DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Reopening of Prosecution After Appeal Brief
In view of the Appeal Brief filed on 2 Apr 2021, PROSECUTION IS HEREBY REOPENED. New grounds of rejection are set forth below.
To avoid abandonment of the application, appellant must exercise one of the following two options:
(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this Office action is final); or,
(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have been increased since they were previously paid, then appellant must pay the difference between the increased fees and the amount previously paid.
A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below:
   
                                                                                                                                                                                                     
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for 
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 8-13, 16-19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson (US 2016/0350746 A1; already of record in IDS; hereinafter Johnson) in view of Hockey et al. (US 20170070500 A1; hereinafter Hockey).
With respect to claims 1, 9, and 17:
Johnson teaches a method of a digitization entity, comprising: (See at least Johnson: Abstract)
receiving a personalization script for a payment credential, the personalization script comprising issuer instructions for extracting account information of the payment credential from a payment vehicle and tokenizing the extracted account information, wherein the personalization script is generated by an issuer of the payment credential; (By disclosing, a merchant or acquirer FI or mobile device submits a request (personalization script) through a standard interface to input original payment credentials (including the primary account number (PAN)), and the TSP 204 generates a Token Number based on the input PAN, and perform assurance steps on the request. In addition, the token requester may be an entity such as an issuer FI or merchant or cardholder. Therefore, the request (personalization script) may be generated by the issuer. Furthermore, some or all of the process steps may be "automated," which refers to, for example, actions that can be performed with little or no human intervention. See at least Johnson: paragraph(s) [0024]-[0025] & [0028]; page 6, col. R, lines 50-56. It is noted that the limitation “for extracting account information of the payment credential from a payment vehicle and tokenizing the extracted account information” is an intended use as stated below. No patentable weight is given to the limitation. In addition, the limitation “wherein the personalization script is generated by an issuer of the payment credential” has no bearing on the step for receiving a personalization script. No patentable weight is given to the limitation.)
...and generating tokenized payment information from the extracted account information based on the issuer instructions included in the received personalization script, wherein the tokenized payment information is generated by the digitization entity without having access to issuer master keys (IMKs) of the issuer of the payment credential; and (By disclosing, the TSP 204 (digitization entity) generates a Token Number (tokenized payment information) based on the input PAN (the received personalization script) (still without having access to issuer master keys). In addition, the token requester may be an entity such as an issuer FI or merchant or cardholder. Furthermore, some or all of the process steps may be "automated," which refers to, for example, actions that can be performed with little or no human intervention. Therefore, inputting of the PAN may be automated. See at least Johnson: paragraph(s) [0024]-[0025] & [0028]. It is noted that the limitation “wherein the tokenized payment information is generated by the digitization entity without having access to issuer master keys (IMKs) of the issuer of the payment credential” is a non-functional descriptive material as stated below. No patentable weight is given to the limitation. Also, the limitation “without having access to issuer master keys (IMKs) of the issuer of the payment credential” is recited negatively. No patentable weight is given to the limitation.) 
transmitting the tokenized payment information for the payment credential to a digital wallet executing on a user device. (By disclosing, the generated token may be stored in the Token Vault 206 (digital wallet). Actually, the digital wallet operator may be the token requestor, and the digital wallet will pass a payment token (instead of the PAN) to the merchant website. See at least Johnson: paragraph(s) [0025] & [0027])
However, Johnson does not teach ...extracting the account information from the payment vehicle.
