Acknowledgements
This communication is in response to applicant’s response filed on 12/21/2021.
Claims 1 and 14 have been amended. Claims 3 and 16 have been cancelled.
Claims 1-2, 4-15, and 17-20 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/21/2021 has been entered.

Response to Arguments
Regarding applicant’s arguments:	
Regarding applicant’s arguments under Claim Rejections - 35 USC § 103 that the combination of Powell (EP 3292499 A1)/(EP 3292499 B1) in view of Pendse (US 20190108514) in further view of Huxham (US 20160078434) does not teach or suggest “an encryption key associated with the token service provider,” as amended in claims 1 and 14, examiner respectfully argues applicant’s arguments are moot in light of the new grounds of rejections necessitated by the amendment to claim 1 and 14. 
Applicant argues dependent claims 2, 4-13, 15, and 17-20 are allowable based on their dependence upon allowable base claims, and examiner respectfully argues 

Priority
This application claims priority of US Provisional Application No. 62/686,369 filed on 06/18/2018. Applicant’s claim for the benefit of this prior-filed application is acknowledged.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/21/2021 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2, 4-15, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Powell (EP 3292499 A1)/(EP 3292499 B1) in view of Makhotin (US 20150073996).

Examiner Note: Examiner mapped the claims to the published granted patent Powell (EP 3292499 B1) not the published application (EP 3292499 A1). Both publications are included in the office action.

