DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This communication is in respond to the applicant’s request for continued examination filed on 08/18/2022. Claims 1, 4, 5, 10, 11, and 17 have been amended. Claims 3 and 8 have been cancelled. Claims 20-25 have been added. Claims 1-2, 4-7, and 9-25 are currently pending and have been examined.

Continued Examination
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 08/18/2022 has been entered.
	
Claim Objections
Claim 20 is objected to because of the following informality. Claim 20 recites “declining transactions using a cryptograms generated using the session cryptographic key.” Examiner believes that the applicant meant to say cryptogram instead of cryptograms. Appropriate corrections are expected and appreciated.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claim 24 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
	Claim 24 recites “during a transaction requesting, the remote server, by the communication device, to provide the diversifier ID.” 
	Examiner considers that one of ordinary skill in the art would be unclear as to if the action is occurring during a transaction or a transaction requesting and by what components the action is being accomplished. For the sake of compact prosecution, Examiner will consider that the applicant meant to say during a transaction, requesting that the remove server, by the communication device, provide the diversifier ID.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C.
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459
(1966), that are applied for establishing a background for determining obviousness under 35
U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or
nonobviousness.

Claims 1, 2, 4, 5, 10, 11, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Hird et al (US20150019442) “Hird”, Wiseman (US20050149722), and further in view of Eichholz (US20140333416) 

Regarding claim 1, Hird  teaches: A method for enhancing security of a communication device when conducting a transaction, defined by transaction data, using a transaction application of the communication device by receiving transaction session keys from a key management server via a remote server, the method comprising: 
	generating, by the key management server (e.g. provisioning server), a provisioning package by:
	generating, [a] session cryptographic key by […] a session cryptographic key to a specific context defined as at least a first binding preventing data (e.g. master key), ([0084] The provisioning server 400 generates session keys from the master key and from possible values of a transaction counter maintained by both the user terminal 100 and the card issuer (block 452). The provisioning server 400 then provides the generated session keys to the user terminal 100, for example over the communication link 410 (block 456).
	the first binding preventing data selected from a group consisting of data related to the user, data related to the transaction application, data related to the communication device, data related to limited-use thresholds, geographic data, date, time, and location (Fig. 9, Item 454).
	Examiner notes that one of ordinary skill in the art would understand from reading the reference that the master key of Hird includes data related to the user’s card data which is data related to the user.
	whereby said binding of said session cryptographic key to said first binding preventing data prevents unauthorized use or access of the session cryptographic key as any deviation from the specific context used to generate the bound session cryptographic key corrupts the session cryptographic key during a subsequent unbinding phase;
	Examiner notes that the portion of the limitation which recites “whereby said binding of said session cryptographic key to said first binding preventing data prevents unauthorized use or access of the session cryptographic key as any deviation from the specific context used to generate the bound session cryptographic key corrupts the session cryptographic key during a subsequent unbinding phase”, found in the binding step, is merely a recited intended use.  This portion is given little to no patentable weight because the limitation, or portion thereof, does not claim the function(s) as being positively recited actions or functions, and/or it does not add any meaning or purpose to the associated manipulative step(s).  See MPEP 2103 C and 2111.04.  Simply because the limitation recites something as being “for … [performing a specific functionality]”, etc. does not mean that the functions are required to be performed, or are actually performed.
	encrypting the bound session cryptographic key with the [personal identification number (PIN)]; ([0015] Encrypting the session cryptographic keys may include encrypting the plurality of session cryptographic keys with a personal identification number.)
	Examiner notes that one of ordinary skill in the art, from reading the reference, would understand that a personal identification number being hashed along with the bound session cryptographic key, would be an equivalent level of encryption and one that would be obvious to try.
	incorporating the encrypted bound session cryptographic key and the encrypted [PIN] into the provisioning package; ([0017] A provisioning server according to some embodiments includes a processor, a memory coupled to the processor, and a communication module coupled to the processor. The processor is configured to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter, and to transmit the plurality of session cryptographic keys and the transaction counter to a user terminal for use in securing a financial transaction.)
	transmitting, by the key management server, the provisioning package to the remote system; (Fig. 8, Item 410, [0082]).
		Examiner notes that one of ordinary skill in the art, from reading the reference, would understand that item 410 of Figure 8, clearly teaches that the provisioning package does not go directly to the User Terminal 100 but communicates with other, remote systems.
	transmitting, by the remote system, the provisioning package to the communication device, (Fig. 8, Item 410, [0082]).
	computing a transaction cryptogram, by the communication device (e.g. Fig. 2, Card 110 as part of User Terminal 100), (Fig. 4, Items Card 110, Cryptogram 202 and 203, [0012] Generating the cryptogram may include applying a hash function to the transaction data and the first one of the encrypted session cryptographic keys.).

