Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is in response to the response to amendment filed 8/04/2022.  Claims 1-13 and 16 are pending.  Claims 1 (a method) and 7 (a machine) are independent. 

Response to Arguments
Applicant’s arguments, see pages 5-6, filed 8/04/2022, with respect to the rejection(s) of claim(s) 1-7 and 16 under Dean (US 2020/0314644) in view of Collinge (US 2013/0262317) have been fully considered and are persuasive.  Dean and Collinge does not disclose offline data authentication (ODA).  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Dean (US 2020/0314644) in view of in view of Wong (US 2015/0339664).
Applicant's arguments filed 8/04/2022 have been fully considered but they are not persuasive. 
On page 6 of the remarks Applicant asserts that Dean does not disclose receiving from a server one or more application sequence counter values.  This is not persuasive.
The generation of the LUK by the server (Dean ¶ 122) includes the use of both the replenishment counter and the application transaction counter (Dean ¶ 126).  Thus, when the server provides the LUK to the client (Dean ¶ 122) the counters used to produce the LUK are also provided to the client.
On page 6 of the remarks, Applicant asserts that the LUK of dean are not bound to the application sequence counter, as claimed.  However, as Dean generates the LUK using the replenishment counter and the application transaction counter it is bound to the LUK by being a component thereof. 
On page 7 applicant states that “nothing within Dean … discloses transmitting the account token … in response to a determination of an expired LUK”. 
This argument is not persuasive because there is no link between “no LUC is available” and “transmitting … the count token”.  Applicant’s system determines that no LUC is available and uses a replacement ‘emergency credential’ to generate an account token; but the account token is not generated in response to determining that no LUC is available.  Similarly, Dean determines that the LUK is expired and requests another LUK for future use in generating cryptograms.  Both Applicant’s system and Dean determine a lack of LUC/LUK and perform some separate step to generate a cryptogram notwithstanding the lack of the LUC/LUK.  Although Deans disclosure is different from Applicant’s disclosure, the cited steps in dean for the claimed “in response to determining that no LUC is available” are analogous. 

On pages 7-8 Applicant asserts that the combination of Dean in view of Collinge does not disclose an “emergency credential” because the cited portions of Collinge are “not a credential”. This argument is not persuasive.
Although Collinge is no longer relied on, it is useful to discuss the concept of an “emergency credential”.  This term is not defined in the claim as similar to, or different from, the LUC.  The claim does not set forth any characteristics of the claimed “emergency credential.”  This creates a claim interpretation hole where the claim, generally states “determining if a credential is available and, if not, use a credential.” 
This creates the question: “if a credential is not available how is a credential used?” As to Applicant’s remark that the citations of Collinge do not disclose a credential, such would seem to be necessary as the claim requires that credentials are unavailable. Examiner suggests further defining the “emergency credential” as the characteristics that make it “emergency” would be more novel than the presently claimed scope of independent claims 1 and 7.

On page 9, discussing claim 2, Applicant states that “Session keys are not LUC master key as they are not a singular master key and are not being used to encrypt limited use keys, but rather to decrypt response data.”  This argument is not persuasive.
There is no requirement for a “singular master key” and the response data includes the LUC data.  This meets the claim limitation of “an LUC master key with which the stored LUCs are encrypted.”

Applicant’s further remarks are dependent on those addressed and are not persuasive for the reasons discussed above.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 5, 6, 7, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dean et al., US 2020/0314644 (filed 2017-07), in view of Wong et al., US 2015/0339664 (filed 2015-05).

