Acknowledgements
This communication is in response to applicant’s response filed on 01/11/2021.
Claims 1, 9, and 16 have been amended. 
Claims 1-20 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Regarding applicant’s arguments:
Regarding applicant’s argument under Claim Rejections - 35 USC § 103 that the combination of Cage (US 20170076293) in view of Smeets (US 20090205028) does not disclose the new features of “generating a first binary string of the first customer credential data; generating a second binary string of the second customer credential data; generating a third binary string of an international mobile subscriber identity (IMSI) number associated with a device identity module of the computing device, wherein the device identity module is configured to permit the computing device to receive one or more telecommunications services through the IMSI number,” examiner respectfully argues that applicant’s argument is moot in light of the new grounds of rejection necessitated by the amendments to claim 1. Applicant makes a similar argument 
Applicant argues dependent claims 2-8, 10-15, and 17-20 are patentable because of their dependency on independent claims 1, 9, and 16. Examiner respectfully argues applicant’s arguments are moot in light of the new grounds of rejection necessitated by the amendments to claims 1, 9, and 16. 

Priority
This application claims the benefit of US Provisional Application No. 62/260,116 filed on 11/25/2015. Applicant’s claim for the benefit of this prior-filed application is acknowledged.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4, 9-10, 12, 16-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Tilton (US 20140215586) in view of Brand (US 20110086616).

Regarding Claims 1, 9 and 16, Tilton teaches receiving, from a computing device of a customer, (i) customer information associated with the customer, and (ii) first customer credential data provided by the customer on the computing device (Paragraph 0042 teaches verifying an individual is a legitimate user of a first authentication credential by capturing authentication data (i.e., biometric data) from the individual); obtaining a digital identification corresponding to the customer based at least on the customer information, wherein the digital identification specifies second customer credential data that is verified as identifying the customer (Paragraphs 0042, 0032, and 0039 teach the corresponding authentication data included in the first authentication credential may be the biometric data; FIG. 2 is a diagram illustrating exemplary data that may be stored in a first authentication credential issued to an authorized individual by an authorized entity; the first authentication credential includes, but is not limited to, biometric data of the authorized individual and any type of device data associated with the first authentication credential; an authentication entity obtains an authentication credential and determines whether the first authentication credential is valid; more specifically, the computer verifies that the first authentication credential has not expired and that the data included in the first authentication credential has not been improperly changed, and by validating the device data); determining that the first customer credential data matches the second customer credential data specified by the digital identification (Paragraph 0042 teaches comparing the captured authentication data against corresponding authentication data included in the first authentication credential; when the captured and corresponding authentication data match, the individual is successfully authenticated and is verified as a legitimate user of the first authentication credential); in response to determining that first customer credential data matches the second customer credential data specified by the digital identification: generating a first binary string of the first customer credential data; generating a second binary string of the second customer credential data; generating a third binary string of a device data associated with a device identity module of the computing device, wherein the device identity module is configured to permit the computing device to receive one or more telecommunications services; generating a customer identification sequence for the customer by concatenating the first binary string, the second binary string, and the third binary string (Paragraphs 0043, 0033, 0046, 0035, and 0032 teach after successfully verifying that the individual is a legitimate user, the computer continues by requesting the AC system to determine whether a second authentication credential of the individual is stored therein; the second authentication credential is the enrollment data record of an authorized individual enrolled in the AC system and includes biometric data, biometric template data, and personal data of the individual; when the AC system finds the unique identifier of the individual a second authentication credential of the individual is stored in the AC system, the AC system verifies that the second  the derived authentication credential, which is a combination of data from the first and second credentials; more specifically, the derived authentication credential is the second credential combined with the device data of the first authentication credential, wherein the device data, as combined with the second authentication credential, functions as binding data; device data may include, but is not limited to data associated with a hardware component (i.e., SIM card) of an authentication credential; a legitimate holder or user of an authentication credential is the authorized individual to whom the credential was issued by an authorized entity (i.e., device identity module is configured to permit the computing device to receive one or more telecommunications services)); storing, within the device identity module, the customer identification sequence as a token identity, wherein the token identity identifies a mapping between the second customer credential data and the device data of the computing device of the customer (Paragraphs 0046 and 0035 teach after generating the derived authentication credential, the AC system continues by storing the derived authentication credential therein; the derived authentication credential is a combination of data from the first and second credentials; more specifically, the and providing data indicating the token identity for output (Paragraph 0046 teaches the AC system continues by transmitting a message to the computer indicating that a derived authentication credential was successfully generated for the individual).
However, Tilton does not explicitly teach wherein the device data associated with a device identity module of the computing device comprises an IMSI number. 
Brand from same or similar field of endeavor teaches wherein the device data associated with a device identity module of the computing device comprises an IMSI number (Paragraph 0015 teaches the International Mobile Subscriber Identity (IMSI) number of the SIM card being used in the mobile phone).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in Tilton, which teaches device data of the computing device may be a hardware component such as the SIM card, to incorporate the teaching of Brand, which teaches the device data is specifically the IMSI number of the SIM card.
	There is motivation to combine Brand into Tilton because the IMSI number is a number that uniquely identifies every user of a cellular network by identifying the subscriber’s account information and services. The base invention is improved because the IMSI is an authenticated permanent identity of the mobile subscription, and can be used to track and identify who has been in a certain place at a certain time providing a more reliable way of correctly verifying the customer identity.
Regarding Claim 1, Tilton teaches a computer-implemented method (Paragraph 0039 teaches a flowchart illustrating an exemplary process for generating derived authentication credentials (i.e., customer identification sequence) used by the security system for individuals enrolled in the AC system).
	Regarding Claim 9, Tilton teaches a system comprising: one or more computers; and one or more storage devices storing instructions that, when executed by the one or more computers, cause the one or more computers to perform operations (Paragraphs 0016 and 0029 teach an exemplary embodiment of a security system for generating and using derived authentication credentials; the security system includes a communications device, an authentication station computer, an authentication computer (AC) system, and a credential validation server (CVS) system configured to communicate with each other over a network and with other systems (not shown) and devices (not shown); the communications device, the computer, the AC system, and the CVS system, respectively, each include a processor (not shown) and a memory (not shown); the processors execute instructions, or computer programs, stored in the respective memories (not shown) of the communications device, the computer, the AC system, and the CVS system).
	Regarding Claim 16, Tilton teaches a non-transitory computer-readable storage device encoded with computer program instructions that, when executed by one or more computers, cause one or more computers to perform operations (Paragraph 0031 teaches the each of the communications device, the computer, the AC system, and the CVS system comprises a computer-readable recording medium used to store data; moreover, each of the respective 

