DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This action is in reply to the filing of 11/23/2021.
Claim 1, 4, 6, and 7 have been amended.
Claims 2 - 3  are original.
Claim 5 has been cancelled.
Claims 8 - 20 were previously withdrawn due to a prior Applicant election in response to examiner restriction.
Claims 1 - 4 and 6 - 7 are pending and have been examined.
THIS ACTION IS FINAL.


Response to Arguments

The rejection of all claims pursuant to 35 USC 101 was previously withdrawn in the prior office action due to Applicant's arguments and amendments. The application claims that a so called "pass-through" indicator may be associated with a token in an electronic merchant transaction, whereby the issuer of the token may allow the 
A new 35 USC 112(a) rejection of all claims is made below due to Applicant's arguments and amendments.
Applicant arguments pursuant to 35 USC 102 are moot, as examiner has analyzed this Application under 35 USC 103.
Applicant argues that Kumnick does not disclose a device specific payment token that is provisioned to an electronic device. Remarks 9. As seen below in the 35 USC 103 analysis, the Hruska reference uses a device specific payment token.
Applicant argues that Kumnick discloses that the merchant computer, not the payment network, passes the token code in the authorization request message. Remarks 10.  However, as below, Kumnick discloses:
In some embodiments, a token service system may include a token service computer alone, or in combination with other computers such as a transaction processing network computer. 
Moreover, the so called generic "payment network" of the Disclosure is undefined, and, using Broadest Reasonable Interpretation (BRI), the payment network is equivalent to a merchant computer system which conducts the transaction by processing the pass through token when operating as a "payment network". See 35 USC 103 analysis.
Generally as to obviousness, examiner submits that it is determined on the basis of the evidence as a whole and the relative persuasiveness of the arguments. See In re Oetiker, 977 F.2d 1443, 1445, 24 USPQ2d 1443, 1444 (Fed. Cir. 1992); In re Hedges, prima facie case of obviousness was successfully established in the prior Office Action of 08/26/2021, and also respecting the pending amended claim set of 11/23/2021 as seen below.
Examiner further recognizes that references cannot be arbitrarily altered or modified, and that there must be some reason why a person having ordinary skill in the relevant art would be motivated to make the proposed modifications. Although the motivation or suggestion to make modifications must be articulated, it is respectfully submitted that there is no requirement that the motivation to make modifications must be expressly articulated within the references themselves. References are evaluated by what they suggest to one versed in the art, rather than by their specific disclosures, In re Bozek, 163 USPQ 545 (CCPA 1969).
Examiner also notes that the motivation to combine the applied references is, where appropriate in the below detailed analysis pursuant to 35 USC 103, additionally accompanied by select passages from the respective references which specifically support that particular motivation. It is also respectfully submitted that motivation based on the logic and scientific reasoning of one ordinarily skilled in the art at the time of the invention, which evidence can also support a finding of obviousness, is otherwise provided in the detailed 35 USC 103 analysis of the claim set below.  In re Nilssen, 851 F.2d 1401, 1403, 7 USPQ2d 1500, 1502 (Fed. Cir. 1988) (references do not have to explicitly suggest combining teachings); Ex parte Clapp, 227 USPQ 972 (Bd. Pat. App. & 
Examiner recognizes that obviousness can only be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to a person of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992).


Claim Interpretation

The subject matter of a properly construed claim is defined by the terms that limit the scope of the claim when given their broadest reasonable interpretation (BRI). It is this subject matter that must be examined. As a general matter, grammar and the plain meaning of terms as understood by one having ordinary skill in the art used in a claim will dictate whether, and to what extent, the language limits the claim scope. See MPEP § 2111.01 for more information on the plain meaning of claim language. Language that suggests or makes a feature or step optional but does not require that feature or step does not limit the scope of a claim under the broadest reasonable claim interpretation. The following types of claim language may raise a question as to its limiting effect:

(B) "adapted to" or "adapted for" clauses, 
(C) "wherein" or "whereby" clauses, 
(D) contingent limitations, 
(E) printed matter, or 
(F) terms with associated functional language. 
The above list of examples is not intended to be exhaustive. The determination of whether particular language is a limitation in a claim depends on the specific facts of the case. See, e.g., Griffin v. Bertina, 285 F.3d 1029, 1034, 62 USPQ2d 1431 (Fed. Cir. 2002)(finding that a "wherein" clause limited a process claim where the clause gave "meaning and purpose to the manipulative steps"). For more information about these types of claim language and how to determine whether they have a limiting effect on claim scope, see MPEP §§ 2111.02 through 2111.05.
The above is useful in the examiner's interpretation of:
"wherein the issuer-applied domain-specific control and the issuer-applied domain-specific restriction prevent the device-specific payment token from being used with a device other than the electronic device; claim 1 limitation. 
 This limitation attempts to monopolize upon the  way  that the product is intended to be used. Should a patent be granted as to this notion, then the applicant, for example, could exclusively assign its patent rights as to the invention to another, yet still retain control over how the invention is used, ergo its intended use, even though that assignor would have zero remaining patent rights to the product. The product would function Apart from the claim limitation being 100% redundant, see below 35 USC 103 analysis, a person having reasonable skill in the art would determine that the limitation does not affect the claim itself. That said, the above detailed claim limitation is entitled to no patentable weight in this Application. However, claims 1 - 4, and 6 - 7 are nonetheless fully  analyzed in the following 35 USC 103 analysis for the purpose of compact prosecution.


35 USC 112(a) Rejection

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same,  and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 1 (and all claims dependent therefrom) are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described For instance, in In re Hayes Microcomputer Products, the written description requirement was satisfied because the specification disclosed the specific type of microcomputer used in the claimed invention as well as the necessary steps for implementing the claimed function. The disclosure was in sufficient detail such that one skilled in the art would know how to program the microprocessor to perform the necessary steps described in the specification. In re Hayes Microcomputer Prods., Inc. Patent Litigation, 982 F.2d 1527, 1533-34, 25 USPQ2d 1241, ___ (Fed. Cir. 1992).
In the present applicant, claim 1 cites “that is provisioned to an electronic wallet on an electronic device," where neither of the term/words "electronic wallet" nor "wallet"  are found in the Disclosure. The said claim term is unsupported in the specification in order to show possession of the invention at the time of filing. That one skilled in the art may devise a way to accomplish this aspect of the invention, Applicant’s original disclosure lacks sufficient detail to explain how Applicant envisioned achieving this goal. Simply stating or re-stating the claim limitation does not provide enough support to show possession.  Since these important details about how the invention operates are not disclosed, it is not readily evident that Applicant had full possession of the invention at the time of filing (i.e., the original disclosure fails to provide adequate written description to support the claimed invention as a whole). Neither the specification nor the drawings disclose in detail the specific steps or algorithm needed to perform the operation. If the specification does not provide a disclosure of the computer and algorithm in sufficient .



Claim Rejections – 35 USC 103


In the event the determination of the status of the application as subject to AIA  35 USC 102 and 103 (or as subject to pre-AIA  35 USC 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 USC 103 which forms the basis for all obviousness rejections set forth in this Office Action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 USC 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating
     obviousness or nonobviousness.



Claims 1 - 4 and 6 - 7 are rejected pursuant to 35 USC 103 as being unpatentable over Kumnick (US20150319158A1) in view of Hruska (US20130282588A1), and in further view of Bauer (US20120095852A1) .

