DETAILED ACTION
Acknowledgements
This office action is in response to the claim amendments filed February 09, 2021.
Claims 1, 2, 5-14 and 16-18 are pending.
Claims 1, 2, 5-14 and 16-18 have been examined.
Claims 3, 4 and 15 have been cancelled.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on Oct. 09, 2019 has been entered.

Response to Arguments
With respect to Claim Rejections - 35 USC § 112(f)
Applicant Arguments/Remarks (pages 6):
“Applicant has hereby amended claim 11 to render the interpretation under 35 U.S.C. § 112(f) moot. Therefore, Applicant respectfully requests that the interpretation under 35 U.S.C. § 112(f) be withdrawn.”
Therefore, interpretation under 35 U.S.C. § 112(f) is withdrawn.

With respect to Claim Rejections - 35 USC § 112(b)
Applicant Arguments/Remarks (pages 6):
“As an initial matter, Applicant submits that based on the amendment to claim 11 discussed above with regard to interpretation under 35 U.S.C. § 112(f), any rejection under 35 U.S.C. § 112(b) based on the interpretation under 35 U.S.C. § 112(f) has been rendered moot. Therefore, Applicant respectfully requests withdrawal of these rejections.
Regarding the rejection under 35 U.S.C. § 112(b) for recitation of "a first token derived from a subscriber's payment instrument" and "wherein the first token is random data derived from data representing a bank account number..." 
Without acquiescing to the rejection, Applicant has amended claims 1, 11, and 13 to clarify the subject matter thereof. Particularly, claim 1 has been amended to recite, among others, "cryptographically generating a first token from an account number associated with the payment instrument and a diversifier, wherein the first token comprises pseudo-random data."”
Therefore, rejection under 35 U.S.C. § 112(b) is withdrawn.

With respect to Claim Rejections - 35 USC § 101
Applicant Arguments/Remarks (page(s) 11-14):
“cryptographically generating a first token from an account number associated with the payment instrument and a diversifier, wherein the first token comprises pseudo-random data" is a non-abstract limitation. 
The element of "cryptographically generating a first token from an account number associated with the payment instrument and a diversifier, wherein the first token comprises pseudo-random data" is not consistent with the PEG's definition of 
Accordingly, the element of "cryptographically generating a first token from an account number associated with the payment instrument and a diversifier, wherein the first token comprises pseudo-random data" is a non-abstract element. 
c. "storing the first token on the mobile terminal in association with the payment application" is a non-abstract limitation. 
The element of "storing the first token on the mobile terminal in association with the payment application" is not consistent with the PEG's definition of "organizing human activity" or a "commercial interaction", because it relates to a technical process for receiving data for an electronic transaction. This is a computer-based function to store the cryptographically generated token on a specific device for subsequent use and away from unauthorized tampering, rather than a method for organizing human activity. This element is unrelated to the concepts of economic practices, commercial/legal interactions, marketing/sales behaviors, or managing interactions between people. More specifically, this element is not related to the above-noted 11 
examples defining a "commercial interaction," such as using advertising as an exchange or currency, offer-based price optimization, which pertains to marketing, or structuring of a sales force or marketing company, which pertains to marketing or sales activities or behaviors. 


Therefore, rejection under 35 U.S.C. § 101 is withdrawn.

With respect to Claim Rejections - 35 USC § 103
Applicant’s arguments with respect to claims 1, 2, 5-14 and 16-18 have been considered but are moot in view of new grounds of rejection initiated by applicant’s amendment to the claims.

Claim Rejections - 35 USC § 103
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 2, 5-14 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Barbara Patterson (WO 2012040377 A1 to) in view of Powell et al. (US 20150127547 A1) further in view of Jan Fedak (US 20160321650 A1) and further in view of Ahamed Kannanari (US 8682802 B1).