wherein the step of computing a transaction cryptogram comprises:
	receiving the provisioning package from the remote server; (Fig. 8, Item 410, [0082]).
	recovering the bound session cryptographic key received in the provisioning package using the recovered [PIN]; ([0007] Camouflaging the plurality of session cryptographic keys may include encrypting the plurality of session cryptographic keys in such a manner that decrypting any of the plurality of session cryptographic keys with an incorrect personal identification number produces a valid session cryptographic key.
	Examiner notes that one of ordinary skill in the art, from reading the reference, would understand that the PIN in Hird is a direct substitute for the transport key that is used to recover the bound session cryptographic key that was transmitted in the package.
	wherein the transaction is authorized or rejected based on whether the computed transaction  Amendment dated December 27, 2021cryptogram is an expected transaction cryptogram or a not expected transaction cryptogram ([0045] Referring to FIG. 3, in the process of conducting the transaction, the card 110 may generate a cryptogram 126, which is an encrypted message that is a form of transaction digest that can be used to authenticate the transaction to the card issuer 30.)

Hird does not explicitly teach a reversible binding function, however, Wiseman teaches at least a reversible binding function:
	generating, using a reversible function, a bound session cryptographic key by binding said session cryptographic key to a specific context defined as at least a first binding preventing data, ([0031] The service provider 225 validates the service key 290, thereby enabling the issuance of a session key. The service provider 225 then may send a session key using the validated service key 295, initiating the session, shown as the instruction Bind {session key} using the service key 298. [0032] For TCG operations, an encryption operation by an entity outside of a TPM is a "Bind" operation and a decryption operation within the TPM is an "Unbind" operation. The Bind operation is an encrypt operation of the session key using the public portion of the service key. Under an embodiment of the invention, the private portion of the service key cannot be used to decrypt (unbind) the session unless the platform's configuration (as represented by the appropriate set of PCRs) matches the restrictions placed on the usage of the key. This restriction is attested to by the CertifyKey operation.) 	
	determining first unbinding preventing data; ([0032] The service provider has confidence in the protection of the session key because it has verified that, even though the client has the private key that can decrypt the session key, the TPM will not do so unless the platform's configuration matches the configuration attested to by the CertifyKey for the service key.)
	whereby a determined unbinding preventing data not equal to the binding preventing data results in a corrupted unbound session cryptographic key whereas a determined preventing data equal to the binding preventing data results in an unbound session cryptographic key that is not corrupted; 
	Examiner notes that the portion of the limitation which recites “whereby a determined unbinding preventing data not equal to the binding preventing data results in a corrupted unbound session cryptographic key whereas a determined preventing data equal to the binding preventing data results in an unbound session cryptographic key that is not corrupted”, found in the unbinding step, is merely a recited intended use.  This portion is given little to no patentable weight because the limitation, or portion thereof, does not claim the function(s) as being positively recited actions or functions, and/or it does not add any meaning or purpose to the associated manipulative step(s).  See MPEP 2103 C and 2111.04.  Simply because the limitation recites something as being “for … [performing a specific functionality]”, etc. does not mean that the functions are required to be performed, or are actually performed.
	computing the transaction cryptogram using a one-way cryptographic hash function to the transaction data using the unbound session cryptographic key, (Fig. 3, [0045] The cryptogram is generated by encoding transaction data 122 using a cryptographic key 120 stored in the user terminal 100.)
	unbinding the session cryptographic key from the specific context using the determined first unbinding preventing data using an inverse function of the reversible function, ([0032] For TCG operations, an encryption operation by an entity outside of a TPM is a "Bind" operation and a decryption operation within the TPM is an "Unbind" operation. The Bind operation is an encrypt operation of the session key using the public portion of the service key. Under an embodiment of the invention, the private portion of the service key cannot be used to decrypt (unbind) the session unless the platform's configuration (as represented by the appropriate set of PCRs) matches the restrictions placed on the usage of the key.)
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman. As Wisemen states: [0003] If a first agent (a client) desires a service from a second agent (a service provider), the second agent may require proof of the authority and authenticity of the first agent before providing the service. The second agent requires assurance that the first agent will not misappropriate information, attack the system, or otherwise cause damage. When such assurance is obtained, a session key may be issued, the session key providing confidentiality, integrity, or both to the services requested and rendered.

