DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1, 3, 15, and 17 are amended.
Claims 2, 4-6, 8, 16, 18-22, and 28 are canceled.
Claims 7 and 9-14 are withdrawn.
Claim 29 is new.
Claims 1, 3, 7, 9-15, 17, 23-27, and 29 are pending.

Response to Remarks
35 U.S.C. § 101
Applicant contends that the claims are directed towards patent eligible subject matter.  Examiner respectfully disagrees.  Applicant first contends that the claims do not recite an abstract idea as defined by the 2019 Patent Eligibility Guidance (2019 PEG) because the payment token is provisioned onto an electronic device and that the claims recite interactions between electronic devices, not humans.  While Examiner agrees that electronic devices are not abstract ideas (see Non-Final Office Action at pp. 6-8) and are therefore additional elements, the recited electronic devices are simply applying the recited abstract ideas using computers.  The recitation of generic computer components in a claim does not necessarily preclude that claim from reciting an abstract See 2019 PEG Advanced Module, slide 17.  Therefore, Applicant’s contention that the claims do not recite abstract ideas because they recite electronic devices is unpersuasive.
Applicant further contends that the claims recite a practical application because the claims recite an improvement to the functioning of a computer other technology or technical field.  Specifically, Applicant contends that the improvement is that a single authentication action acts as a centralized authentication system for multiple devices.  Examiner respectfully disagrees because the single user device, i.e., the claimed first user interface device, simply is acting as a proxy for other devices to be authenticated and provided with a payment token.  Therefore, contrary to Applicant’s assertion, it is a Certain Method of Organizing Human Activities, such as managing interactions between people.  Applicant also discusses that the second user interface device is one that does not have the capability to use an application to authenticate themselves.  However, the claim language fails to reflect this.  Rather, the claim language refers only generally to user interface devices, which under its broadest reasonable interpretation, includes devices that capable to use an application to authenticate themselves.  Therefore, Applicant’s contentions regarding a practical application are unpersuasive.
Accordingly, this ground of rejection is maintained.

35 U.S.C. § 103
Applicant’s arguments with respect to claim(s) 1, 3, 15, 17, 23-27, and 29 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1, 3, 15, 17, 23-27, and 29 rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract ideas without significantly more.  Analyzed according to the 2019 Patent Eligibility Guidance (2019 PEG), the first step of the analysis is to determine whether the claims are directed towards one of the four statutory categories, i.e., a process, machine, manufacture, or composition of matter, of patent eligible subject matter.  Here, claims 1, 3, and 29 are directed towards a process and claims 15, 17, and 23-27 are directed towards a machine.  Therefore, the analysis proceeds to determine whether the claims recite abstract ideas.
Per Claim 1: 
providing a user interface associated with an issuer of an account; 
launching, in response to a user request, a digitization application on a first user interface device; 
receiving, at the first user interface device, a user request for digitization of a user account associated with the first user interface device; 
transmitting the received user request for digitization to a wallet provider; 
authenticating the user via the wallet provider; 
receiving, at the first user interface device, a token, in response to approval of the issuer of the account to tokenize the account; 
receiving, from the first user interface device, a request at the issuer of the account to digitize the user account associated with the first user interface device on a second user interface device, wherein digitization comprises the preparation, by a tokenization service provider, of a provisioning package, generation of cryptographic keys, personalization scripts and data for provisioning a device token for the user account associated with the first user interface device to the second user interface device, wherein the device token is specific to the second user interface device; 
establishing the first user interface device is linked to the second user interface device by a link element; 
receiving, at the wallet provider from the first user interface device, authentication information for the second user interface device; 
authenticating, at the wallet provider, the second user interface device based on the link element and the received authentication information for the second user interface device
approving, by the issuer of the account, the second user interface device to receive the device token; 2Application No.: 15/686,532 Amendment and Response to October 15, 2020 Non-Final Office Action 
generating the device token by the token service provider associated with the user account in response to the approval; 
provisioning the generated device token to the second user interface device, wherein provisioning of the device token to the second user interface device digitizes the second user interface device; and 
receiving the provisioned device token at the second user interface device.
Because the claim recites abstract ideas, the analysis proceeds to determine whether the claim recites additional elements that recite a practical application of the abstract ideas.  According to the 2019 PEG, additional elements that recite an instructions to apply the abstract ideas using a computer, that recite insignificant extra-solution activities, or that generally link the use of the abstract ideas to a particular technological environment or field of use are not indicative of a practical application.  Here, the additional elements of the first and second user interface devices, a device token, and a script are instructions to apply the abstract ideas using computers.  Further, the additional element of launching a digitization application on the first user interface device is also an instruction to apply the abstract ideas using a computer because, from the claim language, launching the digitization application on a computer is an instruction to start a computer program that is used to perform the abstract ideas.  Therefore, the claim fails to recite a practical application of the abstract ideas because the additional elements, when considered individually and in combination, recite instructions to apply the abstract ideas using computers.
The analysis then proceeds to determine whether the additional elements, when considered individually and in combination, recite significantly more than the abstract ideas.   According to Berkheimer Memo.  Here, as noted above, the additional elements all serve as instructions to apply the abstract ideas using computers.  Therefore, the additional claim elements, when considered individually and in combination, fail to recite significantly more than the abstract ideas.
Accordingly, claim 1 is rejected as being directed towards patent ineligible subject matter.

