Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detail Action
This office action is response to the application 17/459,409 filed on 08/27/2021. Claims 21-40 are pending in this communication. Claims 1-20 have been canceled.

Priority
This application claims priority from CON of 16/211,771 12/06/2018 PAT 11,134,065. Priority date has been accepted.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 08/27/2021, 12/20/2021 and 12/29/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner. 

Examiner’s Note
The examiner is requesting the applicant’s representative to provide direct phone number and email address in next communication, which will be very helpful to advance the prosecution.
Generally the text that are italicized are claims; the text that are in bold are reference citations (with some obvious exception); the text which is neither italicized nor bolded are by the examiner.
The Examiner used figures, paragraph and line numbers from the instant application’s pre-grant publication or pdf copy of allowance. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

Objection 
The title of the invention is not descriptive. A new title is requested which is clearly indicative of the invention to which the claims are directed to. The independent claims do not reflect the current title of the invention.

Claim Rejections - 35 USC § 103
The following is a quotation of AIA  35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21, 22-24, 30-34 & 40 are rejected under AIA  35 U.S.C. 103 as being unpatentable over MAHAFFEY; Kevin Patrick et al., Pub. No.: US 2016/0099963 A1 in view of BENNETT; James D. et al., Pub. No.: US 2010/0130178 A1. 

Regarding Claims 1-20, canceled.

Regarding Claim 21, MAHAFFEY discloses a method for secured extended range application data exchange, the method comprising:
establishing, by an access device with a communication device, a communication channel {[0880], “the server security component may compare, e.g., enterprise applications, enterprise security settings, and enterprise traffic over the enterprise network using data supplied by device security components on each participating enterprise's mobile communications devices to develop an objective measure of risk tolerance for each enterprise”}; 
providing, by the access device to the communication device, an access device profile of the access device, wherein the communication device emulates a virtual access device based on the access device profile {Fig. 54 & [0718], “Client device personality database 5446 stores a set of client device profiles to allow the collection server or a collector program (e.g., app crawler program) to emulate a particular client device”}, …
MAHAFFEY, however, does not explicitly disclose
… and wherein the virtual access device issues a set of application commands to a transaction applet executing on the communication device, and receives a set of application data responses from the transaction applet in response to the set of application commands, and wherein the communication device generates a data packet based on the set of application data responses;
receiving, by the access device from the communication device, the data packet via the communication channel;
generating, by the access device, an authorization request message comprising data in the data packet; and sending the authorization request message to an authorizing entity which authorizes the authorization request message. 
In an analogous reference BENNETT discloses
… and wherein the virtual access device issues a set of application commands to a transaction applet executing on the communication device {[0021], “the laptop or other computing devices interface with the one or more tracking and control servers and/or device 121 via any suitable client server communication such as a java applet or command line interface and may communicate over a private network rather than the Internet”}, and receives a set of application data responses from the transaction applet in response to the set of application commands, and wherein the communication device generates a data packet based on the set of application data responses {[0036], “Based on the user profile and/or the status of the mobile phone 137 (Fig. 1), the local control module may communicate with the target control module resident on the mobile phone 137 to activate various resources such as simulated (device), … and/or wireless communication within the phone. Resulting gathered data is communicated to the tracking and control server 121”};
receiving, by the access device from the communication device, the data packet via the communication channel {Fig. 5 & associated written descriptions};
generating, by the access device, an authorization request message comprising data in the data packet; and sending the authorization request message to an authorizing entity which authorizes the authorization request message {Fig. 1 & [0022], “The tracking and control servers 121 have unique IP addresses and provides a secure interface for an owner and/or authorized user of the one or more of the endpoint devices 131-141 to register and/or manage the endpoint devices 131-141. For example, a plurality of tracking and control and/or management features …”}. 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify MODARRESSI’s technique of ‘emulating a communication device based on the device profile over a communication channel’ for ‘authorizing data generated by a virtual device’, as taught by BENNETT, in order to securely emulate a device for application processing. The motivation is – a device emulator mimics the hardware or OS of the device. Emulators create an operating environment that looks and functions much like the mobile device model, providing many capabilities found in a real device to manage secured transactions to monitor data intrusions by unauthorized actors.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately. 

Regarding Claim 22, MAHAFFEY as modified by BENNETT discloses all the features of claim 21. The combination further discloses
providing, by the access device to the communication device, an access device digital certificate, wherein the communication device verifies the access device digital certificate prior to emulating the virtual access device {MAHAFFEY: [0824], “The at least one difference may include the first and second mobile application programs having been signed with different code-signing certificates. Code signing is a mechanism whereby publishers of software and content can use a certificate-based digital signature to verify their identities to users of the code, thus allowing users to decide whether or not to install it based on whether they trust the publisher”}.