	Regarding Claims 2, 10, and 17, the combination of Tilton and Brand teaches all the limitations of claims 1, 9, and 16 above; and Tilton further teaches wherein the device identity module comprises a subscriber identity module (SIM) card (Paragraph 0031 teaches the communications device comprises a computer-readable recording medium used to store data; moreover, each of the respective memories (not shown) can be a computer-readable recording medium used to store computer programs or executable instructions that are executed, respectively, by the communications device; furthermore, the memories may include SIMs).

	Regarding Claims 4, 12, and 19, the combination of the combination of Tilton and Brand teaches all the limitations of claims 1, 9, and 16 above; and Tilton further teaches wherein: the first customer credential data comprises a first biometric identifier provided by the customer on the computing device (Paragraph 0042 teaches the corresponding authentication data included in the first authentication credential may be the biometric data); the second customer credential data comprises a second biometric identifier that (i) has been verified by an issuing authority that issues the digital identification and (ii) stored in one or more databases associated with the issuing authority (Paragraph 0039 teaches the authentication entity obtains an authentication and determining that the first customer credential data matches the second customer credential data specified by the digital identification comprises determining that the first biometric identifier matches the second biometric identifier (Paragraph 0042 teaches after determining the first authentication credential is valid, processing continues by verifying the individual is a legitimate user of the first authentication credential; more specifically, processing continues by comparing the captured authentication data against corresponding authentication data included in the first authentication credential; when the captured and corresponding authentication data match, the individual is successfully authenticated and is verified as a legitimate user of the first authentication credential).

Claims 3, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Tilton (US 20140215586) in view of Brand (US 20110086616) in further view of Yang (US 20160057624).

Regarding Claims 3, 11, and 18, the combination of Tilton and Brand teaches all the limitations of claims 1, 9, 16 above; however the combination does not explicitly teach wherein the device identity module comprises an electronic subscriber identity module (eSIM) assigned to the computing device by a service provider that provisions the one or more one or more telecommunications services.
Yang from same or similar field of endeavor teaches wherein the device identity module comprises an electronic subscriber identity module (eSIM) assigned to the computing device by a service provider that provisions the one or more one or more telecommunications services (Paragraphs 0029 and 0032 teach the eUICC can be configured to store multiple eSIMs for accessing the different MNOs through the base stations, for example, the eUICC can be configured to store an eSIM for each MNO to which mobile device is subscribed; the eUICC OS can also be configured to manage eSIMs that are stored by the eUICC, e.g., by activating the eSIMs within the eUICC).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tilton and Brand to incorporate the teachings of Yang for the device identity module comprises an electronic subscriber identity module (eSIM) assigned to the computing device by a service provider that provisions the one or more one or more telecommunications services.
There is motivation combine Yang into the combination of Tilton and Brand because eSIM enables users to change operator remotely, straight from their phone, without having to acquire a new SIM card. It also allows people to store .

