DETAILED ACTION
This Action is in response to the amendments filed 06/18/2021.
Claims 1-8, 11-13, 18-22 have been newly canceled.
Claims 23-28 have been newly added.
Claims 9-10, 14-17, 23-28 are currently pending and have been examined.


Claim Interpretations
Regarding claim 9, particularly the second receiving step in lines 8-9 of the claim, the Examiner interprets the claim limitation to inherently include the underlined text as follows:  “receiving, by the provisioning service computer from the service provider, the request receipt, wherein the request receipt is provided to the service provider by the account issuer computer.” This interpretation completes the loop of communication of the request receipt from the provisioning service computer, to the account issuer computer, to the service provider, and back to the provisioning service computer. This interpretation would be required to maintain the antecedent basis of the request receipt in the claim, because the claim does not presently recite how the request receipt gets to the service provider, and any other interpretation may require another request receipt to be provided from another source. This interpretation would also be logically understood by a person having ordinary skill in the art. This interpretation is assumed for the purposes of search, but the Applicant should confirm whether this interpretation is as the Applicant intends. 


Claim Rejections - 35 USC § 101
35 U.S.C. § 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 9-10, 14-17, 23-28 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to an abstract idea without significantly more.
The claimed invention is directed to a judicial exception (i.e., an abstract idea not integrated into a practical application) without significantly more. The claims recite a method for digitizing a payment card account (i.e., provisioning a token) for a transaction between a consumer and a merchant. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception, as discussed below.

Step 1:  In the present application, claims 9-10, 14-17, 23-28 are directed to a processes and devices which are statutory categories of invention. Thus, the eligibility analysis proceeds to Step 2A.1.

Step 2A.1, regarding independent claims 9 and 23:  The limitations of independent claim 9 have been denoted with letters by the Examiner for ease of reference. The judicial exceptions recited in claim 9 are identified in bold below:

[A] A method comprising: for provisioning a payment account of a user to a service provider comprising:
[B] receiving, by a provisioning service computer, from an account issuer computer, and electronic signature authenticating the account issuer computer and information that identifies (a) a service provider selected by an account holder; and (b) a payment account owned by the account holder to be provisioned to the service provider;
[I] verifying, by the provisioning service computer, the electronic signature;
[C] generating, by the provisioning service computer, a request receipt;
[D] transmitting, by the privisioning service computer,  the request receipt to the account issuer computer;
[E] receiving, by the provisioning service computer from the service provider selected by the account holder, the request receipt;
[F] transmitting, from the provisioning service computer to the account issuer computer, a token authorization request;
[G] receiving, by the provisioning service computer from the account issuer computer, an indication that the account issuer computer approved the token authorization request; and
in response to said indication, issuing a payment token by the provisioning service computer to the service provider.

Limitations [A] through [H] of claim 9, under the broadest reasonable interpretation, cover steps or functions that fall under certain methods of organizing human activity, a category of abstract ideas under the 2019 PEG. For example, the claim limitations recite [B] receiving, by a credentialing service, information concerning a financial transaction from an account issuer for providing credentials to a merchant for the transaction, [I] verification of information, [C] generating a receipt, by the credentialing service, to confirm the recipient of the credentials (the merchant) as an authorized party to the transaction, [D] sending the receipt, from the credentialing service to the account issuer, to forward to the recipient of the credentials, [E] receiving the receipt, by the credentialing service, from the recipient to confirm the recipient as a party to the transaction so that it can obtain credentials from the credentialing service, [F] requesting authorization, by the credentialing service, from the account issuer, to provide the credentials, [G] receiving, by the credentialing service, from the account issuer, an approval of the authorization request; and [H] in response to the approval, providing the credentials to the recipient merchant for use in the transaction. 
Claim 9 recites a multi-party financial transaction in which a trusted account issuer facilitates the transaction between an account holder and a merchant by requesting credentials for a merchant from a credentials provider and assisting in the authentication of the merchant prior to the credentials being provided, without requiring intervention by the account holder, such as providing sensitive account information to the merchant, and without requiring the account holder to store or forward to the merchant additional credentials of the account holder. 
Claim 9 thus recites commercial interactions and managing these interactions between people. These interactions include facilitating and satisfying rules, policies, and/or agreements of a transaction between entities or people, such as a financial transaction or a transaction of any kind of asset or consideration, which falls squarely under the 2019 PEG abstract ideas category of certain methods of organizing human activity. Some of these interactions further include mental processes, another category of abstract ideas under the 2019 PEG. 
According to the Applicant’s Specification, p. 3, lines 3-23, the object and benefits of the recited method are those achievable under traditional commercial interactions. These include, for example, (1) an account holder authenticating with only the account issuer, which other parties of the transaction further rely on for trust of the account holder (see lines 5-7); (2) limiting what sensitive account information is shared with a merchant, thus enhancing security of a transaction (see lines 10-13); and (3) parties that require account holder information to complete a transaction receiving the account holder information from one source, such as the account issuer, to streamline the information exchange for greater efficiency and improvement of the user experience (see lines 19-23). Applicant also discloses a dependence on the account issuer for being a key authenticator of the process and validator of the information shared in the process, e.g., authentication of the account holder as described above, validation of the card account information (eligibility check, see p. 11, lines 10-12), approval of substitute credentials (i.e., a token) to be provided to the merchant (token authorization, see p. 11, lines 14-15), and reliance on the account issuer to provide a receipt to the merchant in order for the merchant to obtain its substitute credentials (i.e., the token) from the credentials provider without circulating sensitive account information or requiring further authentication of the account holder (request receipt, see p. 11, lines  21-28).
The present invention describes no more than conventional operations to solve these conventional problems involving the organization of human financial activity. The only difference between the described traditional solutions to these problems and the present invention is the use of a specific arrangement of general purpose computers to facilitate the traditional solutions for organizing human financial activity. That is, the claims merely recite the abstract idea in a computing environment and applies it in said environment.
No additional claim elements differentiate the limitations from processes having common aspects of organizing human activity. 
Therefore, claim 9 falls under (as least) certain methods of organizing human activity (an enumerated group of a judicial exception). Accordingly, claim 9, with limitations [A] through [H], recites at least one abstract idea (the judicial exception) consistent with the 2019 PEG. 
The analysis thus proceeds to Step 2A.2.