Regarding Claim 23, MAHAFFEY as modified by BENNETT discloses all the features of claim 22. The combination further discloses
wherein the access device digital certificate includes an access device public key {MAHAFFEY: [0799], “Identifiers in the application binary or metadata (e.g., package name, fingerprint of code-signing certificate, public key used to sign the app, requested entitlements/permissions)”}, and the data packet is encrypted by the communication device using the access device public key the data packet is received by the access device {MAHAFFEY: [0880], “data may be encrypted when it is supplied to a risk-tolerant enterprise”}.

Regarding Claim 24, MAHAFFEY as modified by BENNETT discloses all the features of claim 21. The combination further discloses
wherein the communication device is a mobile phone {MAHAFFEY: Fig. 7 element 503 & [0171], “the identification 503 and status text 505 and status icon 509 for the mobile device are provided on an upper center portion of the display”. Examiner’s note: the drawing depicts a mobile phone}.

Regarding Claim 30, MAHAFFEY as modified by BENNETT discloses all the features of claim 21. The combination further discloses
wherein the communication channel is a wireless communication channel having a longer communication range than near field communication (NFC) {MAHAFFEY: [0880], “the sever security component may compare, e.g., enterprise applications, enterprise security settings, and enterprise traffic over the enterprise network using data supplied by device security components on each participating enterprise's mobile communications devices to develop an objective measure of risk tolerance for each enterprise”. Examiner’s note: an enterprise network may cover a geographical campus and remote offices by VPN which covers much longer distance than Near Field Communication (NFC). NFC is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1 1⁄2 in) or less}.

Regarding claim 31, claim 31 is claim to a device using the method of claim 21. Therefore, claim 31 is rejected for the reasons set forth for claim 21.

Regarding claim 32, claim 32 is a dependent claim of claim 31, claim 32 is claim to device using the method of claim 22. Therefore, claim 32 is rejected for the reasons set forth for claim 22.

Regarding claim 33, claim 33 is a dependent claim of claim 32, claim 33 is claim to device using the method of claim 23. Therefore, claim 33 is rejected for the reasons set forth for claim 23.

Regarding claim 34, claim 34 is a dependent claim of claim 31, claim 34 is claim to device using the method of claim 24. Therefore, claim 34 is rejected for the reasons set forth for claim 24.

Regarding claim 40, claim 40 is a dependent claim of claim 31, claim 40 is claim to device using the method of claim 30. Therefore, claim 40 is rejected for the reasons set forth for claim 30.


Claims 25 & 35 are rejected under AIA  35 U.S.C. 103 as being unpatentable over MAHAFFEY; Kevin Patrick et al., Pub. No.: US 2016/0099963 A1 in view of BENNETT; James D. et al., Pub. No.: US 2010/0130178 A1 and further in view of SALKINTZIS; Apostolis et al., Pub. No.: US 2020/0187106 A1.


Regarding Claim 25, MAHAFFEY as modified by BENNETT discloses all the features of claim 21, However, the combination does not explicitly disclose
wherein the access device profile includes a prioritized list of application identifiers supported by the access device.
 In an analogous reference SALKINTZIS discloses
wherein the access device profile includes a prioritized list of application identifiers supported by the access device {TABLE-US-00001 “TABLE 1 Application Identity Prioritized list” … “the S-NSSAIs are given in a prioritized list such that the remote unit 105 first attempts to send traffic for “gps.phone.tracker.lenovo”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify MAHAFFEY’s technique as modified by BENNETT of ‘emulating a communication device based on the device profile over a communication channel for authorizing data generated by a virtual device’ for ‘creating a priority list of applications’ by SALKINTZIS, in order to save the application list. The motivation is: by prioritizing applications, a plan an order in which to implement them, so that the technique can tell what needs immediate attention, and what can leave until later.

Regarding claim 35, claim 35 is a dependent claim of claim 31, claim 35 is claim to device using the method of claim 25. Therefore, claim 35 is rejected for the reasons set forth for claim 25.


Claims 27, 28, 37 & 38 are rejected under AIA  35 U.S.C. 103 as being unpatentable over MAHAFFEY; Kevin Patrick et al., Pub. No.: US 2016/0099963 A1 in view of BENNETT; James D. et al., Pub. No.: US 2010/0130178 A1 and further in view of COLLINGE; Mehdi et al., Pub. No.: US 2016/0110711 A1.

