DETAILED ACTION
This action is in response to applicant’s amendment dated 12/08/2021.
Claims 1-3, 5-7, 9, 15, 18, 22, 26, 29 are amended
No claims have been added or canceled. 
Claims 1-29 are pending and have been examined on the merits.

Response to Amendment
	Applicant’s amendments dated 12/08/2021 have been fully considered. 


Response to Arguments
	Regarding Claims 1, 15, 18, applicant asserts that the prior art does not disclose that two forms of IDs are utilized in generating a token. However, it is noted that the prior art discloses that a MVV is used and a TDK in the overall process of generating a token. Furthermore, it is noted that the TDK and the account Identifier are then further used for the final generation of the token. Therefore applicant’s arguments are not persuasive.
	Regarding Claims 22, 26, 29 applicant asserts that a MVV and a TDK cannot be independently selected. However, an Account Identifier and a MVV/TDK may be independently selected. Therefore applicant’s arguments are not persuasive. 
	 Applicant’s arguments are generally directed to the utilization of various combinations of data in the processes as recited. However, as performing various combinations of data is merely an obvious variation via duplication of parts/processes with a limited number of expected results, there is no particular or special result that occurs based on the number of repeated processing of different combinations of data. Therefore such repetitions and variations are within the realm of obviousness to one of ordinary skill in the art. 



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-6, 10-17 are rejected under 35 U.S.C. 103 as being unpatentable over BASU  (US 2012/0041881 Al) in view of GRIFFIN (US 10,025,941 B1).

Regarding claim 1:
BASU, which like the present invention is directed to systems and methods for providing an account token, teaches receiving, by a tokenization engine, data to be protected which is provided by a data provider and obtained by or on behalf of a data controller; ([0005-0007], “Other examples of data centers include acquirers and acquirer processors. An acquirer is typically a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant. Acquirers may facilitate and manage financial transactions on behalf of merchants… For example, once a transaction has completed, the merchant may request information specifically for that transaction by sending a report request message to the acquirer or acquirer processor. The acquirer or acquirer processor may respond to the report request message by sending full payment information related to the specified transaction to the merchant. To provide full payment information back to the merchant as part of these financial reports, the acquirer or acquirer processor may store the credit card numbers involved in the transactions. Accordingly, the acquirer or 
Determining, based on the type of affiliation for tokenization specified in the schema, a unique data controller ID for the data controller; determining a unique data provider ID for the data provider ;([0032-0043], “As used herein, an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers. A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message… As used herein, a "token derivation key" can refer to any piece of information that is used as a parameter of a tokenization algorithm… To illustrate, when a consumer swipes a credit card at a merchant's store to purchase an item, a bank associated with the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… and then generate an account token of the account identifier using the token derivation key.).
generating, by the tokenization engine, a corresponding token based on a combination of the data controller ID, the data provider ID and the data to be protected, wherein the token is a reference that maps back to the data to be protected; and ([0033-0034], [0041], [0043], [0070], “As used herein, an "account 
storing the data controller ID in combination with the data provider ID and the data to be protected in a data vault, wherein the data to be protected is accessible from the data vault when the corresponding token is presented. ([0044], “ In some embodiments, a merchant and/or support system does not have access to the reverse token derivation keys needed to transform the account tokens to the corresponding account identifiers. Instead, a tokenization server stores the reverse token derivation keys. Therefore, the risk of compromised cardholder data is further limited in that a fraudster may have to breach the merchant and/or support system to obtain the account tokens and may also have to breach the tokenization server to obtain the reverse token derivation keys.)
BASU does not specifically disclose, but GRIFFIN an analogous art of BASU and the current application, teaches accessing a schema for an online store of a merchant, determining a type of affiliation for tokenization specified in the schema, wherein the type of affiliation includes at least one of per-schema affiliation and a per-field affiliation;… based on the type of affiliation for tokenization specified in the schema.  
It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention to combine the teachings of using schemas to determine tokenization procedures and data processing as disclosed by GRIFFIN to the teachings of using tokens for a variety of data as disclosed by BASU by having data centers and processors determine schema matched to an entity and use them for tokenization. Such a combination would be performed in order to allow for the tokenization process to be utilized by a variety of payment processing systems and merchants thereby allowing for an increase in security while still being available for as many people as possible. 

