Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This is the first office action on the merits in response to the application filed on 06/07/2019.
Claims 1-20 are currently pending and have been examined.

Priority
This application claims priority of US Provisional Application No. 62/686,369 filed on 06/18/2018. Applicant’s claim for the benefit of this prior-filed application is acknowledged.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/20/2019 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Interpretation 112(f)
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 


An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. 
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
a gateway encryption service performing the following functions: receiving, from an issuer mobile application 4server, user information for a user and account information for a payment source of the user;  5transmitting the user information and the 6account information to a gateway lookup service; 11encrypting the primary account number data 12to generate encrypted provision data; and 13transmitting the encrypted provision data to 14the issuer mobile application server in Claims 1 and 14; This element is interpreted under 112(f) as the gateway 110 which may include full PAN encryption service 145. The gateway may be one or more servers that are hosted on a network (not shown)15 for communication with the domain servers 120 and the token service provider 115. The gateway 110 may be computer system 400 of FIG. 4. 7
a gateway lookup service perfuming the following functions: receiving, from an issuing host platform, primary 8account number data for the payment source; and 9transmitting the primary account number data to 10the gateway encryption service; in Claims 1 and 14; This element is interpreted under 112(f) as the gateway 110 which may include full PAN lookup service 150. The gateway may be one or more servers that are hosted on a network (not shown)15 for communication with the domain servers 120 and the token service provider 115. The gateway 110 may be computer system 400 of FIG. 4. 7The full PAN lookup service 150 may be software services installed upon the gateway 110 for providing their respective services (Paragraphs [0030-0031]). According to a set of embodiments, some or all of the procedures of the claimed methods are performed by the computer system 400 in response to processor 410 executing one25 or more sequences of one or more instructions, which might be incorporated into the operating system 440 and/or other code, such as an application program 445, contained in the working memory 435. Such instructions may be read into the working memory 435 from another computer-readable medium, such as one or more of the storage device(s) 425. Merely by way of example, execution of the sequences of instructions contained in the working memory 435 might30 cause the processor(s) 410 to perform one or more procedures of the methods described herein (Paragraph [0065]).
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. Therefore, by choosing to 
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
As per claims 1 and 14, the claimed invention is directed to an abstract idea without significantly more because:
Claims 1 and 14 recite receiving, at a gateway encryption service, from an issuer mobile application 4server, user information for a user and account information for a payment source of the user;  5transmitting, by the gateway encryption service, the user information and the 6account information to a gateway lookup service; 7receiving, at the gateway lookup service, from an issuing host platform, primary 8account number data for the payment source; 9transmitting, by the gateway lookup service, the primary account number data to 10the gateway encryption service; 11 encrypting, by the gateway encryption service, the primary account number data 12to generate encrypted provision data; and13 transmitting, by the gateway encryption service, the encrypted provision data to 14the issuer mobile application server.
Under Step 1 of the Section 101 analysis, claims 1 and 14 are directed to a method and system, which are statutory categories of invention.
Under Step 2A Prong One of the 2019 Revised Patent Subject Matter Eligibility Guidance, the claimed invention as drafted includes language (see underlined language above) that recites an abstract idea of receiving/transmitting/encrypting data without significantly more, which falls within the following groups of an abstract idea enumerated in the 2019 Patent Eligibility Guidance: directed to a mental process (i.e., receiving, transmitting, and encrypting data) but for the recitation of additional claim elements. That is, other than reciting a gateway system comprising: 2 one or more processors, and 3a memory having stored thereon computer-readable instructions that, when 4executed by the one or more processors, cause the processors to perform a process, nothing in the claim precludes the language from being considered as from being practically performed in the mind. For example, describing how the system would receive, transmit, and encrypt 
A similar analysis can be applied to dependent claims 2-13 and 15-20 which further recite the abstract idea of settling an injury claim without significantly more.
Under Step 2A Prong Two of the 2019 Revised Patent Subject Matter Eligibility Guidance, the additional claim element(s), considered individually, do not apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception and in a manner that integrates the exception into a practical application of the exception. The additional claim elements(s) “a gateway encryption service and a gateway lookup service” merely add the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea. For example, the method is being implemented on a generic computer. 
Under Step 2A Prong Two, the additional claim element(s), considered in combination, do not apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception and in a manner that integrates the exception into a practical application of the Diehr and Bascom, in which the elements limiting the exception taken together improve a technical field, the instant claim lacks an improvement to the functioning of a computer or to any other technology or technical field.
Under Step 2B, the additional claim element(s), considered individually and in combination, do not provide meaningful limitation(s) to transform the abstract idea into a patent eligible application of the abstract idea such that the claim(s) amounts to significantly more than the abstract idea itself for similar reasons outlined under Step 2A Prong Two. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 6-14, and 18-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Powell (EP 3292499 A1)/(EP 3292499 B1).