Per Claim 15: Claim 15 recites abstract subject matter similar to that discussed above in connection with claim 1.  Claim 15 recites the following additional elements not recited in claim 1:
a memory for storing program instructions; 
an authentication processor, coupled to the memory, and operative to execute program instructions
However, these additional elements also fail to recite a practical application or significantly more than the abstract ideas because they recite computer components that apply the abstract ideas.
Accordingly, claim 15 is rejected as being directed towards patent ineligible subject matter.

Per Claims 3, 17, 23-27, and 29: Claims 3, 17, 23-27, and 29 have also been analyzed according to the 2019 PEG.  However, the subject matter of these claims also fail to recite patent eligible subject matter for the following reasons:
Claims 3 and 17 recite the abstract idea that the device token is for association with a second person, which is a Certain Method of Organizing Human Activities.  That the claim recites a second user interface device amounts only to an instruction to apply the abstract ideas using a computer.  Therefore, the additional elements fail to recite a practical application or significantly more than the abstract ideas.
Claim 23 recites the additional element of receiving a request to generate a higher token assurance level.  However, this additional element fails to recite a practical application because it recites insignificant extra-solution activity, i.e., data gathering.  See MPEP 2106.05(g).  Further, it is well-understood, routine, and conventional activity because it is receiving data over a network.  See MPEP 2106.05(d)(II).
Claim 24 further defines what the request in claim 23 is for.  Therefore, it fails to recite patent eligible subject matter for the same reasons as claim 23.
Claim 25 recites the abstract idea of initiating a communication between the user and merchant, which is an example of a Certain Method of Organizing Human Activities, such as managing human interactions.
Claim 26 recites the abstract idea of generating two or more higher token assurance level requests, which is an example of a Certain Method of Organizing Human Activities.  
Claim 27 recites the additional element of receiving a selection of the higher assurance requests in claim 26.  However, this additional element fails to recite a practical application because it recites insignificant extra-solution activity, i.e., data gathering.  See See MPEP 2106.05(d)(II).
Claim 29 recites the additional element of receiving a notification that the device token was received at the second user interface device.  However, this additional element fails to recite a practical application because it recites insignificant extra-solution activity, i.e., data gathering.  See MPEP 2106.05(g).  Further, it is well-understood, routine, and conventional activity because it is receiving data over a network.  See MPEP 2106.05(d)(II).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