Regarding independent claim 15:
BASU discloses a system comprising: a tokenization engine that receives data to be protected which is provided by a data provider and obtained by or on behalf of a data controller; ([0032-0043, “an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers. A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message.)
a data vault; ([0044], “a tokenization server stores the reverse token derivation keys.”)
wherein the tokenization engine is enabled to …determine a unique data controller ID associated with the data controller and a unique data provider ID associated with the data provider and generate a corresponding token based on a combination of the data controller ID, the data provider ID and the data to be protected, wherein the token is a reference that maps back to the data to be protected; ([0032-0040], [0070], “As used herein, an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers. A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message;…the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter. This and other techniques are described in greater detail below.”)
wherein the data vault stores the data controller ID in combination with the data provider ID and the data to be protected, wherein the data to be protected is accessible from the data vault when the corresponding token is presented  ([0044], “In some embodiments, a merchant and/or support system does not have access to the reverse token derivation keys needed to transform the account tokens to the corresponding account identifiers. Instead, a tokenization server stores the reverse token derivation keys. Therefore, the risk of compromised cardholder data is further limited in that a fraudster may have to breach the merchant and/or support system to obtain the account tokens and may also have to breach the tokenization server to obtain the reverse token derivation keys.”)
BASU does not specifically, but GRIFFIN an analogous art of BASU and the current application, teaches accessing a schema for an online store of a merchant, determining a type of affiliation for tokenization specified in the schema, wherein the type of affiliation includes at least one of per-schema affiliation and a per-field affiliation;… based on the type of affiliation for tokenization specified in the schema.  (Col/Line11/15-12/15, “ In other arrangements, the TSP computing system 104 receives a data package of the service call and file and subsequently determines which tokenization schemas (e.g., random number, hash, encryption, FPE) to implement, any additional XML Path attributes that need to be generated, and additional changes to the tokenization manifest to properly restrict the file and data elements.”).
It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention to combine the teachings of using schemas to determine tokenization procedures and data processing as disclosed by GRIFFIN to the teachings of using tokens for a variety of data as disclosed by BASU by having data centers and processors determine schema matched to an entity and use them for tokenization. Such a combination would be performed in order to allow for the tokenization process to be utilized by a variety of payment processing systems and merchants thereby allowing for an increase in security while still being available for as many people as possible. 

Regarding claims 2 and 16:
BASU further teaches the data provider is one of the merchant or a customer of the merchant. ([0003-0004], “To protect sensitive information from such fraud, a data center may encrypt the data it stores. For example, a merchant may wish to track financial transactions at one or more stores to gain insight on the purchasing tendencies of its customers… A merchant processor that performs payment gateway services on behalf of a merchant is another example of a data center. For example, the merchant processor (as provided by CYBERSOURCE™, of Mountain View, Calif.), may receive payment information from a merchant computer, process the payment information into the format of an authorization request message, send the authorization request message to the appropriate payment processing network ( as may be offered the merchant can provide a good or service to a customer.”)

Regarding claims 3 and 17:
BASU further teaches the data controller is one of an e-commerce platform and the merchant ([0005-0007], “An acquirer is typically a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant. Acquirers may facilitate and manage financial transactions on behalf of merchants. An acquirer processor is typically a transaction processing entity that has a business relationship with a particular acquirer. Acquirer processors may provide merchants with transaction clearing, settlement, billing and reporting services. In addition to the payment services described above, the acquirer or acquirer processor can also provide a variety of financial reports to the merchants registered for its services… the merchant may request information specifically for that transaction by sending a report request message to the acquirer or acquirer processor. The acquirer or acquirer processor may respond to the report request message by sending full payment information related to the specified transaction to the merchant. To provide full payment information back to the merchant as part of these financial reports, the acquirer or acquirer processor may store the credit card numbers involved in the transactions. Accordingly, the acquirer or acquirer processor can be a form of a data center that stores cardholder information and other sensitive information… the acquirer or acquirer processor may protect the cardholder information against potential fraudsters. In one approach, the acquirer or acquirer processor may encrypt the credit card numbers that it receives. Further, to avoid collisions between the credit card numbers, the acquirer or acquirer processor may use an encryption key specific to each merchant when the acquirer or acquirer processor encrypts an account number, for example.”)

Regarding claim 4:
BASU further teaches authenticating, by the tokenization engine, access to the data to be protected upon receipt of the corresponding token. ([0044-0045], “In some embodiments, a merchant and/or support system does not have access to the reverse token derivation keys needed to transform the account tokens to the corresponding account identifiers. Instead, a tokenization server stores the 

Regarding claim 5:
BASU further teaches a different token is generated for the same data to be protected if associated with a different data controller ID. ([0071], “The normalization module 228 may provide facilities that allow the payment processing network 140 to transform an account token from a first account token form to a second account token form. Such may be an advantage for comparing the account tokens received by two or more merchants. This is because the account tokens generated by the tokenization module 226 are merchant specific. As explained below, the normalization module 228 may provide a scheme for generating an account token common to one or more merchants to provide for comprehensive analytics and services, as may be provided by merchant support systems”).