	Regarding Claims 1 and 14, Powell teaches receiving, from an issuer mobile application 4server, user information for a user and account information for the user payment source (Paragraphs 0066-0068 teach a user may wish to load access data (i.e., payment source) into the second application (i.e., a digital wallet application); the access data may be used to activate payment account data already residing on the mobile device; the user may initiate the loading process by launching or otherwise interacting with the first application (i.e., issuer application (e.g., a mobile banking application)) that is associated with the authorization computer system (i.e., issuer computer system); the first application may present the user with an option to load an account number (e.g., a credit card account number) to the second application; in doing so, the first application may also ask the user to input the user's authentication data associated with the account number to be loaded to the second application; for example, the first application may ask the user of the mobile device for PIN or password, and optionally a username; alternatively or additionally, the first application may gather authentication data (e.g., a serial number, phone number, digital fingerprint, etc.) directly from the mobile device); receiving, from an issuing host platform, primary 8account number data for the payment source (Paragraph 0070 teaches the authorization computer system validates the authentication data; it may do so by retrieving authentication data that was previously stored for the user,  encrypting the primary account number data 12to generate encrypted provision data (Paragraph 0072 teaches the authentication code (i.e., encrypted provision data) may be generated using an encryption process; the authentication code may include an encrypted portion and a non-encrypted portion; the non-encrypted portion may be used to decrypt the encrypted portion; further, the encrypted portion may include a consumer's PAN, a date and time when the authentication code was generated, and a specific authorization code generated by the authorization entity); and transmitting the encrypted provision data to 14the issuer mobile application server (Paragraph 0074 teaches the authentication code is transmitted from the authorization computer system to first application in the mobile device).
However, Powell does not explicitly teach transmitting, the user information and the account information to request primary account number data for the user payment source from an issuing host platform; and encrypting, the primary account number data to generate encrypted provision data, wherein the encrypting comprises determining a first set of encryption requirements associated with a token service provider and applying an encryption key associated with the token service provider to the primary account number data based on an encryption algorithm and a minimum length of the encryption key identified from the first set of encryption requirements.
Makhotin from same or similar field of endeavor teaches transmitting, the user information and the account information to request primary account number data for the user payment source from an issuing host platform (Paragraph 0063 teaches the user may communicate to the issuer computer that the user wishes to enroll/activate an account on the mobile device; the user may provide personal identification information such as user name, date of birth, address, account number, expiration date associated with the account, etc. to the issuer computer); and encrypting, the primary account number data to generate encrypted provision data (Paragraph 0076 teaches to provision the account on the mobile payment application, the user may provide account information, such as a primary account number (PAN), a card expiration date (CED), a card security code (e.g. a card verification value (CVV2)) and the account activation code (AAC) received from the issuer to the secure element of the mobile device; the secure element may encrypt the received information (e.g. PAN, CED, CVV2, AAC) using the first one of the secure element key pair provided by the central TSM), wherein the encrypting comprises determining a first set of encryption requirements associated with a token service provider and applying an encryption key associated with the token service provider to the primary account number data based on an encryption algorithm and a minimum length of the encryption key identified from the first set of encryption requirements (Paragraphs 0061 and 0034 teach after the mobile payment application is provisioned on the secure element, the central TSM may contact the secure element to replace the temporary secure element key with a permanent key pair (e.g. secure element key pair); the permanent key pair may be a secure element key pair such that a first one of the secure element key pair is stored at the secure element and the second one of the secure element key pair is stored at the central TSM; using the secure element key pair, the central TSM may personalize the mobile payment application; a “secure element key” can be an encryption key that is used in order to communicate with a secure element the secure element key may be one of an asymmetric secure key pair; exemplary asymmetric secure element keys may include keys generated with RSA cryptosystem having a minimum of 1024 bits length or keys generated with Elliptic Curve Cryptography (ECC) having 256 bits length).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in Powell, which teaches a mobile device requesting primary account number data from an issuing host platform, and the issuing host platform transmitting the requested primary account number data in an encrypted format, to incorporate the teachings of Makhotin, which teaches transmitting, the user information and the account information to request primary account number data for the user payment source from an issuing host platform; and encrypting, the primary account number data to generate encrypted provision data, wherein the encrypting comprises determining a first set of encryption requirements associated with a token service provider and applying an encryption key associated with the token service provider to the primary account number data based on an encryption algorithm and a minimum length of the encryption key identified from the first set of encryption requirements.
There is motivation to combine Makhotin into Powell because the base invention is improved by provisioning and personalizing a mobile payment application on a mobile device without communicating with the issuer during the provisioning process. In addition, the personal account information provided to the mobile device by the user may be encrypted using a secret key pair unique to the secure element and the central TSM. Thus, the sensitive information is not shared with third party TSMs and is protected from fraudsters. The secret key pair shared between the central TSM and the secure element is used to encrypt the account information as well as the account activation code previously generated by the issuer. Since the central TSM is the only other party in possession of the secret key pair, a third party cannot acquire the sensitive information (Makhotin Paragraph 0082). 
	Regarding Claim 1, Powell teaches a non-transitory computer-readable media comprising computer-readable instructions stored thereon that when executed by one or more processors for provisioning instant digital access to a user payment source using a mobile device pay wallet, causes the one or more processors to perform a process (Paragraphs 0033 and 0035 teach the provisioning server computer may be configured to provision the mobile device with access data; it may include a processor and a computer readable medium comprising code which causes the processor to perform any suitable method associated with provisioning the mobile device with access data).
	Regarding Claim 14, Powell teaches a gateway system comprising:  2one or more processors, and 3a memory having stored thereon computer-readable instructions that, when 4executed by the one or more processors (Paragraphs 0038-0039, 0045, and 0048-0049 teach the exemplary mobile device may comprise a computer readable medium; the computer readable medium may comprise code, executable by the processor for implementing a method; an authorization computer system (i.e., issuer bank) comprises a server computer and an account data database coupled to the server computer; the server computer may comprise a processor, which may be coupled to a system memory and an external communication interface; a computer readable medium may also be operatively coupled to the processor; the computer readable medium may comprise a number of software modules including a communication module, an encryption module, a database update module, an authentication code generation module, an authorization module, and a validation module).