As to claims 1 and 7, Dean discloses a method/machine comprising: 
receiving, at a mobile computing device, from a server system, and storing, by the mobile computing device, in memory associated with the mobile computing device: 
 (“In some embodiments, the key index may also include a replenishment counter value indicating the number of times that the LUK 614 has been renewed or replenished in a predetermined time period (e.g., number of times LUK 614 has been generated in each hour). For example, the replenishment counter value can be represented as the numeric string ‘CC’ (00-99). At the beginning of each hour, ‘CC’ starts at 00 and is incremented by 1 each time LUK 614 is generated. In some embodiments, the key index may include an ATC value, or a pseudo random number generated by the processing network or the issuer.” Dean ¶ 126. “Process 600 can be divided into two parts—the first part relates to the LUK generation (blocks 602 to 614), which may be performed by a processing network” Dean ¶ 122) one or more application sequence counter values; (“Once the mobile application of portable communication device 201 receives terminal transaction data S210, the mobile application may increment its Application Transaction Counter (ATC)” Dean ¶ 72)
one or more limited use credentials (LUCs), (“The LUK may be associated with a set of one or more limited-use thresholds that limits the usage of the LUK, where once the usage of the LUK has exhausted or exceeded the set of one or more limited-use thresholds, a further transaction conducted using that LUK will be declined even if the underlying account is still in good standing.” Dean ¶ 45) each LUC being bound to a corresponding one of the application sequence counter values; (“For an integrated chip based transaction, the transaction processing information S212 may include a transaction cryptogram dynamically generated using the LUK, track-2 equivalent data, and addition data such as issuer application data (IAD), form factor indicator (FFI), card transaction qualifiers (CTQ), cryptogram information data (CID), the updated ATC, and/or an application PAN sequence number (PSN).” Dean ¶ 73) 
… 
an account token; (“account ID or token” Dean ¶ 60)
subsequently receiving, by the mobile computing device, (“the request for data may occur in any of the messages that pass from the access device 260 to the portable communication device 201 in FIG. 2 (e.g., steps S202, S206, S210, S214).” Dean ¶ 89) an authentication request from a terminal; (“In response to receiving the account data request S214 from access device 260, portable communication device 201 may send the account data S216 stored at the location indicated by the AFL to access device 260.” Dean ¶ 79, requesting authentication via account data.)
in response to receiving the authentication request, determining, by the mobile computing device, that no LUC is available on the mobile computing device for fulfilling the request; and (“If the access device 360, the portable communication device 201, or a remote computer determines that the LUK is expired or will expire very soon, then the access device 260 may send a request for a new LUK” Dean ¶ 80.  Also Dean ¶¶ 91 and 107)

in response to determining that no LUC is available LUC is available on the mobile computing device (“the portable communication device 201 may include an indication that the current LUK (an example of a first limited use key) present on the portable communication device is expired or otherwise needs to be replenished. The portable communication device 201 can do this on its own” Dean ¶ 80) for fulfilling the request: (“In step S306, the portable communication device 310 transmits an LUK status to the access device 320. In some embodiments, the current LUK status may be passed in any of the messages from the portable communication device 310 to the access device 260 in FIG. 2 (e.g., steps S204, S208, S212, S216).” Dean ¶ 90)
	…
transmitting, (In step S306, the portable communication device 310 transmits an LUK status to the access device 320. In some embodiments, the current LUK status may be passed in any of the messages from the portable communication device 310 to the access device 260 in FIG. 2 (e.g., steps S204, S208, S212, S216)…. a new LUK which may be sent to …. the portable communication device 101, 201 in any of the steps shown in FIG. 2 (e.g., in steps S202, S206, S210, and/or S214). Dean ¶ 90.) 
by the mobile computing device, to the terminal, the account token and an application cryptogram generated from an … credential …; and ( “in some embodiments, an account identifier or token, and additional information (e.g., a transaction cryptogram, account parameters, etc.) can be transmitted to access device 160 in APDU responses that are responsive to a series of APDU commands received from access device 160. Access device 160 or a merchant computer coupled to access device 160 may then generate an authorization request message” Dean ¶ 60. Also Dean ¶¶ 80, 91 and 107. All responses by the communication device include the LUK status, the token, and a cryptogram.)

Dean does not disclose:
one or more emergency credentials;  and 
	, and in response to the mobile computing device being unable to receive one or more additional LUCs from the server system 
… generated from an emergency credential of said one or more emergency credentials 
updating, by the mobile computing device, a current application sequence counter. 