Regarding claim 6:
BASU further teaches a different token is generated for the data to be protected if associated with a different data provider ID. ([0032-0045], “an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols... the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank… because an account token is received in the authorization response message in addition to or in lieu of the actual account identifier, the apparatuses, methods, and systems described herein also reduce 

Regarding claim 10:
BASU further teaches transmitting the data provider ID and the token for storage in a database of an e-commerce platform.([0063-0065], “In some embodiments, an account token 128 can be generated and sent to the merchant computer 120 and/or the acquirer computer 130. The merchant computer 120 and/or acquirer computer 130 can store the account token 128 in account token database 126. In other embodiments, an account token 158 can be generated and sent to a support computer 150. The support computer 150 can store the account token 158 in account token database 156. …During the clearing process, the acquirer computer 130 can send the account token 128 to the payment processing network 140. The payment processing network 140 may then use the reverse token derivation key for the particular merchant to retrieve the corresponding account identifier. The payment processing network 140 can send the account identifier to the issuer computer 160 to perform clearing and settlement…. Once clearing and settlement are performed, the merchant computer 120 may remove the account identifiers stored in their systems... As an advantage of embodiments of the invention, the merchant computer 120 may retain the account tokens, thereby allowing customer analytics, as described above.”)

Regarding claims 11:
BASU further teaches the data provider ID comprises at least one of a ID kind and an ID value. ([0032-0045], “As used herein, an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers... the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank… because an account token is received in the authorization response message in addition to or in lieu of the actual account identifier, the apparatuses, methods, and systems described herein also reduce merchant post-processing efforts needed to support encryption or hashing of the account numbers after the authorization response message is received.” Changing inputs changes tokens)

 Regarding to claims 12:
BASU further teaches the data controller ID comprises at least one of a controller kind, an ID kind, and an ID value. ([0032-0045], “As used herein, an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers... the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank… because an account token is received in the authorization response message in addition to or in lieu of the actual account identifier, the apparatuses, methods, and systems described herein also reduce merchant post-processing efforts needed to support encryption or hashing of the account numbers after the authorization response message is received.” Changing inputs changes tokens)

Regarding to claim 13:
BASU further teaches authorizing a data analysis to be performed on the data controller and the data provider and using the corresponding token as a placeholder. ([0046-0048], “As a further advantage, the merchant can use the tokenized account identifier to conduct customer analytics in lieu of the original card identifier… Embodiments of the invention provide a method to tokenize the account identifier so that it can be used in lieu of the actual account identifier to perform merchant customer analytics…embodiments of the invention may facilitate customer analytics that allow merchants to measure the velocity of purchases to provide various customer loyalty services. For example, based on an application observing the account tokens, the merchant may provide a benefit to repeat customers (e.g., if a customer purchases the same product on five occasions, the merchant can provide the customer with an additional product at no cost).”)

Regarding to claim 14:
BASU further teaches receiving and authenticating, by the tokenization engine, the corresponding token, and authorizing a data analysis to be performed on the data controller and the data provider using the data to be protected when the corresponding token is authenticated. ([0045-0048], ”… an account token is received in the authorization response message in addition to or in lieu of the actual account identifier, the apparatuses, methods, and systems described herein also reduce merchant post-processing efforts needed to support encryption or hashing of the account numbers after the authorization response message is received. As a further advantage, the merchant can use the tokenized account identifier to conduct customer analytics in lieu of the original card identifier… Embodiments of the invention provide a method to tokenize the account identifier so that it can be used in lieu of the actual account identifier to perform merchant customer analytics…embodiments of the invention may facilitate customer analytics that allow merchants to measure the velocity of purchases to provide various customer loyalty services. For example, based on an application observing the account tokens, the merchant may provide a benefit to repeat customers (e.g., if a customer purchases the same product on five occasions, the merchant can provide the customer with an additional product at no cost).”)