Examiner Note: Examiner mapped the claims to the published granted patent Powell (EP 3292499 B1) not the published application (EP 3292499 A1). Both publications are included in the office action.

	Regarding Claims 1 and 14, Powell teaches receiving, at a gateway encryption service, from an issuer mobile application 4server, user information for a user and account information for a payment source of the user (Paragraphs 0066-0068 teach a user may wish to load access data (i.e., payment source) into the second application (i.e., a digital wallet application); the access data may be used to activate payment account data already residing on the mobile device; the user may initiate the loading process by launching or otherwise interacting with the first application (i.e., issuer application (e.g., a mobile banking application)) that is associated with the authorization computer system (i.e., issuer computer system); the first application may present the user with an option to load an account number (e.g., a credit card account number) to the second application; in doing so, the first application may also ask the user to input the user's authentication data associated with the account number to be loaded to the second application; for example, the first application may ask the user of the mobile device for PIN or password, and optionally a username; alternatively or additionally, the first application may gather authentication data (e.g., a serial number, phone number, digital fingerprint, etc.) directly from the mobile device); transmitting, by the gateway encryption service, the user information and the 6account information to a gateway lookup service (Paragraphs 0069 teaches the  receiving, at the gateway lookup service, from an issuing host platform, primary 8account number data for the payment source (Paragraph 0070 teaches the authorization computer system validates the authentication data; it may do so by retrieving authentication data that was previously stored for the user, and then comparing the retrieved authentication data to the received authentication data; for example, the authorization computer system may store a password, can receive the corresponding password from the mobile device, and can determine if the stored password matches the received password); transmitting, by the gateway lookup service, the primary account number data to 10the gateway encryption service (Paragraph 0071 teaches if the received authentication data does match the previously stored authentication data, then the authorization computer system may generate an authentication code, which includes the consumer’s primary account identifier (i.e., transmit PAN to encryption module)); encrypting, by the gateway encryption service, the primary account number data 12to generate encrypted provision data (Paragraph 0072 teaches the authentication code (i.e., encrypted provision data) may be generated using an encryption process; the authentication code may include an encrypted portion and a non-encrypted portion; the non-encrypted portion may be used to decrypt the encrypted portion; further, the encrypted portion may include a consumer's PAN, a date and time when the authentication code was generated, and a specific authorization code generated by the authorization entity); and transmitting, by the gateway encryption service, the encrypted provision data to 14the issuer mobile application server (Paragraph 0074 teaches the authentication code is transmitted from the authorization computer system to first application in the mobile device).
	Regarding Claim 1, Powell teaches a method for provisioning instant digital access to a user payment source 2using a mobile device pay wallet (Paragraphs 0039 and 0056 teach the mobile device comprises a computer readable medium that may comprise code, executable by a processor for implementing a method comprising receiving user authentication data at a first application on the mobile device; transmitting, by the mobile device, the user authentication data to an authorization computer system; receiving, by the mobile device, from the authorization computer system, an authentication code via the first application; the authorization computer may comprise a computer readable medium that may comprise code, executable by a processor to implement a method comprising: receiving, by an authorization computer and from a mobile device, authentication data; validating, by the authorization computer, the authentication data; determining, that the authentication data are valid, in response to determining that the authentication data are valid; creating an authentication code, wherein the authentication code comprises a first portion comprising encrypted information comprising an encrypted time data element and a second portion comprising unencrypted information, the unencrypted information capable of being used to process the encrypted information; and transmitting the authentication code to the mobile device).
	Regarding Claim 14, Powell teaches a gateway system comprising:  2one or more processors, and 3a memory having stored thereon computer-readable instructions that, when 4executed by the one or more processors (Paragraphs 0038-0039, 0045, and 0048-0049 teach the exemplary mobile device may comprise a computer readable medium; the computer readable medium may comprise code, executable by the processor for implementing a method; an authorization computer system (i.e., issuer bank) comprises a server computer and an account data database coupled to the server computer; the server computer may comprise a processor, which may be coupled to a system memory and an external communication interface; a computer readable medium may also be operatively coupled to the processor; the computer readable medium may comprise a number of software modules including a communication module, an encryption module, a database update module, an authentication code generation module, an authorization module, and a validation module).

