Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-16 are rejected under 35 U.S.C. 103 as being unpatentable over Cummins US 20140310182 in view of Rule et al. (Hereinafter referred to as Rule, US. Pat. No.: 10885410).

As per claim 1:
Cummins discloses a provisioning control apparatus (0041-0042: Mobile Device 104) configured to be coupled to a provisioning equipment server (The remote-SE system 10 with server), the provisioning equipment server being electrically connectable with one or more electronic devices for provisioning the one or more electronic devices with a program code, wherein the provisioning control apparatus comprises:
a communication interface configured to (0041-0042: Mobile Device 104 with communication interface) receive an electronic provisioning token ([0044] The remote-SE system 110 may build a payment token payload in order to provision the payment credentials to the mobile device 104 for use in a payment transaction. The payment token payload (PTP) may be a container used to carry payment credentials from the remote-SE system 100 to the mobile payment application 106 in the mobile device 104. The payment token payload may include a card profile 116 and a single use key 118, discussed in more detail below. The card profile 116 may include the payment credentials, and the single use key 118 may be a single use (e.g., one-time use) key used to generate a payment cryptogram valid for a single payment transaction.  [0049] The payment token payload may include the card profile 116 and the single use key 118), wherein the electronic provisioning token comprises a provisioning counter, the provisioning counter indicating a total number of transmissions of the program code towards the provisioning equipment server; and a processor configured to retrieve the provisioning counter from the received electronic provisioning token ([0051] The single use key 118 may be a payment token used one time to generate a payment cryptogram to be used in a payment transaction. The single use key may include an application transaction counter (ATC) and a generating key 208. The application transaction counter may be a count of transactions used for fraud management and authentication as will be apparent to persons having skill in the relevant art),
wherein the communication interface is further configured to transmit the program code towards the provisioning equipment server ([0055]: a chip authentication program (CAP);
wherein the processor is further configured to update a value of the provisioning counter for each transmission of the program code towards the provisioning equipment server to obtain an updated provisioning counter ([0051]; POSITA understands Application Transaction Counter (ACT):  - A counter, maintained by the chip card application (incremented by the chip), that provides a sequential reference to each transaction. A duplicate ATC, a decrease in ATC or a large jump in ATC values may indicate data copying or other fraud to the issuer).

Cummins does not explicitly disclose wherein the processor is configured to prohibit a further transmission of the program code towards the provisioning equipment server if the updated provisioning counter indicates that the total number of transmissions has been reached. Rule, in analogous art however, discloses wherein the processor is configured to prohibit a further transmission of the program code towards the provisioning equipment server if the updated provisioning counter indicates that the total number of transmissions has been reached (Column 5: lines 27-4816) In various embodiments, the authentication application 114 may coordinate with the server 120 and/or the contactless card 101 to log an authorization for a non-payment transaction in relation to a counter 104. The log may be a counter log 121 located in a memory 122 of the server 120 or a memory 102 of the contactless card 101. The log may keep a separate transaction tally of transactions that are payment transactions and non-payment transactions, irrespective of the total tally of the counter 104, and the server 120 or the contactless card 101. The server 120 and/or the authentication application 114 communicating with the contactless card may utilize the information contained therein for an anti-fraud measure. For example, the authentication application 114 and/or the server 120 may decline a payment transaction if a threshold number of non-payment transactions is too small (or too large) in between the non-payment transactions and the payment transaction or vice versa. In various embodiments, the counter log 121 containing distinguishing information, e.g. counts, between non-payment and payment transactions may be used for any other suitable purposes during an online or offline verification protocol. Column 8: lines 58-63: The counter value 104 may comprise a number that changes each time data is exchanged between the contactless card 101 and the server 120 (and/or the contactless card 101 and the mobile device 110). 
Rule further discloses (Column 14: lines 5-40:  the server 120 may utilize the counter log 121 to perform an antifraud measure. In various embodiments, counter log 121 may include time stamps associated with the counter value associated with one or more non-payment transaction. In various embodiments, the counter log 121 may include time stamps associated with the counter value associated with one or more payment transactions. In various embodiments, the counter value of the ATC in relation to a particular transaction, e.g. whether it is a payment transaction or a non-payment transaction, may also be logged. The management application 123 may be configured to compare a general number of payment transactions that take place in between non-payment transactions. If the number of payment transactions after a non-payment transaction exceeds a certain threshold, the management application 123 may deny the payment transactions, even if otherwise the transaction may be completed (e.g. since it is assumed that a user may use the payment protocol for non-payment and payment protocol, an unduly large number of payment transactions after a non-payment transactions may be considered fraudulent). In various embodiments, the opposite may be implemented, e.g. a large number of non-payment transactions being performed after a payment transaction in excess of a threshold may cause the management application 123 to deny a certain non-payment transaction when the verification or authentication takes place. In various embodiments, a threshold in relation to time between any transaction, e.g. payment or non-payment, in terms of exceeding a minimum or maximum threshold may cause the management application 123 to deny the authentication or verification operation. The counter log 121 may be used to perform any other suitable operation, including perform an anti-fraud measure in any other suitable manner. In various embodiments, the anti-fraud measure can override a valid authorization token by instructing a suitable component of the mobile device, e.g. authentication application 114, to deny an application even if the authentication token associated with the barcode is valid.
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the provisioning control apparatus disclosed by Cummins to include wherein the processor is configured to prohibit a further transmission of the program code towards the provisioning equipment server if the updated provisioning counter indicates that the total number of transmissions has been reached. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to improve authentication mechanisms for account access and completion payment transactions as suggested by Rule (column 1: lines 33-36).