Neither Hird nor Wiseman explicitly teach ‘transport key’ or ‘static key’, however, Eichholz teaches at least  ‘transport key’ and ‘static key’:
	generating a transport key; ([0020] Optionally, further a transport key is computed for encrypting the identification data to be transmitted, and the identification data are encrypted with the transport key. The encryption of the identification data with a transport key can be omitted optionally, since they are stored in the data memory in encrypted form anyway.
	encrypting the bound session cryptographic key (e.g. identification data) with the transport key; ([0020] Optionally, further a transport key is computed for encrypting the identification data to be transmitted, and the identification data are encrypted with the transport key. The encryption of the identification data with a transport key can be omitted optionally, since they are stored in the data memory in encrypted form anyway.)
	encrypting the transport key with a static key (e.g. data key) stored on the communication device (e.g. terminal) or retrievable by the communication device; (  Amendment dated December 27, 2021 ([0021] Optionally, in the key reading step, before the data key is transmitted to the terminal, an authentication process is carried out--that is referred to as "second" authentication process for the sake of differentiability--, wherein at least one authentication is carried out between the microprocessor chip and the terminal. Preferably, a key-transport key is computed additionally for encrypting the data key to be transmitted, and the data key is encrypted with the key-transport key before it is transmitted to the terminal. Optionally, the data key is stored in the key memory in unencrypted form, and should thus be encrypted before transmission to the terminal. If the data key is stored in the key memory in encrypted form, the additional encryption with the key-transport key can be omitted optionally. However, then the key for decrypting the data key must be made known to the terminal.)
	incorporating the encrypted bound session cryptographic key and the encrypted transport key into the provisioning package; ([0023] Optionally, in the data reading step, a transport key is computed that is employed optionally only for encrypting the identification data for the data reading step, optionally only for encrypting the data key for the key reading step, optionally for both the encryption of the identification data and the encryption of the data key, respectively before the transmission of the data in question to the terminal.)
	retrieving the static key (e.g. data key); ([0039] FIG. 3 shows a key reading step according to an embodiment of a method according to the invention. The key reading step comprises an authentication process carried out via the short-range interface 13, wherein a mutual authentication and Diffie-Hellman key agreement is carried out between the microprocessor P and the terminal 20, according to the PACE protocol, chapter 4.2 of the BSI TR-03110. [0040] Now the terminal decrypts the encrypted identification data ID with the decrypted data key KD.)
	recovering the transport key by decrypting the encrypted transport key received in the provisioning package using the static key; ([0039] The data key KD encrypted with the transport key KT-KD is transmitted by the microprocessor P via the short-range interface 12 to the terminal 20 and decrypted at the terminal 20.)
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman and the levels of encryption and decryption of Eichholz. In order to prevent unauthorized use of the data. As Eicholz states: [0027] An identification document according to the invention has a microprocessor, a data memory, wherein identification data are stored or storable in a form encrypted with a data key or at least in a decryptable form, and a key memory accessible for the microprocessor, wherein the data key is stored or storable, and is characterized by a long-range interface, via which a long-range radio connection can be established between the data memory and a terminal, and a short-range interface, via which a short-range radio connection can be established between the key memory and a terminal, an in that the data key or the key memory is so secured that a transmission of the data key or other data from the key memory to a terminal is possible via the short-range radio connection and is impossible via the long-range radio connection. Thereby an unnoticed spying out of the data key from the air interface, thus while the data key is being radio-transmitted, is prevented or at least strongly impeded.
	In regards to claim 10 and claim 11, system claim 10 and claim 11 corresponds generally to method claim 1, and recites similar features in system form, and therefore are rejected under the same rationale.

	Regarding claim 11, claim 11 teaches limitations not found in claims 1 or 10. 
Specifically:
	the transaction application further comprising a controlling unit, the controlling unit comprising a security module; (Hird [0039] As noted above, the electronic payment credentials in the card 110 may include cryptographic keys that are used to digitally sign transaction data for verification/authentication purposes. For security purposes, it is generally not desirable to store this sensitive data in a normal memory that may be subject to tampering or hacking. Instead, cards are typically stored within a "Secure Element" (SE), which is a tamper-resistant chip that provides secure data storage along with a cryptographic microprocessor to facilitate transaction authentication and security, and provide secure memory for storing payment applications. Payment applications can also run within the Secure Element.
	the processing unit [being operated to] transmit, to the security module of the controlling unit, the encrypted bound session cryptographic key bound to the specific context; (Hird [0069] According to some embodiments, the provisioning server or the user terminal 100 iterates through a number of possible values of the transaction counter (possibly including all possible values of the ATC), and generates a number of session keys using the transaction counter values and the master key (block 304). In some embodiments, the session keys may be pre-generated by, for example, a provisioning server operated by the card issuer 30, and subsequently provided to the user terminal 100. Thus, the user terminal 100 need not actually generate the session keys, and the master key may not be stored on the user terminal 100, thereby increasing the security of the master key.)