Claims 18, 26-29 are rejected under 35 U.S.C. 103 as being unpatentable over 103 BASU  (US 2012/0041881 Al).
Regarding independent claim 18:
BASU discloses a method comprising receiving, by a tokenization engine, data to be protected which is provided by a customer and obtained by or on behalf of a merchant ([0005-0007], “Acquirers may facilitate and manage financial transactions on behalf of merchants. An acquirer processor is typically a transaction processing entity that has a business relationship with a particular acquirer. Acquirer processors may provide merchants with transaction clearing, settlement, billing and reporting services. In addition to the payment services described above, the acquirer or acquirer processor can also provide a variety of financial reports to the merchants registered for its services. For example, once a transaction has completed, the merchant may request information specifically for that transaction by sending a report request message to the acquirer or acquirer processor. The acquirer or acquirer processor may respond to the report request message by sending full payment information related to the specified transaction to the merchant. To provide full payment information back to the merchant as part of these financial reports, the acquirer or acquirer processor may store the credit card numbers involved in the transactions. Accordingly, the acquirer or acquirer processor can be a form of a data center that stores cardholder information and other sensitive information… acquirer processor may protect the cardholder information against potential fraudsters. In one approach, the acquirer or acquirer processor may encrypt the credit card numbers that it receives. Further, to avoid collisions between the credit card numbers, the acquirer or acquirer processor may use an encryption key specific to each merchant when the acquirer or acquirer processor encrypts an account number, for example.”)
determining a merchant ID associated with the merchant, wherein the merchant ID ios unique for each merchant; determining a customer ID associated with the customer, wherein the customer ID is unique for each customer; ([0032-0040], [0070],“As used herein, an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers. A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message… the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter.”)
generating, by the tokenization engine, a corresponding token based on a combination of the data controller ID, the data provider ID and the data to be protected, wherein the token is a reference that maps back to the data to be protected; and ([0041-0043], [0070], “As used herein, an "account token" can refer to the result of transforming an account identifier into a form that is not considered sensitive in the context of the environment in which the account token resides. As used herein, a "token derivation key" can refer to any piece of information that is used as a parameter of a tokenization algorithm… a bank associated with the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… and then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank….By communicating an account token to the merchant, example embodiments can provide comparatively secure communication and comparatively secure storage for sensitive information, such as the cardholder data (e.g., credit card number) and other financial information... tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter. “)
storing the merchant ID with the customer ID and the data to be protected in a data vault, wherein the data to be protected is accessible from the data vault when the corresponding token is presented. (Paragraph 0044, “In some embodiments, a merchant and/or support system does not have access to the reverse token derivation keys needed to transform the account tokens to the corresponding account identifiers. Instead, a tokenization server stores the reverse token derivation keys. Therefore, the risk of compromised cardholder data is further limited in that a fraudster may have to breach the merchant and/or support system to obtain the account tokens and may also have to breach the tokenization server to obtain the reverse token derivation keys.”)
BASU does not explicitly disclose and wherein ta different corresponding token is generated for each separate triplet of merchant ID, customer, ID, and data to be protected. However, such a process merely reads on the duplication of parts/processes. Therefore it would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to perform the processes described above as often or as many times as desired with any variety of data as desired. In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960)