As per claim 2:
Cummins and Rule disclose wherein the communication interface is configured to receive the electronic provisioning token over a communication network from a remote server (Cummins: [0043-0044]: Payment credentials corresponding to the payment account may be stored by a remote-SE (remote-secure element) system 110 for provisioning to the mobile device 104. The remote-SE system 110 may include at least a payment credentials management service 112 and a remote notification server 114. The remote-SE system 110 may build a payment token payload in order to provision the payment credentials to the mobile device 104 for use in a payment transaction. The payment token payload (PTP) may be a container used to carry payment credentials from the remote-SE system 100 to the mobile payment application 106 in the mobile device 104).

As per claim 3:
Cummins and Rule disclose wherein the communication interface is configured to communicate with the provisioning equipment server via a wired connection (Cummins: [0187] The computer system 1900 may also include a communications interface 1924, wired connection).

As per claim 4:
Cummins and Rule disclose wherein the electronic provisioning token comprises provisioning control data for controlling communications with the provisioning equipment server, and wherein the processor is configured to retrieve the provisioning control data from the electronic provisioning token and to control communications of the communication interface with the provisioning equipment server according to the provisioning control data (Cummins: [0055]: The mobile device 104 may generate a chip authentication program (CAP) token. The generation and use of CAP tokens will be apparent to persons having skill in the relevant art. The mobile device 104 may transmit the generated CAP token to the cloud system 302. The cloud system 302 may then authenticate (e.g., validate) the CAP token, such as by using a CAP token validation system as will be apparent to persons having skill in the relevant art).

As per claim 5:
Cummins and Rule disclose wherein the electronic provisioning token further comprises data defining one or more validity time periods of the electronic provisioning token and wherein the processor is configured to prohibit a transmission of the program code towards the provisioning equipment server outside of the one or more validity time periods (Cummins: [0010]: Expiry information to the server).

As per claim 6:
Cummins and Rule disclose wherein the electronic provisioning token further comprises a token identifier for identifying the electronic provisioning token and wherein the provisioning control apparatus further comprises an electronic memory, wherein the electronic memory is configured to store the token identifier in a list of electronic provisioning tokens already used or in use (Cummins: [0010]: a request for one or more tokens to a server; receiving, by the mobile device, one or more tokens from the server;. generated single use code, an identification number and/or expiry information

As per claim 7:
Cummins and Rule disclose wherein the electronic provisioning token comprises an electronic device type identifier and wherein the processor is configured to prohibit a transmission of the program code towards the provisioning equipment server for provisioning an electronic device not corresponding to the electronic device type identified by the electronic device type identifier (Cummins: [0063]: the authentication code may be computed over a unique identifier defined by the remote-SE system 110 to uniquely identify the mobile device 104, which may be provided to the mobile payment application 106 during initialization).