Claims 1, 3, 15, 17, and 23-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Pub. No. 2016/0247156 to Hwang et al. in view of U.S. Patent Pub. No. 2015/0199679 to Palanisamy and U.S. Patent Pub. No. 2015/0356560 to Shastry et al. 
Per Claim 1: Hwang discloses:
A method comprising: (see Hwang at Abstract: Systems and methods are disclosed for provisioning resources from a first user account to a second user and wearable device for use in a secure transaction.)
launching, in response to a user request, a digitization application (e.g., secure transaction module) on a first user interface device (e.g., master device); (see Hwang at ¶ 39: In step 402, the user launches the secure transaction module on the master device and authenticates the primary user and primary device to the transaction-processing server. In various embodiments, the primary user may be authenticated though username and password, biometric reading such as a fingerprint scanner or eye/retinal scanner, a user PIN or other security capabilities of the master device. In various embodiments, the master device may be authenticated through a device identifier, a secure token, encryption key exchange or other authentication protocols.  See also 
authenticating the user via the wallet provider; (see Hwang at ¶ 39: In step 402, the user launches the secure transaction module on the master device and authenticates the primary user and primary device to the transaction-processing server. In various embodiments, the primary user may be authenticated though username and password, biometric reading such as a fingerprint scanner or eye/retinal scanner, a user PIN or other security capabilities of the master device. In various embodiments, the master device may be authenticated through a device identifier, a secure token, encryption key exchange or other authentication protocols.)
receiving, from the first user interface device, a request at the issuer of the account (e.g., service provider e.g., bank) to digitize the user account associated with the first user interface device on a second user interface device (e.g., secondary device), wherein digitization comprises the preparation, by a tokenization service provider, of a provisioning package, personalization scripts and data for provisioning a token for the user account associated with the first user interface device to the second user interface device; (Examiner’s Note: the language “wherein digitization comprises the preparation, by a tokenization service provider, of a provisioning package, generation of cryptographic keys, personalization scripts and data for provisioning a token for the user account associated with the first user interface device to the second user interface device” has been considered and determined to not distinguish over the prior art.  It fails to distinguish over the prior art because the claim requires only receiving a request to digitize the user account.  It does not recite actually digitizing the user account.  In other words, as currently recited, the claim recites that the digitization is a desired result of receiving the request.  However, for compact prosecution purposes, the following citation is provided: see Hwang at ¶ 15: FIG. 1 is a flow chart 100 illustrating an embodiment of an exemplary secure transaction process. In step 110, a primary user operates a master device, such as a smart phone, which is authenticated for secure transactions through a service provider. The primary user accesses a corresponding master account managed by the service provider (e.g., PayPal or a bank), and identifies a secondary user and associated secondary device that may be used to access certain services offered by the service provider.  See also ¶ 37: The restriction module 236 interfaces with the secure transaction modules 212 and 242 to establish and implement restrictions on the secure transactions initiated through the secondary device 240. In various embodiments, restrictions may be geographic (e.g., can only spend money at an amusement park), time and date based (e.g., can only spend on the weekends), use restricted (e.g., can only use the funds to purchase food) and size restricted (e.g., no purchase over $20). The defined restrictions are stored in the account/transaction database 270.  See also ¶ 41: In various embodiments, one or more tokens may be received and stored for use by the secondary device, single-use or multi-use tokens may be used, and the tokens may be generated and transmitted to the secondary device by the master device or the service provider.)
establishing the first user interface device is linked to the second user interface device by a link element (e.g., added friend, family account features, social media, contacts list); (see Hwang at ¶ 15: FIG. 1 is a flow chart 100 illustrating an embodiment of an exemplary secure transaction process. In step 110, a primary user operates a master device, such as a smart phone, which is authenticated for secure transactions through a service provider. The primary user accesses a corresponding master account managed by the service provider (e.g., PayPal or a bank), and identifies a secondary user and associated See also ¶ 40: In step 404, the master device establishes communications with the secure transaction module on the secondary device and retrieves unique device identification information for the secondary device. In step 406, the master device transmits encrypted secondary user and secondary device information to the transaction process server for association with the primary user account. The transaction processing server returns authentication information for the secondary device and, in step 408, the master device transmits the authentication information to the secondary device. In one embodiment, the master device and secondary device communicate through the respective secure transaction modules. In an alternate embodiment, the master device configures the account for access by the secondary device and provides the transaction-processing server with contact information for the secondary user, such as a mobile number or email address. The transaction-processing server then sends a message to the secondary device that communicates with the transaction-processing server (bypassing the primary device) to complete the authentication process.)
receiving, at the wallet provider from the first user interface device, authentication information (e.g., encrypted secondary user and secondary device information) for the second user interface device; (see Hwang at ¶ 40: In step 404, the master device establishes communications with the secure transaction module on the secondary device and retrieves unique device identification information for the secondary 
