DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on August 25, 2021.
Claims 22 – 41 are being considered on the merits.

Response to Amendment
Status of claim in the instant application:
Claims 22 – 41 are pending.
Claims 22 and 32 are amended.
No claim has been cancelled.
No new claim has been added.
Applicant’s arguments, see page [5 - 6] of Applicant’s remarks filed on August 25, 2021, with respect to claims 22, 28 – 31, 32, and 38 – 41 that were rejected under 35 U.S.C. 103 as being unpatentable over US 2021003685 A1 to Wang et al., (hereinafter, “Wang”) in view of US 20200211002 A1 to Steinberg, have been fully considered in view of claim amendments and they are persuasive. Therefore, the claim rejections are withdrawn.
Applicant’s arguments, see page [6 - 7] of Applicant’s remarks filed on August 25, 2021, with respect to claims 23 – 25 and 33 – 35
Applicant’s arguments, see page [7] of Applicant’s remarks filed on August 25, 2021, with respect to claims 26 – 27 and 36 – 37 that were rejected under 35 U.S.C. 103 as being unpatentable over US 2021003685 A1 to Wang et al., (hereinafter, “Wang”) in view of US 20200211002 A1 to Steinberg in further view of US 10200369 B1 to Roundy et al., (hereinafter "Roundy"), have been fully considered in view of claim amendments and they are persuasive. Therefore, the claim rejections are withdrawn.

Allowable Subject Matter
Claims 22 – 41 are allowed, but they are renumbered to 1 – 20. The following is an examiner’s statement of reasons for allowance: the following prior arts were yielded during examination of the claims filed on August 25, 2021 in response to office action mailed on May 25, 2021. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
Wang et al. [US 2021003685 A1]: This is considered the closest prior art of the instant application that generally relates to system and methodology generating access tokens on a user device rather than via a remote server computer. An access token can be generated on a second user device by combining and encrypting, with format preservation, a primary access identifier, variable value, and salt. The resulting value can be provided to a first user device that can subsequently can provide the access token to an access device as part of an interaction. The access device can generate an authorization request message that comprises the access token and transmit it to a remote server computer for processing. The remote server computer can process the access token to determine the primary access identifier despite not being involved in the 
Wang does discloses receiving by the remote server computer 402, as part of an interaction, an authorization request message comprising an access token, a variable value, and a salt, each corresponding to a first user device; the first user device provides the access token, variable value, and salt to an access device in an interaction. Thereafter, the access device generates an authorization request message comprising the access token, the variable value, and the salt. The access device transmits the authorization request message to a remote server computer. The remote server computer can process the authorization request message and determine the primary access identifier corresponding to the user that provided the access token determining, by the remote server computer, if a user of the first user device is authorized to conduct the interaction receiving, by the remote server computer 402, a first verification cryptogram; generating, by the remote server computer 402, based on the primary access identifier, the variable value and the salt, a unique diversified key; generating, by the remote server computer 402, a second verification cryptogram based on the unique diversified key, the access token, and the interaction information; and comparing, by the remote server computer 402, the verification cryptogram against the second verification cryptogram, wherein the user of the first user device is authorized to conduct the interaction if the second verification cryptogram matches the first verification cryptogram storing, by the remote server computer 402, the access token in a secure database (such as access token database 408) in association with the primary access identifier. Para. 90 discloses the access token processing module 412 may comprise code enabling the processor 404 to process received access tokens. This may include de-tokenization or producing the primary access identifier associated with a received access token. 
Steinberg [US 2021003685 A1]: This generally discloses a methodology and system increase data security by offering a frequently changing Authorization Token that includes user-modifiable criteria. Without validation of the Authorization Token, a personal identifier, such as a Social Security Number or account number, is not accepted as a means to transact business or release information. A single mechanism allows both authentication of the owner of a personal identifier and the owner's ability to specify whether and how its use is authorized.
Steinberg does discloses the user generates an Authorization Token through the steps shown in FIG. 4. The user may log into the generator (e.g., directly with a password, indirectly via a password store, through the use of a biometric device, or via another means) to local authentication system (401) for providing access to the generator. Once the authentication system (401) of the generator validates (402) the user's authorization to access the generator, in an embodiment the generator may provide the user with selectable options of account identifiers that the user may authorize (404), and may also provide the user with selectable constraints or limitations that are to be attached to the authorization. Some user-initiated or user-selected constraints may include, but are not limited to, for example, the upper threshold constraint of the amount of a transaction (e.g., a maximum value expressed in a maximum dollar value or another currency value), duration of the authorization (e.g. a time limit in minutes, hours, days, or weeks for the duration of authorization constraint), whether the authorized use is for one-time only or multiple times during that period. generator (105) may include stored program code that causes a processor to execute an algorithm (407) that combines and effectively links the selected Identifier or identifiers if a constraint includes an identifier of an entity or system being authorized (or a hashed version of said Identifier(s) that was processed by hasher (406)) with any 
Jerichow et al. [US 20190182654 A1]: This generally discloses a methodology and system provide subscriber privacy management techniques that prevent a covert channel from being established between user equipment and a home network through a serving network in a communication system. In one example, a random value is computed in the serving network and added to the registration request procedure. The techniques also enable the home network to control UE behavior using an authorization token.
Jerichow does discloses receiving a registration request from user equipment associated with a given subscriber of the home network, the registration request comprising a concealed subscriber identifier for the given subscriber; computing a random value; applying a cryptographic hash function to the concealed subscriber identifier and the random value to generate a hash value; sending the hash value to the home network with an authorization request; receiving a response to the authorization request from the home network, wherein the response comprises an authorization token; and sending a message to the user equipment comprising the random value and the authorization token.
Roundy et al. [US 10200369 B1]: This generally discloses a methodology and system dynamically validating remote requests within enterprise networks may include (1) receiving, on a target system within an enterprise network, a request to access a portion of the target system from a remote system within the enterprise network, (2) performing a validation operation to determine whether the remote system is trustworthy to access the portion of the target system by (A) querying an enterprise security system to authorize the request from the remote system and (B) receiving, from the enterprise security system in response to the query, a notification 
Roundy does discloses exemplary system 100 may also include a validation module 106 that performs a validation operation to determine whether the remote system is trustworthy to access the portion of the target system by (1) querying an enterprise security system to authorize the request from the remote system and (2) receiving, from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system. Enterprise security system 120 may identify the trustworthiness and/or hygiene of remote system 202, the last time that remote system 202 was infected, the trustworthiness and/or hygiene of the process that initiated the transfer from remote system 202, the trustworthiness and/or hygiene of the executable, the trustworthiness and/or computing behavior or history of the user operating remote system 202, variations or combinations of one or more of the same, and/or any other suitable contextual information.
However, none of the prior arts of record independently or in-combination discloses all the limitation of the independent claims 22 and 32 as recited in the amended set of claims being examined.
Therefore, the independent claims are allowable over the prior arts of record. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed by virtue of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893.  The examiner can normally be reached on Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434