DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
•	This action is in reply to the remarks filed on 10/15/2021.
•	Claims 1-2, 4-7, 9-12, 14-17, and 19 are currently pending and have been examined. 
•	This action is made FINAL.

Response to Arguments
Applicant’s arguments filed October 15, 2021 have been fully considered but they are not persuasive.
Applicant’s arguments with respect to 35 USC § 112 have been fully considered and are not persuasive.  
Regarding Applicant’s argument on pages 7-8, that Applicant had the elements of “wherein the merchant user interface displays the financial institution electronic wallet identifier” in its possession at its filing, the Examiner respectfully disagrees.  Applicant further argues that support for the limitation can be found at paragraphs [0051]-[0052].  The argument is not persuasive.  Paragraphs [0051]-[0052] discloses displaying product information, and that a product may be an electronic wallet.  However, the Specification does not disclose that “product 
Applicant further argues, on page 8, that original recitation of Claim 1 supports this limitation.  The argument is not persuasive.  Claim 1, originally reciting “a product identifier for the product” and “the product comprises an electronic wallet,” does not provide support for the limitation “wherein the merchant user interface displays the financial institution electronic wallet identifier.”  Nor does the original claim 1 support Applicant’s contention that “an electronic wallet identifier” is “product information” that is displayed on a merchant user interface.  The 112 rejection is therefore maintained.
Applicant’s arguments with respect to 35 USC § 103 have been fully considered and are not persuasive.  
Regarding Applicant’s argument on page 10, that Kalgi’s disclosure of a customer ID cannot be interpreted as the claimed “electronic wallet identifier,” the Examiner respectfully disagrees.  Applicant further argues, on page 10, that Kalgi clearly discloses that the customer ID has nothing to do with identifying the electronic wallet.  The Examiner respectfully disagrees.  As discussed in the 103 rejection below, Kalgi discloses the initial connection between an entity and wallet creates a customer ID for that relationship (see Kalgi at [0088], disclosing that the initial connection between an entity and a wallet creates a customer identifier unique to that relationship).  Further evidence of Kalgi’s customer ID being properly interpreted as an electronic wallet identifier can be found in Kalgi at paragraph [0111], disclosing that the wallet may create a customer ID.  Kalgi’s disclosure of a customer ID, therefore, may properly be 
Regarding Applicant’s arguments on pages 10-11, where Applicant has purported to cite to paragraph 88 of Kalgi, as an initial matter, it is noted that Applicant has mis-quoted Kalgi.  Applicant actually inserted a passage of Kalgi at paragraph [0098], not [0088].  Furthermore, Kalgi, at the portion cited by the Applicant (at paragraph [0098], not [0088]), in disclosing that the customer ID corresponds to the relationship between the customer and the merchant, does not necessarily disclose that the customer ID has no actions or relationships with the electronic wallet.  In fact, Kalgi at [0088], discloses that the initial connection between an entity and a wallet creates a customer identifier unique to that relationship.  Furthermore, Kalgi at paragraph [0111], discloses that the wallet may create a customer ID.  Applicant’s arguments are therefore unpersuasive.  
Regarding Applicant’s arguments on pages 11-12, that interpreting Kalgi’s “customer ID” as an electronic wallet identifier is unreasonable, the Examiner respectfully disagrees.  Applicant cites to Kalgi’s FIG. 8a and 8b to argue that the customer ID is for the customer account, further arguing that the “customer ID” of Kalgi is more similar to the claimed “identifier for the customer account with the merchant” than the claimed “identifier for an electronic wallet.”  The argument is not persuasive.  As an initial matter, even if Kalgi’s “customer ID” is similar to the claimed “identifier for the customer account with the merchant,” the argument is not persuasive because the Examiner is not relying on Kalgi’s “customer ID” for teaching the claimed “identifier for the customer account with the merchant.”
Furthermore, as discussed above with respect to Kalgi’s disclosure of the customer ID, and as discussed in the 103 rejection below, Kalgi at [0088], discloses that the initial connection between an entity and a wallet creates a customer identifier unique to that relationship.  And, Kalgi at paragraph [0111], discloses that the wallet may create a customer ID.