	Regarding Claim 6, Powell teaches all the limitations of claim 1 above; and Powell further teaches wherein the encrypting the primary number data 2comprises identifying a validation key from a plurality of validation keys using the primary 3account number data (Paragraphs 0091-0092 teach the second application may have device specific information such as an identifier for the mobile device or an identifier for the second application (e.g., a wallet identifier) and may transmit this information (in clear text or in hashed or encrypted form) to the first application and then to the authorization computer system (i.e., identifier identifies the private key residing on mobile device)); and signing, using the validation key, the primary account number data to generate the 5encrypted provision data (Paragraphs 0092-0093 and 0081 teach to ensure that the 

Regarding Claim 7, Powell teaches all the limitations of claim 1 above; and Powell further teaches wherein the payment source is a credit card (Paragraph 0066 teaches the access data may be payment account data such as credit card account data).

Regarding Claims 8 and 18, Powell teaches all the limitations of claims 1 and 14 above; and Powell further teaches wherein the user information for the user and the 2account information for the payment source of the user comprises a name of the user, a digital 3wallet data of the user, and an issuer nonce (Paragraphs 0068, 0072, and 0100 teach user account stored at authorization computer includes a username (i.e., name of the user); the 

Regarding Claims 9 and 19, Powell teaches all the limitations of claims 1 and 14 above; and Powell further teaches wherein the primary account number data 2comprises a sixteen-digit primary account number of the payment source and an address of the user, and a nickname of the payment source 3 (Paragraphs 0094, 0025, and 0080 teach the authorization computer system stores the primary account numbers or aliases (i.e., access data reference identifiers) of the primary account numbers; an access data reference identifier (i.e., nickname) may be used to identify particular access data; for example, a primary account number such as 4000 8198 8298 1132 (16-digits) may be represented by an account reference identifier such as XP28278978; user account may also include the address associated with the mobile device to be provisioned).

Regarding Claim 10, Powell teaches all the limitations of claim 1 above; and Powell further teaches receiving, at an issuer mobile application using a software development kit, a list of accounts for the user, wherein the payment source is selected from the list of accounts (Paragraph 0094 teaches the authorization computer system may then optionally send the primary account 

Regarding Claim 11, Powell teaches all the limitations of claim 1 above; and Powell further teaches receiving, at an issuer mobile application using a software development kit, the 3encrypted provision data (Paragraph 0074-0075 teach the authentication code is transmitted from the authorization computer system to first application in the mobile device; after the first application in the mobile device receives the authentication code, the first application then passes the authentication code to the second application in the mobile device); 4invoking, by the software development kit, a request to provision the payment 5source in the mobile device pay wallet of the user using the encrypted provision data (Paragraphs 0076-0077 teach after the authentication code is received by the second application, the mobile device then transmits the authentication code to the digital wallet server computer using any suitable electronic message format; after the digital wallet server computer receives the authentication code, the digital wallet server computer then transmits the authentication code to the validation entity computer); and 6receiving, by the software development kit, a result of the request to provision the 7payment source in the mobile device pay wallet (Paragraph 0078-0081 teaches after the validation entity computer receives the authentication code, the validation entity computer verifies it; if the 