As per claim 8:
Cummins and Rule disclose wherein the electronic provisioning token further comprises a program code identifier and wherein the processor is configured to prohibit a transmission of the program code towards the provisioning equipment server, if the program code differs from the program code identified by the program code identifier (Cummins: [0051] The single use key 118 may be a payment token used one time to generate a payment cryptogram to be used in a payment transaction. The single use key 118 may also include an identifier used to identify the card profile 116 to which it corresponds to.  [0063]:  authentication code computed over a unique identifier).

As per claim 9:
Cummins and Rule disclose wherein the communication interface is configured to receive the electronic provisioning token in encrypted form and wherein the processor is configured to decrypt the encrypted electronic provisioning token (Cummins: [0056] The encrypted payload may be transmitted to the mobile device 104, which may decrypt the payload and then generate a dynamic card validation code based on the information included in the encrypted payload and stored payment credentials).

As per claim 10:
Cummins and Rule disclose wherein the electronic provisioning token comprises a digital signature based on a private key of a token generator server and wherein the processor is configured to verify the digital signature of the electronic provisioning token using a public key of the token generator server (Rule: Column 15: lines 33-52: a digital signature using a private key of the key pair of the card. In various embodiments, the cardholder identification information may be incorporated within the digital signature or otherwise conveyed with the digital signature. The contactless card 101 sends the digital signature to the authentication application 114 or another suitable component or application of the mobile device 110. The authentication application 114 may communicate the digital signature with the processor 119, where the processor 119 may verify the digital signature using the public key. For example, the contactless card 101 may provide a hash of the card's public key encrypted by a trusted source (e.g., a private key of a card provider), and verifying the digital signature may include: decrypting the encrypted hash (e.g., with a public key of the card provider); calculating a new hash of the digital signature).

As per claim 11:
Claim 11 is directed to have similar claimed features of claim 1 having further limitation of an electronic credit token and a credit counter with respective features of claim 1. In claim 1 above, the prior art Cummins in view of Rule disclosed an electronic credit token and a credit counter with respective with respective limitations of claim1 and therefore, claim 11 is rejected with the same rationale given above to reject claim 1. 

As per claim 12:
Cummins and Rule disclose a provisioning control system comprising: a provisioning control apparatus according to claim 1; a provisioning equipment server being electrically connectable with one or more electronic devices for provisioning the one or more electronic devices with a program code, wherein the provisioning control apparatus is coupled to the provisioning equipment server for controlling the provisioning of the one or more electronic devices; and a token generator server configured to generate the electronic provisioning token (Rule: Column 6: lines 38-41: the server 120 may transmit an authentication token (using any suitable token generating technique).

As per claim 13:
Cummins and Rule disclose wherein the token generator server is configured to generate the electronic provisioning token in response to a token request from a remote server (Cummins: [0057] An acquirer processing server 312 may receive the information at the acquirer 122 and may generate and submit an authorization request for the financial transaction including the payment credentials and dynamic card validation code to the payment network 124).

As per claim 14:
Cummins and Rule disclose wherein the token generator server is configured to verify a digital signature of the token request using a public key of the remote server, before providing the electronic provisioning token to the remote server (Rule: Column 15: lines 43-45: The authentication application 114 may communicate the digital signature with the processor 119, where the processor 119 may verify the digital signature using the public key).

As per claim 15:
Cummins and Rule disclose wherein the token generator server is configured to digitally sign the electronic provisioning token using a private key (Column 15: lines 47-50).

As per claim 16:
Claim 16 is directed to method for provisioning one or more electronic devices with a program code, wherein the method having substantially similar claimed features and therefore claim 16 is rejected with the same rationale given above to reject claim 1. 

Conclusion
The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior arts.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494