Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
The instant application having Application No. 17/548,944 is presented for examination by the examiner.  Claims 21-40 are pending.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 21-37 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
As per claims 21 and 29, it is unclear which entity comprises the first limited use key.  As written, the first limited use key could be comprised by the message, the transaction, or the portable communication device.  For purposes of examination, the message comprises the first limited user key as it appears first in the claim and the response message contains the second limited use key.
Dependent claims 22-28 and 30-37 are likewise rejected.
 


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.



Claims 21, 23, 24, are 26-30 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by USP 4,423,287 to Zeidler.

As per claims 21 and 29, Zeidler teaches receiving, by a remote server [Acquirer 12], an authorization request message from an access device [terminal 10] during a transaction between the access device and a portable communication device [user’s credit card; col. 7, lines 40-50; col. 10, lines 11-15] comprising a first limited use key [the field of the transaction request message consisting of current session key applied to the PIN implicitly;  col. 10, lines 58-59 and col. 11, lines 15-17]; 
determining, by the remote server, a second limited use key (col. 14, lines 45-60); 
modifying, by the remote server, an authorization response message to include the second limited use key (col. 14, lines 61-65); and
 transmitting, by the remote server, the modified authorization response message comprising the second limited use key to the access device (col. 14, line 65).

As per claim 23, Zeidler teaches obtaining the authorization response message further comprises: transmitting, by the remote server, the authorization request message to a host system [issuer 20; col. 11, line 62 and col. 13, lines 44-46], wherein the host system determines if the transaction should or should not be authorized and generates the authorization response message (col. 14, lines 11-26); and 
receiving, by the remote server, the authorization response message from the host system comprising data indicating an approval or denial of the transaction (col. 14, lines 29-30 and 40-45).

As per claim 24, Zeidler teaches determining, by the remote server, if the second limited use key is to be issued to the portable communication device based on a counter or timestamp [a valid TTN in the response message that matches a TTN entry in the active transaction file 81, means that the next session key should be sent to the TID.  Counting as receipt of a received TNN triggers the use of a new session key because they are only used once; col. 14, lines 55-65].

As per claims 26 and 30, Zeidler teaches the remote server is in a processing network (Fig. 1).
As per claim 27, Zeidler teaches the authorization request message further comprises an indicator that indicates that the first limited use key will expire soon or expire with the transaction [TTN in transaction request message 82 will indicate the key associated with its TID must be updated once receiving the TTN in the response message 140; col. 14, lines 55-65], wherein after receiving the authorization request message the method further comprises: storing, by the remote server, the indicator [stored in 81; Fig. 5].
As per claim 28, Zeidler teaches determining the second limited use key further comprises: determining, by the remote server, that the second limited use key is needed by acknowledging the indicator [a valid TTN in the response message that matches a TTN entry in the active transaction file 81, means that the next session key should be sent to the TID.  Counting as receipt of a received TNN triggers the use of a new session key because they are only used once.  The new session key is placed into message 141; col. 14, lines 55-65].  


Claims 38 and 39 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by USP Application Publication 2022/0122061 to Musil et al., hereinafter Musil.

As per claim 38, Musil teaches a method comprising: 
receiving, by a host system [issuer 108], an authorization request message during a transaction between a portable communication device [114] and an access device [102] from a processing network [100] (0024, 0056, and 0061), 

wherein the authorization request message comprises a real account identifier (0060) and an indicator [token] that indicates that a first limited use key stored by the portable communication device (0017) will expire soon or expire with the transaction [the token in the request is the same token stored in the application on the user’s portable device 114 along with its keys.  The same token was also stored in the token vault along with the current status information for the token (0041). An indication when checking the token’s additional information in the vault (as per 0056) that the token is invalid would implicitly render that token’s key expired as well]  
wherein the authorization request message requests authorization for the transaction (0056); 
determining, by the host system, if the transaction should or should not be authorized (0061); 
generating, by the host system, an authorization response message comprising the real account identifier [PAN is provided in the response; 0060], data indicating an approval or denial of the transaction [authorization decision], and the indicator [token is provided/appended to the response] (0061); and 
transmitting, by the host system, the authorization response message to the processing network (0061).
As per claim 39, Musil teaches the authorization request message further comprises a cryptogram (0024), wherein the method further comprises: verifying, by the host system, that the transaction is consistent with the cryptogram (0058).

Allowable Subject Matter
Claims 22, 25, 30, and 40 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.  The rejection under 35 USC §112 must also be overcome.
Claims 22 and 31 require the access device obtaining the first limited use key from portable communication device.  Zeidler cannot easily be modified in a such way that the session key is stored on the credit card.  There is no need for this as the terminals store the session key including the updated session keys.  Prior art Musil teaches sending tokens and cryptograms in authorization request messages and the portable communication device does store token keys.  However, the authorized response message does not contain a limited use key.  In similar prior art by the Applicant, the second limited use keys are requested and delivered in messaging other than the transaction authorization.
Claim 25, requires the modified authorization message transmitted to the portable communication device.  Zeidler cannot easily be modified in a such way that the credit card receives the modified authorization message including storing the session key on the credit card.  There is no need for this as the terminals store the session key including the updated session keys.  Prior art Musil does not teach the authorized response message carrying a key transmitted back to the portable communication device via the merchant 102.  In similar prior art by the Applicant, the second limited use keys are requested and delivered in messaging other than the transaction authorization.
Claim 40, it is found allowable over the prior art for the same reason as claim 25.  Zeidler teaches the authorization response message containing a new session key but is not sent to the credit card.   
In summary, Zeidler teaches the authorization response message containing a new session key and Musil teaches storing keys on the portable communication device.  However, there is no obvious way to modify Zeidler to store the keys on its portable communication device.  Furthermore, there is no obvious way to modify Musil such that the new session keys are delivered to the portable communication device in a response message for a transaction request.  It would not have been obvious to one of ordinary skill in the art to modify the Inventor’s previous work (cited with the prior art) to incorporate the transaction response comprising the session key as taught by Zeidler because the session keys apply to the communication between the credit card and the terminal. 




Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Friday, 9:30am - 5:30pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431