Hockey, directed to secure permissioning of access to user accounts, including secure deauthorization of access to user accounts and thus in the same field of endeavor, teaches 
...extracting the account information from the payment vehicle and generating tokenized payment information from the extracted account information based on the issuer instructions included in the received personalization script. (By disclosing, functions of the permissions management system include: accessing and/or extracting user account data from external user account systems;.. generating secure electronic records and tokens (e.g., unique identifiers associated with the electronic records) based on user account data. In addition, additional scripts or other software aspects may be requested from the external user account system 1206 (external institution, issuer). Especially, accessing the account number and the routing number in an automated fashion may avoid chances of error. See at least Hockey: paragraph(s) [0192]-[0197], [0240] & [0385])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the consumer-friendly token number allocation teachings of Johnson to incorporate the secure permissioning of access to user accounts, including secure deauthorization of access to user accounts teachings of Hockey for the benefit of enabling a user to securely authorize a third-party system to access user account data and initiate transactions related to a user account, without disclosing to the third-party system account credentials and accessing the account number and the routing number in an automated fashion. (See at least Hockey: Abstract; paragraph(s) [0240]. See also Johnson: paragraph(s) [0024])
Examiner’s Note: 
(1)  The limitations “for extracting account information of the payment credential from a payment vehicle and tokenizing the extracted account information” in claim 1, lines 3-4; claim 9, lines 3-5; and claim 17, 
(2) Claimed expression of “wherein the tokenized payment information is generated by the digitization entity without having access to issuer master keys (IMKs) of the issuer of the payment credential” in claim 1, lines 9-10; claim 9, lines 10-12; and claim 17, lines 11-12 represents non-functional descriptive material and are not functionally involved in the recited steps nor do they alter the recited structural elements.  The recited method steps would be performed the same regardless of the specific issuer master keys (IMKs).  Further, the structural elements remain the same regardless of the specific issuer master keys (IMKs).  Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In 
With respect to claims 2, 10, and 18:
Johnson and Hockey teach the method of claim 1, the digitization device of claim 9, and the non-transitory computer readable medium of claim 17, as stated above.
Hockey, in the same field of endeavor, further teaches 
wherein the method further comprises extracting a primary account number (PAN) from the payment vehicle, and... (As stated above with respect to claim 1, and by further disclosing, functions of the permissions management system include: accessing and/or extracting user account data from external user account systems. See at least Hockey: paragraph(s) [0192])
Johnson further teaches wherein the method further comprises 
...adding a tokenized PAN to the user device based on the issuer instructions included in the personalization script. (By disclosing, a generated token may then be stored in the Token Vault 206 for use in payment transactions, and/or may be transmitted to a consumer device 202 (i.e., to an NFC-enabled Smartphone), for example, via the Internet 214 (or wirelessly via a wireless communications provider (not shown)) from the TSP 
With respect to claims 3 and 11:
Johnson and Hockey teach the method of claim 1 and the digitization device of claim 9, as stated above.
Johnson further teaches further comprising receiving a request, from the digital wallet, for digitizing the payment credential prior to receiving the personalization script. (By disclosing, a payment card account holder can initiate payment to an E-commerce site or merchant website 218 using a mobile wallet (or digital wallet) to transfer payment and other order information, and the digital wallet operator will likely be the token requestor. See at least Johnson: paragraph(s) [0027])
With respect to claims 4 and 12:
Johnson and Hockey teach the method of claim 1 and the digitization device of claim 9, as stated above.
Johnson further teaches further comprising transmitting a request for the personalization script to the issuer, and receiving the personalization script from the issuer in response to the request. (As stated above with respect to claim 3, and by further disclosing, such mobile wallets may be operated by payment account issuers FIs 210. In addition, the token requester may be an entity such as an issuer FI or merchant or cardholder. Therefore, on receiving a request from a payment 
With respect to claims 5 and 13:
Johnson and Hockey teach the method of claim 4 and the digitization device of claim 12, as stated above.
Johnson further teaches wherein the IMKs are held by the issuer of the payment credential, and the IMKs are not known by the digitization entity during the generation of the tokenized payment information. (By disclosing, the TSP does not know or use anything related to IMKs. See at least Johnson: paragraph(s) [0025]-[0026]. It is noted that the limitation “wherein the IMKs are held by the issuer of the payment credential” is a non-functional descriptive material as stated below. No patentable weight is given to the limitation. Also, the limitation “the IMKs are not known by the digitization entity during the generation of the tokenized payment information” is recited negatively. No patentable weight is given to the limitation.)
Examiner’s Note: 
(1)  Claimed expression of “wherein the IMKs are held by the issuer of the payment credential, and the IMKs are not known by the digitization entity during the generation of the tokenized payment information” represents non-
With respect to claims 8 and 16:
Johnson and Hockey teach the method of claim 1 and the digitization device of claim 9, as stated above.
Johnson further teaches further comprising authenticating a cardholder of the payment credential via the user device prior to generating the tokenized payment information for the payment credential. (See at least Johnson: paragraph(s) [0006]-[0007])
With respect to claim 19:
Johnson and Hockey teach the non-transitory computer readable medium of claim 17, as stated above.