Regarding Applicant’s arguments on page 13, that the cited art of record does not disclose “sending, by the financial institution backend, an electronic wallet identifier for the financial institution electronic wallet to the merchant host, and the merchant host sends the financial institution electronic wallet identifier to the merchant user interface,” the Examiner respectfully disagrees.  As discussed in the 103 rejection below, Chumbley discloses sending, by the financial institution backend, an identifier at least at [0072] and [0065] and FIG. 2, disclosing the authorizing system, which may be a part of the digital wallet server network, may submit a real account number.  And, Kalgi discloses sending an electronic wallet identifier for the financial institution electronic wallet to the merchant host at least at [0098], disclosing once the customer is authenticated via the wallet, the wallet may send the merchant the customer ID corresponding to the relationship between the customer and the merchant, and at least at [0088], disclosing the initial connection between an entity and wallet creates a customer ID for that relationship.  And Kalgi further discloses and the merchant host sends the financial institution electronic wallet identifier to the merchant user interface at least at [0098] and [0091]-[0093] disclosing that the merchant injects the merchant website with the wallet using a callback including the customer ID, and that the merchant uses the customer ID to display the wallet onto the merchant website.  The Examiner is interpreting the merchant injecting the merchant website with the wallet using callback including customer ID as the merchant host sending the electronic wallet identifier to the merchant user interface.  The cited art of record therefore teaches this limitation.
For the reasons above, Applicant’s arguments are not persuasive. 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-2, 4-7, 9-12, 14-17, and 19 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  
Claim 1 recites the limitations of “wherein the merchant user interface displays the financial institution electronic wallet identifier.”  Although the Specification at [0050] discloses the first provider API/Gateway providing the authorization code and an external wallet identifier to the second provider, the Specification is devoid of any disclosure that the external wallet identifier, or any wallet identifier, is displayed on the merchant user interface.  The Examiner fails to find support in the specification for this feature.  Therefore, it is new matter.  
Claim 10 recites similar limitations.
Claims 2, 4-7, 9, 11-12, 14-17, and 19 are rejected due to their dependency to a rejected claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 4-6, 10, 12, and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over US 2018/0108008 (“Chumbley”) in view of US 2015/0019944 (“Kalgi”), in further view of US 2018/0121917 (“Purves”), and in further view of US 2018/0150832 (“Badal-Badalian”).
Regarding claim 1, Chumbley discloses a method for linking a plurality of accounts using an enablement token, comprising: 
receiving, at a financial institution backend and from a financial institution user interface presented on an electronic device, a request (A user may wish to link the account data to a resource specific token that can be used to conduct a transaction with a specific resource provider.  The user may generate a request for the resource provider specific token, which may comprise a resource provider ID such as a merchant name or merchant ID entered by the user.  The request may be generated using the interface provided by a digital wallet application.  For example, the interface may display a list of merchant names that the user may select and then assign account information using an “add” button adjacent to a visualization of the account selection.  Once the request has been generated, the request is transmitted by the user device over a network and received by digital wallet server computer.  See at least [0061]-[0062].  A user may send account data, including an account identifier, such as an account number, a routing number, a card verification value (CVV or CVV2), etc., to a digital wallet, where it is stored in a digital wallet database.  See at least [0056]-[0057] and [0060].  A resource provider may be a merchant.  See at least [0047].  A digital wallet provider may be an issuing bank.  See at least [0046].  The Examiner interprets the digital wallet server computer as the financial institution backend.  The Examiner also interprets the resource provider as the merchant.)
from a customer in a browser session with the financial institution user interface (The digital wallet has a user interface presented on an electronic device.  See at least [0103], and [0023]-[0025].  See also FIG. 9.  The user may interact with the application via a website associated with the digital wallet server computer.  See at least [0061].  See also [0056].  The user device may use HTTP and HTTPS protocol to communicate data in the system.  See at least [0111].  The Examiner interprets the user accessing a website on the user device and using the website to interact with the digital wallet as the customer in a browser session.)
to link a financial institution electronic wallet to a merchant (A user may send account data, including an account identifier, such as an account number, a routing number, a card verification value (CVV or CVV2), etc., to a digital wallet, where it is stored in a digital wallet database.  See at least [0056]-[0057] and [0060].  A user may wish to link the account data to a resource specific token that can be used to conduct a transaction with a specific resource provider.  The user may generate a request for the resource provider specific token, which may comprise a resource provider ID such as a merchant name or merchant ID entered by the user.  The request may be generated using the interface provided by a digital wallet application.  For example, the interface may display a list of merchant names that the user may select and then assign account information using an “add” button adjacent to a visualization of the account selection.  Once the request has been generated, the request is transmitted by the user device over a network and received by digital wallet server computer.  See at least [0061]-[0062]. );