Regarding claim 1: Patterson discloses: A method of securing a first token (e.g. verification token) associated with a subscriber's payment instrument (e.g. payment card 32-2), hosted in a mobile terminal (e.g. mobile device 32-1), wherein the method comprises (See paragraphs [0011], [0044] and [0091] and Fig. 1 and related text)
pairing (e.g. enrolling / binding) an identifier (e.g. identifier for a mobile device or phone number) of the mobile terminal (e.g. mobile device 32-1) with the payment instrument (e.g., payment card 32-2), and subsequently pairing a personal cryptogram (e.g. PIN, Password) (e.g. consumer/login information such as PIN or password) with the payment instrument, each pairing being performed in response to registration of the payment instrument is a payment application (e.g., mobile devices may be enabled to download applications (e.g., apps) from a merchant website (e.g., iTunes™) to perform specialized tasks) (See paragraphs [0044], [0072], [0074], [0078-0079], [0088-0091], [0094] and [0106-0107] and Fig. 7 and FIG. 8 and related text);
cryptographically generating a first token (e.g. verification token) based on an [data] associated with the payment instrument and […], wherein the first token comprises pseudo-random data (e.g., Verification tokens may be in any suitable form and any suitable length. Verification tokens may be in the form of numbers, letters, or combinations thereof), (Patterson [0074], “When a mobile device has been enrolled using an enrollment process according to an embodiment of the invention, the payment processing network 26 may generate a verification token using a verification token management module 702. The verification token may be electronically transmitted to the mobile device. All transmissions received and transmitted, including authorization request messages, authorization response messages, and verification tokens, may be encrypted by an encryption module 704 using security keys.” [0040], “A "verification token" may be any suitable piece of information that can be used to verify that a consumer has presented a payment card or other authentic payment credential to a merchant for verification. Verification tokens may be in any suitable form and any suitable length. Verification tokens may be in the form of numbers, letters, or combinations thereof”) (see paragraphs [0071], [0011], [0012], [0074] and [0040])
storing the first token on the mobile terminal in association with the payment application (See paragraphs [0011-0012], [0015], [0040], [0042], [0064] and [0074] and Fig. 7 and FIG. 8 and related text);
receiving transaction data (e.g. transaction data, e.g. item, SKU, amount) concerning a payment transaction by the payment application (e.g. retail application on the mobile device 32-1) (See paragraphs [0124]-[0125]); and
encrypting at least the first token (e.g. verification token), the transaction data (e.g. transaction data), the identifier of the mobile terminal (e.g. mobile device identifier or phone number), and […] to generate a secure payment token (See paragraphs [0020], [0084], [0052] and [0123-0124]);

Patterson further discloses, debit card transaction (e.g. involving encrypted PIN sent in an authorization message) (See paragraphs [0058] and [0065]).

Patterson does not expressly discloses, generating a secure second payment token by encrypting the personal cryptogram.
Powell clearly discloses:
encrypting at least the first token (e.g. F2-Token), the transaction data (e.g. other chip data elements such as the product code), the identifier of the mobile terminal (e.g. contactless data), and the personal cryptogram (e.g. token cryptogram) to generate a secure payment token (See paragraphs [0041], [0117], [0121-0122] and [0125] and Fig. 3 and related text).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Patterson with Powell to include function such as including PIN or password or cryptogram with a token to secure a PAN and other transaction data to enhance transaction security.

Patterson discloses, verification token maybe dynamic. Furthermore, Patterson discloses activation code may be generated by any suitable algorithm or a random generator and a verification token according to an embodiment of the invention may be the form of an activation code (See paragraphs [0040] and [0095]).

Patterson does not expressly discloses, token is random data based on data representing a bank account number.

However, Fedak discloses:
the first token (e.g., token) is pseudo-random data based on a bank account number (e.g., account number) (See paragraph(s) [0036]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Patterson and Powell with Fedak to include a function of generating a token based on random data to enhance data security for a transaction.

Patterson discloses, generates a verification token, wherein the verification token is then sent to the mobile device and is stored in the mobile device, whereby the mobile device is thereafter used to conduct payment transactions (see paragraphs [0011]-[0016]).

Patterson does not expressly discloses, generates token including a diversifier (token rules or conditions or restrictions or limits etc.)