Regarding claim 2, Hird teaches: The method according to previous claim 1, wherein the binding of the session key to a specific context of the session key comprises the following step: 
	obfuscating the session key with said binding preventing data for unauthorized use or access of the session cryptographic key ([0007] Camouflaging the plurality of session cryptographic keys may include encrypting the plurality of session cryptographic keys in such a manner that decrypting any of the plurality of session cryptographic keys with an incorrect personal identification number produces a valid session cryptographic key.)

Regarding claim 4, Hird  teaches: The method according to claim 1, further comprising:	
	deriving, by the key management server, the [cryptographic key] from a master key and a diversifier ID; ([0014] A user terminal according to some embodiments includes a processor, a memory coupled to the processor, and a communication module coupled to the processor. The processor is configured to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter.)
	wherein the master key is stored by the communication device; and ([0014]…to store the session cryptographic keys).
	retrieving, by the communication device, the [cryptographic key] comprises deriving the [cryptographic key] from the master key and the diversifier ID (e.g. transaction counter), and ([0066] The processor is configured to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter, to store the session cryptographic keys.)
	decrypting, by the communication device, the encrypted [personal identification number] using the retrieved  [cryptographic key]; and ([0016] The processor may be configured to camouflage the plurality of session cryptographic keys in such a manner that decrypting any of the plurality of encrypted session cryptographic keys with an incorrect personal identification number produces a valid session cryptographic key.)
	deleting, by the communication device, the  [cryptographic key] after computation of the transaction cryptogram ([0014] …to transmit the cryptogram to the transaction terminal using the communication module, to update the transaction counter, and to delete the first one of the plurality of encrypted session cryptographic keys from the user terminal.)

Hird does not explicitly recite ‘static key’, however Eichholz teaches at least ‘static key’:	
	deriving the static key from the master key and the diversifier ID, and ([0039] FIG. 3 shows a key reading step according to an embodiment of a method according to the invention. The key reading step comprises an authentication process carried out via the short-range interface 13, wherein a mutual authentication and Diffie-Hellman key agreement is carried out between the microprocessor P and the terminal 20, according to the PACE protocol, chapter 4.2 of the BSI TR-03110. [0040] Now the terminal decrypts the encrypted identification data ID with the decrypted data key KD.)
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird and the levels of encryption of Eichholz. As Eicholz states: [0027] An identification document according to the invention has a microprocessor, a data memory, wherein identification data are stored or storable in a form encrypted with a data key or at least in a decryptable form, and a key memory accessible for the microprocessor, wherein the data key is stored or storable, and is characterized by a long-range interface, via which a long-range radio connection can be established between the data memory and a terminal, and a short-range interface, via which a short-range radio connection can be established between the key memory and a terminal, an in that the data key or the key memory is so secured that a transmission of the data key or other data from the key memory to a terminal is possible via the short-range radio connection and is impossible via the long-range radio connection. Thereby an unnoticed spying out of the data key from the air interface, thus while the data key is being radio-transmitted, is prevented or at least strongly impeded.

Regarding claim 5, Hird teaches: The method according to the previous claim 1, wherein retrieving of the [personal identification number] comprises the following step: 
extracting, by the communication device, the [personal identification number] stored as hard coded text into the transaction application code or stored in a secure memory ([0059] Essentially, cryptographic camouflage operates by carefully encrypting the financial key in a manner such decrypting the key with any possible PIN will reveal a valid-looking key, with no error report. Only by attempting a transaction will an attacker find out if the correct PIN has been guessed. The card issuer can lock the account after a pre-set number of attempts, thus nullifying the brute-force attack.) 

Hird does not explicitly recite ‘static key’, however Eichholz teaches at least ‘static key’:	
extracting, by the communication device, the static key stored as hard coded text into the transaction application code or stored in a secure memory ([0039] FIG. 3 shows a key reading step according to an embodiment of a method according to the invention. The key reading step comprises an authentication process carried out via the short-range interface 13, wherein a mutual authentication and Diffie-Hellman key agreement is carried out between the microprocessor P and the terminal 20, according to the PACE protocol, chapter 4.2 of the BSI TR-03110. [0040] Now the terminal decrypts the encrypted identification data ID with the decrypted data key KD.)
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird and the levels of encryption of Eichholz.  As Eichholz states: [0027] An identification document according to the invention has a microprocessor, a data memory, wherein identification data are stored or storable in a form encrypted with a data key or at least in a decryptable form, and a key memory accessible for the microprocessor, wherein the data key is stored or storable, and is characterized by a long-range interface, via which a long-range radio connection can be established between the data memory and a terminal, and a short-range interface, via which a short-range radio connection can be established between the key memory and a terminal, an in that the data key or the key memory is so secured that a transmission of the data key or other data from the key memory to a terminal is possible via the short-range radio connection and is impossible via the long-range radio connection. Thereby an unnoticed spying out of the data key from the air interface, thus while the data key is being radio-transmitted, is prevented or at least strongly impeded.