Regarding independent claim 26:
BASU discloses a method comprising: receiving, by a tokenization engine, first and second data to be protected; ([0005-0007], “Other examples of data centers include acquirers and acquirer processors. An acquirer is typically a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant. Acquirers may facilitate and manage financial transactions on behalf of merchants. An acquirer processor is typically a transaction processing entity that has a business relationship with a particular acquirer. Acquirer processors may provide merchants with transaction clearing, settlement, billing and reporting services. In addition to the payment services described above, the acquirer or acquirer processor can also provide a variety of financial reports to the merchants registered for its services. For example, once a transaction has completed, the merchant may request information specifically for that transaction by sending a report request message to the acquirer or acquirer processor. The acquirer or acquirer processor may respond to the report request message by sending full payment information related to the specified transaction to the merchant. To provide full payment information back to the merchant as part of these financial reports, the acquirer or acquirer processor may store the credit card numbers involved in the transactions. Accordingly, the acquirer or acquirer processor can be a form of a data center that stores cardholder information and other sensitive information. For the reasons described above, the acquirer or acquirer processor may protect the cardholder information against potential fraudsters. In one approach, the acquirer or acquirer processor may encrypt the credit card numbers that it receives. Further, to avoid collisions between the credit card numbers, the acquirer or acquirer processor may use an encryption key specific to each merchant when the acquirer or acquirer processor encrypts an account number, for example”)
receiving, by the tokenization engine, a first data controller ID associated with a first data controller and a first data provider ID associated with the first data provider corresponding to the first data to be protected; ([0032-0043], [0070], “an "account identifier" can refer to any information that identifies an account that holds value for a user... An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers. A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message... tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter.”)
receiving, by the tokenization engine, a second data controller ID associated with a second data controller ([0032-0040], [0070], “As used herein, an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers. A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message... tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter.”)”).
receiving, by the tokenization engine, a second data provider ID associated with a second data provider; ([0032-0043], [0070], “an "account identifier" can refer to any information that identifies an account that holds value for a user... An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers. A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message... tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter.”)
generating, by the tokenization engine, a corresponding first token for the first data controller ID in combination with the first data provider ID and in combination with the first data to be protected, wherein the first token is a reference that maps back to the first data to be protected; and ([ 0033-0045], [0071], “an "account token" can refer to the result of transforming an account identifier into a form that is not considered sensitive in the context of the environment in which the account token resides. As used herein, a "token derivation key" can refer to any piece of information that is used as a parameter of a tokenization algorithm…., a bank associated with the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network…and then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank... By communicating an account token to the merchant, example embodiments can provide comparatively secure communication and comparatively secure storage for sensitive information, such as the cardholder data (e.g., credit card number) and other financial information... the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the , the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter. “)
generating, by the tokenization engine a  corresponding second token based on a combination of the second data controller ID the first data provider ID, and the first data to be protected. ([ 0033-0045], [0071], “an "account token" can refer to the result of transforming an account identifier into a form that is not considered sensitive in the context of the environment in which the account token resides. As used herein, a "token derivation key" can refer to any piece of information that is used as a parameter of a tokenization algorithm…., a bank associated with the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network…and then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank... By communicating an account token to the merchant, example embodiments can provide comparatively secure communication and comparatively secure storage for sensitive information, such as the cardholder data (e.g., credit card number) and other financial information... the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter. “)
generating, by the tokenization engine, a corresponding third token based on a combination of the first data controller ID, the second data provider ID, and the first data to be protected; ([ 0033-0045], [0071], “an "account token" can refer to the result of transforming an account identifier into a form that is not considered sensitive in the context of the environment in which the account token resides. As used herein, a "token derivation key" can refer to any piece of information that is used as a parameter of a tokenization algorithm…., a bank associated with the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network…and then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank... By communicating an account token to the merchant, example embodiments can provide comparatively secure communication and comparatively secure storage for sensitive information, such as the cardholder data (e.g., credit card number) and other financial information... the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter. “)
…storing the first data controller ID in combination with the first data provider ID and the first data to be protected in a data vault, wherein the first data to be protected is accessible from the data vault when the corresponding first token is presented; and ([0044], “In some embodiments, a merchant and/or support system does not have access to the reverse token derivation keys needed to transform the account tokens to the corresponding account identifiers. Instead, a tokenization server stores the reverse token derivation keys. Therefore, the risk of compromised cardholder data is further limited in that a fraudster may have to breach the merchant and/or support system to obtain the account tokens and may also have to breach the tokenization server to obtain the reverse token derivation keys.”)
storing the second data controller ID in combination with the first data provider ID and the first data to be protected in the data vault, wherein the second data to be protected is accessible form the data vault when the corresponding second token is presented; and storing the first data controller ID in combination with the second data provider ID and the first data to be protected in a data vault, wherein the first data to be protected is accessible from the data vault when the corresponding third token is presented. ([0044], “In some embodiments, a merchant and/or support system does not have access to the reverse token derivation keys needed to transform the account tokens to the corresponding account identifiers. Instead, a tokenization server stores the reverse token derivation keys. Therefore, the risk of compromised cardholder data is further limited in that a fraudster may have to breach the merchant and/or support system to obtain the account tokens and may also have to breach the tokenization server to obtain the reverse token derivation keys.”)
	BASU does not explicitly disclose that the second and third versions and combinations of these processes are performed. However, such processes merely read as the duplication of parts/processes.  Therefore it would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to perform the processes described above as often or as many times as desired with any variety of data as desired, e.g. using a second data controller ID with the first data provider ID and first data to be protected.) In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960)