Regarding claim 1:
Kumnick teaches:
specifying by an issuer of a financial instrument, an issuer-applied domain specific  control or an issuer-applied domain-specific restriction ("An “issuer” or “authorizing entity” may typically refer to a business entity (e.g., a bank) that maintains an account for a user.", [049]), and ("An “acquirer” may typically be a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant or other entity. Some entities can perform both issuer and acquirer functions. Some embodiments may encompass such single entity issuer-acquirers.", [051]) and ("A “token vault” may be an example of a token service computer and can include a repository that maintains established token-to-PAN mappings. According to various embodiments, the token vault may also maintain other attributes of the token requestor that may be determined at the time of registration. The attributes may be used by the token service provider to apply domain restrictions or other controls during transaction processing. In some embodiments, the token vault may be a part of the token service system or the 
	note that the so called token related domain control or restriction is "identified" by the issuer ("token requestor" as above) of the domain control. The claim term "identified" is a super broad term, which term includes (under examiner's obligation to employ Broadest Reasonable Interpretation (BRI) of claim terms) in its meaning that the issuer of the tokens simply recognizes the existence of something. Here, the attributes regarding token domain controls / restrictions are "identified" or recognized by "issuer" (the above noted "token requestor") who then provides these exact token controls / restrictions to the so called token service provider.
requesting, by the issuer of a financial instrument and from a third-party token service provider, ("As explained above, in some embodiments, the same payment token that represents a certain payment account can be held and used by different token requestors 115 (e.g., mobile devices 315, merchants 130, third-party token providers, etc.). As a result, each time the payment account is used for a transaction, the acquirer computer 135 may receive the same payment token in an authorization request message, regardless of the payment domain. As a result, the acquirer computer 135 may also be able use the payment token to track user 120 activity, as already described for the merchant computer 130 above.", [095]) and ("The method comprises receiving, by a data processor in a token request from a first token requestor computer, the first token request including a value credential and a first domain identifier. The method also comprises identifying a value token associated with the value credential, generating a first token code associated with the value token, assigning the value token and the first token code to the first domain identifier, and transmitting the value token and the first token code to the first token requestor computer. The first token requestor subsequently uses the value token for an interaction, and the first token requestor's subsequent use of the value token is valid if the value token is accompanied by the first token code.", [005]);
generation of the device specific payment token comprising a pass- through indicator, under examiner's obligation to use Broadest Reasonable Interpretation (BRI) of claim terms, anything  - including information - of whatsoever kind which indicates (i.e., it points out, designates, marks, identifies, singles out, calls attention to, displays, exhibits, or makes clear) that the token is to "pass through" the transaction (i.e., without restriction) is a so called "pass - through indicator", ... ("The method also comprises identifying a value token associated with the value credential, generating a first token code associated with the value token, assigning the value token and the first token code to the first domain identifier, and transmitting the value token and the first token code to the first token requestor computer. The first token requestor subsequently uses the value token for an interaction,", [005]) and ("The security token includes an NFC transceiver, a memory in communication with the NFC transceiver, the memory storing transaction information, and logic on the memory for communicating the based on a determination that no restriction is present.", [006]), the token is generated, then it communicates to the POS that no token restriction is present i.e., that it indicates that it may "pass through" the transaction without any token related restriction;
wherein a payment network is configured to receive in a transaction request comprising the device-specific payment token, and is configured to pass the transaction request through without applying the issuer-applied domain-specific control or restriction in response to the pass-through indicator; ("At step S622, the merchant computer 130 may analyze the payment token and/or the domain ID. For example, the merchant computer 130 may track user 120 activity based on the payment token, and may use the payment token to perform fraud risk analysis (e.g., check a blacklist and determine transaction velocity), process loyalty-related services, update a user 120 record, and perform any other suitable operations (e.g., via the global analysis module 130H). The merchant computer 130 may not view or utilize the token code, and may simply pass the token code along in the authorization request message.", [0128]) and ("Another advantage in embodiments is that the system may be relatively easy to adopt. Merchants, acquirers, and other involved entities may be able to engage in the token system by simply passing along a token code and/or domain ID in an authorization message. ...  The token vault may be able to orchestrate issuing, authentication, and maintenance of payment tokens, token codes, and domain IDs such that other entities are not burdened.", [0163]) and ("The security token includes an NFC transceiver, a memory in communication with the NFC a determination that no restriction is present.", [006]), the token may communicate as above during the POS transaction that there is no restriction with respect to the token and can pass the transaction request through; 
receiving, from the third-party token service provider, the device specific payment token comprising the pass-through indicator; and ("Various entities of a tokenization ecosystem may assume the roles of the token service provider. For example, payment networks and issuers or their agents may become the token service provider by implementing the token services according to embodiments of the present invention.", [034]) and ("At step S622, the merchant computer 130 may analyze the payment token and/or the domain ID. For example, the merchant computer 130 may track user 120 activity based on the payment token .   .   .   The merchant computer 130 may not view or utilize the token code, and may simply pass the token code along in the authorization request message
storing an association of the issuer-applied domain-specific control or restriction and the device specific  payment token ("Additionally, a digital wallet provider may also provide one or more of the following functions: storing multiple payment cards and other payment products on behalf of a user, storing other information including billing address, shipping addresses, and transaction history, initiating a transaction by one or more methods, such as providing a user name and password, NFC or a physical token, and may facilitate pass-through or two-step transactions.", [047]); any kind of tokens which may be allowed to "pass through" the transaction are stored; 
wherein, in response to receiving the transaction request with the device specific payment token from the payment network, the issuer retrieves the issuer-applied domain-specific control or restriction associated with the device specific payment token and applies the issuer-applied domain-specific control or restriction to the transaction request. Note that this limitation is interpreted under BRI as simply requiring that the issuer apply restrictions to the token in response to receiving the token transaction communique from a payment network, . . .  ("identifying a value credential associated with the value token, adding the value credential to the first authorization request message, sending the first authorization request message to an authorizing entity computer, receiving a first authorization response message including the value credential from the authorizing entity computer, replacing the value credential with the value token and the first token code in the first authorization response message, and forwarding the first authorization response message.", [008]),
here, the authorizing / issuing system places token related value credential / restrictions upon its authorization in response to receiving the token transaction communique from a payment network.
Kumnick does not expressly teach, but Hruska teaches:
on a device specific payment token for the financial instrument;  ("A secure system and method are disclosed to effectuate financial transactions over a secure internet backbone establishing and using a secure closed loop financial transactional system encompassing a proxy account and a pre-registered personal handheld mobile device to the account a preregistered merchant where all funds within the account remain in an “inactive” non-usable state until activated and allocated only by the consumer's registered mobile handheld device using a unique, time sensitive, device specific and merchant specific transactional token initially developed on the system's backend and subsequent token activation completion by the intended specific registered mobile device and by the intended merchant application.", [ABSTRACT]);
wherein the issuer- applied domain-specific control and the issuer-applied domain-specific restriction prevent the device-specific payment token from being used with a device other than the electronic device  ("Consumers using their pre-registered mobile device can transact business by having the backend mobile wallet system generate a unique consumer, merchant and device specific, single-use, time-sensitive, alpha-numeric inactive digital token and the transactional server encrypting these tokens with a consumer's personal 
It would have been obvious to one of ordinary skill in the art before the effective filing date of this application to have modified Kumnick to incorporate the teachings of Hruska because Kumnick would increase security if it were to expressly utilize a device specific protocol as done in Hruska. ("The invention describes a consumer setting up a financial proxy account; a unique registration and authentication process of the consumer's mobile handheld device which has its own unique identifier (UDID) to the consumer's financial proxy account,", see [004] of Hruska.).