generating, by the financial institution backend, an enablement token that is mapped to the financial institution and the merchant (Once the request has been generated, the request is transmitted by the user device over a network and received by digital wallet server computer.  The digital wallet server may send a request to token provider server computer, which sends the token over to the digital wallet server computer.  The digital wallet server computer links the resource specific token with the resource provider identifier and account selection in the digital wallet database.  The resource provider specific token may further be linked to user details associated with the wallet ID and/or digital wallet account of user such as user name, device information, shipping address, etc. The digital wallet server computer then sends the resource provider specific token to user device where it is displayed or stored by user device.  See at least [0062].  The Examiner interprets the digital wallet server receiving a token and linking the token to a resource provider identifier and account selection of the user as generating the enablement token.);
sending, by the financial institution backend, the enablement token to the financial institution user interface (The digital wallet server computer then sends the resource provider specific token to user device where it is displayed or stored by user device.  The resource specific tokens may be displayed to the user using an interface provided by a digital wallet application or website associated with the digital wallet server computer.  See at least [0062]-[0063].);
navigating the browser session to a merchant user interface presented on the user device (A method may begin with a user obtaining a resource specific token stored or displayed on the user device.  The resource specific token by be obtained according to the system described with respect to FIG. 1 (described in Chumbley at [0054]-[0063]).  The user may establish a connection with the resource provider via the Internet in an e-commerce transaction.  The resource provider specific token may be provided to the resource specific system via data forms on the resource provider website.  The resource provider token and user details may be auto-filled into the data form of the resource provider website by the user device.  See at least [0065]-[0067].  The merchant website may be displayed on the user’s device.  See at least [0065] and FIG. 2, user accessing the Resource Provider System via User Device 220.);
providing the enablement token to the merchant user interface (The user may establish a connection with the resource provider via the Internet in an e-commerce transaction.  The resource provider specific token may be provided to the resource specific system via data forms on the resource provider website.  The resource provider token and user details may be auto-filled into the data form of the resource provider website by the user device.  See at least [0065]-[0067].), 
wherein the merchant user interface provides the enablement token and an identifier for the customer account to a merchant host (The resource provider specific token may be provided to the resource specific system via data forms on the resource provider website.  The resource provider token and user details may be auto-filled into the data form of the resource provider website by the user device.  Once the resource provider system has received the resource provider specific token from the user and/or user device, the resource provider system may store the resource provider specific token along with any user details entered by the user in the user account database of the resource provider system.  See at least [0067]-[0068]. The data form may also include account details.  See at least [0069].  Account details includes a username.  See at least [0057].); 
receiving, by the financial institution backend and from the merchant host, the enablement token and the identifier for the customer account (To conduct a transaction, the resource provider system may generate an authorization request comprising the resource provider specific token and user details.  The authorization request is forwarded through to the token service, and the token service sends the authorization request, comprising the resource provider specific token, to the digital wallet server computer.  See at least [0069].  The user details may include an identifier for the customer account such as a username.  See at least [0057].);
validating, by the financial institution backend, the enablement token (The digital wallet server computer then sends the token back to the token service provider for validation, and the token service validates the authorization request.  See at least [0069]-[0070].  The validation may also be performed by the digital wallet server computer.  See at least [0071].);
sending, by the financial institution backend, an identifier (Authorizing system may submit a real account number.  See at least [0072].  Authorizing system may be part of digital wallet server network.  See at least [0065] and FIG. 2.). 

