DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the First Action Interview (FAI) dated June 10, 2022.
In the First Action Interview (FAI) dated June 10, 2022, claims 1, 4-5, 9, 13, 18-19  have been amended.
Claims 1-20 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Ms. Cynthia H. Rickett of registration number 72,614, on July 25, 2022.  During the telephone conference, Ms. Rickett has agreed and authorized the examiner to further amend Claims 1-20 on the First Action Interview (FAI) dated June 10, 2022.

Claims
Replacing Claims 1-20 of the First Action Interview (FAI) dated June 10, 2022with the following:
Claims:
A computer-implemented method, comprising:  
receiving, from a requesting device, a request to perform an operation, the request being received in a request message comprising an encrypted record and a first dynamic value, the encrypted record comprising a set of one or more entries corresponding to one or more previously performed operations associated with a user of the requesting device; 
generating a decrypted record from the encrypted record based at least in part on a first cryptographic key derived from a unique key associated with an authorizing entity and the first dynamic value; 
authorizing the request based at least in part on aggregating a first set of entries of the decrypted record to generate a first value
performing one or more operations based at least in part on the first value and the request being authorized;
generating a modified encrypted record comprising data associated with the one or more operations performed; and 
transmitting, to the requesting device, at least the modified encrypted record and an indication that the operation was performed.

2. 	The computer-implemented method of claim 1, further comprising obtaining a second cryptographic key derived from the unique key associated with the authorizing entity.

3. 	The computer-implemented method of claim 2, wherein the second cryptographic key is obtained from the request message.

4. 	The computer-implemented method of claim 2, wherein authorizing the request further comprises:
generating a third cryptographic key from the first cryptographic key and the second cryptographic key, wherein generating [[a]]the decrypted record from the encrypted record utilizes the third cryptographic key

5. 	The computer-implemented method of claim 4, wherein authorizing the request further comprises:

aggregating a second set of entries of the decrypted record to generate a second value, wherein the request is authorized based at least in part on the first value and the second value.

6. 	The computer-implemented method of claim 5, wherein authorizing the request is further based at least in part on determining that the first value is greater than or equal to a summation of the second value and an amount included in the request message.

7. 	The computer-implemented method of claim 1, wherein generating the modified encrypted record comprises:

modifying the decrypted record to include the data indicating the request was authorized;
generating a second dynamic value; 
generating a new cryptographic key based at least in part on the second dynamic value and the unique key associated with the authorizing entity; and
encrypting the decrypted record as modified to generate the modified encrypted record, wherein encrypting the decrypted record utilizes the new cryptographic key generated based at least in part on the unique key and the second dynamic value, wherein the second dynamic value is transmitted with the modified encrypted record.

8. 	The computer-implemented method of claim 7, wherein generating the new cryptographic key is further based at least in part on concatenating the first cryptographic key to the new cryptographic key prior to utilizing the new cryptographic key to encrypt the decrypted record.

9. 	A secure processing computer, comprising:
one or more processors; and
one or more memories storing executable instructions that, when executed by the one or more processors, cause the secure processing computer to: 
receive, from a requesting device, a request to perform an operation, the request being received in a request message comprising an encrypted record and a first dynamic value, the encrypted record comprising a set of one or more entries corresponding to one or more previously performed operations associated with a user of the requesting device; 
generate a decrypted record from the encrypted record based at least in part on a first cryptographic key derived from a unique key associated with the authorizing entity and the first dynamic value; 
authorize the request based on aggregating a first set of entries of the decrypted record to generate a first value;
perform one or more operations based at least in part on the first value and the request being authorized;
generate a modified encrypted record comprising data associated with the one or more operations performed; and
transmit, to the requesting device, at least the modified encrypted record and an indication that the operation was performed.

10. 	The secure processing computer of claim 9, wherein the one or more memories comprise a first secure memory space and a second secure memory space.

11. 	The secure processing computer of claim 10, wherein the first secure memory space stores code that, when executed by the one or more processors, causes the secure processing computer to derive and generate one or more cryptographic keys.

12. 	The secure processing computer of claim 10, wherein the second secure memory space stores code that, when executed by the one or more processors, causes the secure processing computer to decrypt the encrypted record to generate [[a]]the decrypted record and authorize the request utilizing the decrypted record.

13. 	An authorizing entity computer, comprising:
one or more processors; and
one or more memories storing executable instructions that, when executed by the one or more processors, cause the authorizing entity computer to: 
generate a unique key associated with an authorizing entity; 
receive, from a user device, a first request to perform a first operation, the first request being received in a first request message comprising an encrypted record, a first dynamic value, and a first cryptographic key derived from the unique key;
generate a decrypted record from the encrypted record based at least in part on the first cryptographic key derived from the unique key associated with the authorizing entity; 
perform the first operation based at least in part on aggregating a first set of entries of the decrypted record to generate a first value
generate a record entry corresponding to a user associated with the first request, the record entry 
generate a second cryptographic key based at least in part on the unique key associated with the authorizing entity and [[a]]the first dynamic value;
generate a modified encrypted record from the decrypted record based at least in part on the record entry, the first cryptographic key, and the second cryptographic key; and
transmit, to the user device, the modified encrypted record, the first dynamic value, and an indication that the first operation was performed.