Furthermore, as stated above with respect to claims 4 and 5, Johnson and Hockey further teach all the limitations.
With respect to claim 21:
the non-transitory computer readable medium of claim 1, as stated above.
Hockey, in the same field of endeavor, teaches 
...further comprises extracting an account number... based on the issuer instructions included in the personalization script, and the generating comprises generating a tokenized account number based on the issuer instructions included in the personalization script. (By disclosing, functions of the permissions management system include: accessing and/or extracting user account data from external user account systems;.. generating secure electronic records and tokens (e.g., unique identifiers associated with the electronic records) based on user account data. In addition, additional scripts or other software aspects may be requested from the external user account system 1206 (external institution, issuer). Especially, accessing the account number and the routing number in an automated fashion may avoid chances of error. See at least Hockey: paragraph(s) [0192]-[0197], [0240] & [0385])
Johnson further teaches ...from a chip or a strip of the payment vehicle. (By disclosing, FIG. 1 depicts an example of a proximity payment card 100 (also known as a "chip card" or "smart card") of a type that may be tokenized according to embodiments of the methods and systems described herein. Such  
Claims 6-7, 14-15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson in view of Hockey, as applied to claim 1, 9, and 17, in further view of Chan et al. (US 2009/0198618 A1; hereinafter Chan).
With respect to claims 6 and 14:
Johnson and Hockey teach the method of claim 1 and the digitization device of claim 9, as stated above.
	However, Johnson and Hockey do not teach further comprising transmitting a request for the personalization script to a cryptographic service provider (CSP) associated with the issuer, and receiving the personalization script from the CSP in response to the request.
	Chan, directed to using smartcard authentication token and digital certificates in e-commerce and thus in the same field of endeavor, teaches further 
comprising transmitting a request for the personalization script to a cryptographic service provider (CSP) associated with the issuer, and receiving the personalization script from the CSP in response to the request. (By disclosing, certificate checking may advantageously be performed at the initialisation the Cryptographic Service Provider (CSP). In addition, a card issuer 630 such as a bank 680 may participate by issuing physical smart cards or other tokens 651 onto which digital certificates are loaded using card 635 reader/writer devices 634. Also, a unique digital value is loaded onto an authentication token such as a smart card using a special application loader (or digital certificate loader (CL)) to ensure that only the holder of the correct digital certificate can load his/her digital certificate onto that particular token or card. Furthermore, application server then passes a request 1151 (personalization script) containing the name and/or ID number to a back-end Application Loader (AL) generator 1104 (Step 1151). The certificate checking is performed to complete loading the digital certificate onto the authentication token. See at least Chan: paragraph(s) [0002], [0016], [0093], [0096], [0142], [0154], [0156]-[0162], [0177], [0271] & [0273]; Fig. 11)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Johnson and Hockey to incorporate the using smartcard authentication token and digital certificates in e-commerce teachings of Chan for the benefit of preventing fraudulent access or use of an authentication token embedded with a security digital 
With respect to claims 7 and 15:
Johnson, Hockey, and Chan teach the method of claim 6 and the digitization device of claim 14, as stated above.
Chan, in the same field of endeavor, teaches ... the CSP associated with the issuer... (As stated above with respect to claim 6, see at least Chan: paragraph(s) [0002], [0016], [0093], [0096], [0142], [0156]-[0162], [0177], [0271] & [0273]; Fig. 11)
Johnson further teaches wherein the IMKs are held by ..., and the IMKs are not known by the digitization entity during the generation of the tokenized payment information. (By disclosing, the TSP does not know or use anything related to IMKs. See at least Johnson: paragraph(s) [0025]-[0026]. It is noted that the limitation “wherein the IMKs are held by the CSP associated with the issuer” is a non-functional descriptive material as stated below. No patentable weight is given to the limitation. Also, the limitation “the IMKs are not known by the digitization entity during the generation of the tokenized payment information” is recited negatively. No patentable weight is given to the limitation.)
Examiner’s Note: 
(1)  Claimed expression of “wherein the IMKs are held by the CSP associated with the issuer” represents non-
 With respect to claim 20:
Johnson and Hockey teach the non-transitory computer readable medium of claim 17, as stated above.