authenticating, at the wallet provider, the second user interface device based on the link element and the received authentication information for the second user interface device; (see Hwang at ¶ 40: In step 404, the master device establishes communications with the secure transaction module on the secondary device and retrieves unique device identification information for the secondary device. In step 406, the master device transmits encrypted secondary user and secondary device information to the transaction process server for association with the primary user account. The transaction processing server returns authentication information for the secondary device and, in step 408, the master device transmits the authentication information to the secondary device. In one embodiment, the master device and secondary device communicate through the respective secure transaction modules. In an alternate embodiment, the master device configures the account for access by the secondary device and provides the transaction-See also ¶ 15: FIG. 1 is a flow chart 100 illustrating an embodiment of an exemplary secure transaction process. In step 110, a primary user operates a master device, such as a smart phone, which is authenticated for secure transactions through a service provider. The primary user accesses a corresponding master account managed by the service provider (e.g., PayPal or a bank), and identifies a secondary user and associated secondary device that may be used to access certain services offered by the service provider. In various embodiments, the secondary user and device may be identified manually by the primary (e.g., “add friend”), through family account features, by locating devices in vicinity, in response to a request received from a user and through social media or contacts lists.)
However, Hwang fails to disclose, but Palanisamy, an analogous art of payment tokenization, discloses:
receiving, at the first user interface device, a user request for digitization of a user account associated with the first user interface device; (see Palanisamy at ¶ 74: A payment credential provisioning process may be initiated. For example, a consumer 110 may indicate a desire to activate mobile payment functionality for the communication device 120 (e.g. Bob's device 1) via a mobile application.)
transmitting the received user request for digitization to a wallet provider; (see Palanisamy at ¶ 75: In step S710, the payment processor server computer 140 may receive a tokenization eligibility request message including the PAN 0256 and any other suitable 
receiving, at the first user interface device, a token, in response to approval of the issuer of the account to tokenize the account; (see Palanisamy at ¶ 85: In step S755, the payment processor server computer 140 may provide the second payment token 4969 and any other suitable information to the communication device 120 (e.g. using the provisioning module 447). For example, the payment processor server computer 140 may generate and deliver provisioning scripts to the communication device 120 (e.g. directly or via the digital wallet provider server computer 130).  See also ¶ 76: If the risk level is low, then a subsequently generated tokenization eligibility response message may indicate that a token may be generated.)
wherein digitization comprises the preparation, by a tokenization service provider, of a provisioning package, generation of cryptographic keys, personalization scripts and data for provisioning a device token for the user account associated with the first user interface device to the second user interface device, wherein the device token is specific to the second user interface device; (see Palanisamy at ¶ 85: In step S755, the payment processor server computer 140 may provide the second payment token 4969 and any other suitable information to the communication device 120 (e.g. using the provisioning module 447). For example, the payment processor server computer 140 may generate and deliver provisioning scripts to the communication device 120 (e.g. directly or via the digital wallet provider server computer 130).  See also ¶ 37: A “provisioning script” may include may include any source code, machine code, executable file, or other instructions operable to provision a device or assist in the provisioning of a See also ¶ 25: In embodiments of the invention, different payment devices are provisioned with different payment tokens.)
approving, by the issuer of the account, the second user interface device to receive the device token; (see Palanisamy at ¶ 76: If the risk level is low, then a subsequently generated tokenization eligibility response message may indicate that a token may be generated.  See also FIG. 6: Bob’s Device 2 has also been approved to receive a payment token)
generating the device token by the token service provider associated with the user account in response to the approval; (see Palanisamy at ¶ 83: In step S745, the payment processor server computer 140 may generate a second payment token 4969 associated with the first payment token 7891 (e.g. using the payment token generation module 445 and the payment token association module 446).)
provisioning the generated device token to the second user interface device, wherein provisioning of the device token to the second user interface device digitizes the second user interface device; and (Examiner’s Note: the language “wherein provisioning of the at least one token to the second user interface device digitizes the see Palanisamy at ¶ 85: In step S755, the payment processor server computer 140 may provide the second payment token 4969 and any other suitable information to the communication device 120 (e.g. using the provisioning module 447). For example, the payment processor server computer 140 may generate and deliver provisioning scripts to the communication device 120 (e.g. directly or via the digital wallet provider server computer 130).
receiving the provisioned device token at the second user interface device. (see Palanisamy at ¶ 85: In step S755, the payment processor server computer 140 may provide the second payment token 4969 and any other suitable information to the communication device 120 (e.g. using the provisioning module 447). For example, the payment processor server computer 140 may generate and deliver provisioning scripts to the communication device 120 (e.g. directly or via the digital wallet provider server computer 130).  See also FIG. 6: Bob’s Device 2 has also been approved to receive a payment token)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hwang to provide a payment token to the first and second devices as disclosed in Palanisamy.  One of ordinary skill in the art would have been motivated to do so to enable both consumer devices disclosed in Hwang to make purchases using payment tokens.  
However, the combination of Hwang and Palanisamy fails to disclose, but Shastry, an analogous art of payment tokens, discloses:
providing a user interface (e.g., first mobile application) associated with an issuer of an account; (see Shastry at ¶ 65: FIG. 2 shows a block diagram 200 for implementing an exemplary token assurance method using device fingerprinting and authentication of user data, in accordance with some embodiments of the invention. As illustrated in FIG. 2, a first mobile application (e.g. an issuer application) 202 and a second mobile application (e.g. a merchant application) 204 may be provisioned on a user device such that each mobile application may be used to conduct payment transactions using the user device. In some embodiments, both the first mobile application 202 and the second mobile application 204 may be executed by an operating system of the user device. For simplicity of illustration, the first mobile application and/or the second mobile application are illustrated in FIGS. 2-7. The mobile applications are provided on a mobile device, such as the applications 1012 provided on the mobile device 1002, illustrated in FIG. 10.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hwang to provide a user interface as disclosed in Shastry.  One of ordinary skill in the art would have been motivated to do so to make it easier for customers to receive payment tokens, thereby increasing transaction security.