While Chumbley discloses a request to link a financial institution electronic wallet to a merchant, Chumbley does not expressly disclose the request is to link to a customer account with a merchant.  Furthermore, while Chumbley discloses navigating the browser session to a merchant user interface, Chumbley does not expressly disclose that navigating is by redirecting, by the financial institution user interface, the browsing session.  Nor does Chumbley expressly disclose wherein a customer logs in to the merchant account using the merchant user interface.  Furthermore, while Chumbley discloses providing the enablement token to the merchant user interface, Chumbley does not expressly disclosing that providing the enablement token is by the financial institution user interface.  Furthermore, while Chumbley discloses an identitifer for the customer account, Chumbley does not expressly disclose the customer account is a customer account with the merchant.  Furthermore, while Chumbley discloses the financial institution backend sending an identifier, Chumbley does not expressly disclose sending an electronic wallet identifier for the financial institution electronic wallet to the merchant host.  Nor does Chumbley expressly disclose the merchant host sends the financial institution electronic wallet identifier to the merchant user interface, wherein the merchant user interface displays the financial institution electronic wallet identifier.  

However, Kalgi discloses the request is to link to a customer account with a merchant (Creation of a virtual wallet with a merchant and linking payments account already established in financial institutions to the virtual wallet.  See at least [0069]-[0070].  Account is a customer account associated with a merchant (e.g., Nordstrom).  See at least FIG. 5B, Merchant Account Login UI.); 
wherein a customer logs in to the merchant account using the merchant user interface (Account is a customer account associated with a merchant (e.g., Nordstrom).  See at least FIG. 5B, Merchant Account Login UI.  See also [0098].  See also FIG. 8a, Screen 815a.);
the customer account is a customer account with the merchant (Creation of a virtual wallet with a merchant and linking payments account already established in financial institutions to the virtual wallet.  See at least [0069]-[0070].  Account is a customer account associated with a merchant (e.g., Nordstrom).  See at least FIG. 5B, Merchant Account Login UI.);
sending an electronic wallet identifier for the financial institution electronic wallet to the merchant host (Once the customer is authenticated via the wallet, the wallet may send the merchant the customer ID corresponding to the relationship between the customer and the merchant.  The customer sign in may be a trigger for the merchant to make an API/JAVASCRIPT call to the wallet service to obtain a payment method.  For example, the payment method obtained from the wallet may be a payment method nickname (e.g., my personal account).  See at least [0098].  See also [0088].  The Examiner interprets the customer ID as the electronic wallet identifier.), 
and the merchant host sends the financial institution electronic wallet identifier to the merchant user interface (In one implementation, the customer sign in may be a trigger for the merchant to make an API/JAVASCRIPT call to the wallet service to obtain a payment method.  For example, the payment method obtained from the wallet may be a payment method nickname (e.g., my personal account).  See at least [0098] and FIG. 8b at (5), showing the Merchant Site 825 displaying the Payment Method 825c.  The merchant server may utilize callbacks (which includes the customer ID that is unique to the customer-merchant relationship) via APIs, inline widgets, etc., to pull user information from the wallet.  See at least [0104] and [0091].  The merchant may display a wallet window as an interactive element injected onto the merchant’s website.  See at least [0092]-[0093].  See also FIG. 5C, widget 530a and 530b.  The Examiner interprets the merchant injecting the merchant website with the wallet using callback including customer ID as the merchant host sending the electronic wallet identifier to the merchant user interface.  The merchant uses the customer ID to display the wallet onto the merchant website. (see also [0088], where the initial connection between an entity and a wallet creates a customer identifier unique to that relationship).). 
From the teaching of Kalgi, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbley by the request to link of Chumbley being a request to link to a customer account with the merchant, as taught by Kalgi, and for the customer to login using the merchant interface, as taught by Kalgi, in order to increase security of customer information (see Kalgi at least at [0049]-[0050] and [0088]), and in order to improve the user experience (see Kalgi at least at [0186]).  Furthermore, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbley by the financial institution of Chumbley performing the operations of the value added wallet provider of Kalgi, including performing sending an electronic wallet identifier for the financial institution electronic wallet to the merchant host, as taught by Kalgi, in order to increase security of customer information (see Kalgi at least at [0049]-[0050] and [0088]).

While Chumbley discloses navigating the browser session to a merchant user interface, Chumbley does not expressly disclose that navigating is by redirecting, by the financial institution user interface, the browsing session.  Furthermore, while Chumbley discloses providing the enablement token to the merchant user interface, Chumbley does not expressly disclosing that providing the enablement token is by the financial institution user interface.  Nor does Chumbley expressly disclose the merchant user interface displays the financial institution electronic wallet identifier.