Regarding Claims 2 and 15, the combination of Powell and Makhotin teaches all the limitations of claims 1 and 14 above; however the combination does not explicitly teach wherein the encrypting the primary account 2number data comprises: 3identifying an encryption key from a plurality of encryption keys using the 4primary account number data.
Makhotin further teaches wherein the encrypting the primary account 2number data comprises: 3identifying an encryption key from a plurality of encryption keys using the 4primary account number data (Paragraphs 0073 and 0075-0076 teach before provisioning the mobile payment application, the provisioning system needs to know which secure element is associated with the mobile device of the user; the provisioning system may determine which secure element is associated with the mobile device, for example by querying the mobile device; once the secure element is identified, the provisioning system may request that the central TSM provision the mobile payment application on the identified secure element; upon receiving the instruction/request from the central TSM, the secure element TSM may install the security domain and the mobile payment application on the secure element of the mobile device using temporary keys; for increased security, the central TSM may replace the temporary key with a secure element key pair on the secure element of the mobile device; the secure element key pair may be unique to the secure element and only shared between the secure element and the central TSM; secure element 116 may encrypt the received information (e.g. PAN, CED, CVV2, AAC) using the first one of the secure element key pair provided by the central TSM).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Powell and Makhotin to incorporate the further teachings of Makhotin for the encrypting the primary account 2number data to comprise: 3identifying an encryption key from a plurality of encryption keys using the 4primary account number data; and encrypting, using the encryption key, the primary account number data to 6generate the encrypted provision data.
There is motivation to further combine Makhotin into the combination of Powell and Makhotin because when the provisioning system identifies that the information is encrypted using the secure element key pair, and is able to decrypt the information using the second secure element key, the provisioning system may validate and/or confirm that the information is sent from a recognized secure element. Accordingly, the use of the secure element key pair between the secure element (e.g. mobile device) and the provisioning system helps to validate that the information is sent from a correct mobile device. That is, an identity of the mobile device requesting the provisioning of the account (e.g. the personalization of the mobile payment application) may be validated using the secure element key pair (Makhotin Paragraph 0079).

Regarding Claim 6, the combination of Powell and Makhotin teaches all the limitations of claim 1 above; and Powell further teaches wherein encrypting the primary account number data 2comprises identifying a validation key from a plurality of validation keys using the primary 3account number data (Paragraphs 0091-0092 teach the second application may have device specific information such as an identifier for the mobile device or an identifier for the second application (e.g., a wallet identifier) and may transmit this information (in clear text or in hashed or encrypted form) to the first application and then to the authorization computer system (i.e., identifier identifies the private key residing on mobile device)); and signing, using the validation key, the primary account number data upon encrypting the primary account number data to generate the 5encrypted provision data (Paragraphs 0092-0093 and 0081 teach to ensure that the validation entity computer knows which mobile device that the request originated from, the event specific and/or device specific information may be signed with a cryptographic key (e.g., a cryptographic private key) that may reside in a memory (e.g., a secure element) in the mobile device; the signed information may then be provided by the second application to the first application, and then to the authorization computer system; the second application may retrieve a cryptographic key (e.g., a private key) from a secure element in the mobile device, and may then use this to sign the event specific or the device specific data; this can be used at a later time by the validation entity computer to verify that the mobile device originated the provisioning request; the provisioning server computer may computer may encrypt the access data using the corresponding public key before sending it to the mobile device).

Regarding Claim 7, the combination of Powell and Makhotin teaches all the limitations of claim 1 above; and Powell further teaches wherein the user payment source is a credit card (Paragraph 0066 teaches the access data may be payment account data such as credit card account data).

Regarding Claims 8 and 18, the combination of Powell and Makhotin teaches all the limitations of claims 1 and 14 above; and Powell further teaches wherein the user information for the user and the 2account information for the user payment source of the user comprises a name of the user, a digital 3wallet data of the user, and an issuer nonce (Paragraphs 0068, 0072, and 0100 teach user account stored at authorization computer includes a username (i.e., name of the user); the authentication code may include an encrypted portion that comprises a specific authorization code (i.e., issuer nonce) generated by the authorization entity; and in addition to having all of the access data including within the authentication code itself, in some embodiments, any information needed to deliver the access data to the mobile device may also be included in the authentication code such as a digital wallet ID).

Regarding Claims 9 and 19, the combination of Powell and Makhotin teaches all the limitations of claims 1 and 14 above; and Powell further teaches wherein the primary account number data 2comprises a sixteen-digit primary account number of the user payment source and an address of the user, and a nickname of the user payment source 3 (Paragraphs 0094, 0025, and 0080 teach the authorization computer system stores the primary account numbers or aliases (i.e., access data reference identifiers) of the primary account numbers; an access data reference identifier (i.e., nickname) may be used to identify particular access data; for example, a primary account number such as 4000 8198 8298 1132 (16-digits) may be represented by an account reference identifier such as XP28278978; user account may also include the address associated with the mobile device to be provisioned).