Per Claim 15: Claim 15 recites subject matter similar to that discussed above in connection with claim 1.  Claim 15 further recites, and Hwang further discloses:
A system comprising: a first user interface device; (see 
a memory for storing program instructions; (see Hwang at ¶ 48: Components of computer system 600 also include a system memory component 614 (e.g., RAM), a static storage component 616 (e.g., ROM), and/or a disk or flash drive 617. Computer system 600 performs specific operations by processor(s) 612 and other components by executing one or more sequences of instructions contained in system memory component 614.)
an authentication processor, coupled to the memory, and operative to execute program instructions to: (see Hwang at ¶ 20: System 200 includes a primary user 202, a primary device 210, a secondary user 204, a secondary device 240, and a payment-processing server 230 in communication over a network 220.)

Per Claims 3 and 17: The combination of Hwang, Palanisamy, and Shastry discloses the subject matter of claims 1 and 15, from which claims 3 and 17 depend, respectively.  Hwang further discloses:
wherein the token is for association with at least one second user device. (Examiner’s Note: this claim element has been considered and determined to recite an intended use of the token.  Therefore, it fails to distinguish over the prior art.  However, for compact prosecution purposes, the following citation is provided: see Hwang at ¶ 41: In various embodiments, one or more tokens may be received and stored for use by the secondary device, single-use or multi-use tokens may be used, and the tokens may be generated and transmitted to the secondary device by the master device or the service provider.)