	Wong discloses:
one or more emergency credentials; and (“an alternate account identifier or a token may have higher usage limits than those of the dynamic set of data (e.g., LUK) such that the replenishment of the alternate account identifier or token occurs less frequently. For example, an alternate account identifier or a token may have a time-to-live of a year whereas the time-to-live of a LUK may be five days.” Wong ¶ 67. An alternate account being different from and having a different expiry from the LUK. “Depending on the type of transactions supported, the dynamic set of data may include a LUK and/or other dynamic data such as a key index, and may also include a signature key and associated certificates.” Wong ¶ 70. “Account parameter storage 1040 stores the account parameters (e.g., account identifier or alternate account identifier or token, LUK 1042, key index 1044, signature key 1046 and associated certificates 1048, etc.)” Wong ¶ 189)
	, and in response to the mobile computing device being unable to receive one or more additional LUCs from the server system (“Offline data authentication can be useful in environments in which network connectivity is limited, or in environments in which there is insufficient time to obtain transaction authorization from an issuer.” Wong ¶ 58. “after conducting the transaction, process 800 may determine if the first set of one or more limited-use thresholds associated with the LUK, and/or if the second set of one or more limited-use thresholds associated with the signature key has been exhausted or exceeded” Wong ¶ 176)
… generated from an emergency credential of said one or more emergency credentials (“At block 916, the access device receives a signature generated with a signature key from the communication device. the signature key can be associated with a second set of one or more limited-use thresholds.” Wong ¶ 181. “At block 804, a transaction (e.g., an ODA transaction that is performed using an account) can be initiated, …, the communication device may generate a transaction cryptogram using the LUK and a signature using the signature key.” Wong ¶ 172. See also Wong ¶ 177)
updating, by the mobile computing device, a current application sequence counter. (“the mobile application may increment its Application Transaction Counter (ATC) and generate dynamic transaction processing information using at least some of the received terminal transaction data 210,” Wong ¶ 111).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Dean with Wong by including a plurality of accounts with varying expiry thresholds and offline data authentication capabilities.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Dean with Wong in order to allow transactions to be performed in locations with limited connectivity using configurable thresholds based on security and transaction amount, thereby providing flexibility in the payment system for increased payment processing and profits. 


	As to claim 3, Dean in view of Wong discloses the method of claim 1 but does not further disclose:
each emergency credential is bound to a corresponding one of the application sequence counter values and the application cryptogram is generated from both the emergency credential and its corresponding application sequence counter value

Wong further discloses:
each emergency credential is bound to a corresponding one of the application sequence counter values (“replenishment request 422 may include some or all of the information contained in the transaction verification log” Wong ¶ 142. “If the transaction log information in the replenishment request matches the transaction log information at the remote computer, process 800 may continue to block 802, and communication device may receive a new LUK and a new key index associated with the new LUK” Wong ¶ 178.  Information in transaction log must match what is expected.) and the application cryptogram is generated from both the emergency credential and its corresponding application sequence counter value (“The transaction verification log may be associated with and/or may include the key index corresponding to the LUK or set of account parameters used in the logged transactions, and a sequence counter value associated with the key index or set of account parameters indicating the number of times the LUK or set of account parameters have been replenished.” Wong ¶ 137. Replenishment request includes the ‘replenishment counter’ discussed throughout Wong.).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Dean with Wong by including a plurality of accounts with varying expiry thresholds and offline data authentication capabilities.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Dean with Wong in order to allow transactions to be performed in locations with limited connectivity using configurable thresholds based on security and transaction amount, thereby providing flexibility in the payment system for increased payment processing and profits. 

As to claim 5, Dean in view of Wong discloses the method of claim 1 and further discloses:
… determining, by the mobile computing device, that the authentication request relates to a zero- value transaction; … is in response to determining that the authentication request relates to a zero-value transaction. (“the LUK update request may be in the form of an authorization request message such as an ISO 8583 message, but may contain no amount, zero dollars, or a nominal amount (e.g., $0.03) to indicate that it is not requesting authorization for a transaction, but is requesting a new LUK.” Dean ¶ 91)

Dean in view of Wong does not disclose:
in response to receiving the authentication request,
wherein transmitting the account token and the application cryptogram.