However, Purves discloses navigating is by redirecting, by the financial institution user interface, the browsing session (A consumer may be online with an issuer in the course of normal business (e.g., online with issuer to check balance or make a payment).  The issuer may present an offer to the consumer to allow conversion of his or her credit card held at the merchant to a token-based account.  When the consumer approves the offer, the issuer may interface with a wallet platform to facilitate tokenization request and to redirect the consumer to the merchant by web-redirect and post message.  See at least [0020]-[0023].  Issuer and merchant are associated with and accessible by websites.  See at least [0025]-[0026] and [0032].  The Examiner interprets the consumer interacting with the interface of the financial institution and being redirected from the financial institution interface to the merchant interface by accepting an offer offered by the financial institution interface as “redirecting by the financial instition.”);
providing the enablement token is by the financial institution user interface (A consumer may be online with an issuer in the course of normal business (e.g., online with issuer to check balance or make a payment).  The issuer may present an offer to the consumer to allow conversion of his or her credit card held at the merchant to a token-based account.  When the consumer approves the offer, the issuer may pass the consumer/cardholder account information or relevant portion to the wallet platform, which may communicate with the token service provider to generate a tokenized card number, and then send a payload (which includes the tokenized card number) to the merchant.  See at least [0020]-[0023]. Issuer and merchant are associated with and accessible by websites.  See at least [0025]-[0026] and [0032].).
From the teaching of Purves, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbley by the navigating of Chumbley being a page redirect, as taught by Purves, and by the providing of the enablement token step of Chumbley being performed by the financial institution, using the technique taught by Purves, in order to increase security (see Purves at least at [0004], [0014], and [0016]).

Chumbley does not expressly disclose expressly disclose the merchant user interface displays the financial institution electronic wallet identifier.

However, Badal-Badalian discloses the merchant user interface displays the financial institution electronic wallet identifier (An interface for a merchant website may include a device token identifier indicating the wallet application used to process the payment.  See at least [0247] and FIG. 30.).
From the teaching of Badal-Badalian, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbly by the merchant user interface of Chumbley displaying the financial institution electronic identifier, as taught by Badal-Badalian, in order to enhance security by reducing security risks associated with logging into merchant websites.  (See Badal-Badalian at least at [0003] and [0141]).

Regarding claim 2, the combination of Chumbley, Kalgi, Purves, and Badal-Badalian discloses the limitations of claim 1, as discussed above, and Chumbley further discloses the financial institution user interface comprises a browser tab for the financial institution (A digital wallet application may be stored in the memory of user device 220 or a website, that provides the interface, associated with digital wallet server computer 240.  See at least [0073].  See also [0056].).

Regarding claim 4, the combination of Chumbley, Kalgi, Purves, and Badal-Badalian discloses the limitations of claim 1, as discussed above, and Chumbley further discloses the enablement token comprises an alphanumeric string (A token may include a series of alphanumeric characters that may be used as a substitute for an original account identifier.  See at least [0039].).

Regarding claim 5, the combination of Chumbley, Kalgi, Purves, and Badal-Badalian discloses the limitations of claim 1, as discussed above, and Badal-Badalian further discloses the enablement token comprises a token expiration field (A token may include an expiration field, for example, paymentTokenExpiry = “2017-03-14T15:37:25.”  See at least [0213].).
From the teaching of Badal-Badalian, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbley by the enablement token comprising a token expiration field, as taught by Badal-Badalian, in order to enhance security by reducing security risks associated with logging into merchant websites.  (See Badal-Badalian at least at [0003] and [0141]).

Regarding claim 6, the combination of Chumbley and Kalgi discloses the limitations of claim 1, as discussed above, and Chumbley further discloses the enablement token comprises a state (The digital wallet server computer may then change the entry for “last update” 360 linked to the resource provider specific token to the current date and time.  See at least [0078].  See also [0106].).

Claim 10 has similar limitations found in claim 1 above, and therefore is rejected by the same art and rationale.  And Chumbley further discloses a financial institution backend comprising at least one computer processor (see at least [0023] and FIG. 1.  See also [0028].  See also [0109]-[0113].); a financial user interface presented in a browser executed by a mobile device (see at least [0023]-[0026] and FIG. 1.); a merchant host for the merchant user interface comprising at least one computer processor (see at least [0065] and FIG. 2.  See also [0028].  See also [0109]-[0113].).  

