Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is in response to the communication filed on 3/3/2022.
 Claims 21-35 are examined and rejected. 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s) as explained below. See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Double Patent Analysis of Instant application 17,686,306 and US Patent 11,296,862.
Claims 21-35 are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-19 of U.S. Patent 11,296,862. Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is covered by the U.S. Patent 11,296,862.
This is a provisional non-statutory double patenting rejection. The assignee of the application and the patent is the same.
Exemplary claim 21 with the substantive differences between the conflicting claim 1 identified in bold / underlined is outlined below in the following comparison table.

Claim Comparison Table   
Instant Application
17,686,306
US Patent 
11,296,862
21. A method comprising: 
receiving, by an authorizing computer from a server computer, an authorization request message, the authorization request message provided in response to the server computer receiving an initialization request message from a communication device to provision access data, the authorization request message comprising a cryptogram formed using at least a first cryptographic key that is on a user device that provided the cryptogram to the communication device; 
validating, by the authorizing computer, the cryptogram using a second cryptographic key on the authorizing computer; 
generating, by the authorizing computer, an authorization response message comprising a positive authorization result; and 
transmitting, by the authorizing computer to the server computer, the authorization response message comprising the positive authorization result, wherein the server computer provide access data to the communication device in response to receiving the authorization response message and evaluating the positive authorization result.
1. A method comprising: 
receiving, by a server computer from a communication device, an initialization request message to provision access data; 
providing, by the server computer to the communication device, a dynamic data element; 
receiving, by the server computer from the communication device, a provisioning request message including a user device identifier and a cryptogram in a first message format, which is received from a user device by the communication device during a message exchange process between the user device and the communication device, wherein the cryptogram is formed using at least a first cryptographic key that is on the user device and the dynamic data element, and wherein the first cryptographic key is derived on the user device; 
generating, by the server computer, an authorization request message in a second message format by mapping data elements of the provisioning request in the first message format to corresponding data elements of the authorization request message in the second message format, the authorization request message comprising the cryptogram; 
transmitting, by the server computer, the authorization request message to an authorizing computer, wherein the cryptogram is validated using a second cryptographic key that is on the authorizing computer; 
receiving, by the server computer, an authorization response message from the authorizing computer; and in response to receiving the authorization response message, providing, by the server computer, access data to the communication device.





Claim 21 and independent claim(s) of the instant application is broader in all respects than conflicting claim 1 and independent claim(s) of Patent No. U.S. Patent 11,296,862.  It is clear that all the elements of independent claims of the instant application are to be found in the patent of independent claims. The difference between the instant application claims and claims of patent claims lies in the fact that the patented claim includes more elements and is thus more specific. 
For example, in the instant application claim 1 recites “ the authorization request message comprising a cryptogram formed using at least a first cryptographic key that is on a user device that provided the cryptogram to the communication device along with other steps” similarly in the patent claim 1 the ‘all steps of instant application claim 1 along with ‘message format by mapping data elements of the provisioning request in the first message format to corresponding data elements of the authorization request message in the second message format, the authorization request message comprising the cryptogram and other steps’. Thus, claim 21 and independent claim(s) of instant application are broader.
The pending claims of the instant application are generic to the species of patent
‘862. Thus, the generic invention is ‘anticipated’ by the species of the patented invention and the instant application claims are generic to the species of invention covered by the patent claim. Therefore, they are not patentably distinct from each other.
This is non-statutory obvious type double patenting rejection since the conflicting claims have been patented.  
A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus)." ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
This is non-statutory obvious type double patenting rejection.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 21-35 are rejected under 35 U.S.C. 103 as being unpatentable by U.S. Publication 2019/0385160 to Safak et al. (hereinafter known as “Safak”) and U.S. Publication 2016/0065370 to Le Saint et al. (hereinafter known as “Le Saint”). 

As per claim 21 Safak teaches, a method comprising: receiving, by an authorizing computer from a server computer (Safak Abstract - Fig 10A-C, Para 109-113), an authorization request message, the authorization request message provided in response to the server computer receiving an initialization request message from a communication device to provision access data (Safak Fig 10A para 109-111, element 1014 teaches device capture information. Figs 10A-C para 109-114 teaches accountholder (user) with digital wallet (mobile application / computer user) with service manager (server)), 
generating, by the authorizing computer, an authorization response message comprising a positive authorization result (Safak Fig 4a and para 86 where authorization result is BAU (business as usual) positive); and 
transmitting, by the authorizing computer to the server computer, the authorization response message comprising the positive authorization result, wherein the server computer provide access data to the communication device in response to receiving the authorization response message and evaluating the positive authorization result (Safak Fig 10E and para 116). 
Safak does not teach however LeSaint teaches, 
the authorization request message comprising a cryptogram formed using at least a first cryptographic key that is on a user device that provided the cryptogram to the communication device (LeSaint Fig 4 para 105-109); 
validating, by the authorizing computer, the cryptogram using a second cryptographic key on the authorizing computer (LeSaint Fig 8 - 9 para 150-153 and 160-170 teaches generation of cryptogram based on token and authorization credentials for device authentication with registered cryptogram). 
Safak teaches secure user / card authentication with accountholder (user) with digital wallet (mobile application / computer user) with service manager (server). Safak does not teach however LeSaint teaches authorization request based on cryptogram (Fig 8-9). Safak – LeSaint are analogous art because they both are from area of authorization / authentication of user device with financial information. 
It would have been obvious to the ordinary person skilled in the art at the time of invention to employ the teachings of Safak with LeSaint's cryptogram generation for device authentication . This would have been obvious because the ordinary person skilled in the art would have been motivated to combine to prevent cryptogram to be used for illicit purposes and prevent MITM attack (LeSaint para 2).