Regarding Claim 10, the combination of Powell and Makhotin teaches all the limitations of claim 1 above; and Powell further teaches receiving, at an issuer mobile application using a software development kit, a list of accounts for the user, wherein the payment source is selected from the list of accounts (Paragraph 0094 teaches the authorization computer system may then optionally send the primary account numbers or aliases of the primary account numbers that have not already been provisioned to the second application to the first application in the mobile device; while in the first application, the user can select any of the presented primary account numbers (or aliases thereof) that have not already been provisioned onto the second application so that they may be provisioned to the second application).

Regarding Claim 11, the combination of Powell and Makhotin teaches all the limitations of claim 1 above; and Powell further teaches receiving, at an issuer mobile application using a software development kit, the 3encrypted provision data (Paragraph 0074-0075 teach the authentication code is transmitted from the authorization computer system to first application in the mobile device; after the first application in the mobile device receives the authentication code, the first application then passes the authentication code to the second application in the mobile device); 4genergenerating, by the software development kit, a request to provision the user payment 5source in the mobile device pay wallet of the user using the encrypted provision data (Paragraphs 0076-0077 teach after the authentication code is received by the second application, the mobile device then transmits the authentication code to the digital wallet server computer using any suitable electronic message format; after the digital wallet server computer receives the authentication code, the digital wallet server computer then transmits the authentication code to the validation entity computer); and 6receiving, by the software development kit, a result of the request to provision the user 7payment source in the mobile device pay wallet (Paragraph 0078-0081 teaches after the validation entity computer receives the authentication code, the validation entity computer verifies it; if the authentication code received from the authorization computer system does not match the authentication code received from the digital wallet server computer, then a message may be transmitted to the mobile device indicating that the provisioning request has failed; if the received authentication code is valid, the validation entity computer then initiates the provisioning process; the provisioning server computer may store one encryption key (e.g., an ephemeral public ECC key) and the mobile device may store another corresponding encryption key; the provisioning server computer may then encrypt the access data before sending it to the mobile device, and the mobile device may decrypt the encrypted access data upon receipt).

Regarding Claim 12, the combination of Powell and Makhotin teaches all the limitations of claim 1 above; and Powell further teaches receiving from the issuer mobile application 3server, an issuer nonce indicating that the user was authenticated by the issuer mobile application 4server (Paragraph 0071-0072 teach if the received authentication data does match the previously stored authentication data, then the authorization computer system may generate an authentication code; the authentication code may be generated in any suitable manner; the encrypted portion may include a specific authorization code (i.e., issuer nonce) generated by the authorization entity); and 5wherein  encrypting the primary account number data comprises encrypting the 6issuer nonce along with the primary account number data (Paragraph 0072 teaches the authentication code may be using an encryption process; the authentication code may include an encrypted portion and a non-encrypted portion; the encrypted portion may include a consumer's primary account identifier (PAN) and a specific authorization code (i.e., issuer nonce) generated by the authorization entity).