Per Claim 23: The combination of Hwang, Palanisamy, and Shastry discloses the subject matter of claim 15, from which claim 23 depends.  However, the combination of Hwang and Palanisamy fails to disclose, but Shastry discloses:
receive from a merchant at least one request to generate a higher assurance level associated with the token. (see Shastry at ¶ 90: FIG. 5B shows a block diagram 520 for modifying an assurance level associated a token based on the transaction history, in accordance with some embodiments of the invention. In FIG. 5B, the mobile application 502 is provisioned with a token having a low assurance level, as described above in connection with FIG. 5A. After being provisioned with the low assurance level token, the mobile application 502 provides transaction history updates 510 to the payment processing server 504 (step 4). In some embodiments, the mobile application 502 may send periodical updates (e.g. transaction history update messages) to the processing server 504 as transactions are completed. In other embodiments, the mobile application 502 may send transaction updates to the payment processing server 504 when the predetermined criteria (i.e. criteria determined by the authorization platform 506) is met. Upon satisfying the predetermined criteria, the payment processing server 504 may upgrade the status of the token previously sent to the mobile application 502 (step 5).  See also ¶ 87: When the user downloads and executes the mobile application 502 (e.g. a merchant mobile application), the user may be prompted to load payment account information to the mobile application 502.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the payment tokens in Hwang to include a token assurance 

Per Claim 24: The combination of Hwang, Palanisamy, and Shastry discloses the subject matter of claim 23, from which claim 24 depends.  However, the combination of Hwang and Palanisamy fails to disclose, but Shastry discloses: 
wherein the request is for the user to authenticate their account with the merchant. (see Shastry at ¶ 27: In response to a token request from the merchant, the token provider issues tokens with varying status based on a confidence level determined in light of the data received from the token requestor. For example, the status of the token may indicate that the token is a trusted token associated with a high assurance level. Such token may be used without restrictions by the merchant mobile application. Alternatively, the status of the token may indicate that the token is an untrusted token associated with a low assurance level. Such token may have restrictions imposed thereupon. For example, a token with a low assurance level may be used for transactions below a pre-determined value (e.g. money amount) or may be used only with proper user identifying information (e.g. showing user ID card, providing a PIN and/or a card verification value (e.g. CVV), user biometrics and the like).  See also ¶ 73)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hwang so that a user authenticates an account with a merchant as disclosed in Shastry.  One of ordinary skill in the art would have been motivated to do so to increase the confidence that the transaction is not fraudulent.

Per Claim 25: The combination of Hwang, Shastry, and Arora discloses the subject matter of claim 24, from which claim 25 depends.  However, the combination of Hwang and Arora fails to disclose, but Shastry discloses:
initiate a communication between the user and the merchant. (see Shastry at ¶ 53: The merchant 130 may be capable to sell goods and/or services to the consumer 120. The merchant 130 may receive payment information comprising a token from the consumer 120. The merchant 130 may send the token to the acquirer 135 for payment authorization.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Shastry in the Hwang system.  One of ordinary skill in the art would have been motivated to do so to increase the confidence that the transaction is not fraudulent.