However, Kannanari discloses, generates token based on a diversifier (Col. [5], LN [54] – Col. [6] LN [11], “The token generator 226 may receive the request 114 for the payment token from the user device 108. The request 114 may include user credentials (e.g., username, password, etc.), an amount, conditions, an expiration time and/or other data. The token generator 226 may verify the user credentials and availability of the amount in an associated user account. In some instances, the payment token may be associated with one or more particular payment instruments and/or payment types in the account. When the user credentials are correct and the amount is available, the token generator 226 may generate a unique payment token that is associated with the account and is subject to the conditions and expiration time. The token generator 226 may encrypt the payment token and then transmit the payment token to the user device 108. The condition manager 228 may manage the conditions associated with the payment token. The conditions may include the expiration time, restrictions on use (e.g., restricted use to specified recipients, categories of goods/services, etc.), and/or other types of restrictions. The condition manager 228 may determine whether the conditions are met upon receipt of the payment token from a recipient prior to providing the answer 130 to the recipient.”) (Col. [5], LN [54] – Col. [6] LN [11] and Fig. 3 and Fig. 4 and related text).

Furthermore Kannanari discloses, generating token based on an account number associated with the payment instrument (Col. [7], LN [16-26] “At 306, the token generator 226 of the host servers 112 may create the payment token 116. The payment token 116 may be a one-time use token that includes a unique identifier that is associated with an account of the user. The token generator 226 may associate the payment token with one or more payment accounts, payment instruments, and/or payment types when specified by the user in the request 114 or by default instructions. In various embodiments, the token generator 226 may encrypt the payment token. The token generator 226 may transmit the payment token to the user device 108, which may be received by the user device at 308.”), (Col. [7], LN [16-26] and Fig. 3 and Fig. 4 and related text).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Patterson Powell and Fedak with Kannanari to include a function of generating a token including token restriction or condition s to enhance security for a transaction.

The Examiner notes: for example, claim 1 recites “encrypting at least the first token, the transaction data, the identifier of the mobile terminal, and the personal cryptogram to generate a secure payment token.” this is nonfunctional descriptive material as it only describes data values, while the data values (e.g., a secure payment token) are not used to perform any of the recited method steps. Therefore, it has been held the nonfunctional descriptive material will not distinguish the invention from the prior art in term of patentability. (In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 

The Examiner notes that the limitations “encrypting at least the first token, the transaction data, the identifier of the mobile terminal, and the personal cryptogram to generate a secure payment token” has been considered and addressed as shown above.  The Examiner further notes that the limitation is an intended use limitation. The statements of intended use or field of use, [to generate or to create or adapted to or adapted for clauses, wherein clauses, or whereby clauses] are essentially method limitations or statements or intended or desired use.  Thus, these claims as well as other statements of intended use do not serve to patentably distinguish the claimed structure over that of the reference.  See In re Pearson, 181 USPQ 641; In re Yanush, 177 USPQ 705; In re Finsterwalder, 168 USPQ 530; In re Casey, 512 USPQ 235; In re Otto, 136 USPQ 458; Ex parte Masham, 2 USPQ 2nd 1647. See MPEP § 2114 which states: A claim containing a “recitation with respect to the manner in which a claimed apparatus is intended to be employed does not differentiate the claimed apparatus from the prior art apparatus” if the prior art apparatus teaches all the structural limitations of the claim.  Ex parte Masham, 2 USPQ 2nd 1647.

Regarding claim 2: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: The method according to claim 1, wherein the pairing is performed following a successful authentication protocol between the payment application and a remote authentication server (See paragraphs [0012], [0078-0079], [0088-0090] and [0106-0107] and Fig. 7 and FIG. 8 and related text)”).

Regarding claim 5: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: The method according to claim 1, wherein the first token is encrypted by means of a temporary key received from a server for generating the first token (See paragraphs [0011] and [0071]).

Regarding claim 6: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: The method according to claim 1, it wherein the method further comprises the payment application generating the identifier of the mobile terminal and the personal cryptogram, wherein the generating is triggered by receiving data concerning the payment transaction (See paragraph [0013]).