Regarding claim 12, the combination of Chumbley, Kalgi, Purves, and Badal-Badalian discloses the limitations of claim 10, as discussed above, and Chumbley further discloses the first provider user interface comprises a browser tab for the first provider (A digital wallet application may be stored in the memory of user device 220 or a website, that provides the interface, associated with digital wallet server computer 240.  See at least [0073].  See also [0056].).

Chumbley does not expressly disclose the second user interface comprises a browser tab for the second provider. 

However, Badal-Badalian discloses the second user interface comprises a browser tab for the second provider (In some embodiments, the merchant website 106 may be accessed using mobile device 114 using a mobile browser or may be part of an application residing on a mobile device 114 or another device.  See at least [0266].  See also FIG. 20-21.).
From the teaching of Badal-Badalian, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbly by the second user interface being on the mobile device, as taught by Badal-Badalian, in order to enhance security by reducing security risks associated with logging into merchant websites.  (See Badal-Badalian at least at [0003] and [0141]).

Claim 14 has similar limitations found in claim 4 above, and therefore is rejected by the same art and rationale.

Claim 15 has similar limitations found in claim 5 above, and therefore is rejected by the same art and rationale.

Claim 16 has similar limitations found in claim 6 above, and therefore are rejected by the same art and rationale.

Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Chumbley in view of Kalgi, in further view of Purves, in further view of Badal-Badalian, and in further view of US 2015/0206136 (“Maddocks”).
Regarding claim 7, the combination of Chumbley, Kalgi, Purves, and Badal-Badalian discloses the limitations of claim 6, as discussed above.  Chumbley does not expressly disclose the state is one of issued, consumed, and terminated.

However, Maddocks discloses the state is one of issued, consumed, and terminated (In addition or alternatively, the shared CVM applet 304 may store information that records the status of at least some CVM tokens that it issues, where the status may be, for example, "issued, not consumed" or "issued, consumed".  See at least [0052].).
Chumbley is modified by Maddocks by the token comprising a state of issued or consumed.  Therefore, from the teaching of Maddocks, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbly by the token comprising a state of issued or consumed, as taught by Maddock, in order to assure issued tokens are only used once.  (See Maddocks at least at [0052]).

Claim 17 has similar limitations found in claim 7 above, and therefore are rejected by the same art and rationale.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Chumbley in view of Kalgi, in further view of Purves, in further view of Badal-Badalian, in further view of US 10,937,025 (“Sahni”), and in further view of US 9,596,606 (“Palmer”).
Regarding claim 9, the combination of Chumbley, Kalgi, Purves, and Badal-Badalian discloses the limitations of claim 1, as discussed above.  Chumbley does not expressly disclose receiving, at an Application Programmable Interface (API) gateway for the financial institution, a client secret from the merchant; and the API gateway validating the client secret before validating the enablement token.

However, Sahni discloses receiving, at an Application Programmable Interface (API) gateway for the financial institution, a client secret (The financial institution computing system includes various logic modules, including API manager logic which controls operations of the APIs provided by the financial institution computing system.  The APIs provide various services via an API gateway.  See at least col 4, lines 6-25.  See also FIG. 1, API Gateway 122 of Financial Institution Computing System 102.  See also col. 14, lines 34-50.  Client passcode is received via API gateway.  See at least col. 7, lines 37-56).
From the teaching of Sahni, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbly by the first provider backend including an API gateway, as taught by Sahni, in order to enhance security and reduce risk of fraudulent transactions (see Sahni at least at col. 1, lines 25-43).

Chumbley does not expressly disclose the first provider receiving a client secret from the merchant; and validating the client secret before validating the enablement token.