The combination of Kumnick and Hruska do not expressly disclose, but Bauer teaches:
that is provisioned to an electronic wallet on an electronic device, ("A mobile payment method, system and graphical user interface are described that facilitate efficient and secured payment transactions from an electronic wallet on a user portable electronic device with a merchant point of sale terminal over a contactless communications link. In one aspect, the electronic wallet includes a flag indicating whether input of the passcode is required to access the electronic wallet, which flag can be set by a remote device. In another aspect, a shortcut is provided to directly execute the payment features of the electronic wallet application software.", [ABSTRACT]);
It would have been obvious to one of ordinary skill in the art before the effective filing date of this application to have modified the combination of Hruska and Kumnick Bauer to make the method more versatile and to make it doubly and expressly clear that the method may be performed on an electronic wallet.
Regarding claim 2:
The combination of Kumnick, Hruska, and Bauer disclose the limitations of claim 1:
Kumnick further teaches:
wherein the pass-through indicator is a bank identification number.  ("The token service provider may collect information pertaining to the nature of the requestor and the relevant use of tokens to validate and formally approve the token requestor and establish appropriate domain restriction controls. Successfully registered token requestors may be assigned a domain ID that may also be entered and maintained within the token vault. Token requestors may be revoked or assigned new domain ID.", [038]) and ("A “token domain” may indicate an area and/or circumstance in which a token can be used. Examples of the token domain may include, but are not limited to, payment channels (e.g., e-commerce, physical point of sale, etc.), POS entry modes (e.g., contactless, magnetic stripe, etc.), and merchant identifiers to uniquely identify where the token can be used. A set of parameters (i.e. token domain restriction controls) may be established as part of token issuance by the token service provider that may allow for enforcing appropriate usage of the token in payment transactions.", [039]);
Regarding claim 3:
The combination of Kumnick, Hruska, and Bauer disclose the limitations of claim 1:
Kumnick 
wherein the pass-through indicator is a cryptogram parameter for the payment token. ("Some exemplary token domain restriction controls may require the verification of the presence of a token cryptogram that is unique to a given transaction. In some embodiments, a token domain can be associated with a token requestor. For example, a token requestor may request tokens for a certain domain, and both the token requestor and domain may be identified by a certain domain ID.", [039]) and ("Accordingly, token codes may be protected by encryption, secure storage, and any other suitable safeguarding. In some embodiments, the token code may also be used in the creation of a cryptogram.", [0105]).  
Regarding claim 4:
The combination of Kumnick, Hruska, and Bauer disclose the limitations of claim 1:
Kumnick further teaches:
wherein the third-party token service provider is not associated with a payment network.  ("Various entities of a tokenization ecosystem may assume the roles of the token service provider. For example, payment networks and issuers or their agents may become the token service provider by implementing the token services according to embodiments of the present invention. ", [034]), payment networks and token service providers may have been previously unassociated prior to the, for example, POS transaction regarding the token.
Regarding claim 5:
Cancelled.

