Bengochea, Circenis, Good and Sykora are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams, Bengochea, Circenis and Good with the teachings of Sykora to include the registration request further comprises a first code challenge generated by the apparatus; and the at least one processor is further configured to: obtain the first code challenge, the network address, and the application cryptogram from the registration request and load the second code challenge, from the memory based on the, at least one of the network address of the device or the application cryptogram; determine that the first code challenge corresponds to the second code challenge; approve the registration request based on the determination that the first code challenge corresponds to the second code challenge.  One of ordinary skill in the art would have been motivated to make this modification because a challenge response in addition to an authentication procedure and a token (challenge) exchange allows the apparatus to verify that the customer device is in possession of a registered public key pair as a way to confirm that an authenticated customer device is permitted access. (Sykora, para. 0033)

As per claim 16, Ragononi in view of Adams, Bengochea, Circenis and Good and further in view of Sykora teaches claim 14.  
Ragononi in view of Adams, Bengochea, Circenis and Good does not clearly teach receive, via the communications interface, a request for the first code challenge from the device, the request comprising at least one of the network address of the device or the application cryptogram; generate the first code challenge based on the received request, the first code challenge comprising a hash value of the at least one of the network address of the device or the application cryptogram, or a hash value of a plaintext cipher; and transmit the first code challenge to the device via the communications interface.
However, Sykora teaches receive, via the communications interface, a request for the first code challenge from the device, the request comprising at least one of the network address of the device or the application cryptogram; ([Sykora, para. 0033] the application passes a request [a challenge request] to the payment system in form of a register key token by means of a communications interface [see para. 0021: the user device may be a number of devices that contain a network interface].   [Para. 0027] the register key token is associated with the authentication information [see para. 0031] which includes a machine identifier that uniquely identifies computing device [synonymous with MAC address: a network address of the device] and a digital signature issued by the application [application cryptogram – see para. 0031])
generate the first code challenge based on the received request, the first code challenge comprising a hash value of the at least one of the network address of the device or the application cryptogram, or a hash value of a plaintext cipher; and ([Sykora, para. 0033] the challenge is random data derived using pseudo-RNG with the token as a seed [a hash of the registration token].  [Para. 0031] the registration token may include a DSID [the application cryptogram], a the public key [a hash value of a cipher of plaintext as the public key is used to cipher plaintext – see para. 0024], or a machine ID [network address])
transmit the first code challenge to the device via the communications interface.  ([Sykora, para. 0033) the payment system 140 issues a challenge to the device via the communications interface [see para. 0023 – the payment system is a server that contains a network interface to communicate with the user device])
Ragononi, Adams, Bengochea, Circenis, Good and Sykora are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams, Bengochea, Circenis and Good with the teachings of Sykora to include receive, via the communications interface, a request for the first code challenge from the device, the request comprising at least one of the network address of the device or the application cryptogram; generate the first code challenge based on the received request, the first code challenge comprising a hash value of the at least one of the network address of the device or the application cryptogram, or a hash value of a plaintext cipher; and transmit the first code challenge to the device via the communications interface.  One of ordinary skill in the art would have been motivated to make this modification because a challenge response in addition to an authentication procedure and a token (challenge) exchange allows the apparatus to verify that the customer device is in possession of a registered public key pair as a way to confirm that an authenticated customer device is permitted access. (Sykora, para. 0033)


Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Ragononi in view of Adams, Circenism and Good as applied to claim 1 above, further in view of Crocker et al. (US Pub. 2015/0312331).

