Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 9/6/2022 has been entered.

Response to Arguments
In communications filed on 8/2/2022, claims 1-3, 5, 6, 8, 9, 11, 12, 15, and 18-26 are presented for examination. Claims 1, 11, and 20 are independent.
Amended claim(s): 1 and 11.
Rejection of claims under 35 USC 112 is withdrawn in view of amendments to the claims.
Applicants’ arguments, see Applicant Arguments/Remarks filed 8/2/22, with respect to claim(s) rejected under prior art have been fully considered but are unpersuasive. Contrary to Applicant’s arguments, the claims merely recite a “card” and not a “contactless card.” Cited art of record explicitly discloses the protocol is directed to contactless card/mobile payment systems (Jay: Fig. 1, pages 108-109). 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-3, 5, 6, 8, 9, 11, 12, 15, 18-22, 24-26 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Jayasinghe, Danushka, et al. "Enhancing EMV Tokenisation with Dynamic Transaction Tokens." International Workshop on Radio Frequency Identification: Security and Privacy Issues. Springer, Cham, 2016 (hereinafter ‘Jay’)

As regards claim 20, Jay discloses: A computer readable non-transitory medium comprising computer executable instructions that are executed on a processor and comprising the steps of: storing, on a card having integrated memory and processor, a key, one or more identification credentials associated with a user, and an applet communicatively coupled to an application running on a device associated with the user; (Jay: Fig. 2, Table 2, pages 114-115, i.e., the SE i.e., the card, storing applets, credentials wherein the TATC i.e., running on SE communicates with TATC (i.e., application) of TSP and is associated with user)
transmitting a cryptogram created by executing the applet, to the application running on the device associated with the user, wherein the cryptogram comprises the one or more the identification credentials encrypted with the key; (Jay: page 116, i.e., Message 4, i.e., SE requesting a token from the TSP using a cryptogram wherein the cryptogram comprises IDs and encrypted with a key) 
transmitting, by the application and in response to receiving the cryptogram, an access token to the applet executing on the card, wherein the access token is generated upon validation of the one or more identification credentials decrypted by the application running on the device associated with the user, the access token being encrypted by the application prior to transmission to the applet executing on the card; (Jay: page 116, i.e., Message 5, i.e., the TSP verifies the received cryptogram and generates and sends a token to the SE wherein the token is encrypted) 
decrypting, by the applet executing on the card, the access token using the key; (Jay: pages 115-117, i.e., the SE deciphers and verifies the encrypted token)
storing the decrypted access token on the card; and (Jay: pages 115-117, i.e., the SE deciphers and verifies the encrypted token)
transmitting, after entry of the communication interface into a communication field, the access token to a reader associated with a second system to thereby grant the user access to the second system based on a verification of the access token by the second system, wherein the access token is encrypted, with a public key of the second system before being transmitted to the reader. (Jay: pages, 115-117, i.e., the SE transmits the encrypted token to T for performing transaction wherein the token is encrypted with public key)

Claims 1 and 11 recite substantially the same features recited in claim 20 above and are rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 2, Jay discloses the card of claim 1, wherein the one or more processors are further configured to receive a challenge, from the second system, via the communication interface, wherein the challenge includes a public key and an encrypted test. (Jay: pages 115-116, i.e., the SE receiving the encrypted nt (i.e., the challenge test), Certso(T) which includes the public key of T)

Claim 12 recites substantially the same features recited in claim 2 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 3, Jay discloses the card of claim 2, wherein the one or more processors are further configured to transmit, responsive to the challenge, a challenge response via the communication interface. (Jay: pages 115-116, i.e., the SE responds back to the challenge)

As regards claim 5, Jay discloses the card of claim 2, wherein the one or more processors are further configured to decrypt the encrypted test and include the decrypted test, along with the access token stored on the card, in the challenge response transmitted to the second system via the communication interface. (Jay: pages 115-116, i.e., the SE receiving the encrypted nt (i.e., the challenge test), Certso(T) which includes the public key of T, and SE decrypts the encrypted values and sends back the response to T that includes the decrypted values)

Claim 15 recites substantially the same features recited in claim 5 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 6, Jay discloses the card of claim 1, wherein the one or more processors are further configured to encrypt the access token, being transmitted to the reader associated with the second system, using a public key associated with the second system. (Jay: pages 115-116, i.e., the contactless transaction authentication wherein the terminal responds to mobile device by sending encrypted certificate i.e., access token)

As regards claim 8, Jay discloses the card of claim 1, wherein each entry of the communication interface into the communication field generates a challenge. (Jay: pages 115-116, i.e., the challenge/response is part of each payment phase that starts when communication is established between the device and the T) 

Claim 18 recites substantially the same features recited in claim 8 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 9, Jay discloses the card of claim 1, wherein the access token comprises a limited use token. (Jay: pages 115-117, i.e., the token has an expiration associated with it and is per transaction basis)

Claim 19 recites substantially the same features recited in claim 9 above and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 21, Jay discloses the card of claim 1, wherein the access token generated by the first application encapsulates a security identity established through verification of the one or more identification credentials contained within the cryptogram transmitted by the card. (Jay: pages 115-116, msg 1, 2, establishing the identities)

As regards claim 22, Jay discloses the card of claim 1, wherein the second system queries an authentication system to verify a validity of the access token received from the card. (Jay: pages 115-116)

As regards claim 24, Jay discloses the card of claim 1, wherein the applet executing on the card is communicatively coupled to the first application, running on the device associated with the user, using Near Field Communication (NFC). (Jay: page 108)

As regards claim 25, Jay discloses the card of claim 1, wherein the verification of the one or more user identification credentials in the cryptogram received by the first application running on the user device is performed by an authentication database communicatively coupled to the first application. (Jay: Fig. 2, pages 115-118)

As regards claim 26, Jay discloses the method of claim 11, wherein the access token comprises an access identifiers for identifying one or more access privileges granted via the access token. (Jay: page 116, i.e., the token data)

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jay in view of US 20140052548 A1 (hereinafter ‘Dokken’).

As regards claim 23, Jay discloses the card of claim 1, wherein the second system is configured to validate the access token transmitted by the card (Jay: Fig. 2, pages 115-118)
However, Jay does not but in analogous art, Dokken (US 20140052548 A1) teaches: using one of an Open Authorization (OAuth) protocol and Security Assertion Markup Language (SAML) protocol. (Dokken: ¶268, i.e., using OAuth and SAML to validate token)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Jay to include using well-known and commonly used token exchange and authentication protocols such as OAuth and SAML to issue and verify a token as taught by Dokken with the motivation to use secure industrial protocols for issuing and verifying tokens. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995. The examiner can normally be reached Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SYED A ZAIDI/Primary Examiner, Art Unit 2432