Dean further suggests that the LUK request can be responsive to a network determination that the LUK should be renewed, as claimed:
in response to receiving the authentication request,
(“an indication that the current LUK (an example of a first limited use key) present on the portable communication device is expired or otherwise needs to be replenished. The portable communication device 201 can do this on its own or may do this in response to a query from the access device 260 (e.g., in steps S202, S206, S210, and/or S214). If the access device 360, the portable communication device 201, or a remote computer determines that the LUK is expired or will expire very soon, then the access device 260 may send a request for a new LUK (an example of a second limited use key) to the token platform 180” Dean ¶ 80. Step S214 being analogous to an authentication request.)
wherein transmitting the account token and the application cryptogram. (“an indication that the current LUK (an example of a first limited use key) present on the portable communication device is expired or otherwise needs to be replenished. The portable communication device 201 can do this on its own or may do this in response to a query from the access device 260 (e.g., in steps S202, S206, S210, and/or S214).” Dean ¶ 80)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Dean in view of Wong with Dean by utilizing the zero dollar message of Dean ¶ 91 for a query to the mobile device for an indication of whether the current LUK is expired or needs to be replenished.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Dean in view of Wong with Dean in order to utilize existing communication messages to accomplish renewing of limited use credentials, thereby maintaining compatibility with older systems while providing new functionality for newly capable systems. 

As to claim 6, Dean in view of Wong discloses the method of claim 1 and further discloses:
subsequent to transmitting (Dean ¶ 90)  the application cryptogram to the terminal (Dean ¶ 60) and updating the current application sequence counter: (Wong ¶ 111) 
…
transmitting, by the mobile computing device, a request, to a server system, for one or more additional LUCs (“the portable communication device 201 may include an indication that the current LUK (an example of a first limited use key) present on the portable communication device is expired or otherwise needs to be replenished. The portable communication device 201 can do this on its own” Dean ¶ 80. See also Wong figure 8, step 812.)

Dean in view of Wong does not disclose: 
detecting, by the mobile computing device, that communication over the internet is possible; and 
in response to detecting that communication over the internet is possible,
and one or more additional emergency credentials, wherein the request comprises the current application sequence counter value. 

Wong further discloses:
detecting, by the mobile computing device, that communication over the internet is possible; and 
in response to detecting that communication over the internet is possible, (“An access device can determine whether such limited-use thresholds has been exceeded by communicating with an issuer or cloud-based payments platform when network connectivity is available, and if such limited-use thresholds have been exceeded, a new certificate authority public key can be provided to the access device.” Wong ¶ 64)
and one or more additional emergency credentials, (“a new signature key and associated certificates should be provisioned to the communication device to allow the communication device to conduct further ODA transactions. In some embodiments, the certificate authority public key may also have its own time-to-live limited-use threshold.” Wong ¶ 64. The signature key being distinct from the LUK: “may include the new set of account parameters (e.g., new key index, new LUK, new signature key” Wong ¶ 143)
wherein the request comprises the current application sequence counter value. (replenishment request, Wong ¶ 142. “The transaction verification log may be associated with and/or may include the key index corresponding to the LUK or set of account parameters used in the logged transactions, and a sequence counter value associated with the key index or set of account parameters indicating the number of times the LUK or set of account parameters have been replenished.” Wong ¶ 137. Replenishment request includes the ‘replenishment counter’ discussed throughout Wong.).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Dean in view of Wong with Dean by utilizing the zero dollar message of Dean ¶ 91 for a query to the mobile device for an indication of whether the current LUK is expired or needs to be replenished.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Dean in view of Wong with Dean in order to utilize existing communication messages to accomplish renewing of limited use credentials, thereby maintaining compatibility with older systems while providing new functionality for newly capable systems. 

As to claim 16, Dean in view of Wong discloses the method of claim 1 but does not further disclose:
wherein the application cryptogram is generated from said emergency credential of the one or more emergency credentials (“At block 916, the access device receives a signature generated with a signature key from the communication device. the signature key can be associated with a second set of one or more limited-use thresholds.” Wong ¶ 181. “At block 804, a transaction (e.g., an ODA transaction that is performed using an account) can be initiated, …, the communication device may generate a transaction cryptogram using the LUK and a signature using the signature key.” Wong ¶ 172. See also Wong ¶ 177)

Dean in view of Wong does not disclose:
 and the current application sequence counter value.