Regarding Claim 12, Powell teaches all the limitations of claim 1 above; and Powell further teaches receiving, at the gateway encryption service, from the issuer mobile application 3server, an issuer nonce indicating that the user was authenticated by the issuer mobile application 4server (Paragraph 0071-0072 teach if the received authentication data does match the previously stored authentication data, then the authorization computer system may generate an authentication code; the authentication code may be generated in any suitable manner; the encrypted portion may include a specific authorization code (i.e., issuer nonce) generated by the authorization entity); and 5wherein the encrypting the primary account number data comprises encrypting the 6issuer nonce along with the primary account number data (Paragraph 0072 teaches the authentication code may be using an encryption process; the authentication code may include an encrypted portion and a non-encrypted portion; 

Regarding Claim 13, Powell teaches all the limitations of claim 12 above; and Powell further teaches receiving, at a token service provider, the encrypted primary account number data 3with the issuer nonce (Paragraph 0106 teaches after the digital wallet server computer receives the authentication code (i.e., comprises primary account number data and issuer nonce), the digital wallet server computer then transmits the authentication code to the validation entity computer); 4decrypting, by the token service provider, the encrypted primary account number 5data and the issuer nonce using an encryption key (Paragraph 0108 teaches after the validation entity computer receives the authentication code, the validation entity computer verifies it; the validation module in the validation entity computer may take the recently received authentication code and may decrypt any encrypted data; it may then retrieve a previously received authentication code previously received from the authorization computer system (stored in a database) and decrypt any encrypted data as well; the decrypted data from the previously stored and recently received authentication codes may then be compared to determine if the currently received authentication code and the previously stored authentication code match (thereby validating the received authentication code)); 6validating, by the token service provider, a signature of the primary account 7number data with a validation key (Paragraph 0109 teaches further, the previously described signed device and/or and 8in response to validating the signature, transmitting, by the token service provider, 9a provision request comprising the issuer nonce (Paragraph 0112 teaches if the authentication code received from the authorization computer system matches the authentication code received from the digital wallet server computer, the validation entity computer then initiates the provisioning process; the validation entity computer can transmit a message to the provisioning server computer to request that the second application of the mobile device be provisioned with the access data requested by the user of the mobile device; in another embodiment, the provisioning server computer may be part of the validation entity computer and provisioning may be initiated without the transmission of any particular provisioning instruction message).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-5 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Powell (EP 3292499 A1)/(EP 3292499 B1) in view of Pendse (US 20190108514).

Regarding Claims 2 and 15, Powell teaches all the limitations of claims 1 and 14 above; however Powell does not explicitly teach wherein the encrypting the primary account 2number data comprises:  3identifying an encryption key from a plurality of encryption keys using the 4primary account number data; and encrypting, using the encryption key, the primary account number data to 6generate the encrypted provision data.
Pendse from same or similar field of endeavor teaches wherein the encrypting the primary account 2number data comprises: 3identifying an encryption key from a plurality of encryption keys using the 4primary account number data (Paragraph 0023, 0017, and 0021 teach in response to receiving the request and authenticating the user, the digitization entity requests a personalization script from a cryptographic service provider (CSP); the CSP may be a key manager that controls keys in order to complete the digitization process and 5encrypting, using the encryption key, the primary account number data to 6generate the encrypted provision data (Paragraph 0020 teaches the digitization entity may be an encryption provider and may perform encryption of electronic data such as payment credentials; the digitization entity may receive payment information such as a PAN and generate one or more tokens representing the payment information in tokenized form; for example, the digitization entity may perform encryption based on a data encryption standard (DES)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Powell to incorporate the teachings of Pendse for the encrypting the primary account 2number data to comprise: 3identifying an encryption key from a plurality of encryption keys using the 4primary account number data; and encrypting, using the encryption key, the primary account number data to 6generate the encrypted provision data.
There is motivation to combine Pendse into Powell because the issuer and/or the CSP do not provide issuer master keys to the digitizing entity. In other words, the control of the issuer master keys is retained by the issuer and they are not exposed to the digitizing entity. Accordingly, sensitive financial information of the issuer is not divulged to a third party (Pendse Paragraph 0023).