However, Palmer discloses the first provider receiving a client secret from the merchant (Content provider device 160 may send an authentication request to API gateway device 170 (M602). The authentication request M602 may include the credentials (e.g., client ID and/or client secret). API gateway device 170 may generate a timestamp (T1) upon receiving the authentication request M602 (Block 615).  See at least col. 12, lines 4-45.  See also col. 5, lines 44-63; and FIG. 6, steps 605-645 and steps M602-M606.); and
validating the client secret before validating the enablement token (The API Gateway may then obtain the access token that may be used for authentication and/or validation of the content provider device 160.  See at least col. 12, lines 4-45.  See also col. 5, lines 44-63; and FIG. 6, steps 605-645 and steps M602-M606.).
From the teaching of Palmer, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbley by the API gateway receiving a client secret from the second provider, as taught by Palmer, in order to enhance security and to reduce burden of entities interacting with a variety of infrastructure devices. (See Palmer at least at col. 1, line 55 to col. 2, line 30; see also Palmer at col. 1, lines 7-15.).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Chumbley in view of Kalgi, and in further view of Sahni.
Regarding claim 11, the combination of Chumbley, Kalgi, Purves, and Badal-Badalian discloses the limitations of claim 10, as discussed above.  Chumbley does not expressly disclose the financial institution backend comprises a first provider API gateway.

However, Sahni discloses the financial institution backend comprises a first provider API gateway (The financial institution computing system includes various logic modules, including API manager logic which controls operations of the APIs provided by the financial institution computing system.  The APIs provide various services via an API gateway.  See at least col 4, lines 6-25.  See also FIG. 1, API Gateway 122 of Financial Institution Computing System 102.  See also col. 14, lines 34-50.  Client passcode is received via API gateway.  See at least col. 7, lines 37-56).
From the teaching of Sahni, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbly by the first provider backend including an API gateway, as taught by Sahni, in order to enhance security and reduce risk of fraudulent transactions (see Sahni at least at col. 1, lines 25-43).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Chumbley in view of Kalgi, and in further view of Palmer.
Regarding claim 19, the combination of Chumbley, Kalgi, Purves, and Badal-Badalian discloses the limitations of claim 10, as discussed above.  Chumbley does not expressly disclose the API gateway receives a client secret from the merchant, and an API gateway validates the client secret before validating the enablement token.

However, Palmer discloses the API gateway receives a client secret from the merchant (Content provider device 160 may send an authentication request to API gateway device 170 (M602). The authentication request M602 may include the credentials (e.g., client ID and/or client secret). API gateway device 170 may generate a timestamp (T1) upon receiving the authentication request M602 (Block 615).  See at least col. 12, lines 4-45.  See also col. 5, lines 44-63; and FIG. 6, steps 605-645 and steps M602-M606. ), and
the API gateway validates the client secret before validating the enablement token (The API Gateway may then obtain the access token that may be used for authentication and/or validation of the content provider device 160.  See at least col. 12, lines 4-45.  See also col. 5, lines 44-63; and FIG. 6, steps 605-645 and steps M602-M606.).
From the teaching of Palmer, it would have been obvious to one having ordinary skill in the art before the effective filing date to modify Chumbly by the API gateway receiving a client secret from the second provider, as taught by Palmer, in order to enhance security and to reduce burden of entities interacting with a variety of infrastructure devices. (See Palmer at least at col. 1, line 55 to col. 2, line 30; see also Palmer at col. 1, lines 7-15.).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.  
US 2014/0344153 (“Raj”) discloses methods for implementing a mobile tokenization hub with a common tokenization capabilities module that may provide tokenization for various entities in various contexts.  
US 2017/0300897 (“Ferenczi”) discloses transmitting a virtual token to a payment service provider script integrated in a browser used by the consumer.
“Browsing Sessions” by Hamilton Ulmer, Blog of Metrics, dated December 22, 2010 https://blog.mozilla.org/metrics/2010/12/22/browsing-sessions/#:~:text=Before%20we%20begin%2C%20the%20unit,no%20more%20than%2030%20minutes. (hereinafter “Ulmer”) discloses a browser session is a continuous period of user activity in the browser. 
“HTTP Meaning & Definition,” by Abby Dykes, webopedia, accessed November 13, 2020 https://www.webopedia.com/TERM/H/HTTP.html#:~:text=HyperText%20Transfer%20Protocol%20(HTTP)%20is,the%20client%2Dserver%20computing%20model  (hereinafter “Dykes”) discloses HyperText Transfer Protocol (HTTP) is the underlying protocol used by the World Wide Web to define how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAVEN E ZEER whose telephone number is (313)446-6606.  The examiner can normally be reached on Monday - Friday 8-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bennett M Sigmond can be reached on (303) 297-4411.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/R.E.Z./Examiner, Art Unit 3694  

/BENNETT M SIGMOND/Supervisory Patent Examiner, Art Unit 3694