As stated above with respect to claims 6 and 7, Johnson and Hockey further teach wherein the method further comprises transmitting a request for the personalization script to ..., and receiving the personalization script ... in response to the request, and
wherein the IMKs are held ..., and the IMKs are not known by the digitization entity during the generation of the tokenized payment information. 
	As stated above with respect to claims 6 and 7, Chan, in the same field of endeavor, teaches 
...a cryptographic service provider (CSP) associated with the issuer, ...from the CSP ...by the CSP associated with the issuer. (See at least Chan: paragraph(s) [0002], [0016], [0093], [0096], [0142], [0156]-[0162], [0177], [0271] & [0273]; Fig. 11)
Examiner’s Note: 
(1)  Claimed expression of “wherein the IMKs are held by the CSP associated with the issuer, and the IMKs are not known by the digitization entity during the generation of the tokenized payment information” represents non-functional descriptive material and are not functionally involved in the recited steps nor do they alter the recited structural elements.  The recited method steps would be performed the same regardless of the specific IMKs.  Further, the structural elements remain the same regardless of the specific IMKs.  Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994); In re Ngai, 367 F.3d 1336, 70 USPQ2d 1862 (Fed. Cir. 2004); MPEP 2111.05.

Response to Arguments
In response to applicant’s argument that Johnson fails to describe or suggest, “receiving a personalization script for a 
In response to applicant’s argument that “The issuer in Johnson provides the account number of the payment card to the TSP. But the issuer does not provide any information for tokenizing the account number. Rather, the TSP in Johnson uses a predefined method.. these instructions are built into the TSP and not provided as part of a personalization script from an issuer,” it is noted that it is unclear what ‘personalization script’ or ‘issuer instructions’ is or does. Therefore, it is not recited or clear how “to facilitate merchant post-processing needs which may occur, for example, to process a payment card account holder request for a refund, or to process merchandise 
In response to applicant’s argument that Hockey fails to describe or suggest “extracting the account information from the payment vehicle and generating tokenized payment information from the extracted account information based on the issuer instructions included in the received personalization script,” it is noted that the combination of Johnson and Hockey teach the features. Johnson discloses that the TSP generates a Token Number based on the input PAN (See at least Johnson: paragraph(s) [0025]), and Hockey discloses “accessing and/or extracting user account data from external user account systems; ...generating secure electronic records and tokens (e.g., unique identifiers associated with the electronic records) based on user account data” and further discloses that the “external user account systems may provide public and/or non-public (e.g., proprietary) application programming interfaces (APIs) by which user account data may be accessed by first-party software applications (e.g., mobile device software applications) of the external institutions” (See at least Hockey: paragraph(s) [0192]-[0193]). In addition, Johnson and Hockey disclose motivations to combine “input PAN” and “extracting user account data from a payment vehicle” for 
In response to applicant’s argument that Lopez fails to describe or suggest, wherein the tokenized payment information is generated by the digitization entity without having access to issuer master keys (IMKs) of the issuer of the payment credential, it is noted that the limitations are a non-functional descriptive material. Hence, no patentable weight is given. Johnson, Hockey, or their combination does not teach anything about having access to issuer master keys (IMKs). 
In response to applicant’s argument that “This feature of Chan though has nothing to do with a personalization script being transmitted to a tokenization entity,” it is noted that since digital certificates are loaded on tokens and the valid digital certificates are important, certificate checking may advantageously be performed at the initialisation of the Cryptographic Service Provider (CSP). Furthermore, a card issuer needs a secure way to associate the personal identity of the card holder with the physical card or other authentication token. The CSP may be associated with the issuer. (See at least Chan: paragraph(s) [0154], [0156]-[0162], [0271] & [0273])

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Dessert (US 20130246258 A1) teaches system and method for managing payment in transactions with a PCD, including extracting account information ash tokenizing.
Kumnick (US 20150112871 A1) teaches multi-network token bin routing with defined verification parameters, including receipt of PAN from a payment device and generating a token 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, 
19.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAY C LEE whose telephone number is (571)272-3309.  The examiner can normally be reached on Monday-Friday 8-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571)270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the 






/C.C.L./Examiner, Art Unit 3685      

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685