Regarding claim 17, Hird recites: The method according to claim 1, wherein said specific context is defined by 
	a second binding preventing data selected from a group including data related to the user, data related to the transaction application, data related to the communication device, data related to limited-use thresholds, geographic data, date, time, and location, and to a second binding preventing data selected from a group including data related to the user, data related to the transaction application, data related to the communication device, data related to limited-use thresholds (Fig. 9, Item 454), [0004] The methods include generating a plurality of session cryptographic keys from a master cryptographic key.)
	Examiner further notes that the phrase “from a group including data related to the user, data related to the transaction application, data related to the communication device, data related to limited-use thresholds, geographic data, date, time, and location,” is non-functional because is merely describes, at least in part, the contents on the data generated, however, applicant is not positively reciting a step where the data is utilized. It has been held the nonfunctional descriptive material will not distinguish the invention from the prior art in term of patentability. (In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP 2111.05), Ex parte Nehls 88 USPQ2d 1883 (BPAI 2008) (precedential).
	Further, Examiner considers the second set of ‘binding preventing data’ to be Mere duplication of parts has no patentable significance unless a new and unexpected result is produced (see MPEP §2144.04 VI (B)).

Regarding claim 18, Hird teaches: The method according to claim 4, further comprising: 
	requesting, by the communication device, from the remote system, the diversifier ID ([0063] The EMV algorithm named "CSK" has been adopted by several important card specifications for the generation of session keys from the master key. The EMV CSK algorithm takes the master key MK and a transaction counter, such as the EMV-defined Application Transaction Counter (ATC), as inputs and generates a session key SK as an output by constructing various byte sequences and encrypting them with the master key, and then choosing certain output bytes to become the session key.)

Regarding claim 19, Hird teaches: The method according to claim 1, further comprising: 
	associating the transport key with at least one limited-use threshold ([0019] The plurality of secret items may be one time passwords.)

Regarding claim 20, Hird teaches: The method according to claim 1, further comprising: 	incorporating at least one limited-use threshold (e.g. secret item) associated with the encrypted bound session cryptographic key into the provisioning package; ([0019] The plurality of secret items may be one time passwords.)
	upon expiration of the at least one limited-use threshold  (e.g. secret item) associated with the encrypted bound session cryptographic key, declining transactions using a cryptograms generated using the session cryptographic key and replenishing (e.g. different for every transaction) the account parameters including the encrypted bound session cryptographic key ([0048] Later versions of EMV use a 16 byte "Application Cryptogram Master Key" (MK), and from that generate a 16 byte "Application Cryptogram Session Key" (SK), for each transaction. The session key is a secret item that is stored in the card. The session key, which is different for every transaction, is used to generate a cryptogram in much the same way as the original CK was used. There are several different algorithms in use for generating a session key from a master key.)

Regarding claim 21, Hird teaches: The method according to claim 1, further comprising: 
	associating at least one limited-use threshold with the encrypted transport key; and ([0048] Later versions of EMV use a 16 byte "Application Cryptogram Master Key" (MK), and from that generate a 16 byte "Application Cryptogram Session Key" (SK), for each transaction. The session key is a secret item that is stored in the card. The session key, which is different for every transaction, is used to generate a cryptogram in much the same way as the original CK was used. There are several different algorithms in use for generating a session key from a master key.)

	upon expiration of the at least one limited-use threshold associated with the encrypted transport key, declining transactions using the encrypted transport key ([0019] The plurality of secret items may be one time passwords.)
	Examiner notes that one of ordinary skill in the art, from reading the reference, would understand that once the one time password is used, it cannot be used again.

Regarding claim 22, Hird teaches: The method according to claim 1, further comprising: 
	upon receiving an enrollment request from the communication device, operating the remote server to perform identification, authentication, and verification of a user of the communication device and an account of the user, and ([0053] As noted above, the cryptographic keys may be stored in a Secure Environment (SE). The Secure Environment may be protected by a Personal Identification Number (PIN). Thus, when the user opens the payment application on the user terminal 100, the user must enter a PIN, which is checked by the Secure Environment before being given access to the cards stored on the user terminal. The user then chooses a card and executes the transaction. The cryptographic keys should never leave the Secure Environment. If a thief steals a user's user terminal, the thief cannot use the cards without knowing the PIN.)
	transmitting a provisioning request to the key management server to generate the bound session cryptographic key ([0067] During a transaction, a cryptogram is generated based on one of the encrypted session cryptographic keys and transaction data for the transaction. The cryptogram is transmitted to the transaction terminal.)
	Examiner notes that the portion of the limitation which recites “to generate the bound session cryptographic key”, found in the transmitting step, is merely a recited intended use.  This portion is given little to no patentable weight because the limitation, or portion thereof, does not claim the function(s) as being positively recited actions or functions, and/or it does not add any meaning or purpose to the associated manipulative step(s).  See MPEP 2103 C and 2111.04.  Simply because the limitation recites something as being “for … [performing a specific functionality]”, etc. does not mean that the functions are required to be performed, or are actually performed.