Under Step 2A.2, the claims are evaluated to determine whether the claim elements, when viewed individually or as an ordered combination, contain a concept sufficient to integrate the claimed abstract idea into a practical application.
Claim 9 recites the additional elements in bold in limitations [A]-[H] below:
[A] A method comprising: for provisioning a payment account of a user to a service provider comprising:
[B] receiving, by a provisioning service computer, from an account issuer computer, and electronic signature authenticating the account issuer computer and information that identifies (a) a service provider selected by an account holder; and (b) a payment account owned by the account holder to be provisioned to the service provider;
[I] verifying, by the provisioning service computer, the electronic signature;
[C] generating, by the provisioning service computer, a request receipt;
[D] transmitting, by the privisioning service computer,  the request receipt to the account issuer computer;
[E] receiving, by the provisioning service computer from the service provider selected by the account holder, the request receipt;
[F] transmitting, from the provisioning service computer to the account issuer computer, a token authorization request;
[G] receiving, by the provisioning service computer from the account issuer computer, an indication that the account issuer computer approved the token authorization request; and
[H] in response to said indication, issuing a payment token by the provisioning service computer to the service provider.

The additional elements of the account issuer computer, the provisioning service computer, and the electronic signature merely apply the abstract idea of the multi-party financial transaction described above in a technological environment of a computer network that is recited at a high level of generality. There is no impact on the abstract idea itself just because it is implemented on or through the additional computer elements.
Applicant’s Specification, at pp. 4-7, discloses generic computer hardware as representing the computers of claim 9 (see FIG. 2 for the account issuer computer and FIG. 2A for the provisioning service computer), which perform the method steps of the present invention with no specificity linked to the technology of the hardware or software. “The account issuer computer system 202 may, in its hardware aspects, resemble a typical mainframe computer, but may be controlled by software to cause it to function as described herein.” App. Spec., p. 4, lines 24-26. The specification, however, does not further describe the software that might transform the “typical mainframe computer” into a special purpose computer for performing the method. The specification describes only generic computer elements at p. 4, line 27 to p. 5, line 20. “One or more programs” … “to cause the account issuer computer system 202 to function as described herein” (App. Spec., p. 5, lines 21-25) are only generically disclosed at p. 5, line 26 to p. 6, line 21. The provisioning services computer, as well as the service provider computer (not particularly recited in claim 9 as a computer), are similarly generically described in the Applicant’s Specification at p. 6, line 22 to p. 7, line 30.
No additional hardware or software elements are recited in addition to the generally recited computer hardware elements of claim 9 described above. The mere nominal recitation of generic computer elements performing such generic computer functions as recited in claim 9, that is, “receiving,” “verifying,” “generating,” “transmitting,” “receiving,” “transmitting,” “receiving,” and “issuing,” alone, does not differentiate the claim limitations from generic methods of organizing human activities. The computers are merely providing a generic technological environment. 
The additional claim elements, when viewed individually or as an ordered combination, recite the abstract ideas with mere instructions to implement them in a particular technological environment (here, a network of computers) that includes generic hardware. See MPEP 2106.05(h). In other words, claim 9 does not go beyond generally linking the abstract ideas to a technological environment. 
Further, the judicial exception is not integrated into a practical application because the claim does not improve the functioning of any computerized device nor does it improve another technology or technical process, or provide meaningful limitations beyond generally linking at least one abstract idea to a particular technological environment or mere instructions to implement an abstract idea on a computer. Merely passing information that is traditionally part of financial transactions in a different order or to different entities 
Accordingly, alone and in combination, the additional elements of claim 9 do not integrate the abstract ideas into a practical application. Therefore, claim 9 is directed to at least one abstract idea not integrated into a practical application, and the analysis proceeds to Step 2B.

