DETAILED ACTION
Acknowledgements
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to the Amendment filed on August 13, 2021.
Claims 5, 7, and 16-20 are cancelled.
Claim 27 is added.
Claims 1-4, 6, 8-15, and 21-27 are pending.
Claims 1-4, 6, 8-15, and 21-27 are examined.
This Office Action is given Paper No. 20211029 for references purposes only.

Claim Objections
Claim 27 is objected to because it recites “the apparatus of claim 1.” However, claim 1 is directed to “a device.” Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 4, 6, 8-12, 14-15, 23-24, and 26-27 are rejected under 35 U.S.C. 103(a) as being unpatentable over Guglani et al. (US 2016/0092696) in view of Powell et al. (US 10,070,310).

Claims 1, 11, 23
Guglani discloses:
a communications module (mobile device, see [0034]);
at least one processor (mobile device, see [0056]) coupled to the storage unit and the communications module, the at least processor being configured to execute the first application program to:
transmit, through the communications module, a request to authenticate the product data (send a token request/token provisioning request/token request message, see [0062, 0089]) to a first computer system (token server computer, see [0060-0062, 0090]), the request comprising the product data (payment information, e.g. payment account number, see [0060]) and the cryptographic data 
receive, through the communications module, confirmation data (token, see [0063-0065, 0092]) from the first computer system that confirms the authenticity of the product data; and
in response to the confirmation data received from the first computer system, perform operations that provision the generated digital token (token, see [0038, 0065]) to a digital wallet (mobile wallet application, see [0058]) established by the executed first application program.
Guglani does not disclose:
A storage… program;
Obtain… data;
Based… interface;
Receive… device.
Powell teaches:
a storage unit (memory, see C7 L24-31) storing instructions, the instructions comprising a first application program (second application, e.g. digital wallet application, see C7 L41-49);
obtain data identifying a product (access data, e.g. credit card account data, see C4 L19-33, C9 L60-67), and generate a digital token (payment token, see C6 L7-20) representative of at least a portion of the product data;
based on the generated digital token, request cryptographic data (authentication code, see C10 L55-67) from a second application program (first application, e.g. issuer application, mobile banking application, see C7 L32-40) executed by the at least one processor, the request being provided to the executed second application program through a programmatic interface (interface, see C11 L21-25);
receive the cryptographic data (authentication code, see C11 L21-25) from the executed second application program (first application, see C11 L21-25) through the programmatic interface (interface, see C11 L21-25), the cryptographic data being generated in response to a verification of authentication credentials (user’s authentication data, e.g. PIN, see C10 L8-22) by the executed second application program, and the authentication credentials being associated with the device.
Guglani discloses transmitting a request to authenticate, receiving confirmation data, and provisioning a token. Guglani does not disclose obtaining product data, requesting cryptographic data from a second application, and receiving the cryptographic data, but Powell teaches this. It would have been obvious to one of ordinary skill in the art at the time the invention was filed to combine the remote server encrypted data provisioning system of Guglani with the obtained product data, requested cryptographic data, and received cryptographic data of Powell because 1) a need exists for improved data security methods to prevent sensitive user data from being obtained by unauthorized persons while the data is stored on a mobile device (see Guglani [0003-0004]); and 2) a need exists for improving data security when a resource provider does not have control 
Claim 4
Furthermore, Guglani discloses:
an interface module (see figure 3) coupled to the at least one processor, the at least one processor being further configured to execute the first application program to receive the data identifying the product by receiving the data through the interface module (user choosing user data, see [0084-0085]).
Claims 6, 12, 24
Furthermore, Guglani discloses:
the request to authenticate the product data comprises the generated digital token (token, see [0063-0065]); and
the first computer system is further configured to establish the authenticity of the product data based on the generated digital token (token, see [0065, 0071]).
Claim 8, 14, 26
Furthermore, Guglani discloses:
the product comprises a payment instrument (payment account, see [0036]), the payment instrument being associated with an issuer of the product, and the payment instrument comprising a credit-card account (see [0037]), a debit-
the product data comprises account data that characterizes the payment instrument, the account data comprising an account number (primary account number, see [0037]), an expiration date (expiration date, see [0037]), a card security code (card verification value, see [0037]), or account-holder data;
the provisioned token (token may be used as substitute for original account identifier, see [0038]) is representative of a portion of the account data;
the first computer system is associated with a payment network (payment processing network, see [0062]) that settles transactions;
the first computer system is further configured to validate the cryptographic data and establish an authenticity of the account data (see [0062]).
Claims 9, 15
Furthermore, Guglani discloses:
generate data establishing the digital wallet (mobile wallet application, see [0058]), the digital wallet being associated with a third party unrelated to the issuer or the payment network; and
in response to the data received from the first computer system, provision the payment instrument to the digital wallet (digital wallet, see [0035, 0058]).
Claim 10
Furthermore, Guglani discloses:
the cryptographic data comprises an encrypted payment instrument (encrypted user data, e.g. payment information, see [0059]).
Claim 27
Furthermore, Powell teaches:
the executed second application program is associated with an issuer of the product (issuer application, mobile banking application, see C7 L32-40);
the at least one processor is further configured to execute the first application program to perform operations that, based on the generated digital token, identify the issuer of the product (e.g. Visa, see C13 L1-10) and identify the executed second application program (issuer application, mobile banking application, see C7 L32-40).