Regarding claim 23, Hird teaches: The method according to claim 1, wherein 
	the limited-use threshold is selected from a group consisting of a limited time, a limited number of transactions, a limited cumulative transaction amount ([0019] The plurality of secret items may be one time passwords.)

Regarding claim 24, Hird teaches: The method according to claim 4, further comprising: 
	during a transaction requesting, the remote server, by the communication device, to provide the diversifier ID (e.g. seed) ([0046] The cryptographic keys, or "financial keys" may include, in some embodiments, keys of the form: a symmetric key (such as a 3DES key or an Advanced Encryption Standard (AES) key), a secret, a secret byte array, a seed, and/or a controlled datum.)

Regarding claim 25, Hird teaches: The method according to claim 4, further comprising: 	transmitting the diversifier ID from the key management server to the remote server (e.g. Card Issuer 205); and (Fig. 4, Generate Cryptogram 202, 203 and 205)
	forwarding the diversifier ID from the remote server to the communication device (e.g. POS terminal), (Fig. 4, 207)



Claims 6-9 and 12-16 are rejected under 35 U.S.C. 103 as being unpatentable over Hird et al (US20150019442) “Hird”, Wiseman (US20050149722), Eichholz (US20140333416) and further in view of Flurscheim (US20160140545)

Regarding claim 6, neither Hird, Wiseman nor Eichholz explicitly teach ‘key management using thresholds’, however, Flurscheim from a same or analogous art, teaches: The method according to claim 1, wherein 
	the session cryptographic key is associated with a set of one or more limited-use thresholds that limit usage of the session cryptographic key ([0215] The transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds and/or verification of the transaction cryptogram. In some embodiments, if the token or the LUK has use restrictions that limit the usage to particular type of transactions (e.g., contactless reader transaction, magnetic stripe reader transaction, etc.), a transaction conducted via a different reader mechanism than the associated usage of the token or LUK may be declined. For example, if a token is restricted for contactless reader transactions, but is received by a magnetic stripe reader of an access device, the transaction can be denied, and vice versa).
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the threshold use of Flurscheim. As Flurscheim states: [0006] Embodiments of the invention instead utilize limited-use account parameters that may have a limited lifespan, and once expired, may no longer be used to conduct a transaction until the limited-use account parameters are replenished from the cloud (e.g., a remote computer). Hence, transactions conducted using the techniques described herein may be referred to as “cloud-based transactions.” [0007] According to some embodiments, a method for enhancing the security of a communication device when conducting a transaction using the communication device may include receiving, from a remote computer, a token that is provisioned for conducting magnetic stripe reader transactions, and receiving a limited-use key (LUK) that is associated with a set of one or more limited-use thresholds that limits usage of the LUK. The communication device may generate a transaction cryptogram using the LUK. An inductive coil of the communication device may generate an emulated magnetic signal representing data that includes the token instead of a real account identifier and the transaction cryptogram to transmit the token and the transaction cryptogram to a magnetic stripe reader of an access device to conduct the transaction. The transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.
 