Step 2B of the § 101 analysis determines whether the claim elements, when viewed individually and as an ordered combination, contain "an inventive concept sufficient to transform the claimed abstract idea into a patent-eligible application." Alice, 134 S. Ct. at 2357. Claim 9 does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed with respect to step 2A, using additional elements to perform the generic computer functions noted above amounts to no more than mere instructions to apply the abstract ideas using a generic computer component and, thus, cannot provide an inventive concept. Because those instructions embody the abstract ideas, the claim itself is merely a recitation of the abstract ideas and an instruction to apply them on a computer. This is not enough to provide an inventive concept. Therefore, independent claim 9 is ineligible.

Regarding Claim 23: 
	Indepenendent claim 23 recites all the same process and functionalities of Claim 9, but recites such processes from the perspective of a device. Therefore the claims recite the same judicial exceptions and follow the same analysis as provided for claim 9 above.  The limitations differentiating from claim 9 have been provided below:	A provisioning service computer for provisioning a payment account of a user to a service provider comprising: 
a computer processor;
A storage device operably coupled to the compute processor and storing processor-executable instruction which when executed cause the computer processor to: 
Under Step 2A.2, the above limitations above indicated in bold are additional elements. However, similar to the analysis of Claim 9 above, such additional elements merely recites generic computing devices and environments. 
Accordingly, alone and in combination, the additional elements of claim 23 do not integrate the abstract ideas into a practical application. Therefore, claim 23 is directed to at least one abstract idea not integrated into a practical application, and the analysis proceeds to Step 2B.

Under Step 2B claim 23 does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed with respect to step 2A, using additional elements to perform the generic computer functions noted above amounts to no more than mere instructions to apply the abstract ideas using a generic computer component and, thus, cannot provide an inventive concept. Because those instructions embody the abstract ideas, the claim itself is merely a recitation of the abstract ideas and an instruction to apply them on a computer. This is not enough to provide an inventive concept. Therefore, independent claim 23 is ineligible.

Dependent claim 10 recites:
The method of claim 9, further comprising: transmitting, by the provisioning service computer to the account issuer computer, a 20confirmation that the payment account has been provisioned to the service provider.
The step of “transmitting … a confirmation” recites the same abstract ideas of claim 9, and the claim recites no further specificity regarding the provisioning service computer or the account issuer computer. This claim does nothing further to integrate the abstract ideas into a practical application. This is a standard aspect of organizing human activity that does not require the generic technological environment of a computer network. The elements are merely tools to perform the abstract ideas and to apply the judicial exception to a particular technological environment.
  
Dependent claim 14 recites:
The method of claim 9,wherein transmitting the request receipt further comprises: transmitting, by the provisioning service computer to the account issuer computer, an 10inquiry as to whether the payment account is eligible for provisioning to the service provider.
The step of “transmitting … an inquiry” recites the same abstract ideas of claim 9, and the claim recites no further specificity regarding the provisioning service computer or the account issuer computer. This claim does nothing further to integrate the abstract ideas into a practical application. This is a standard aspect of organizing human activity that does not require the generic technological environment of a computer network. The elements are merely tools to perform the abstract ideas and to apply the judicial exception to a particular technological environment.

Dependent claim 15 recites:
The method of claim 14, further comprising: receiving, by the provisioning service computer from the account issuer computer, an indication that the payment account is eligible for provisioning to the service provider.
The step of “receiving … an indication” recites the same abstract ideas of claim 9 and 14, and the claim recites no further specificity regarding the provisioning service computer or the account issuer computer. This claim does nothing further to integrate the abstract ideas into a practical application. This is a standard aspect of organizing human activity that does not require the generic technological environment of a computer network. The elements are merely tools to perform the abstract ideas and to apply the judicial exception to a particular technological environment.

Dependent claim 16 recites:
The method of claim 15, further comprising: transmitting, by the provisioning service computer to the service provider, the indication that the payment account is eligible for provisioning to the service provider.
The step of “transmitting … an indication” recites the same abstract ideas of claim 9, 14, and 15, and the claim recites no further specificity regarding the provisioning service computer. This claim does nothing further to integrate the abstract ideas into a practical application. This is a standard aspect of 

Dependent claim 17 recites:
The method of claim 9, wherein the information that identifies (a) the service provider; and (b) the payment account to be provisioned to the service provider is received in encrypted form by the provisioning service computer.
Claim 17 recites descriptive, not positively recited limitations of elements found in claim 9. Specifically, claim 17 recites a narrower limitation that the transaction information that identifies the service provider and the payment account is received by the provisioning service in encrypted form. This claim does not require any additional steps or functions to be performed and thus does not involve the use of any computing functions. Specifically, while the claim recites the transaction information as being encrypted, the claims do not recite a step of encryption. Thus, while the descriptive element may provide further helpful context for the claimed invention, the element does not serve to confer subject matter eligibility of the claimed invention because the limitations modified by this descriptive element are not individually, or combined, more significant that the abstract concepts of the claimed invention. 