Regarding claim 7: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: The method according to claim 6, wherein the payment application generating the identifier of the mobile terminal and the personal cryptogram comprises: reading a secure memory of the mobile terminal on condition that a personal password is input, or executing a cryptographic calculation on condition that a personal password is input (See paragraphs [0094] and [150]).

Regarding claim 8: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: The method according to claim 6, wherein generating the identifier of the mobile terminal and the personal cryptogram is triggered by a request to  (See paragraphs [0011] and [0044]).

Regarding claim 9: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: The method according to claim 6, wherein, during execution of the payment transaction, the identifier and the personal cryptogram are stored in a volatile memory of the mobile terminal (See paragraphs [0011] and [0064-0064]).
 
Regarding claim 10: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: The method according to claim 1, wherein the provisioning comprises writing the first token in a nonvolatile memory of the mobile terminal (See paragraphs [0011] and [0064-0064]).

Regarding claim 11: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: A mobile terminal comprising a non-transitory computer readable storage medium for hosting a payment application, the payment application performing operations comprising:
pairing an identifier of the mobile terminal, and subsequently a personal cryptogram with a payment instrument, each pairing being performed in response to registration of the payment instrument with the payment application (See paragraphs, [0044], [0072], [0074], [0078-0079], [0088-0091], [0094] and [0106-0107] and Fig. 7 and FIG. 8 and related text);
retrieving, from a storage of the mobile terminal, a first token associated with the payment instrument, wherein the first token is cryptographically generated based on an [data] associated with the payment instrument and a […], wherein the first token comprises pseudo-random data (Patterson [0011], “wherein the verification token is then sent to the mobile device and is stored in the mobile device, whereby the mobile device is thereafter used to conduct payment transactions.”, [0074], “When a mobile device has been enrolled using an enrollment process according to an embodiment of the invention, the payment processing network 26 may generate a verification token using a verification token management module 702. The verification token may be electronically transmitted to the mobile device. All transmissions received and transmitted, including authorization request messages, authorization response messages, and verification tokens, may be encrypted by an encryption module 704 using security keys.” [0017], “the verification token indicates that subsequent transactions conducted by the phone are to be processed as card present transactions. The verification token is then sent to the phone, whereby the phone is thereafter used to conduct payment transactions, and wherein the payment transactions are processed as card present transactions. The system also includes a phone configured to interact with the access device.”), (see paragraphs [0071], [0011], [0012], [0018], [0074], [0040], 0042], [0044] and [0091-0092] and Fig. 1 and related text);
receiving transaction data concerning a payment transaction (See paragraphs ([0124-0125]); and
encrypting at least the first token, the transaction data, the identifier of the mobile terminal, and […] to generate a secure payment token (See paragraphs [0020], [0052] and [0128).

Patterson discloses, generating a secure second payment token by access device 34 (e.g. cellular phones, PDAs) (See paragraphs [0020], [0052], [0061] and [0084]). Patterson further discloses, generating a secure second payment token by mobile device 32 (See paragraphs [0020], [0052], [0061] and [0128]).

Patterson does not expressly discloses, generating a secure second payment token by encrypting the personal cryptogram.
Powell clearly discloses:
encrypting at least the first token (e.g. F2-Token), the transaction data (e.g. other chip data), the identifier of the mobile terminal (e.g. contactless data), and the personal cryptogram (e.g. token cryptogram) to generate a secure payment token (See paragraphs [0041], [0117], [0121-0122] and [0125] and Fig. 3 and related text).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Patterson with Powell to include function such as including PIN or password or cryptogram with a token to secure a PAN and other transaction data to enhance transaction security.

Patterson discloses, verification token maybe dynamic. Furthermore, Patterson discloses activation code may be generated by any suitable algorithm or a random generator (See paragraphs [0040] and [0095]).