As per claim 22 combination of Safak – LeSaint teaches, the method of claim 21, wherein the communication device is a mobile phone and the user device is a card (Safak para 69 teaches mobile device and credit card).
As per claim 23 combination of Safak – LeSaint teaches, the method of claim 21, wherein the cryptogram is formed using a DES or triple DES encryption process (LeSaint para 104 teaches DES/AES types of encryption process).
As per claim 24 combination of Safak – LeSaint teaches, the method of claim 21, wherein the initialization request message is in a first message format and the authorization request message is in a second message format, the first and second message formats being different.
As per claim 25 combination of Safak – LeSaint teaches, the method of claim 24, wherein the first message format is an HTTP/S message format, and the second message format is an ISO 8583 message format (Vasu para 44-45 teaches use of messages in known formats of industry such as HTTPS and ISO 8583 or HTTP which are well known formats in the industry).
It would have been obvious to the ordinary person skilled in the art at the time of invention to employ the teachings of Safak – LeSaint’s secure data exchange and device authentication with Vasu’s data formats of HTTP/S and ISO 8583. This would have been obvious because the ordinary person skilled in the art would have been motivated to combine to give access to broad range of user’s with different format and to prevent MITM attack (Vasu 6).

As per claim 26 combination of Safak – LeSaint teaches, the method of claim 21, wherein the authorization request message comprises a zero amount (LeSaint para 67 and 103).
As per claim 27 combination of Safak – LeSaint teaches, the method of claim 21, wherein the authorization request message further comprises a nominal value (Safak para 113 Fig 10 C teaches token authorization message with value or QR code or message as described in ‘Terms and Conditions’ covers claimed limitation).
As per claim 28 combination of Safak – LeSaint teaches, the method of claim 21, wherein the authorization request message comprises a credential that is also stored on the user device (Safak para 112-113, Fig 10 C where user device CVM element 1212 is combined with Issuer element 206 generated token (interpreted as second crypto key and authorizing computer as ‘Issuer’ element 206) and element 1228 and 1230 teaches generation and approval of token / cryptogram - covers claimed limitation).
As per claim 29 combination of Safak – LeSaint teaches, the method of claim 21, wherein the first cryptographic key is derived on the user device (Safak para 112-113, Fig 10 C where user device CVM element 1212 of user device and element 1228 teaches token authorization – where user device 202 receives authorization message - covers claimed limitation).
As per claim 30 combination of Safak – LeSaint teaches, the method of claim 21, wherein the access data comprises data that can allow a user of the communication device to access a secure location (Safak para 24 teaches electronic terminal in a physical location). 
Claim 31,
Claim 31 is rejected in accordance with claim 1.

As per claim 32 combination of Safak – LeSaint teaches, the authorizing computer of claim 31, wherein the authorization request message further comprises a zero value amount, and a user device identifier (LeSaint para 67 and 103 teaches authentication message including – numerical value, device identifier and CVV (cryptogram) and motivation as explained in claim 1).

As per claim 33 combination of Safak – LeSaint teaches, the authorizing computer of claim 31, wherein the authorization response message comprises a user device identifier (LeSaint para 104).

As per claim 34 combination of Safak – LeSaint teaches, the authorizing computer of claim 31, wherein the access data comprises a token (LeSaint para 103).
As per claim 35 combination of Safak – LeSaint teaches, the authorizing computer of claim 31, wherein the authorizing request message comprises a nominal amount (Safak para 113 Fig 10 C teaches token authorization message with value or QR code or message as described in ‘Terms and Conditions’ covers claimed limitation).
Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Safak et al US Publication 2019/0385160
Le Saint et al US Publication 2016/0065370
Amar et al US Patent 11,134,065 
Wang et al US Patent 11,095,449
Prakash et al US Patent 10,861,019
Tanner et al US Patent 10,956,899
Mohammed et al US Patent 2019/0333055 
Aabye et al US Publication 2019/0303919

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/Examiner, Art Unit 2431