Regarding claim 7, neither Hird, Wiseman nor Eichholz explicitly teach ‘key management using thresholds’, however, Flurscheim from a same or analogous art, teaches: The method according to claim 6, wherein 
	the set of one or more limited-use thresholds may include at least one of a time-to-live threshold indicating the duration of time for which the session cryptographic key is valid, a predetermined number of transactions for which the session cryptographic key is valid, and/or a cumulative transaction amount indicating the total transaction amount summed across one or more transactions for which the session cryptographic key is valid (Fig. 13 and 14, [0030] By managing the delivery and lifecycle of the limited-use account parameters between a set of network based capabilities and the portable communication device, the compromise of mobile application software and/or account credentials stored on a portable communication device becomes only a limited security risk, because stolen limited-use account parameters can at most be used for only a small number of transactions or limited monetary amount. [0047] A "limited-use threshold" may refer to a condition that limits the usage of a piece of information. A limited-use threshold may be exceeded or exhausted when the underlying condition is met. For example, a limited-use threshold may include a time-to-live that indicates an amount of time for which a piece of information is valid, and once that amount of time has elapsed, the limited-use threshold is exceeded or exhausted, and the piece of information may become invalid and may no longer be used. As another example, a limited-use threshold may include a number of times that a piece of information can be used, and once the piece of information has been used for that number of times, the limited-use threshold is exceeded or exhausted, and the piece of information may become invalid and may no longer be used. [0030] By managing the delivery and lifecycle of the limited-use account parameters between a set of network based capabilities and the portable communication device, the compromise of mobile application software and/or account credentials stored on a portable communication device becomes only a limited security risk, because stolen limited-use account parameters can at most be used for only a small number of transactions or limited monetary amount).
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the threshold use of Flurscheim. As Flurscheim states: [0006] Embodiments of the invention instead utilize limited-use account parameters that may have a limited lifespan, and once expired, may no longer be used to conduct a transaction until the limited-use account parameters are replenished from the cloud (e.g., a remote computer). Hence, transactions conducted using the techniques described herein may be referred to as “cloud-based transactions.” [0007] According to some embodiments, a method for enhancing the security of a communication device when conducting a transaction using the communication device may include receiving, from a remote computer, a token that is provisioned for conducting magnetic stripe reader transactions, and receiving a limited-use key (LUK) that is associated with a set of one or more limited-use thresholds that limits usage of the LUK. The communication device may generate a transaction cryptogram using the LUK. An inductive coil of the communication device may generate an emulated magnetic signal representing data that includes the token instead of a real account identifier and the transaction cryptogram to transmit the token and the transaction cryptogram to a magnetic stripe reader of an access device to conduct the transaction. The transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Regarding claim 9, neither Hird, Wiseman nor Eichholz explicitly teach ‘key management’, however, Flurscheim from a same or analogous art, teaches: The method according to claim 1, wherein 
	after the computation of the transaction cryptogram, deleting, by the communication device, the session cryptographic key (Fig. 9, [0182] When the mobile application of portable communication device 901 receives the new set of account parameters (e.g., new LUK and new key index associated with the LUK), the mobile application delete the previous set of account parameters and associated transaction verification log details and usage tracking, and store the new set of account parameters. If the new set of account parameters has different usage limits for the set of one or more limited-use thresholds, the one or more limited-use thresholds can be updated with the new usage limits. The mobile application also increments the sequence counter for each successful account parameters replenishment. Once the mobile application has updated the set of account parameters, the mobile application of portable communication device 901 may send a confirmation 934 to MAP 980, and MAP 980 may forward this as confirmation 936 to CBPP 970 to confirm that the account parameters replenishment process was successful).
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the deletion of potentially compromising data of Flurscheim. As Flurscheim states: [0073] After an account has been provisioned for cloud-based transactions, the lifecycle management functionality may allow the user or the issuer to manage the lifecycle of the provisioned account. Lifecycle management events such as suspension or deletion of an account may be consumer-initiated. For example, reporting a lost or stolen portable communication device and/or an associated card by the consumer may trigger suspension or deletion of an account from a portable communication device, or a user may elect to remove a provisioned account from the portable communication device. Lifecycle management events can also be issuer-initiated, for example, based on risk management or account reissuance activities. In some embodiments, other parties that may be involved in the processing of cloud-based transactions or managing cloud-based accounts, including merchants or multi-issuer mobile wallet providers, may also initiate lifecycle actions.

Regarding claim 12, neither Hird, Wiseman nor Eichholz explicitly teach ‘trusted execution environment’, however, Flurscheim from a same or analogous art, teaches: The non-transitory memory storing a transaction application according to claim 11, wherein 
	the security module is a white box cryptography or a Trusted Execution Environment ([0119] The card verification results (CVR) may include information about the CVM verifying entity and the CVM verified type for the transaction. The CVM verifying entity is used to indicate which entity is performing the verification of the CVM for the transaction. The verification entity may be the access device (or terminal), a co-residing secure application, a trusted execution environment application, the mobile application itself, a remote server (e.g., the cloud), or the mobile operating system).
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the TEE or white box cryptography use of Flurscheim. As Flurscheim states: [0159] A TEE can be a secure environment on a communication device for secure execution of an application or other functionalities. The TEE can be supported in software, hardware, firmware or a combination thereof. The TEE may be implemented so that its execution and data space are isolated from other environments executing code on the communication device. For example, a TEE may have dedicated or protected processing and system resources, such as secure storage and protected memory buffers. In some implementations, a TEE may have paging structures, exception handlers, protected memory regions and hardware resources dedicated or associated with the TEE. A TEE is not limited to but may be implemented using virtualization technology.