Patterson does not expressly discloses, token is random data based on data representing a bank account number.
However, Fedak discloses:
the first token (e.g., token) is pseudo-random data based on a bank account number (e.g., account number) (See paragraph(s) [0036]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Patterson and Powell with Fedak to include a function of generating a token based on random data to enhance data security for a transaction.

Patterson discloses, generates a verification token, wherein the verification token is then sent to the mobile device and is stored in the mobile device, whereby the mobile device is thereafter used to conduct payment transactions (see paragraphs [0011]-[0016]).

Patterson does not expressly discloses, generates token including a diversifier (token rules or conditions or restrictions or limits etc.)

However, Kannanari discloses, generates token based on a diversifier (Col. [5], LN [54] – Col. [6] LN [11], “The token generator 226 may receive the request 114 for the payment token from the user device 108. The request 114 may include user credentials (e.g., username, password, etc.), an amount, conditions, an expiration time and/or other data. The token generator 226 may verify the user credentials and availability of the amount in an associated user account. In some instances, the payment token may be associated with one or more particular payment instruments and/or payment types in the account. When the user credentials are correct and the amount is available, the token generator 226 may generate a unique payment token that is associated with the account and is subject to the conditions and expiration time. The token generator 226 may encrypt the payment token and then transmit the payment token to the user device 108. The condition manager 228 may manage the conditions associated with the payment token. The conditions may include the expiration time, restrictions on use (e.g., restricted use to specified recipients, categories of goods/services, etc.), and/or other types of restrictions. The condition manager 228 may determine whether the conditions are met upon receipt of the payment token from a recipient prior to providing the answer 130 to the recipient.”), (Col. [5], LN [54] – Col. [6] LN [11] and Fig. 3 and Fig. 4 and related text).

Furthermore, Kannanari discloses, generating token based based on an account number associated with the payment instrument (Col. [7], LN [16-26] “At 306, the token generator 226 of the host servers 112 may create the payment token 116. The payment token 116 may be a one-time use token that includes a unique identifier that is associated with an account of the user. The token generator 226 may associate the payment token with one or more payment accounts, payment instruments, and/or payment types when specified by the user in the request 114 or by default instructions. In various embodiments, the token generator 226 may encrypt the payment token. The token generator 226 may transmit the payment token to the user device 108, which may be received by the user device at 308.”), (Col. [7], LN [16-26] and Fig. 3 and Fig. 4 and related text).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Patterson Powell and Fedak with Kannanari to include a function of generating a token including token restriction or condition s to enhance security for a transaction.

The Examiner notes: for example, claim 1 recites “encrypting at least the first token, the transaction data, the identifier of the mobile terminal, and the personal cryptogram to generate a secure payment token.” this is nonfunctional descriptive material as it only describes data values, while the data values (e.g., a secure payment token) are not used to perform any of the recited method steps. Therefore, it has been held the nonfunctional descriptive material will not distinguish the invention from the prior art in term of patentability. (In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP 2111.05), Ex parte Nehls 88 USPQ2d 1883 (BPAI 2008) (precedential).

The Examiner notes that the limitations “encrypting at least the first token, the transaction data, the identifier of the mobile terminal, and the personal cryptogram to generate a secure payment token” has been considered and addressed as shown above.  The Examiner further notes that the limitation is an intended use limitation. The statements of intended use or field of use, [to generate or to create or adapted to or adapted for clauses, wherein clauses, or whereby clauses] are essentially method limitations or statements or intended or desired use.  Thus, these claims as well as other statements of intended use do not serve to patentably distinguish the claimed structure over that of the reference.  See In re 

Regarding claim 12: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: The mobile terminal according to claim 11, wherein the operations further comprise generating the identifier of the mobile terminal and the personal cryptogram (See paragraph [0013]).