Regarding independent claim 29:
BASU discloses a method comprising: receiving, by a tokenization engine, first and second data to be protected; ([0005-0007], “Other examples of data centers include acquirers and acquirer processors. An acquirer is typically a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant. Acquirers may facilitate and manage financial transactions on behalf of merchants… For example, once a transaction has completed, the merchant may request information specifically for that transaction by sending a report request message to the acquirer or acquirer processor. The acquirer or acquirer processor may respond to the report request message by sending full payment information related to the specified transaction to the merchant. To provide full payment information back to the merchant as part of these financial reports, the acquirer or acquirer processor may store the credit card numbers involved in the transactions. Accordingly, the acquirer or acquirer processor can be a form of a data center that stores cardholder information and other sensitive information… acquirer processor may encrypt the credit card numbers that it receives. Further, to avoid collisions between the credit card numbers, the acquirer or acquirer processor may use an encryption key specific to each merchant when the acquirer or acquirer processor encrypts an account number, for example.”)
determining, by the tokenization engine, a first data controller ID associated with a data controller; determining a data provider ID associated with the data provider corresponding to the first data to be protected; ([0032-0040], [0070], “an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols… A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter.”)
determining, by the tokenization engine, a second data provider ID associated with a second data provider corresponding to the second data to be protected; ([0032-0040], [0070], “an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols… A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned , the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter.”)
generating, by the tokenization engine, a corresponding first token, wherein the first token is unique for the data controller ID, the first data provider ID and the first data to be protected, wherein the first token is a reference that maps back to the first data to be protected; (Paragraph 0033-0034, 0041-0043, 0070, “an "account token" can refer to the result of transforming an account identifier into a form that is not considered sensitive in the context of the environment in which the account token resides. As used herein, a "token derivation key" can refer to any piece of information that is used as a parameter of a tokenization algorithm… a bank associated with the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… and then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank… By communicating an account token to the merchant, example embodiments can provide comparatively secure communication and comparatively secure storage for sensitive information, such as the cardholder data (e.g., credit card number) and other financial information... the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter. “)
generating, by the tokenization engine, a corresponding second token, wherein the second token is unique for the data controller ID, the second data provider ID and the second data to be protected, wherein the second token is a reference that maps back to the second data to be protected; (Paragraph 0033-0034, 0041-0043, 0070, “an "account token" can refer to the result of transforming an account identifier into a form that is not considered sensitive in the context of the environment in which the account token  As used herein, a "token derivation key" can refer to any piece of information that is used as a parameter of a tokenization algorithm… a bank associated with the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… and then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank… By communicating an account token to the merchant, example embodiments can provide comparatively secure communication and comparatively secure storage for sensitive information, such as the cardholder data (e.g., credit card number) and other financial information... the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter. “)
storing the data controller ID in combination with the first data provider ID and the first data to be protected in a data vault, wherein the first data to be protected is accessible from the data vault when the corresponding first token is presented; and (Paragraph 0044, “In some embodiments, a merchant and/or support system does not have access to the reverse token derivation keys needed to transform the account tokens to the corresponding account identifiers. Instead, a tokenization server stores the reverse token derivation keys. Therefore, the risk of compromised cardholder data is further limited in that a fraudster may have to breach the merchant and/or support system to obtain the account tokens and may also have to breach the tokenization server to obtain the reverse token derivation keys”).
storing the data controller ID in combination with the second data provider ID and the second data to be protected in the data vault, wherein the second data to be protected is accessible from the data vault when the corresponding second token is presented. (Paragraph 0044, “In some embodiments, a merchant and/or support system does not have access to the reverse token derivation keys needed to transform the account tokens to the corresponding account identifiers. Instead, a tokenization server stores the reverse token derivation keys. Therefore, the risk of compromised cardholder data is further limited in that a fraudster may have to breach the merchant and/or support system to obtain the account tokens and may also have to breach the tokenization server to obtain the reverse token derivation keys”). 
BASU does not explicitly disclose that the second versions and combinations of these processes are performed. However, such processes merely read as the duplication of parts/processes.  Therefore it would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to perform the processes described above as often or as many times as desired with any variety of data as desired, e.g. using a second data controller ID with the first data provider ID and first data to be protected.) In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960)

Regarding claim 27:
BASU further teaches the data provider ID comprises at least one of a ID kind and an ID value. ([0032-0045], “As used herein, an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers... the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank… because an account token is received in the authorization response message in addition to or in lieu of the actual account identifier, the apparatuses, methods, and systems described herein also reduce merchant post-processing efforts needed to support encryption or hashing of the account numbers after the authorization response message is received.” Changing inputs changes tokens)

 Regarding to claim 28:
the data controller ID comprises at least one of a controller kind, an ID kind, and an ID value. ([0032-0045], “As used herein, an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers... the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank… because an account token is received in the authorization response message in addition to or in lieu of the actual account identifier, the apparatuses, methods, and systems described herein also reduce merchant post-processing efforts needed to support encryption or hashing of the account numbers after the authorization response message is received.” Changing inputs changes tokens)


Claim 7 is rejected as being unpatentable under 35 U.S.C. 103 over BASU  (US 2012/0041881 Al) in view of GRIFFIN (US 10,025,941 B1) as applied above in further view of DETELLA (US 10,565,596 B2).

Regarding claim 7:
DETELLA, in an analogous art of providing data in compliance with data security standards, teaches providing placeholder data in a case of a missing data controller ID and in the case of a missing data provider ID. (Col/Line: 4/42-44, “In one embodiment, the field options may also specify placeholder data for the field.)
It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings of using placeholder data as disclosed by DETELLA to the teachings of using data .

 Claims 8-9, are rejected under 35 U.S.C. § 103 as being unpatentable over BASU (US 2012/0041881 Al) in view of GRIFFIN (US 10,025,941 B1) as applied above in further view of VELTMAN (US2019/0370487 A1).

Regarding claim 8:
VELTMAN, an analogous art of BASU and the current application, teaches deleting the data to be protected in the data vault upon receipt of a request by the data provider to delete the data to be protected. ([0028], “The system 100 provides a centralized privacy vault 111 that is centrally controlled , such that should a user request removal of private / sensitive information ; the deletion can occur in one location and each of the retailers are assured to be on compliance with government regulations and the users are assured that the private/sensitive information is removed from the Internet.”)
It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings of deleting data when requested as disclosed by VELTMAN to the teachings of using data to form tokens and store them as disclosed by the combination of BASU and GRIFFIN by allowing data that is stored in memory be deleted upon request. Doing so would allow more control of users in regards to what they want to be stored by a separate memory device, as well as increase security by allowing users to delete potentially sensitive data in places they don’t want it to be, as well as reduce the difficulty of managing private/sensitive information across service/products that need access to the information, as recognized by VELTMAN.