14. 	The authorizing entity computer of claim 13, wherein the executable instructions, when executed by the one or more processors, further causes the authorizing entity computer to:
receive, from the user device, a second request to perform a second operation, the second request being received in a second request message comprising the first cryptographic key, a subsequent dynamic value, and a subsequent encrypted record
generate a third cryptographic key based at least in part on the unique key associated with the authorizing entity and the subsequent dynamic value received in the second request message; 
generate a subsequent decrypted record from the subsequent encrypted record utilizing the first cryptographic key and the third cryptographic key, the subsequent decrypted record comprising a set of record entries associated with the user, the set of record entries comprising the record entry; 
perform the second operation based at least in part on aggregating an additional set of entries of the subsequent decrypted record to generate an additional value
based at least in part on the additional value, generate, from the subsequently decrypted record, a modified 

15. 	The authorizing entity computer of claim 14, wherein the subsequent dynamic value was generated by a secure processing computer, and wherein at least the subsequent dynamic value was utilized by the secure processing computer to generate the subsequent encrypted record.

16. 	The authorizing entity computer of claim 14, wherein the executable instructions, when executed by the one or more processors, further causes the authorizing entity computer to:
generate a fourth cryptographic key based at least in part on the unique key and a third dynamic value;
generate a newly encrypted record from the modified decrypted record 
transmit, to the user device, the newly encrypted record, the third dynamic value, and a corresponding indication that the second request was authorized.

17. 	The authorizing entity computer of claim 16, wherein the first dynamic value and the third dynamic value are generated by the authorizing entity computer.

18. 	A user device, comprising:
one or more processors; and
one or more memories storing executable instructions that, when executed by the one or more processors, cause the user device to: 
store, in the one or more memories, a first cryptographic key associated with an authorizing entity, the first cryptographic key being derived from a unique key associated with the authorizing entity, the unique key being unknown to the user device; 
receive user input indicating a first operation is requested;
transmit, to an authorization manager component of a secure processing computer and an encrypted record comprising a set of record entries that indicate a set of previously requested operations, wherein transmitting the first request causes the authorization manager component to: 1) generate a decrypted record from the encrypted record based at least in part on the first cryptographic key, 2) aggregate values corresponding to a subset of the set of record entries, 3) generate a first modified encrypted record from the decrypted record based on adding an indication to the decrypted record that the first operation was performed;
receive a first response to the first request, the first response being received in a response message comprising a first the modified encrypted recordmodified encrypted record;
display data indicating that the first operation was performed; and 
store the first modified encrypted record and the first dynamic value in the one or more memories of the user device.
19. 	The user device of claim 18, wherein the executable instructions, when executed by the one or more processors, further causes the user device to:
receive additional user input indicating a second operation is requested;
transmit, to [[an]]the authorization manager component of [[a]]the secure processing computer, a second request to perform the second operation, the second request being transmitted in a second request message comprising the first cryptographic key, the firstmodified encrypted record, and the first dynamic value, wherein transmitting the second request causes the authorization manager component to: 1) generate a second decrypted record from the first modified encrypted record based at least in part on the first cryptographic key, 2) aggregate an additional set of values corresponding to an additional subset of the set of record entries, 3) generate a second modified encrypted record from the second decrypted record based on adding an additional indication to the second decrypted record that the second operation was performed;
receive a second response to the second request, the second response being received in a second response message comprising [[a ]]the second modified encrypted record, [[an]]the additional indication that the second operation was performed, and a second dynamic value associated with the second modified encrypted record;
display additional data indicating that the second operation was performed; and
replace, in the one or more memories, the first modified encrypted record with the second modified encrypted record and the first dynamic value with the second dynamic value.

20. 	The user device of claim 19, request further comprises the first dynamic value, and wherein the encrypted record is decrypted further based at least in part on the .    

Allowable Subject Matter
Claims 1-20 are allowed.
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Independent claim 1 is allowable based on the amendment presented in the First Action Interview (FAI) dated June 10, 2022 and the examiner’s amendment dated on July 26, 2022.
Specifically, the independent claim 1 now recites limitations as follows:
“A computer-implemented method, comprising:  
receiving, from a requesting device, a request to perform an operation, the request being received in a request message comprising an encrypted record and a first dynamic value, the encrypted record comprising a set of one or more entries corresponding to one or more previously performed operations associated with a user of the requesting device; 
generating a decrypted record from the encrypted record based at least in part on a first cryptographic key derived from a unique key associated with an authorizing entity and the first dynamic value; 
authorizing the request based at least in part on aggregating a first set of entries of the decrypted record to generate a first value; 
performing one or more operations based at least in part on the first value and the request being authorized;
generating a modified encrypted record comprising data associated with the one or more operations performed; and 
transmitting, to the requesting device, at least the modified encrypted record and an indication that the operation was performed”.