Regarding Claims 3 and 16, the combination of Powell and Pendse teaches all the limitations of claims 2 and 15 above; however the combination does not explicitly teach wherein the encryption key identifies a token 2service provider.
Pendse further teaches wherein the encryption key identifies a token 2service provider (Paragraph 0017 teaches issuer master keys (IMKs) are unique to an issuing bank and are typically used to derive other keys used during a transaction).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Powell and Pendse to incorporate the further teachings of Pendse for the encryption key to identify a token 2service provider.
There is motivation to further combine Pendse into the combination of Powell into Pendse because an IMK may be used to generate unique keys for a specific card (known as a Card Master Key or CMK), and the CMKs are used to derive keys unique to a payment transaction through a derivation process. The derivation may be performed by a DES algorithm (e.g. triple DES) (Paragraph 0017).

Regarding Claims 4 and 17, the combination of Powell and Pendse teaches all the limitations of claims 3 and 16 above; however the combination does not explicitly teach wherein the encrypting the primary account 4number data further comprises: 5identifying a first set of encryption requirements for the mobile device pay wallet using wallet data from the mobile device pay wallet; identifying a second set of encryption requirements for the token service provider; and 9wherein encrypting, using the encryption key, the primary account number data 10comprises complying with the first set of encryption requirements and complying with the 11second set of encryption requirements.
Pendse further teaches wherein the encrypting the primary account 4number data further comprises: 5identifying a first set of encryption requirements for the mobile device pay wallet using wallet data from the mobile device pay wallet (Paragraph 0013 teaches a typical tokenization process for a digital wallet, such as Apple Pay, to request a digitization entity such as MasterCard Digital Enablement Services (MDES) to generate a token to be added to a secure device; typically, there is an exchange of secure information between the digitization entity and the mobile device hosting the digital wallet, and then the digitization entity performs the entire process on behalf of the issuing bank of the payment credential by using a secure set of keys, assigning token numbers, and the like, and then transfers the token to the digital wallet for provisioning on the mobile device; that is, in the conventional digitization process the digitization entity does everything; in order to perform all of these steps on behalf of the issuer, the digitization entity gets issuer master keys from the issuer, encrypts a package of tokenized payment information to be written onto the secure element of the mobile device, and transmits the encrypted package of tokenized payment information to the secure element of the mobile device); identifying a second set of encryption requirements for the token service provider (Paragraph 0015 teaches for example, for regulatory purposes, countries such as China require an and 9wherein encrypting, using the encryption key, the primary account number data 10comprises complying with the first set of encryption requirements and complying with the 11second set of encryption requirements (Paragraphs 0027-0028 teach generating tokenized payment information for the payment credential based on the received personalization script; the tokenized payment information is generated by the digitization entity even though the digitization entity does not have access to issuer master keys of the issuer of the payment credential; in this case, the issuer master keys may be retained by the issuer or an agent thereof without divulging the sensitive information to external sources such as the digitization entity; this process satisfies on-soil data requirements by preventing sensitive data from leaving sovereign boundaries but still allows a digital wallet to access a global payment processor to conveniently perform the payment card digitization process rather 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Powell and Pendse to incorporate the further teachings of Pendse for the encrypting the primary account 4number data to further comprise: 5identifying a first set of encryption requirements for the mobile device pay wallet using wallet data from the mobile device pay wallet; identifying a second set of encryption requirements for the token service provider; and 9wherein encrypting, using the encryption key, the primary account number data 10comprises complying with the first set of encryption requirements and complying with the 11second set of encryption requirements.
There is motivation to further combine Pendse into the combination of Powell and Pendse because the conventional tokenization process involves the issuer releasing secure information to the digitization entity. Furthermore, a number of countries and markets have on-soil requirements that prevent sensitive and secure payment information from leaving a sovereign boundary. The base invention is improved because issuer master keys (IMKs) are controlled by the issuer and may be shared with the CSP and are not shared with the digitization entity. Another 