Regarding claim 13: Patterson, Powell, Fedak and Kannanari, discloses as shown above. 
Patterson further discloses: A server for generating a first token, the server configured to perform operations comprising:
receiving (e.g., via access device 34) a request from a mobile terminal for a first token, the request including an identifier of the mobile terminal and a personal cryptogram of a subscriber (Patterson [0107], “In step S16, the consumer 30 may provide different types of information to the access device 34. Such information may include an identifier (e.g., a phone number) for a mobile device, and other suitable information. For example, the merchant website account login information (e.g., username, password, mobile device identifier) may be provided to the merchant access device 34. This may be done manually by entering the username and password associated with the consumer's 30 merchant website account.”), (see paragraphs [0071], [0011], [0013], [0012], [0074], [0040] and [0094] and Fig. 6 and related text);
cryptographically generating a first token (e.g. verification token) based on an [data] associated with the payment instrument and […], wherein the first token comprises pseudo-random data (e.g., Verification tokens may be in any suitable form and any suitable length. Verification tokens may be in the form of numbers, letters, or combinations thereof), (Patterson [0074], “When a mobile device has been enrolled using an enrollment process according to an embodiment of the invention, the payment processing network 26 may generate a verification token using a verification token management module 702. The verification token may be electronically transmitted to the mobile device. All transmissions received and transmitted, including authorization request messages, authorization response messages, and verification tokens, may be encrypted by an encryption module 704 using security keys.” [0040], “A "verification token" may be any suitable piece of information that can be used to verify that a consumer has presented a payment card or other authentic payment credential to a merchant for verification. Verification tokens may be in any suitable form and any suitable length. Verification tokens may be in the form of numbers, letters, or combinations thereof”) (see paragraphs [0071], [0011], [0012], [0074] and [0040]);
pairing the identifier and the personal cryptogram with the payment instrument, when the payment instrument is registered in a payment application on the mobile terminal (See paragraphs [0044], [0072], [0074], [0078-0079], [0088-0090], [0094] and [0106-0107] and Fig. 7 and FIG. 8 and related text); and
verifying a secure payment token comprising encrypted data corresponding at least the first token transaction data, the identifier of the mobile terminal, and […] (See paragraphs [0084] and [0128-135]).

Patterson further discloses, debit card transaction (e.g. involving encrypted PIN sent in an authorization message) (See paragraphs [0058] and [0065]).

Patterson does not expressly discloses, verifying a secure payment token comprising encrypted at least the personal cryptogram.

Powell clearly discloses:
verifying a secure payment token comprising encrypted data corresponding to at least the first token, transaction data, the identifier of the mobile terminal, and the personal cryptogram (See paragraphs [0117] and [0121-0128] and Fig. 3 and related text).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Patterson with Powell to include function such as including PIN or password or cryptogram with a token to secure a PAN and other transaction data to enhance transaction security.

Patterson discloses, verification token maybe dynamic. Furthermore, Patterson discloses activation code may be generated by any suitable algorithm or a random generator and a verification token according to an embodiment of the invention may be the form of an activation code (See paragraphs [0040] and [0095]).

Patterson does not expressly discloses: token is random data based on data representing a bank account number.
However, Fedak discloses:
the first token (e.g., token) is pseudo-random data based on a bank account number (e.g., account number) (See paragraph(s) [0036]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Patterson and Powell with Fedak to include a function of generating a token based on random data to enhance data security for a transaction.

Patterson discloses, generates a verification token, wherein the verification token is then sent to the mobile device and is stored in the mobile device, whereby the mobile device is thereafter used to conduct payment transactions (see paragraphs [0011]-0016]).

Patterson does not expressly discloses, generates token including a diversifier (token rules or conditions or restrictions or limits etc.)

However, Kannanari discloses: 
generates token based on a diversifier (Col. [5], LN [54] – Col. [6] LN [11], “The token generator 226 may receive the request 114 for the payment token from the user device 108. The request 114 may include user credentials (e.g., username, password, etc.), an amount, conditions, an expiration time and/or other data. The token generator 226 may verify the user credentials and availability of the amount in an associated user account. In some instances, the payment token may be associated with one or more particular payment instruments and/or payment types in the account. When the user credentials are correct and the amount is available, the token generator 226 may generate a unique payment token that is associated with the account and is subject to the conditions and expiration time. The token generator 226 may encrypt the payment token and then transmit the payment token to the user device 108. The condition manager 228 may manage the conditions associated with the payment token. The conditions may include the expiration time, restrictions on use (e.g., restricted use to specified recipients, categories of goods/services, etc.), and/or other types of restrictions. The condition manager 228 may determine whether the conditions are met upon receipt of the payment token from a recipient prior to providing the answer 130 to the recipient.”) (Col. [5], LN [54] – Col. [6] LN [11] and Fig. 3 and Fig. 4 and related text).