Regarding claim 6:
The combination of Kumnick, Hruska, and Bauer disclose the limitations of claim 1:
Kumnick further teaches:
wherein the issuer-applied domain-specific control or the issuer applied domain specific restriction is dynamic.  ("Examples of account information may include a PAN (primary account number or “account number”), user name, expiration date, CVV (card verification value), dCVV (dynamic card verification value),", [029]) and ("but it may still be possible to track user 120 activity based on the payment token, as the payment token can remain static and can be submitted by multiple entities. The security of the payment token can be maintained by incorporating the token code and the domain ID, as the payment token may only be valid if accompanied by a valid token code and domain ID. Thus, with minimal changes to existing systems, payment security is improved without sacrificing the ability to track user 120 activity.", [0144]).
Regarding claim 7:
The combination of Kumnick, Hruska, and Bauer disclose the limitations of claim 1:
Kumnick further teaches:
wherein the issuer-applied domain-specific  control or the issuer-applied domain-specific controls use of the payment token with a certain merchant, with a certain device, in a certain environment, at a certain time, in a certain geography, or at a certain authentication level.  ("The attributes may be used by the token service provider to apply domain restrictions or other controls during transaction processing.", [036]) and ("The token service provider may collect 


Conclusion


Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, and is:
Lindner (US20160217459A1) is relevant because it teaches a “virtual vault … created to store the relationship between an issued token and an associated funding account and/or or PAN… a cryptogram associated with the token may 
Aabye (US20170255932A1) is relevant because it teaches “systems and methods for combining domain restriction with remote authentication to prevent unauthorized transactions from being conducted over a computer network such as the Internet. An online transaction can be conducted with a token instead of a real account identifier. The token may have domain restriction to limit how the token can be used.” [0003].
Dogin (US20190197616A1) “Tokens used with one or more embodiments may, but need not, conform to the specification? EMV® Payment Tokenisation Specification 6.2.4 explains how device ID can be used and page 46 thereof addresses token location information (e.g., for a token residing on a device). Page 68 thereof notes that the Token Cryptogram generated from the mobile device along with POS Entry Mode will serve as the Domain Restriction Control fields that will be used by the Token Service Provider to validate the integrity of the transaction using that Payment Token.” [0154].

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW COBB whose telephone number is (571) 272-3850.  The examiner can normally be reached, M - F, 9 - 5, CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Michael Anderson can be reached at (571) 270-0508. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have  any questions regarding access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/MATTHEW COBB/ Examiner, Art Unit 3698

/BRUCE I EBERSMAN/Primary Examiner, Art Unit 3698