Claims 2-3, 13, 21-22, and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over Guglani et al. (US 2016/0092696), in view of Powell et al. (US 10,070,310), and further in view of Fort et al. (US 2017/0085388). 

Claims 2, 13, 25
Guglani in view of Powell discloses the limitations above. Furthermore, Guglani discloses:
the executed second application program is associated with an issuer (MAP computer is an issuer, see [0058]) of the product;
a second computer system associated with the issuer (MAP computer is an issuer, see [0058]) is configured to generate the cryptographic data in response to the verification of the authentication credentials (authenticate user credentials, see [0076]) associated with the device.
Guglani in view of Powell does not disclose:
The cryptographic… system.
Fort teaches:
the cryptographic data comprises a digital signature (signature, see [0006, 0025]) of the second computer system.
Guglani in view of Powell discloses obtaining product data, requesting cryptographic data from a second application, receiving the cryptographic data, transmitting a request to authenticate, receiving confirmation data, and provisioning a token. Guglani in view of Powell does not disclose a digital signature, but Fort teaches this. It would have been obvious to one of ordinary skill in the art at the time the invention was filed to combine the remote server encrypted data provisioning system of Guglani, in view of Powell, with the digital signature of Fort because 1) a need exists for improved data security methods to prevent sensitive user data from being obtained by unauthorized persons while the data is stored on a mobile device (see Guglani [0003-0004]); 2) a need exists for improving data security when a resource provider does not have control over an application (see Powell C1 L32-47); and 3) a need exists for ensuring that transaction data has not been altered before being received at an application (see Fort [0003]). Using a digital signature will help ensure that transaction data is not altered.  


Furthermore, Guglani discloses:
the second computer system is configured to generate the digital signature using a cryptographic key (encryption key, see [0059]) accessible to the first and second computer systems.
Furthermore, Fort teaches:
the first computer system is further configured to validate (whether verification was successful, see [0186]) the digital signature using the cryptographic key.
Claims 21, 22
Guglani in view of Powell discloses the limitations above. Furthermore, Guglani discloses:
the cryptographic data comprises a cryptogram (cryptogram, see [0077]) generated by a second computing system;
based on the validation of the applied digital signature, establish an authenticity of the product data and the cryptogram (see [0062]); and
the at least one processor is further configured to execute the first application program to, based on the confirmation data, store (store, see [0057, 0065]) the provisioned digital token and the cryptogram within a portion of the memory.
Guglani in view of Powell does not disclose:
A digital signature… system;
The first… signature.
Fort teaches:
a digital signature (signature, see [0006, 0025]) applied to the cryptogram by the second computing system;
the first computer system is configured to validate the applied digital signature (whether verification was successful, see [0186]).
Guglani in view of Powell discloses obtaining product data, requesting cryptographic data from a second application, receiving the cryptographic data, transmitting a request to authenticate, receiving confirmation data, and provisioning a token. Guglani in view of Powell does not disclose validating a digital signature, but Fort teaches this. It would have been obvious to one of ordinary skill in the art at the time the invention was filed to combine the remote server encrypted data provisioning system of Guglani, in view of Powell, with the validated digital signature of Fort because 1) a need exists for improved data security methods to prevent sensitive user data from being obtained by unauthorized persons while the data is stored on a mobile device (see Guglani [0003-0004]); 2) a need exists for improving data security when a resource provider does not have control over an application (see Powell C1 L32-47); and 3) a need exists for ensuring that transaction data has not been altered before being received at an application (see Fort [0003]). Validating a digital signature will help ensure that transaction data is not altered.  

Response to Arguments
103 arguments 
Applicant argues that the prior art does not teach a first application program to generate a digital token representative of the product data; requesting cryptographic data from a second application program; and provisioning the digital token to a wallet. 
Please see new mapping above.

Claim Interpretation
The prior art made of record and not relied upon is considered pertinent to Applicant's disclosure (see attached form PTO-892).
After careful review of the original specification and unless expressly noted otherwise by Examiner, Examiner concludes that Applicant is not his own lexicographer.  See MPEP § 2111.01 IV.
Examiner hereby adopts the following definitions under the broadest reasonable interpretation standard. In accordance with In re Morris, 127 F.3d 1048, 1056, 44 USPQ2d 1023, 1029 (Fed. Cir. 1997), Examiner points to these other sources to support her interpretation of the claims.1 Additionally, these definitions are only a guide to claim terminology since claim terms must be interpreted in context of the surrounding claim language. Finally, the following list is not intended to be exhaustive in any way:
configuration “(1) (A) (software) The arrangement of a computer system or component as defined by the number, nature, and interconnections of its constituent parts.” “(C) The physical and logical elements of an information processing system, the manner in which they are organized and connected, or both.  Note: May refer to hardware configuration or software configuration.”  IEEE 100 The Authoritative Dictionary of IEEE Standards Terms, 7th Edition, IEEE, Inc., New York, NY, Dec. 2000.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry of a general nature or relating to the status of this application or concerning this communication or earlier communications from Examiner should be directed to Chrystina Zelaskiewicz whose telephone number is 571.270.3940. Examiner can normally be reached on Monday-Friday, 9:30am-5:00pm. If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, Abhishek Vyas can be reached at 571-270-1836.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published 
/CHRYSTINA E ZELASKIEWICZ/Primary Examiner, Art Unit 3621                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 While most definition(s) are cited because these terms are found in the claims, Examiner may have provided additional definition(s) to help interpret words, phrases, or concepts found in the definitions themselves or in the prior art.