Dependent claims 24-28  are substantially similar to dependent claims 10, 14-17 and therefore fall under the same analysis.  Dependent claims 24-28 are differentiated in that they recite context of a storage device as mentioned in independent claim 23:
Wherein the storage device stored further processor executable instruction which when executed cause the computer processor to (Claims 24, 26, 27)
Wherein the storage device stores processor executable instructions concerning transmitting the request receipt which when executed cause the computer processor to further (claim 25)
However, such additional elements merely recites generic computing devices and environments and neither integrate the abstract ideas into a practical application nor qualify as significantly more.

In summary, the dependent claims considered both individually and as an ordered combination do not provide meaningful limitations to transform the abstract ideas into a patent eligible application of the abstract ideas such that the claims amount to significantly more than the abstract ideas themselves. The claims do not recite an improvement to another technology or technical field, recite an improvement to the functioning of the computer itself, or provide meaningful limitations beyond generally linking one or more abstract ideas to a particular technological environment. Therefore, the claims are rejected under 35 U.S.C. § 101 as being directed to non‐statutory subject matter.

Claim Rejections - 35 USC § 103
The following references are cited in this section:
GIRISH et al., US 2019/0020478 A1 (effectively filed July 14, 2017)
GOOD et al., US 2017/0262841 A1 (effectively filed March 5, 2016)
AL-BEDAIWI et al., US 2017/0109745 A1 (effectively filed Oct. 15, 2015)
DIMMICK, US 2016/0148197 A1 (effectively filed Nov. 26, 2014) 
The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. § 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 9-10, 14-17, 23-28 are rejected under 35 U.S.C. § 103 as being unpatentable over GIRISH (US 2019/0020478 A1)  in view of (GOOD US 2017/0262841 A1), DIMMICK (US 2016/0148197 A1), and AL-BEDAIWI (US 2017/0109745 A1).
Regarding independent claims 9 and 23:
GIRISH, like the present invention, discloses token provisioning utilizing a secure authentication system. 
The limitations of claim 9 have been denoted with letters [A]-[I] by the Examiner for easy reference.
GIRISH discloses:
[A] A method for provisioning a payment account of a user to a service provider comprising: (GIRISH, see FIG. 4 flow diagram, [0096]-[0119])
[B] receiving, by a provisioning service computer, from an account issuer computer,… information that identifies (a) a service provider…; and (b) a payment account owned by the account holder to be provisioned to the service provider  (GIRISH, FIG. 1, annotated FIG. 1A [4], [0069], “[T]he directory server computer 110 may be configured to perform an enrollment verification process on behalf of the access control server computer 112A,” and “may store data regarding accounts or account identifiers that are enrolled in the secure authentication program.” [0072], lines 19-21, “[T]he token provider computer 114 may be configured to send/receive data to/from the directory server computer 110.” [0086], lines 1-5, “[T]he token processing module 220 (of the directory server computer) may … transmit a token request message … to a token provider (e.g., the token provider computer 114 of FIG. 1).” [0092], lines 5-8, “[T]he token generation module 314 (of the token provider computer 114) may ... receive a token request message (e.g., a message including a token requestor ID, an account number (e.g., PAN)…,” where the service provider may be the token requestor (see [0090]). See also step 10 of the method disclosed at [0113].);
[F] transmitting, from the provisioning service computer to the account issuer computer, a token authorization request (GIRISH, [0102], “[T]he directory server computer 110 may identify and route the authentication request message to an appropriate access control server computer 112A associated with the received transaction data (e.g., payment device data, payment account number).” The authorization can include an enrollment verification process and/or a risk analysis, including a challenge process with the user. See GIRISH, [0103], [0109].);
 receiving, by the provisioning service computer from the account issuer computer, an indication that the account issuer computer approved the token authorization request (GIRISH, [0112], lines 1-7, “[T]he access control server computer 112A may generate and send an authentication response message to the directory server computer 110. The generated authentication response message may include a verification value for the transaction generated in response to a successful authentication.”); and
[H] in response to said indication, issuing a payment token by the provisioning service computer to the service provider (GIRISH, [0113]-[0114], [0117], “At step 10, the directory server computer 110 may generate and transmit a token request message to token provider computer 114 in response to receiving the authentication response message … At step 11, a token provider computer 114 may generate, store, and transmit a token in a token response message to the directory server computer 110 … for a particular resource provider serviced by the directory server computer 110. … At step 12, the directory server computer 110 may transmit the authentication response message including the generated token … to the resource provider computer 108. The authentication response message may be transmitted directly to the resource provider computer 108.”).