Regarding Claim 27, MAHAFFEY as modified by BENNETT discloses all the features of claim 21, However, the combination does not explicitly disclose
wherein the access device profile includes an unpredictable number generated by the access device.
 In an analogous reference COLLINGE discloses
wherein the access device profile includes an unpredictable number generated by the access device {[0056], “In step 336, the transmitting device 214 of the first computing environment 104 may electronically transmit the cryptogram and any other necessary data, such as the unpredictable number, payment credentials included in the account profile, etc. to the merchant 116 computing system via a secure communication protocol”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify MAHAFFEY’s technique as modified by BENNETT of ‘emulating a communication device based on the device profile over a communication channel for authorizing data generated by a virtual device’ for ‘including a random number in a profile’ by COLLINGE in order to increase data security. The motivation is to deter data intruders who need to predict the random number for break-in. Without randomness, all crypto operations would be predictable and hence insecure.

Regarding Claim 28, MAHAFFEY as modified by BENNETT & COLLINGE discloses all the features of claim 27, the combination further discloses
wherein the set of application data responses includes a transaction cryptogram generated by the transaction applet using the unpredictable number provided to the transaction applet by the virtual access device {COLLINGE: [0060], “In step 412, a data signal superimposed with credential data may be transmitted by the transmitting device of the first environment of the computing system to the external computing device, wherein the credential data includes at least the cryptogram and the transaction identifier and where the data signal is transmitted via the secure communication protocol”}.

Regarding claim 37, claim 37 is a dependent claim of claim 31, claim 37 is claim to device using the method of claim 27. Therefore, claim 37 is rejected for the reasons set forth for claim 27.

Regarding claim 38, claim 38 is a dependent claim of claim 37, claim 38 is claim to device using the method of claim 28. Therefore, claim 38 is rejected for the reasons set forth for claim 28.

Claims 29 & 39 are rejected under AIA  35 U.S.C. 103 as being unpatentable over MAHAFFEY; Kevin Patrick et al., Pub. No.: US 2016/0099963 A1 in view of BENNETT; James D. et al., Pub. No.: US 2010/0130178 A1 and further in view of MARUTHURKKARA; Saji, Pub. No.: US 2015/0111188 A1.

Regarding Claim 29, MAHAFFEY as modified by BENNETT discloses all the features of claim 21, However, the combination does not disclose
wherein data packet includes application data in a plurality of read record responses from the transaction applet.
In an analogous reference MARUTHURKKARA discloses
wherein data packet includes application data in a plurality of read record responses from the transaction applet {claim 23: “wherein rolling up data from the plurality of records so as to establish the benchmark data comprises: reading the plurality of records to determine response data from the plurality of records; and averaging the determined response data to establish, as at least part of the benchmark data, an average the determined response data”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify MAHAFFEY’s technique as modified by BENNETT of ‘emulating a communication device based on the device profile over a communication channel for authorizing data generated by a virtual device’ for/where ‘reading data multiple times’ by MARUTHURKKARA in order to get an average of read data rather than depending on one exception read. The motivation is to get data computation accuracy.

Regarding claim 39, claim 39 is a dependent claim of claim 31, claim 39 is claim to device using the method of claim 29. Therefore, claim 39 is rejected for the reasons set forth for claim 29.

Allowable subject matter
Claim 26 (and proper antecedent basis) will be allowable if written in independent form with base method claim 21, and claim 36 (and proper antecedent basis) will be allowable if written in independent form with base device claim 31. Therefore, claims 26 & 36 are objected.
The dependent claims which further limit claims 21 and 36 also are allowable by virtue of their dependency. 
Reasons of allowance: what is missing from the prior arts is: a set of application commands including a select application identifier command that is generated by a virtual access device based on a prioritized list of application identifiers to select an application identifier from a list of available application identifiers associated with a transaction applet.

Conclusion
Following prior art has been consulted but is not applied:
US 2008/0112556 A1 (MODARRESSI; Abdi et al.) – Methods of emulating remote telephones at a client device using profiles of the remote telephones: Fig. 1, Fig. 2 & [0038], “The client device 101 may then transmit a request for the profile of the remote phone to be emulated over the data network 103 to the database 107 at block 205. Responsive to receiving the request from the client device 101 at the database 107, the database 107 may transmit the profile of the remote phone to be emulated over the data network 103 to the client device 101, and the client device 101 may receive the profile at block 207.”
US 2012/0109764 A1 (MARTIN; Philippe et al.) – Systems … for utilizing one or more preferred application lists in a wireless device reader: “PPSE application 108 may include an application for maintaining a priority listing of transaction application identifiers that correspond to transaction applications 120 hosted or stored on wireless device 102. In one embodiment, secure element 107 includes a secure element (SE) memory, where PPSE application 108 may be accessed during a secure and authenticated session.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034. The examiner can normally be reached on M-F 8:30AM-5:00PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B. Patel can be reached on 571-272-3972. The fax phone number for Examiner Farooqui assigned is 571-270-2034.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/QUAZI FAROOQUI/
Primary Examiner, Art Unit 2491