DETAILED ACTION

Claims 1-20 are presented for examination. Claims 21-28 have been cancelled.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The Information Disclosure Statement(s) submitted by applicant on 02/10/2021 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

	Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Flurscheim et al. (US Patent Application No.  20160140545 ) (Hereinafter Flurscheim) in view of Hayhow l et al. (US Patent Application No. 20130132283) (Hereinafter Hayhow).

As per claims 1 and 9, Flurscheim discloses a processor computer comprising, and a method comprising: 
generating, by a processor computer, a first master key for a token requestor (para 75, Limited use key derived from master key), the first master key being generated based (para 75, Limited use key derived from master key) on (a) a second master key managed by the processor computer (para 75, LUK derived from master key) and (b) an identifier of the token requestor (para 75, 97, the preparation and delivery of cloud-based account parameters (e.g., alternate account identifier or token));
 transmitting, by the processor computer to a token requestor computer corresponding to the token requestor, the first master key (para 75, 97, the preparation and delivery of cloud-based account parameters (e.g., alternate account identifier or token, initial LUK and associated key)); 
receiving, by the processor computer from the token requestor computer, a request for a token (para 76, Token service  can be used to generate, process, and maintain tokens); 
responsive to receiving the request for the token, transmitting, by the processor computer, the token to the token requestor computer (para 76, Token service  can be used to generate, process, and maintain tokens); and 
receiving, by the processor computer from the token requestor computer, an authorization request message (para 90, an authorization request message).. Flurscheim does not specifically disclose comprising the token and a cryptogram generated by the token requestor computer using the first master key and the token (para 90, an authorization request message including the account identifier or token, and additional information such as a transaction cryptogram and other transaction data). However, Hayhow discloses request comprising the token and a cryptogram generated by the token requestor computer using the first master key and the token (para 57, configured to generate the requested cryptogram  by applying the transaction message, the token identification number and the master cryptographic key as inputs to a suitable cryptographic algorithm.)
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Flurscheim and Hayhow. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

As per claims 2 and 10, claims are rejected for the same reasons as claim 1, above. In addition, Hayhow discloses wherein the token requestor computer generates a cryptogram generation key using the first master key, and the cryptogram is generated using the cryptogram generation key and the token(para 57, configured to generate the requested cryptogram  by applying the transaction message, the token identification number and the master cryptographic key as inputs to a suitable cryptographic algorithm.).

As per claims 3 and 11, claims are rejected for the same reasons as claim 1, above. In addition, Hayhow discloses further comprising: validating, by the processor computer, the cryptogram (para 59, maintain the integrity of the cryptogram verification).

As per claims 4 and 12, claims are rejected for the same reasons as claim 1, above. In addition, Hayhow discloses further comprising: identifying, by the processor computer, a primary account identifier corresponding to the token (para 59, verify the token cryptogram); 
generating, by the processor computer, a modified authorization request message comprising an indication of the validation of the cryptogram and the primary account identifier (para 59, uses to verify the token cryptogram  and/or to recover/generate the token cryptographic key(s), the revised transaction request cryptogram  and/or the revised transaction authorization cryptogram); and 
transmitting, by the processor computer to an authorization computer, the modified authorization request message (para 59, the revised transaction authorization).
As per claims 5 and 13, claims are rejected for the same reasons as claim 1, above. In addition, Flurscheim discloses further comprising receiving, by the processor computer, an authorization response message from the authorization computer (para 93, An authorization response message is then sent back to payment processing network), the authorization response message comprising an authorization result generated by the authorization computer based on the modified authorization request message (para 93, The authorization response results).

As per claims 6 and 15, claims are rejected for the same reasons as claim 1, above. In addition, Flurscheim discloses wherein the token is domain restricted (para 76, a token may have its own set of use restrictions, and token service).

As per claims 7 and 14, claims are rejected for the same reasons as claim 1, above. In addition, Hayhow discloses wherein the second master key is stored in a hardware secure module (HSM) in the processor computer (para 59, HSM module).

As per claims 8 and 16, claims are rejected for the same reasons as claim 1, above. In addition, Flurscheim discloses wherein the first master key has a limited use (para 75, Limited use key).

As per claim 17, claim is rejected for the same reasons and motivation as claim 1, above.

As per claim 18, claims are rejected for the same reasons as claim 1, above. In addition, Flurscheim discloses further comprising: after receiving the first master key, transmitting, by the token requestor computer to the processor computer, a request for the token, wherein the token is received responsive to transmitting the request for the token (para 75, Limited use key is interpreted as master key derived from master key [second key], para 75, 97, the preparation and delivery of cloud-based account parameters (e.g., alternate account identifier or token)).

As per claim 19, claims are rejected for the same reasons as claim 1, above. In addition, Hayhow discloses generating, by the token requestor computer, an authorization request message comprising the token and the cryptogram para 59, uses to verify the token cryptogram  and/or to recover/generate the token cryptographic key(s), the revised transaction request cryptogram  and/or the revised transaction authorization cryptogram); and transmitting, by the token requestor computer to the processor computer, the authorization request message, thereby causing the processor computer to validate the cryptogram (para 59, the revised transaction authorization).

As per claim 20, claims are rejected for the same reasons as claim 1, above. In addition, Flurscheim discloses wherein the first master key was generated by the processor computer using a second master key (para 75, LUK derived from master key).

Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493