GIRISH further teaches that requests such as that found in step [B] may include an electronic signature authentication the account issuer computer and… ([0047], “A ‘token request message’ may be a message for requesting a token” … and … “may include a token requestor identifier associated with a token requestor (e.g., a directory server computer, a resource provider entity/computer, an authorizing entity/computer, or any suitable requestor). A token request message may include the payment credentials…. A token request message may also include transaction data, … and a digital certificate (e.g., which may be signed by a key held by the token requestor), and/or any other suitable information.” The digital certificate is equivalent to, or includes, an electronic signature (e.g., digital certificate is signed).). 
A person having ordinary skill in the art before the effective filing date of the present invention would appreciate the additional security of a digital certificate or electronic signature accompanying the token requestor identifier and payment credentials for verification/authentication of the sender of the data (in this case, the account issuer or authorizing entity), as disclosed in GIRISH.. Therefore having the signature requirement and verification be produced and utilized in all forms of communication as desired, e.g. a 
GIRISH does not explicitly disclose the limitations [C]-[E] of claim 9. However, GOOD, which, like the present invention, discloses a method and system for electronic distribution of controlled tokens, discloses the limitations [C]-[E]. GOOD discloses:
[C] generating, by the provisioning service computer, a request receipt (GOOD, FIG. 4, [0059], lines 12-14, In response to a token distribution request 404 by a first (sender) device, FIG. 4, 406, [0060], lines 1-4, “In step 406, the generation module 216 of the processing server 102 may generate a single use personal identification number (PIN) as a single use identification value and a reservation identifier (ID);” the single use PIN in 406 is equivalent to a request receipt);
[D] transmitting, by the provisioning service computer, the request receipt to the account issuer computer; (GOOD, FIG. 4, 408, [0060], lines 4-7, “In step 408, the transmitting device 222 of the processing server 102 may electronically transmit a data signal to the sender mobile device 104 superimposed with the single use PIN.”)
[E] receiving, by the provisioning service computer from the service provider, …the
request receipt (GOOD, FIG. 4, 416, [0062], lines 1-11, “In step 416, the recipient mobile device 110 may electronically transmit a data signal to the processing server 102 superimposed with a token request. The token request may include at least the single use PIN … In step 418, the verification module 218 of the processing server 102 may verify that the single use PIN … [is] the same as the single use PIN … generated … in step 406.”);
Although GIRISH discloses including a digital certificate requests, GIRISH does not explicitly disclose verifying or validating it, i.e. step [I] verifying, by the provisioning service computer, the electronic signature;
However, DIMMICK, an analogous art of GIRISH and the current application, discloses:
[I] verifying, by the provisioning service computer, the electronic signature; ( [0083], in response to the token request message sent to the transport computer with a digital certificate, [0086], “the tokenization computer 670 may validate the token request message …” and “the tokenization computer 670 may use an encryption key to validate a digital certificate included in the token request message.”).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the present invention by combining the teachings of a token request message included a digital certificate or electronic signature as disclosed by the combination of GIRISH and GOOD, to the teachings that such signatures could and would be verified or validated by the tokenization computer for authenticating the sender as disclosed by DIMMICK by having the signatures of Girish be verified in order to provide additional security. 
While GIRISH disclose the usage of service providers and accounts, GIRISH does not explicitly disclose that the service provider is selected by an account holder (found in both step [B] and step [E])
However, AL-BEDAIWI teaches that users may make a variety of selections including that of a resource providing entities to which a token is to be provisioned, i.e. service provider is selected by an account holder.(Abstract, [0049-0058, 0109-0117, 0123-0125, 0137-0142, 0150-0152, 0163], “The authorization computer may prompt a user operating a user device to make a selection from the list of participating resource providing entities. The server can then receive a selection of one or more resource providing entities from the participating resource providing entities and can receive a request to issue tokens associated with an account of the user for the one or more resource providing entities.” User provides a selection for the end recipient of a token)
A person having ordinary skill in the art before the effective filing date of the present invention would be motivated to include this common step of confirming the recipient of a token as disclosed by AL-BEDAIWI to the process of provisioning tokens as disclosed by the combination of GIRISH, GOOD, and DIMMICK by having the user select the desired participating entities in order to ensure that the correct recipient was provided amongst a pool of participating entities. 

In Regards to the reliance and interpretation of GIRISH as a primary reference it is noted:
A reference may be relied upon for all that it would have reasonably suggested to a person having ordinary skill in the art, including non-preferred embodiments. MPEP 2123(I), citing Merck & Co. v. Biocraft Laboratories, 874 F.2d 804, 10 USPQ2d 1843 (Fed. Cir.), cert. denied, 493 U.S. 975 (1989). 
Under broadest reasonable interpretation, GIRISH’s FIG. 1 may be interpreted by a person of ordinary skill in more than one way as concerns the directory server computer, that is, as to whether it is 