Claims 26-27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hwang, Palanisamy, and Shastry as applied to claim 25 above, and further in view of U.S. Patent No. 9,444,824 to Balazs et al.
Per Claim 26: The combination of Hwang, Palanisamy, and Shastry discloses the subject matter of claim 25, from which claim 26 depends.  However, the combination of Hwang, Palanisamy, and Shastry fails to disclose, but Balazs, an analogous art of securing financial information, discloses:
generate, based on the initiated communication, two or more higher assurance level requests, wherein at least two of the higher assurance level requests are presented on a same user interface. (see Balazs at 15:8-34: The method or system may 
While Balazs does not explicitly disclose a second higher assurance level request, Balazs does suggest a second higher assurance level request because the above-cited portion discloses generating a higher assurance level request whenever there is going to be a change in the level of assurance.  One of ordinary skill in the art before the effective filing date of the claimed invention, would have appreciated that multiple changes may be possible.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Balazs in the Hwang system.  One of ordinary skill in the art would have been motivated to do so to further increase the security of the financial information in Hwang.

Per Claim 27: 
receive a selection of one or more higher assurance requests to provide authentication information. (see Balazs at 15:8-34: The method or system may detect whether there is going to be a change in the level of assurance at 610A based at least in part upon one or more flow nodes encountered in the flow or user actions or interactions during the user's access to the financial management system. For example, the user may be initially authenticated by the username and password to access the financial management system. During the user's interaction with the financial management system, the user may wish to access information including, for example, the user's social security number, the user's bank account information, the user's birthday, or other more sensitive, confidential, or critical information that the user is not authorized to view or access at the current level of assurance. The method or system may determine that there is going to be a change in the current level of assurance to a heightened level of assurance at 610A.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Balazs in the Hwang.  One of ordinary skill in the art would have been motivated to do so to further increase the security of the financial information in Hwang.

Claim 29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hwang, Palanisamy, and Shastry as applied to claim 1 above, and further in view of U.S. Patent Pub. No. 2017/0330188 to Canh.
Per Claim 29: 
receiving, at the first user interface device, notification that the device token was received by the second user interface device. (see Canh at ¶ 182: The payment server 420 may transmit to the second electronic device 405 the token based on the post-payment information to be shared, and in operation 1237, may generate information regarding token delivery completion with respect to the post-payment information to be shared, and may send a notification corresponding thereto to the first electronic device 400. Then, the first electronic device 400 may confirm that the to-be-shared post-payment information requested by the first electronic device 400 is delivered to the second electronic device 405.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hwang so that the first payment device receives a notification that the second payment device has received a payment token using the techniques disclosed in Canh.  As in Canh, it would have been within the capabilities of one of ordinary skill in the art to send a notification to a first device of payment token transfer to a secondary device to the first and second devices in Hwang with the predicted result transmitting notification information as needed in Hwang.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent Pub. No. 2017/0053277 discloses an apparatus and method for reference-based card enrollment for secondary devices are provided. The method includes receiving information of a payment instrument from a first device, transmitting the 
U.S. Patent Pub. No. 2015/0220914 discloses an input is received from a user through an electronic wallet management interface. The electronic wallet management interface including a plurality of user-selectable icons or text. A control is provided to the user based on a selected icon or text, wherein controls available to the user through the electronic wallet management interface include a payment device control that enables the user to view and edit settings for a payment device associated with the electronic wallet.
U.S. Patent Pub. No. 2016/0307183 discloses a user may utilize an electronic telecommunications device comprising a wireless communications device to bind a first user device and a second user device. The user can insert the first user device into the electronic telecommunications device and enter authentication information. The first user device and the second user device can be bound over a wireless network enabled by the wireless communications device without requiring any sensitive account information to be entered by the user.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NILESH B KHATRI whose telephone number is (571)270-7083.  The examiner can normally be reached on 8:30 AM - 5:30 PM Monday-Friday, alternating Fridays off.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/N.B.K./Examiner, Art Unit 3685   

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685