Kannanari, further discloses, generating token based on an account number associated with the payment instrument (Kannanari Col. [7], LN [16-26], “At 306, the token generator 226 of the host servers 112 may create the payment token 116. The payment token 116 may be a one-time use token that includes a unique identifier that is associated with an account of the user. The token generator 226 may associate the payment token with one or more payment accounts, payment instruments, and/or payment types when specified by the user in the request 114 or by default instructions. In various embodiments, the token generator 226 may encrypt the payment token. The token generator 226 may transmit the payment token to the user device 108, which may be received by the user device at 308.”), see also (Col. [7], LN [16-26] and Fig. 3 and Fig. 4 and related text).

Alternatively, Kannanari discloses:
receiving a request from a mobile terminal for a first token (Kannanari Col. [6], LN [58] – Col. [7], LN [13] “At 302, the token requestor 210 may transmit the request 114 for a payment token to the host servers 112. The token requestor 210 may be accessed by the user device 108 or by another computing device. For example, the user 106 may initiate a request for the payment token using the user device 108 while standing in line at a brick-and-mortar store. In another example, the user 106 may initiate a request for a payment token using a computing device different than the user device 108, such as using a personal computer while at home before a shopping trip. The request 114 may include one or more of an expiration time, conditions for redemption, and an amount. In some embodiments, the expiration time, conditions, amount, or any combination thereof may have default values. In various embodiments, the host servers 112 may determine some or all of the expiration time, conditions, or amount. The conditions for redemption may include specified merchant locations, types of goods or services (including categories and/or specific items), or other types of conditions. The request 114 may also specify which account, payment types, and/or payment instruments to use to fund the payment token. The request 114 may also include user credentials to ensure that the request is valid and from the user 106.”)

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Patterson Powell and Fedak with Kannanari to include a function of generating a token including token restriction or condition s to enhance security for a transaction.

Regarding claim 14
Patterson further discloses: The server according to claim 13, wherein the identifier of the mobile terminal and the personal cryptogram of the subscriber are received from an authentication server (See paragraph [0012]).

Regarding claim 15: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: The server according to claim 13, wherein the first token is generated using a random number generator as a function at least of data representing a number of a bank account attached to the payment instrument (See paragraph [0040]).

Regarding claim 16: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson discloses: The method of claim 1, wherein the encrypting is performed by the payment application hosted in the mobile terminal (e.g. access device 34) (e.g. cellular phones, PDAs) (See paragraphs [0020], [0052], [0061], [0084] and [0128]).

Regarding claim 17: Patterson, Powell, Fedak and Kannanari, discloses as shown above.
Patterson further discloses: The method of claim 1, wherein the payment application of the mobile terminal is provided with the first token in response to request from the payment application for the first token (See paragraphs [0011], [0015], [0040], [0064] and [0074] and related text).

Regarding claim 18
Patterson further discloses: The method of claim 1, wherein the mobile terminal does not include a secure chip (See paragraph [0011]).

Additionally, claim 1 is directed to a method claim as it recites "A method of securing a first token..." However, claim 18 recites structural limitation. It has been held to be entitled to such weight in method claims, the recited structural limitations therein must affect the method in a manipulative sense and not to amount to the mere claiming of a use of a particular structure, which, in our opinion, is the case here. (Ex parte Pfeiffer, 135 USPQ 31 (BdPatApp&Int 1961)).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAHED ALI whose telephone number is (571)270-1085.  The examiner can normally be reached on 8:00 - 5:00 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.



/JAHED ALI/ Examiner, Art Unit 3685


/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685