    PNG
    media_image1.png
    664
    795
    media_image1.png
    Greyscale



    PNG
    media_image2.png
    565
    693
    media_image2.png
    Greyscale


    PNG
    media_image3.png
    565
    693
    media_image3.png
    Greyscale

It is noted that annotated FIG. 1B most closely visually matches FIG. 1 of the present invention, as it most clearly illustrates that a token can be provided by the provisioning service (token provider) to the service provider (annotated FIG. 1B, path [5]) at the request of the account issuer (annotated FIG. 1B, path [4]). Annotated FIG. 1A and annotated FIG. 1B are functionally equivalent in this regard, however. GIRISH’s arrangement of components performs the identical functions specified in the claim and as noted in this Office action in substantially the same way, and produces substantially the same results as the corresponding element disclosed in the specification. Additionally, a person of ordinary skill in the art would have recognized the interchangeability of the elements shown in GIRISH for the corresponding elements disclosed in the claimed invention. See MPEP 2183.
Specifically, GIRISH’s method of token provisioning utilizing a secure authentication system teaches all of the elements of limitations [A]-[B] and [F]-[H], and further would suggest to a person having ordinary skill in the art before the effective filing date of the present invention that the elements could be arranged together in such a way to be analogous and/or equivalent to the claimed embodiment(s) of the present invention. Further, it would be desirable to a person having ordinary skill in the art to make such arrangements to achieve flexibility of hardware configurations, e.g., using “any suitable component of a secure authentication system” to “assume the roles of the token provider computer. For example, directory server computers and/or access control server computers may become a token provider…“ GIRISH, [0043], lines 13-16. Communication flows may also be different in various arrangements, e.g., “the authentication request and response messages may pass between the resource provider computer 108 and the access control computer 112A via the user computing device 102 instead of the directory server computer 110. GIRISH, [0120]. GIRISH, [0143]-[0144] discloses further benefits of such arrangements: 
[0143] Embodiments of the present invention may also provide for faster transaction processing as it reduces the friction that occurs in transactions by combining a token request process within a secure authentication process conducted by a secure authentication system. While conventional systems require separate messages to be transmitted to request authentication and token provisioning, the methods and systems provided herein enable authentication and token provisioning to occur by initiating a single message (e.g., an authentication request message). Additionally, while conventional authentication response message provided information related to authentication success/failure, the techniques described herein enable additional information (e.g., user-specific information) to be communicated within an authentication response message. Thus, alleviating the need for a separate interface and/or an additional message to be utilized in order to obtain such information as would be found in conventional systems.
[0144] Reducing the number of messages need to perform multiples tasks (e.g., token provisioning, authentication, data requests) also has the benefit of reducing the amount 

Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the present invention to look to GIRISH to arrange the various configuration options to arrive at the configuration of the present invention for effecting the method of the present invention.
Further, although GIRISH does not explicitly disclose a request receipt, it would have been obvious to a person having ordinary skill that facilitating the authentication process by including a request receipt for authenticating the merchant as the user’s selected service provider while authenticating the user and/or transaction before providing a token to the service provider would achieve similar benefits as disclosed by GIRISH and cited above (e.g., [0144], “Reducing the number of messages need to perform multiples tasks (e.g., token provisioning, authentication, data requests) also has the benefit of reducing the amount of system resources required perform such tasks between multiple computers systems and devices.”). 
Thus, one of ordinary skill would have looked to GOOD for a method of confirming the chosen recipient of a token requested by one device to be provisioned by another device, via a token provider sending a single use PIN (equivalent to a request receipt) around the closed loop network, that is, requesting the first (sender) device to send the PIN to the second (recipient) device, which in turn sends the PIN back to the token provider to verify that the second (recipient) device is the intended recipient of the token. As to the actors in GOOD, an equivalency would have easily been drawn both to the present invention and GIRISH because the loop of [4]-[3]-[5] in annotated FIG. 1 of the present invention and annotated FIGs. 1A,B of GIRISH require only that there is a token recipient (service provider/merchant/child), a token provider (provisioning service computer/processing server), and a requestor/authenticator (account issuer acting on behalf of service provider/parent acting on behalf of child). The effect is the same to confirm the attended recipient. 
As to equivalency of the request receipt, Applicant’s Specification discloses:  “The request receipt may be in any format, and need not be in a token or PAN format. The request receipt will--later in the process--be used to identify the request for completion of the requested provisioning.” App. Spec., p. 10, lines 19-23. Whether sharing a “single use PIN” or a “request receipt,” the effect is the same to confirm the intended recipient. 
A person having ordinary skill in the art before the effective filing date of the present invention would have been motivated to combine GOOD’s single use PIN verification with GIRISH’s secure authentication system not only because GIRISH contemplated the ability and benefit of including such messages, but also because GOOD, [0005], disclosed the efficiency of such an arrangement for purposes of an improved authentication process: 
[0005] Thus, there is a need for a technical solution where a payment token for a transaction account can be distributed to a secondary mobile computing device, without the need for the secondary mobile computing device having to be fully authenticated using traditional provisioning processes if the secondary mobile device is a trusted device with the account holder. In such a solution, credentials for a transaction account may be shared more easily and efficiently, while still utilizing tokens to provide for greater account security. In addition, the use of a technological solution that also utilizes transaction controls can further ensure that the payment token shared by the account holder is subject to rules set forth by the account holder, to not only prevent fraud of their transaction account, but also misuse by the individual to whom the account was shared.