Regarding Claim 5, the combination of Powell and Pendse teaches all the limitations of claim 2 above; however the combination does not explicitly teach receiving, at the gateway encryption service, the encryption key; storing, by the gateway encryption service, the encryption key in a database 4storing the plurality of encryption keys; and 5wherein identifying the encryption key comprises: 6identifying an associated issuer using the primary account number data; and 8searching the database for the encryption key using the associated issuer.
Pendse further teaches receiving, at the gateway encryption service, the encryption key (Paragraph 0015 teaches issuer master keys (IMKs) are controlled by the issuer and may be shared with the CSP; the issuer (or the CSP) generates a personalization script for extracting and adding payment information of a payment credential issued by the issuer and provides the personalization script to the digitization entity); 3storing, by the gateway encryption service, the encryption key in a database 4storing the plurality of encryption keys and 5wherein identifying the encryption key comprises: 6identifying an associated issuer using the primary account number data (Paragraphs 0021 and 0023 teach the issuer shares sensitive data unique to the issuer with the CSP; for example, the issuer may share issuer master keys, personalization script specifications, payment credentials, and the like, with the CSP; in response to receiving the request (and in some cases authenticating the user) the digitization entity requests a personalization script from the issuer and/or the CSP (i.e., the CSP is able to identify the issuer using the received payment credential since the CSP previously stored the issuer master keys, personalization script specifications, payment credentials received from the issuer)); 7and 8searching the database for the encryption key using the associated issuer (Paragraph 0021 and 0023 teach the CSP received issuer master keys, personalization script specifications, payment credentials; the issuer or the CSP provides the requested personalization script to the digitizing entity; the personalization script may include a unique specification for extracting payment information, and generating a tokenized payment credential (i.e., the CSP is able to search the database with the received payment credential to find the corresponding IMK and personalization script to send to the digitizing entity)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Powell and Pendse to incorporate the further teachings of Pendse to receive, at the gateway encryption service, the encryption key; store, by the 
There is motivation to further combine Pendse into the combination of Powell and Pendse Accordingly, an issuer may maintain control over sensitive information such as the IMKs and also control various details of the digitization process by generating and providing a personalization script to a digitization entity such as a payment processor. The personalization script may also be referred to as a digitization script. The digitization entity may generate tokenized payment information for the payment credential and transmit the tokenized payment information to a digital wallet executing on a mobile device. The digitization entity may perform the digitization process without having access to the IMKs (Paragraph 0011).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Makhotin et al. (US 20150073996) teaches embodiments of the present invention are directed to systems and methods for providing a central entity that can provision mobile payment applications on mobile communication devices and personalize the mobile payment applications with consumer and account information. The personalization of the mobile payment application on the mobile communication device may include provisioning a payment account on the mobile 
Wong et al. (US 20160173483) teaches a method comprising steps including: a) receiving, by a server computer from an application on a computing device, user information; b) causing, by the server computer, the application on the computing device to present an account creation query for an account; c) receiving, by the server computer via the application on the computing device, a request to create the account from a user; d) initiating, by the server computer, the creation of the account; and e) initiating, by the server computer, the provisioning of the account with an access token, where steps d) and e) occur without user input (Wong Paragraph 0007).
Deliwala et al. (US 20160364721) teaches a system may be configured to perform operations and/or steps comprising querying, by an issuer server, a network server for an alias associated with a transaction account. The issuer server may receive the alias from the network server. The issuer server may also send the alias to an issuer application. The operations may also comprise validating, by the issuer server, an account validation input entered into the issuer application. The issuer server may send an issuer signature criteria that indicate whether the 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:30 pm CST (M-Th).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.P.J./Examiner, Art Unit 3685

/JAY HUANG/Primary Examiner, Art Unit 3685