The cited reference, Daniel Manges (US PGPUB. # US 2019/0260723) discloses, a customer may activate a control to submit form data 225 to an entity server 215 (e.g., a merchant server). Upon activation of the control, an encryption subprogram accessed by the web browser may execute on the client computing device 220. In some implementations, the encryption subprogram may encrypt information such as the credit card number and/or the card verification value. In some implementations, the encryption subprogram may not encrypt information such as the customer's name, telephone number, shipping address, and/or billing address. The web browser may send the form data 225, including the non-encrypted customer's name, telephone number, shipping address, and/or billing address to the entity server 215. The entity server 215 may access and/or store the non-encrypted information in, for example, a persistent memory. In some implementations, the web browser may send, within the form data 225, encrypted information 230, such as credit card information, to the entity server 215. The entity server 215 may access and/or store the encrypted information 230, for example, in a persistent memory. In some implementations, the entity server 215 may store the encrypted information 230 on a hard drive or compact disk, by way of example. (Fig. 2A, ¶65-¶66). In some implementations, encrypted user data encrypted with the public key and the encryption algorithm is received (406). The entity server, for example, may forward encrypted data encrypted upon a client computing device using the encryption algorithm and the public key. In some implementations, the unencrypted user data may be included in the same transmission as the encrypted user data. (Fig. 4(406), ¶103). In some implementations, the encrypted user data is decrypted using the private key and a decryption algorithm (412). The decrypted data, in some implementations, may be stored for audit purposes. (Fig. 4(412), ¶106).
The reference by Gordon et al. (US PGPUB. # US 2014/0074724) discloses,  in step 411, payment network 105 accepts and processes the account authentication request message. Payment network 105 generates a Participant Authentication Key (PAK) using a Hardware Security Module (HSM). The PAK may be generated by encrypting information about the financial institution that manages the account initiating user 101 wishes to associate with the TOP user account, using as a key a Service Provider Master Key (SPMK) stored in the HSM and associated with TOP 402. In some embodiments, this information encrypted using the SPMK includes a RTN, a Bank Identification Number (BIN), or other identifier related to the financial institution. In some embodiments, the algorithm used to encrypt and generate the PAK this information is Triple-DES (3DES). (Fig. 4B(411), ¶99). In step 413, payment network 105 uses the HSM to generate a Payment Instruction Key (PIK). In some embodiments, the PIK can be generated by generating a keyed cryptographic hash (also known as a "Message Authentication Code" or "MAC") of information about the financial institution account, using the PAK generated in step 411 as a key. For example, the PIK can be generated by hashing a bank account number associated with the account, a PAN associated with the account, or other identifier associated with the account. In step 415, payment network 105 encrypts the PIK using a Key Exchange Key (KEK). The KEK, in some embodiments, is agreed upon between TOP 402 and payment network 105 during an earlier process (for example, during the process illustrated in FIG. 4A). (Fig. 4B(413, 415), ¶100-¶101). In step 417, payment network 105 generates a response including the encrypted PIK, and sends it to TOP 402. In step 419, TOP 402 receives and processes the response message that includes the PIK. TOP 402 then decrypts the PIK using the KEK, and stores the PIK in a Hardware Security Module (HSM) operated by TOP 402. In step 421, TOP 402 sends a message to initiating user 101 indicating that the request to associate a financial institution account with the TOP user account was approved. TOP 402 can then utilize the PIK to initiate a financial services transaction request on behalf of initiating user 101. (Fig. 4B(417), ¶102). Payment network 105, in some embodiments, also generates keys for use in processing financial services transaction requests. For example, payment network 105 may generate a Service Provider Master Key (SPMK) corresponding to originator 102 or an associated Transaction Origination Point (TOP), may utilize the SPMK to generate a Participant Authentication Key (PAK) associated with a financial institution (such as receiver 107), and may utilize the PAK to generate a Payment Instrument Key (PIK) associated with an account at the financial account (such as an account owned by initiating user 101). In some embodiments, payment network 105 may comprise a Hardware Security Module (HSM) to generate and store these keys. The HSM may be implemented in hardware, software, firmware, or a combination thereof. (¶59).
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “…………generating a decrypted record from the encrypted record based at least in part on a first cryptographic key derived from a unique key associated with an authorizing entity and the first dynamic value; 
authorizing the request based at least in part on aggregating a first set of entries of the decrypted record to generate a first value…”, in combination with the rest of the limitations recited in the independent claim(s).
None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 9 is a secure processing computer claim of above method claim 1 and Claim 13 is an authorizing entity computer claim of above method claim 1, , claim 18 is a user device claim of above method claim 1 and therefore, they are also allowed.
Claims 2-8 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 10-12 depend on the allowed claim 9, and therefore, they are also allowed.
Claims 14-17 depend on the allowed claim 13, and therefore, they are also allowed.
Claims 19-20 depend on the allowed claim 18, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498