That GOOD’s devices in the process are both mobile devices would be of no different effect to one of ordinary skill. 

The structural components as recited in Claims 23-28, i.e. A provisioning service computer for provisioning a payment account of a user to a service provider comprising: a computer processor; a storage device operably coupled to the computer processor and storing processor-executable instructions which when executed cause the computer processor to:… ,  are also disclosed by the combination of references above: (GIRISH [0056-0058] “A “server computer” is typically a powerful computer or cluster of computers… A “processor” may refer to any suitable data computation device or devices… A “memory” may be any suitable device or devices that can store electronic data. A suitable memory may comprise a non-transitory computer readable medium that stores instructions that can be executed by a processor to implement a desired method. Examples of memories may comprise one or more memory chips, disk drives, etc. Such memories may operate using any suitable electrical, optical, and/or magnetic mode of operation.”, GOOD [0094-0096] “Processor device 704 may be a special purpose or a general purpose processor device specifically configured to perform the functions discussed herein.” DIMMICK [0066-0067] “An example of the transaction processing computer 150, according to some embodiments of the invention, is shown in FIG. 4. The transaction processing computer 150 comprises a processor 150A, a network interface 150B, 
Therefore all such structural limitations as found in the claims have also been met.

Regarding dependent claims 10 and 24:
AL-BEDAIWI further discloses transmitting, by the provisioning service computer to the account issuer computer, a 20confirmation that the payment account has been provisioned to the service provider (AL-BEDAIWI, [0086], information confirming that the resource was provisioned may be sent to authorization computer).

Regarding dependent claims 14 and 25:
GIRISH further discloses: wherein the transmitting the request receipt further comprises: transmitting, by the provisioning service computer to the account issuer computer, an 10inquiry as to whether the payment account is eligible for provisioning to the service provider (GIRISH, [0102], “directory server computer 110 may … route authentication request message to an access control server computer 112A”; [0103], “access control server computer 112A may … perform an enrollment verification process and/or risk analysis using the data received in the authentication request message”; [0104] “as part of the enrollment process, the access control server computer 112A may determine whether an account identifier (e.g., an account number) has been previously enrolled in the secure authentication program provided by the access control server computer 112A. The access control server computer 112A may contain or have access to a database that stores enrolled account identifiers.” This process, using the subsequent enrollment and risk checks disclosed in GIRISH at [0104]-[0110], checks for eligibility of an account based on at least enrollment in the secure authentication program and/or a level of risk.
With regard to the combination of GIRISH in view of GOOD, a person having ordinary skill in the art before the effective filing date of the present invention would have understood the eligibility inquiry process of GIRISH to be compatible with GOOD, at least because GOOD, at [0047], discloses that the 

Regarding dependent claims 15 and 26:
GIRISH further discloses: The method of claim 14, further comprising: receiving, by the provisioning service computer from the account issuer computer, an indication that the payment account is eligible for provisioning to the service provider (GIRISH, [0112], lines 1-3, “the access control server computer 112A may generate and transmit an authentication response message to the directory server computer 110.”).

Regarding dependent claims 16 and 27:
GIRISH further discloses: The method of claim 15, further comprising: transmitting, by the provisioning service computer to the service provider, the indication that the payment account is eligible for provisioning to the service provider (GIRISH, [0111], lines 11-14, “the access control server computer 112A may generate and transmit an authentication response message to the resource provider computer 108 via the directory server computer 110…”).