Wong further discloses:
and the current application sequence counter value.
(“replenishment request 422 may include some or all of the information contained in the transaction verification log” Wong ¶ 142. “The transaction verification log may be associated with and/or may include the key index corresponding to the LUK or set of account parameters used in the logged transactions, and a sequence counter value associated with the key index or set of account parameters indicating the number of times the LUK or set of account parameters have been replenished.” Wong ¶ 137. Replenishment request includes the ‘replenishment counter’ discussed throughout Wong.).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Dean in view of Wong with Dean by utilizing the zero dollar message of Dean ¶ 91 for a query to the mobile device for an indication of whether the current LUK is expired or needs to be replenished.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Dean in view of Wong with Dean in order to utilize existing communication messages to accomplish renewing of limited use credentials, thereby maintaining compatibility with older systems while providing new functionality for newly capable systems. 


Claim 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dean et al., US 2020/0314644 (filed 2017-07), in view of Wong et al., US 2015/0339664 (filed 2015-05) and Saint et al., US 2016/0065370 (2015-08).
	As to claim 2, Dean in view of Wong discloses the method of claim 1 but does not further disclose:
receiving an LUC master key with which the stored LUCs are encrypted; and storing the LUC master key only in a volatile memory device of the mobile computing device.

Saint discloses:
receiving (“a provisioning response message including a blinded static server computer public key and encrypted response data is received from server computer. Typically, the blinded static server computer public key may be a blinded form of the static server computer public key used at step 404 to generate the first shared secret.” Saint ¶ 108) an LUC master key (the session key, derived from keying material in Saint ¶ 108, see Saint ¶¶ 109-110) with which the stored LUCs are encrypted; (“the encrypted response data is decrypted using the second session key to obtain … payload data. …. The payload data or payment credentials can include …, a limited use key (LUK) that can be used to conduct future transactions” Saint ¶ 112) and storing the LUC master key only in a volatile memory device of the mobile computing device. (“key materials such as shared secrets, session keys, and the like, may be destroyed or otherwise rendered inaccessible (e.g., encrypted) at the server computer and/or user device when they are no longer needed locally.” Saint ¶ 171).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Dean in view of Wong with Saint by provisioning the LUC keys encrypted with a ‘master LUC key’ in the manner described by Saint.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Dean in view of Wong with Saint in order to securely provide the payment credentials to a terminal, thereby preventing unauthorized parties from obtaining and utilizing the payment credentials. 


Claims 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dean et al., US 2020/0314644 (filed 2017-07), in view of Wong et al., US 2015/0339664 (filed 2015-05) and Freeman et al., US 2005/0123142 (2015-05).
	As to claim 4, Dean in view of Wong discloses the method of claim 1 and further discloses:
deleting, by the mobile computing device, the matching LUC from the memory associated with the mobile computing device. (“The portable communication device 310 may then store the new LUK in favor of the previously stored LUK. In some embodiments, the previously stored LUK may be deleted so that it may not be re-used.” Dean ¶ 94)

Dean in view of Wong does not disclose: 
subsequent to updating the current application sequence counter, determining, by the mobile computing device, that the current application sequence counter value matches the application sequence counter value of one of the LUCs; and 
in response to determining that the current application sequence counter value matches the application sequence counter value of one of the LUCs,

Freeman discloses:
subsequent to updating the current application sequence counter, (“Thf3.” Freeman ¶ 54) determining, by the mobile computing device, that the current application sequence counter value matches the application sequence counter value of one of the LUCs; and 
in response to determining that the current application sequence counter value matches the application sequence counter value of one of the LUCs,
 (“key identifier of the SKRP private key 473. When an authentic rekey request for an existing key is processed, the private key is replaced with the SKRP private key 473, because the key identifier of the S SKRP private key 473 is identical to the key identifier of the private key to be replaced” Freeman ¶ 54)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Dean in view of Wong with Freeman by allowing for the new LUK response (Dean Fig. 3) to replace existing key indexes, (Freeman).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Dean in view of Wong with Freeman in order to allow for the rekeying of particular LUK instances in order to renew particular keys whose use thresholds have expired (Dean ¶ 48), thereby allowing replacement of particular keys out of order based on use thresholds. 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Sarin, US 2018/0047016, discloses preloaded digital wallet tokens for network-less transaction processing.
Sabba et al., US 11,250,391, discloses offline payment authentication.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


	 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL W CHAO/Examiner, Art Unit 2492