Regarding Claim 13, the combination of Powell and Makhotin teaches all the limitations of claim 12 above; and Powell further teaches receiving, at the token service provider, the encrypted primary account number data 3with the issuer nonce (Paragraph 0106 teaches after the digital wallet server computer receives the authentication code (i.e., comprises primary account number data and issuer nonce), the digital wallet server computer then transmits the authentication code to the validation entity computer); 4decrypting, by the token service provider, the encrypted primary account number 5data and the issuer nonce using the encryption key (Paragraph 0108 teaches after the validation entity computer receives the authentication code, the validation entity computer verifies it; the validation module in the validation entity computer may take the recently received authentication code and may decrypt any encrypted data; it may then retrieve a previously received authentication code previously received from the authorization computer system (stored in a database) and decrypt any encrypted data as well; the decrypted data from the previously stored and recently received authentication codes may then be compared to determine if the currently received authentication code and the previously stored authentication code match (thereby validating the received authentication code)); 6validating, by the token service provider, a signature of the primary account 7number data with a validation key (Paragraph 0109 teaches further, the previously described signed device and/or event specific data can also be verified by the validation entity computer; device and/or event specific data can be obtained from the digital wallet server along with the authentication code; for example, in some embodiments, as noted above, the device and/or event specific data may be signed by an encryption key in a secure element in the mobile device; the resulting digital signature may be verified by the validation entity computer using a corresponding encryption key (e.g., a public key) to ensure that the correct mobile device 10 is being provisioned with account data); and 8in response to validating the signature, transmitting, by the token service provider, 9a provision request comprising the issuer nonce (Paragraph 0112 teaches if the authentication code received from the authorization computer system matches the authentication code received from the digital wallet server computer, the validation entity computer then initiates the provisioning process; the validation entity computer can transmit a message to the provisioning server computer to request that the second application of the mobile device be provisioned with the access data requested by the user of the mobile device; in another embodiment, the provisioning server computer may be part of the validation entity computer and provisioning may be initiated without the transmission of any particular provisioning instruction message).

Claims 4-5 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Powell (EP 3292499 A1)/(EP 3292499 B1) in view of Makhotin (US 20150073996) in further view of Pendse (US 20190108514).

Regarding Claims 4 and 17, the combination of the combination of Powell and Makhotin teaches all the limitations of claims 1 and 14 above; however the combination does not explicitly teach wherein the encrypting the primary account 4number data further comprises: 5identifying a second set of encryption requirements for the mobile device pay wallet using wallet data associated with the mobile device pay wallet; and 9wherein encrypting, using the encryption key, the primary account number data 10is further isis further based on the 11second set of encryption requirements.
Pendse from same or similar field of endeavor teaches wherein the encrypting the primary account 4number data further comprises: 5identifying a second set of encryption requirements for the mobile device pay wallet using wallet data associated with the mobile device pay wallet (Paragraph 0013 teaches a typical tokenization process for a digital wallet, such as Apple Pay, to request a digitization entity such as MasterCard Digital Enablement Services (MDES) to generate a token to be added to a secure device; typically, there is an exchange of secure information between the digitization entity and the mobile device hosting the digital wallet, and then the digitization entity performs the entire process on behalf of the issuing bank of the payment credential by using a secure set of keys, assigning token numbers, and the like, and then transfers the token to the digital wallet for provisioning on the mobile device; that is, in the conventional digitization process the digitization entity does everything; in order to perform all of these steps on behalf of the issuer, the digitization entity gets issuer master keys from the issuer, encrypts a package of tokenized payment information to be written onto the secure element of the mobile device, and transmits the encrypted package of tokenized payment information to the secure element of the mobile device); and 9wherein encrypting, using the encryption key, the primary account number data 10is further bis further based on the 11second set of encryption requirements (Paragraphs 0027-0028 teach generating tokenized payment information for the payment credential based on the received personalization script; the tokenized payment information is generated by the digitization entity even though the digitization entity does not have access to issuer master keys of the issuer of the payment credential; in this case, the issuer master keys may be retained by the issuer or an agent thereof without divulging the sensitive information to external sources such as the digitization entity; this process satisfies on-soil data requirements by preventing sensitive data from leaving sovereign boundaries but still allows a digital wallet to access a global payment processor to conveniently perform the payment card digitization process rather than having to attempt to contact the individual issuing bank; the method includes transmitting the tokenized payment information for the payment credential to a digital wallet executing on a user device, wherein the tokenized payment information may include a token which can be encrypted and which is to be added to a secure element of the mobile device; the tokenization may only be performed in response to a successful authentication of a cardholder or account holder of the payment credential).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Powell and Makhotin to incorporate the further teachings of Pendse for the encrypting the primary account 4number data to further comprise: 5identifying a first set of encryption requirements for the mobile device pay wallet using wallet data from the mobile device pay wallet; identifying a second set of encryption requirements for the token service provider; and 9wherein encrypting, using the encryption key, the primary account number data 10comprises complying with the first set of encryption requirements and complying with the 11second set of encryption requirements.
There is motivation to further combine Pendse into the combination of Powell and Makhotin because the conventional tokenization process involves the issuer releasing secure information to the digitization entity. Furthermore, a number of countries and markets have on-soil requirements that prevent sensitive and secure payment information from leaving a sovereign boundary. The base invention is improved because issuer master keys (IMKs) are controlled by the issuer and may be shared with the CSP and are not shared with the digitization entity. Another benefit is issuer has more control over their master keys which is a sensitive element of the payment processing. For regulatory purposes, the distributed digitization process meets on-soil data requirements such as Chinese regulation which requires sensitive payment information and other information to be held by a bank on the ground in China without leaving sovereign boundaries. Furthermore, the digitization process still performs an exchange process between a digital wallet and a digitization entity without requiring the digital wallet to connect to an individual bank (Pendse Paragraphs 0014-0015).