 Regarding claim 9:
preventing the data to be protected from being accessed by any entity upon receipt of a request by the provider to delete the data to be protected. ([0028], “The system 100 provides a centralized privacy vault 111 that is centrally controlled , such that should a user request removal of private / sensitive information ; the deletion can occur in one location and each of the retailers are assured to be on compliance with government regulations and the users are assured that the private/sensitive information is removed from the Internet.”)
It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings of deleting data when requested as disclosed by VELTMAN to the teachings of using data to form tokens and store them as disclosed by the combination of BASU and GRIFFIN by allowing data that is stored in memory be deleted upon request. Doing so would allow more control of users in regards to what they want to be stored by a separate memory device, as well as increase security by allowing users to delete potentially sensitive data in places they don’t want it to be, as well as reduce the difficulty of managing private/sensitive information across service/products that need access to the information, as recognized by VELTMAN.

 Claims 19-25 are rejected under 35 U.S.C. § 103 as being unpatentable over BASU (US 2012/0041881 Al) as applied above in view of VELTMAN (US2019/0370487 A1).

Regarding independent claim 22:
BASU discloses a method comprising: receiving, by a tokenization engine, data to be protected which is provided by a data provider and obtained by or on behalf of a first data controller; ([0005-0007], “Other examples of data centers include acquirers and acquirer processors. An acquirer is typically a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant. Acquirers may facilitate and manage financial transactions on behalf of merchants… For example, once a transaction has completed, the merchant may request information specifically for that transaction by sending a report request message to the acquirer or acquirer processor. The acquirer or acquirer processor may respond to the report request message by sending full payment information related to the specified transaction to the merchant. To provide full payment information back to the 
determining a first data controller ID associated with the first data controller and a data provider ID associated with the data provider ; ([0032-0043], [0070], “an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols… A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message… the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter.”).
generating, by the tokenization engine, a first token based on the first data controller ID, the data provider ID and the data to be protected, wherein the first token is a reference that maps back to the data to be protected; ([0033-0043], [0070], “an "account token" can refer to the result of transforming an account identifier into a form that is not considered sensitive in the context of the environment in which the account token resides. As used herein, a "token derivation key" can refer to any piece of information that is used as a parameter of a tokenization algorithm… a bank associated with the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… and then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank… By communicating an account token to the merchant, example embodiments can provide comparatively secure communication and comparatively secure storage for sensitive information, such as the cardholder data (e.g., credit card number) and other financial information... the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter. “)
receiving, by the tokenization engine, the data to be protected which is provided by the data provider and obtained by or on behalf of a second data controller ; ([0005-0007], “Other examples of data centers include acquirers and acquirer processors. An acquirer is typically a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant. Acquirers may facilitate and manage financial transactions on behalf of merchants… For example, once a transaction has completed, the merchant may request information specifically for that transaction by sending a report request message to the acquirer or acquirer processor. The acquirer or acquirer processor may respond to the report request message by sending full payment information related to the specified transaction to the merchant. To provide full payment information back to the merchant as part of these financial reports, the acquirer or acquirer processor may store the credit card numbers involved in the transactions. Accordingly, the acquirer or acquirer processor can be a form of a data center that stores cardholder information and other sensitive information… acquirer processor may encrypt the credit card numbers that it receives. Further, to avoid collisions between the credit card numbers, the acquirer or acquirer processor may use an encryption key specific to each merchant when the acquirer or acquirer processor encrypts an account number, for example.”)
etermining a second data controller ID associated with the second data controller ; ([0032, 0037, 0040, “an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols… A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message”).
generating, by the tokenization engine, a second token based on a combination of the second data controller ID, the data provider ID and the same data to be protected, wherein the second token is a reference that maps back to the data to be protected; (Paragraph 0033-0034, 0041-0043, 0070, “an "account token" can refer to the result of transforming an account identifier into a form that is not considered sensitive in the context of the environment in which the account token resides. As used herein, a "token derivation key" can refer to any piece of information that is used as a parameter of a tokenization algorithm… a bank associated with the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… and then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank… By communicating an account token to the merchant, example embodiments can provide comparatively secure communication and comparatively secure storage for sensitive information, such as the cardholder data (e.g., credit card number) and other financial information... the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter. “)
determining a second data provider ID associated with a second data provider ID associated with a second data provider; ([0032-0043], [0070], “an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols… A "merchant verification value" may refer to any information that identifies a merchant as a participant in a service or program. As an example, a merchant verification value may be assigned to a business, person, or organization that has agreed to accept payment cards when properly presented by the cardholder. A merchant verification value can be any combination of characters and/or symbols. Further, a merchant verification value can be transmitted to a payment processing network as part of an authorization request message… the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter.”).