Claims 5-6, 13-14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Tilton (US 20140215586) in view of Brand (US 20110086616) in further view of Cage (US 20170076293).

Regarding Claims 5, 13, and 20, the combination of Tilton and Brand teaches all the limitations of claims 1, 9, and 16 above; however the combination does not explicitly teach wherein the digital identification comprises a digital driver license issued to the customer by a state department of motor vehicles. 
Cage from same or similar field of endeavor teaches wherein the digital identification comprises a digital driver license issued to the customer by a state department of motor vehicles (Paragraphs 0056-0057 teach user data obtained by the system may be a driver’s license and the system accesses the database, scans the database records based one or more parts of the user data or the photo and locates a record associated with the user).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tilton and Brand to incorporate the teachings of Cage for the digital identification to comprise a digital driver license issued to the customer by a state department of motor vehicles.


Regarding Claims 6 and 14, the combination of Tilton, Brand, and Cage teaches all the limitations of claims 5 and 13 above; however the combination does not explicitly teach wherein: the first customer credential data comprises a driver license number provided by the customer on the computing device; the second customer credential data comprises a verified driver license number specified in a customer record associated with the state department of motor vehicles; and determining that the first customer credential data matches the second customer credential data specified by the digital identification comprises determining that the driver license number provided by the customer on the computing device matches the verified driver license number specified in the customer record. 
Cage further teaches wherein: the first customer credential data comprises a driver license number provided by the customer on the computing device (Paragraph 0056 teaches user data obtained by the system may be a driver’s license including the identification card number); the second customer credential data comprises a verified driver license number specified in a customer record associated with the state department of motor vehicles (Paragraph 0057 teaches the system accesses the database, scans the database records based on or more parts of the user data (i.e., identification card number) and locates a record associated with the user); and determining that the first customer credential data matches the second customer credential data specified by the digital identification comprises determining that the driver license number provided by the customer on the computing device matches the verified driver license number specified in the customer record (Paragraph 0059 teaches upon determining the authentication credential is valid, the system accesses a user record associated with the authentication credential stored in the system when the user was registered for a digital identification).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tilton, Brand, and Cage to incorporate the further teachings of Cage for the first customer credential data to comprise a driver license number provided by the customer on the computing device; the second customer credential data to comprise a verified driver license number specified in a customer record associated with the state department of motor vehicles; and determining that the first customer credential data matches the second customer credential data specified by the digital identification comprises determining that the driver license number provided by the customer on the computing device matches the verified driver license number specified in the customer record.
.

Claims 7-8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Tilton (US 20140215586) in view of Brand (US 20110086616) in further view of Dill (US 20150032626).