Regarding claim 15, neither Hird, Wiseman nor Eichholz explicitly teach ‘trusted execution environment’, however, Flurscheim from a same or analogous art, teaches:  The non-transitory memory storing a transaction application according to claim 11, wherein 
	the processing unit and the controlling unit are in the form of a software developer kit integrated into the transaction application ([0084] According to some embodiments, mobile application 115 may include on-device cloud-based transaction software 113 (e.g., can be in the form of a software developer kit (SDK)) integrated into mobile application 115 to support cloud-based transaction functionalities).
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the use of the developer programming of Flurscheim. As Flurscheim states: [0084] The on-device cloud-based transaction software 113 may also manage the initial service profile parameters (e.g., limited-use thresholds) that are provided after an account has been provisioned to ensure that requests for account parameter replenishment and other account parameter management activities are initiated.
In regards to claim 13, system claim 13 corresponds generally to system claim 15, and recites similar features in system form, and therefore is rejected under the same rationale.

Regarding claim 16, neither Hird, Wiseman nor Eichholz explicitly teach ‘trusted execution environment’, however, Flurscheim from a same or analogous art, teaches: The transaction application according to claim 11, wherein 
	the processing unit is implemented in platform independent code and the controlling unit is implemented in native code ([0363] Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network).
	Examiner considers that one of ordinary skill in the art, from reading the reference would understand that Java TM is considered a platform independent code and C++TM is considered to be native code.
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the use of the developer programming of Flurscheim as it would be obvious to try multiple programming languages that fit the needs of the situation.
In regards to claim 14, system claim 14 corresponds generally to system claim 16, and recites similar features in system form, and therefore is rejected under the same rationale.



Response to Arguments
	Applicant argues on pages 16-17 of the response that the Examiner has not correctly shown a 35 U.S.C. Prima Fascia case of obviousness. Specifically: Neither Hird nor Wiseman teach “generating, using a reversible function, a bound session cryptographic key.”
	Examiner acknowledges applicant’s arguments but respectfully disagrees. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Hird is being used to teach Key management server and the first binding preventing data. Wiseman is being used to teach using a reversible function, a bound session cryptographic key. Applicant is merely picking apart the references without considering the combination.

Applicant argues on page 17 of the response that the Examiner has not correctly shown a 35 U.S.C. Prima Fascia case of obviousness. Specifically: Thus, in Wiseman, it is the service provider that "binds" the session key and not, as claimed herein, the key management server. 
Furthermore, in Wiseman the operation that is referred to as a binding is an 
encryption of the session key using the service key. In contradistinction, in the claims the binding is with "preventing data selected from a group consisting of data related to the user, data related to the transaction application, data related to the communication device, data related to limited-use thresholds, geographic data, date, time." Because Wiseman's "binding" operation is an encryption using a generated key, the operation does not meet the claimed limitation of being with a "preventing data selected from a group consisting of data related to the user, data related to the transaction application, data related to the communication device, data related to limited-use thresholds, geographic data, date, time."
	Examiner acknowledges applicant’s arguments but respectfully disagrees. The Service Key meets the requirement as being related to user data.
	Applicant argues on pages 17-18 of the response that the Examiner has not correctly shown a 35 U.S.C. Prima Fascia case of obviousness. Specifically: The examiner suggests that the first binding data is taught by Hird, Fig. 9, 454. Applicants disagree with such a reading of Hird, Fig. 9, 454. Hird 454 merely states to "generate session keys from master key and possible values of transaction counter."
	Examiner acknowledges applicant’s arguments but respectfully disagrees. The Service Key or Master key meets the requirement as being related to user data. As 452 states “provide card data including master key” which shows how the two sets of data are related.
	Applicant argues on pages 18-19 of the response that the Examiner has not correctly shown a 35 U.S.C. Prima Fascia case of obviousness. Specifically: This is a case of finding building blocks and putting them together into a rejection. Even if all the building blocks exist in the prior art, that is not enough because it is the case with every invention that they are constructed from that which existed in the prior art. The issue is whether it would be obvious to make the combination. The examiner has not articulated a motivation to combine Hird, Wiseman, Eichholz.”
	Examiner acknowledges applicant’s arguments but respectfully disagrees. Examiner has gone through each combination and has used the teaching motivation from each reference why a combination should be made. In response to applicant's argument that there is no reason for a combination, the fact that applicant has recognized another advantage which would flow naturally from following the suggestion of the prior art cannot be the basis for patentability when the differences would otherwise be obvious.  See Ex parte Obiaya, 227 USPQ 58, 60 (Bd. Pat. App. & Inter. 1985).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Each of the prior art listed in the PTO-892 and not directly recited in this office action, disclose anticipation and/or obviousness to combine concerning the applicant’s claims and are therefore included. 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TERRY N MURRAY whose telephone number is (313)446-6556. The examiner can normally be reached Monday-Thursday 6 AM-4 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/T.N.M./Examiner, Art Unit 3685                                                                                                                                                                                                        
/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685