	As per claim 21, Ragononi in view of Adams, Circenis and Good teaches claim 1.  
	Ragononi in view of Adams, Circenis and Good does not teach the registration request further comprises a code challenge generated by the computing system; and the at least one processor is further configured to validate the first digital signature based on at least the public cryptographic key and the code challenge.  
	However, Crocker teaches the registration request further comprises a code challenge generated by the computing system; and ([Crocker, para. 0082] a new user message [registration request], includes a nonce [code challenge] from the management module which is part of a data replication system [computing system – see para 0075])
the at least one processor is further configured to validate the first digital signature based on at least the public cryptographic key and the code challenge.  ([Crocker, para. 0125] the nonce and public key values are used to validate a digital signature)
Ragononi, Adams, Circenis, Good and Crocker are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams, Circenis, and Good with the teachings of Crocker to include the registration request further comprises a code challenge generated by the computing system; and the at least one processor is further configured to validate the first digital signature based on at least the public cryptographic key and the code challenge.  One of ordinary skill in the art would have been motivated to make this modification because such a technique provides an additional layer of security for the communication/transport of the objects between computing devices. (Crocker, para. 0058)

Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Ragononi in view of Adams, Circenis, and Good as applied to claim 1 above, further in view of Hassan et al. (US Pub. 2020/0322791) (hereinafter “Hassan”).

As per claim 23, Ragononi in view of Adams, Circenis and Good teaches claim 1.  
Ragononi in view of Adams and Circenis does not clearly teach the first token is associated with the predetermined temporal interval and the predetermined geographic region.  
However, Good teaches the first token is associated with the predetermined temporal interval and the predetermined geographic region.   ([Good, para. 0038] a notification is generated when a token is not used within a defined geographic location, and when the token is used within a predefined time period, and so the digital token is associated with such parameters)
Ragononi in view of Adams, Cirenis and Good does not clearly teach the at least one processor is further configured to validate the first digital token based on a determination that the apparatus receives the registration request during the predetermined temporal interval and on the determination that the predetermined geographic region includes a geographic location associated with the registration request.  
However, Hassan teaches the at least one processor ([Hassan, para. 0059, the example operates on one or more processors) is further configured to validate the first digital token based on ([Fig. 6; para. 0047] “the location verification data [registration request] may be used to initiate, establish, or validate a communication session [the registration – also see block 650 of Fig. 6 where registration is specifically named as the process performed] … based on verification of the token” [a validation]) a determination that the apparatus receives the registration request during the predetermined temporal interval ([Fig. 6] step 650: registration is performed upon verifying time data; [para. 0047]  verification of time data is to enable determination of “when [predetermined time interval] the location verification data [registration request - see above] was provided”) and on the determination that the predetermined geographic region includes a geographic location associated with the registration request. ([Fig. 6; para. 0045] “the location verification data [geographic location associated with the registration request] is unique or identifiable to the subject geographic location and can be used to identify or confirm [determine/includes] the presence of the client device at the subject geographic location” [the predetermined geographic location as was previously recorded with the location verification system – see para. 0034])
Ragononi, Adams, Circenis, Good and Hassan are analogous art because they are in a similar field of endeavor in improving security in transmission and reception of electronic messages.  It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Ragononi in view of Adams, Circenis and Good with the teachings of Hassan to include the at least one processor is further configured to validate the first digital token based on a determination that the apparatus receives the registration request during the predetermined temporal interval and on the determination that the predetermined geographic region includes a geographic location associated with the registration request.  One of ordinary skill in the art would have been motivated to make this modification because “the disclosed techniques improve the functioning of multiple network processing entities by enabling use of security, attestation, and resource management improvements for both network and client systems”. (Hassan, para. 0018)
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Rush et al. (US Patent No. 9,866,393) discloses an identity verification token that includes a timestamp indicating the time of signing and global positioning data indicating the location of the signing which is used as part of a registration process.  
Trostle et al. (US Pub. 2018/0096137) discloses a registration enclave that validates the stored data for the chard secret and enrolling the first computing device if the hash [a token and a challenge] equals the device identifier.  
Mercille et al. (US Patent No. 11,132,694) discloses using wearables as a token that includes a timestamp and a geographic area associated with the user where the authentication message for a service provider is encrypted using keys received from the service provider, where the token is compared to information (i.e. second token, geographic data, and time) stored in the database to determine if authentication succeeds.  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/Z.L./Examiner, Art Unit 2493                                                                                                                                                                                                        
/DON G ZHAO/Primary Examiner, Art Unit 2493