Regarding Claim 7 and 15, the combination of Tilton and Brand teaches all the limitations of claims 1, 9, and 16 above; however the combination does not explicitly teach providing, to the computing device, an instruction to store the token identity on the computing device in association with the device identity module; and after providing the instruction to store the token identity on the computing device in association with the device identity module: obtaining data indicating (i) an electronic transaction requested to be performed in association with the IMSI number, (ii) the token identity stored on the computing device, and (iii) third customer credential data provided on the computing device with the electronic transaction.
Brand further teaches providing, to the computing device, an instruction to store the token identity on the computing device in association with the device identity module (Paragraph 0028 teaches the application then creates a unique digital identifier (henceforth referred to as a fingerprint) uniquely associated with the specific mobile phone of the user; the fingerprint (i.e., token identity) is created as a function of the International Mobile ; and after providing the instruction to store the token identity on the computing device in association with the device identity module: obtaining data indicating (i) an electronic transaction requested to be performed in association with the IMSI number, (ii) the token identity stored on the computing device, and (iii) third customer credential data provided on the computing device with the electronic transaction (Paragraph 0031-0032 teach the user attempts to conduct a secure online (Internet) banking transaction, wherein the user enters his account number (equivalent to a username) (i.e., third credential) and password on the Internet banking website on his computer; before proceeding to login, the user initiates the authentication application on his/her mobile phone and sends the digital fingerprint via the network to the authentication server).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tilton and Brand to incorporate the further teachings of Brand to provide, to the computing device, an instruction to store the token identity on the computing device in association with the device identity module; and after providing the instruction to store the token identity on the computing device in association with the device identity module: obtaining data indicating (i) an electronic transaction requested to be performed in association with the IMSI number, (ii) the token identity stored on the computing device, and (iii) third 
There is motivation to further combine Brand into the combination of Tilton and Brand because as the digital fingerprint cannot be duplicated without having the user's mobile phone in hand, this implies that no third party can log into the user's authentication protected domain without having the user's username, password as well as mobile phone in hand (Brand Paragraph 0035).
However, the combination of Tilton and Brand does not explicitly teach determining that the third customer credential data does not match the second customer credential data specified by the mapping identified in the token identity; and determining that the third customer credential data is not valid based on determining that the third customer credential data does not match the second customer credential data specified by the mapping identified in the token identity.
Dill from same or similar field of endeavor teaches determining that the third customer credential data does not match the second customer credential data specified by the mapping identified in the token identity (Paragraphs 0078, 0075, and 0208-0209 teach a token requestor identifier may be used in a transaction during authorization processing, for example, a token requestor identifier may be passed through a transaction request message to validate that the entity that is initiating the transaction is the same as the entity that requested and manages the token; a “token requestor identifier” (i.e., third credential) may include any characters, numerals, or other identifiers associated with an entity associated with a network token system; a payment enabler (e.g., a ; and determining that the third customer credential data is not valid based on determining that the third customer credential data does not match the second customer credential data specified by the mapping identified in the token identity (Paragraph 0209 teaches the token requestor identifier may allow the network token system to ensure that a token is being provided by the entity that initially asked for the token, and when the token requestor identifier does not match the stored token in the token vault any transaction associated with the authorization request message may be denied (i.e., the transaction is not valid)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tilton and Brand to incorporate the teachings of Dill to determine that the third customer credential data does not match the second customer credential data specified by the mapping identified in the token identity; and determine that the third customer credential data is not valid based on determining that the third customer credential data does not match the second customer credential data specified by the mapping identified in the token identity.
There is motivation to combine Dill into the combination of Tilton and Brand because the token requestor identifier may allow the network token system to 

Regarding Claim 8, the combination of Tilton, Brand, and Dill teaches all the limitations of claim 7 above; however the combination does not explicitly teach determining that the electronic transaction requested to be performed in association with the IMSI number is potentially fraudulent based on determining that the third customer credential data is not valid; and providing, to a service provider that provisions the one or more telecommunications services, an indication that the electronic transaction requested to be performed in association with the IMSI number is potentially fraudulent. 
Dill further teaches determining that the electronic transaction requested to be performed in association with the IMSI number is potentially fraudulent based on determining that the third customer credential data is not valid (Paragraphs 0144 and 0209 teach the token registry database may store a token requestor identifier, an IMSI, a mobile application ; and providing, to a service provider that provisions the one or more telecommunications services, an indication that the electronic transaction requested to be performed in association with the IMSI number is potentially fraudulent (Paragraphs 0209 and 0291 teach the token record may be inactivated and/or otherwise indicated as being compromised and the network token system may further inform the consumer, an issuer, and any other interested parties associated with the compromised token record; the network token system as discussed with different embodiments provides a platform that can be leveraged by external entities (e.g., third party wallets, e-commerce merchants, payment enablers/payment service providers, etc.)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tilton, Brand, and Dill to incorporate the further teachings of Dill to determine that the electronic transaction requested to be performed in association with the IMSI number is potentially fraudulent based on determining that the third customer credential data is not valid; and provide, to a service provider that provisions the one or more telecommunications services, an indication that the electronic transaction requested to be performed in association with the IMSI number is potentially fraudulent.
.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Blom (US 20130086167) teaches an approach is provided for identity expression in digital media. A user identity platform processes and/or facilitates a processing of contextual data associated with a user, one or more devices associated with the user, or a combination thereof to determine one more or user personality characteristics. The user identity platform then causes, at least in part, a generation of one or more identity tokens based, at least in part, on the one or more user personality characteristics. In one embodiment, the one or more identity tokens represent the user in one or more services, one or more applications, or a combination thereof.
McNeal et al. (US 20120109829) teaches methods and systems of preventing fraud in electronic transaction and verification are described herein. The method includes obtaining information from a recipient; splitting the information into multiple parts; encrypting one or more of the multiple parts and encoding said encrypted part on different locations of a token; and encrypting the remaining portions of the split information and storing the encrypted remaining portions in one or more information stores. At a subsequent time, when the recipient provides the token to complete a transaction or to establish identity, retrieving the multiple portions from the one or more information stores and the token and combining or .
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:00 pm CST (M-F).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.P.J./Examiner, Art Unit 3685

/JAY HUANG/Primary Examiner, Art Unit 3685