Regarding dependent claims 17 and 28:
GIRISH partially discloses:
The method of claim 9, wherein the information that identifies (a) the service provider; and (b) the payment account to be provisioned to the service provider is received in encrypted form by the provisioning service computer
However, DIMMICK discloses the encryption of both the service provider and the payment account in the token request message. Specifically, DIMMICK discloses, at [0044], “a token request message may include payment credentials, mobile device identification information (e.g. a phone number or MSISDN), a digital wallet identifier, information identifying a tokenization service provider, a merchant identifier, a cryptogram, and/or any other suitable information. Information included in a token request message can be encrypted (e.g., with an issuer-specific key).” Additionally, DIMMICK discloses at [0085], “the authorization entity computer 660 may forward the token request message to the tokenization computer 670.
A person having ordinary skill in the art before the filing date of the present invention would have understood that if one item of information could be encrypted in a token request message to the provisioning service computer, other items within that message could similarly be encrypted using the same process, with no substantial effect on the combination of GIRISH in view of GOOD, further in view of DIMMICK. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
U.S. Patent Literature
Linehan, US 6,327,578 B1, discloses a method, system, and computer program product for a four-party credit/debit payment protocol in which the credit/debit card authorization function is moved from the merchant to the account issuer.
Talbert et al., US 2004/0078328 A1, discloses a method and system for completing a transaction between a customer and a merchant. 
Felsted et al., US 8,364,600 B2, discloses a method, apparatus, and computer program product for performing a business transaction without disclosing sensitive identity information to a relying party.
Dill et al., US 2015/0032627 A1, discloses systems and methods for interoperable token processing including communicating token attributes associated with a token vault for various token requestors.
Dill et al., US 2015/0032625 A1, discloses systems and methods for communicating risk using token assurance data.
Nelsen et al., US 2015/0142673 A1, discloses method and systems for token request management using account issuer-defined payment token request rules generated and stored by a token issuer computer.
Dua, US 2015/0339667 A1, discloses an apparatus, system, and method for processing a request to authorize a payment transaction using token credentials.
Shastry et al., US 2015/0356560 A1, discloses a method and apparatus for token provisioning a merchant mobile application, the token associated with a status for identification and verification of secure user data.
Gaddam et al., US 2016/0028550 A1, discloses systems and methods for secure detokenization using a tokenization certificate that validates the identity of a credential requestor and provides information about the requestor’s authorization for detokenizing a token.
Carpenter et al., US 2016/0034891 A1, discloses a method and system for activating credentials for transmission to a transaction processing system via a data communications network.
Taratine et al., US 2016/0140546 A1, discloses methods, apparatus, and computer software for processing electronic tokens, using encryption and digital signatures, for authorization of a transaction.
Selfridge et al., US 2017/0091759 A1, discloses a system, method, and computer program product for token provisioning for non-account holder (third party) use in financial transactions.
Rajurkar et al., US 2017/0148013 A1, discloses systems and methods for tokenizing account numbers and shipping data to facilitate transactions with a merchant.
Jones-McFadden, US 2017/0195879 A1, discloses a system, method, and computer program product for tokenized identification of user authentication via a merchant system.
Taylor et al., US 2017/0228723 A1, discloses systems, methods, and apparatus for token provisioning and processing of resource provider accounts.
Maddukuri et al., US 2017/0255937 A1, discloses systems and methods for transaction account tokenization of a merchant.
Kim et al., US 2017/0372313 A1, discloses an electronic payment device for securing and authenticating payments through a payment server to a merchant.
Subbarayan et al., US 2018/0174137 A1, discloses systems, methods, and devices for providing agnostic electronic payment tokens to client devices and merchant systems.
Kumnick et al., US 10,062,079 B2, discloses a payment account identifier system and method for utilizing a non transactable-account identifier with a payment token.
McGuire, US 10,096,009 B2, discloses a system for secure payment processing using an authorization request and replacement account identifiers to conduct payment transactions.
Kumar et al., US 2019/0050853 A1, discloses systems and methods for pushing tokenized payments to resource providers for goods or services. 
Chandoor et al., US 10,243,958 B2, discloses systems and methods for device push provisioning, including encrypting provisioning request data sent to a provisioning server computer.
Bloy et al., US 2019/0089784 A1, discloses a system and method for provisioning a data transfer application, including a payment device with a payment token.
Uechi, US 2019/0122222 A1, discloses a computer-based system and method for payment processing without the need to transfer account information directly from the user.
Wong et al., US 10,257,185 B2, discloses a method for automatic token provisioning in response to receiving a request to create an account for an access or payment transaction.
Hammad, US 2019/0347645 A1, discloses a provisioning system for enabling a mobile communication device to operate as a financial presentation device for payment to a merchant, including sending financial data in an authorization request with a security key.
Royyuru et al., US 2019/0385164 A1, discloses methods for facilitating push token provisioning of a user payment account into a digital wallet using an encryption gateway to encrypt the provisioning data when sending it to the token service provider.
Lopreiato et al., US 2020/0005287 A1, discloses methods of maintaining a token database for token provisioning to a mobile device, and managing the lifecycle of payment tokens on the mobile device.
Dimmick et al., US 10,552,834 B2, discloses systems and methods for performing consumer authentication in a tokenized transaction.
Peyton et al., US 2020/0143357 A1, discloses a method of provisioning payment credentials to a mobile device based on decisions made by a mobile network operator.
Spector et al., US 10,878,407 B1, discloses systems and methods for facilitating provisioning of a token to a third-party payment application and transacting using the token.
Powell et al., US 10,891,610 B2, discloses a network token system for providing, along with the token, token assurance.
Law et al., US 10,911,429 B2, discloses a method for utilizing a registration authority to facilitate a certificate signing request for secure token distribution.
Non-Patent Literature
EMVCo., "EMV Payment Tokenisation Specification, Technical Framework," V1.0, March 2014, available at https://www.emvco.com/terms-of-use/?u=wp-content/uploads/documents/EMVCo_Payment_Tokenisation_Specification_Technical_Framework_v1.0.pdf (84 pages). (Year: 2014)
Foreign Patent Literature
Kinagi, WO 2016134016 A1, discloses systems and methods for token processing using transaction specific information. 

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick MacAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JOHANN Y CHOO/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        01/10/2022