Regarding Claim 5, the combination of Powell and Makhotin teaches all the limitations of claim 2 above; however the combination does not explicitly teach storing the encryption key in a database 4storing the plurality of encryption keys; and 5wherein identifying the encryption key comprises: 6identifying an associated issuer using the primary account number data; and 8searching the database for the encryption key using the associated issuer.
Pendse from same or similar field of endeavor teaches 3storing the encryption key in a database 4storing the plurality of encryption keys (Paragraph 0017 teaches the CSP may be a key manager that acts as an agent of the issuer; the CSP may control keys in order to complete the digitization process securely); and 5wherein identifying the encryption key comprises: 6identifying an associated issuer using the primary account number data (Paragraphs 0021 and 0023 teach the issuer shares sensitive data unique to the issuer with the CSP; for example, the issuer may share issuer master keys, personalization script specifications, payment credentials, and the like, with the CSP; in response to receiving the request (and in some cases authenticating the user) the digitization entity requests a personalization script from the issuer and/or the CSP (i.e., the CSP is able to identify the issuer using the received payment credential since the CSP previously stored the issuer master keys, personalization script specifications, payment credentials received from the issuer)); 7and 8searching the database for the encryption key using the associated issuer (Paragraph 0021 and 0023 teach the CSP received issuer master keys, personalization script specifications, payment credentials; the issuer or the CSP provides the requested personalization script to the digitizing entity; the personalization script may include a unique specification for extracting payment information, and generating a tokenized payment credential (i.e., the CSP is able to search the database with the received payment credential to find the corresponding IMK and personalization script to send to the digitizing entity)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Powell and Makhotin to incorporate the further teachings of Pendse to receive, at the gateway encryption service, the encryption key; store, by the gateway encryption service, the encryption key in a database 4storing the plurality of encryption keys; and 5wherein identifying the encryption key comprises: 6identifying an associated issuer using the primary account number data; and 8searching the database for the encryption key using the associated issuer.
There is motivation to further combine Pendse into the combination of Powell and Makhotin because an issuer may maintain control over sensitive information such as the IMKs and also control various details of the digitization process by generating and providing a personalization script to a digitization entity such as a payment processor. The personalization script may also be referred to as a digitization script. The digitization entity may generate tokenized payment information for the payment credential and transmit the tokenized payment information to a digital wallet executing on a mobile device. The digitization entity may perform the digitization process without having access to the IMKs (Paragraph 0011).	

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Gaddam et al. (US 20150269566) teaches systems and methods for generating a token. An access device may receive, from a token vault computer, an encryption key and a credential identifier. The access device may generate a token using the encryption key and a current time. The access device may then transmit the token, the current time, and the credential identifier to the token vault computer. The token vault computer may receive the token, a current time, and a credential identifier. The token vault computer may retrieve an encryption key associated with the received credential identifier. The token vault computer may then validate the token based at least in part on the received current time and the retrieved encryption key.
Shastry et al. (US 20160036790) teaches methods, apparatuses, computer readable media and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user is validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) to authenticate the same user on an untrusted mobile application (e.g. a merchant mobile application).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:00 pm CST (M-F).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/COURTNEY P JONES/Examiner, Art Unit 3685