generating by the tokenization engine, a third token based on a combination of the first data controller ID, the second data provider ID, and the data to be protected, wherein the third token is a reference that maps back to the data to be protected; (Paragraph 0033-0034, 0041-0043, 0070, “an "account token" can refer to the result of transforming an account identifier into a form that is not considered sensitive in the context of the environment in which the account token resides. As used herein, a "token derivation key" can refer to any piece of information that is used as a parameter of a tokenization algorithm… a bank associated with the merchant may send an authorization request message with a particular account identifier and the merchant verification value assigned to the merchant to the payment processing network… and then generate an account token of the account identifier using the token derivation key. The account token is then inserted in the authorization response message, which is then sent back to the merchant via the bank… By communicating an account token to the merchant, example embodiments can provide comparatively secure communication and comparatively secure storage for sensitive information, such as the cardholder data (e.g., credit card number) and other financial information... the tokenization module 226 generates account tokens based on a merchant verification value received in an authorization request message. For example, the tokenization module 226 may use the merchant verification value as an index into a token derivation key database (as is discussed below) to obtain a token derivation key assigned to the merchant. Once the token derivation key is obtained, the tokenization module 226 can then generate the account token by applying the account identifier to an encryption or hash function, with the merchant's token derivation key as a parameter. “)
storing the first data controller ID in combination with the data provider ID and the data to be protected in a data vault, wherein the data to be protected is accessible from the data vault when the first token is presented; and (Paragraph 0044, “In some embodiments, a merchant and/or support system does not have access to the reverse token derivation keys needed to transform the account tokens to the corresponding account identifiers. Instead, a tokenization server stores the reverse token derivation keys. Therefore, the risk of compromised cardholder data is further limited in that a fraudster may have to breach the merchant and/or support system to obtain the account tokens and may also have to breach the tokenization server to obtain the reverse token derivation keys”).
storing the second data controller ID in combination with the data provider ID and the data to be protected in the data vault, wherein the data to be protected is accessible from the data vault when the second token is presented  (Paragraph 0044, “In some embodiments, a merchant and/or support system does not have access to the reverse token derivation keys needed to transform the account tokens to the corresponding account identifiers. Instead, a tokenization server stores the reverse token derivation keys. Therefore, the risk of compromised cardholder data is further limited in that a fraudster may have to breach the merchant and/or support system to obtain the account tokens and may also have to breach the tokenization server to obtain the reverse token derivation keys”). 
Storing the first data controller ID in combination with the second data provider ID and the data to be protected in the data vault, wherein the data to be protected is accessible from the data vault when the third token is presented; (Paragraph 0044, “In some embodiments, a merchant and/or support system does , a tokenization server stores the reverse token derivation keys. Therefore, the risk of compromised cardholder data is further limited in that a fraudster may have to breach the merchant and/or support system to obtain the account tokens and may also have to breach the tokenization server to obtain the reverse token derivation keys”).
BASU does not explicitly disclose, but VELTMAN an analogous art of BASU and the current application, teaches receiving a request from the data provider to delete the data to be protected with respect to the first data controller, and in response to the request, preventing the data to be protected from being accessed with the first token. ([0028], “The system 100 provides a centralized privacy vault 111 that is centrally controlled , such that should a user request removal of private / sensitive information ; the deletion can occur in one location and each of the retailers are assured to be on compliance with government regulations and the users are assured that the private/sensitive information is removed from the Internet.”)
It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings of deleting data when requested as disclosed by VELTMAN to the teachings of using data to form tokens and store them as disclosed by the combination of BASU by allowing data that is stored in memory be deleted upon request. Doing so would allow more control of users in regards to what they want to be stored by a separate memory device, as well as increase security by allowing users to delete potentially sensitive data in places they don’t want it to be, as well as reduce the difficulty of managing private/sensitive information across service/products that need access to the information, as recognized by Veltman.
It is noted that the secondary and tertiary receiving, determining, generating, and storing processes read as a duplication of parts/processes.  It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to perform the processes described above as often or as many times as desired with any variety of data as desired, e.g. using a second data controller ID with the first data provider ID and first data to be protected, using different sets of data, etc. ) In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

Regarding claim 19:
VELTMAN, an analogous art of BASU and the current application, teaches deleting the data to be protected in the data vault upon receipt of a request by the data provider to delete the data to be protected. ([0028], “The system 100 provides a centralized privacy vault 111 that is centrally controlled , such that should a user request removal of private / sensitive information ; the deletion can occur in one location and each of the retailers are assured to be on compliance with government regulations and the users are assured that the private/sensitive information is removed from the Internet.”)
It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings of deleting data when requested as disclosed by VELTMAN to the teachings of using data to form tokens and store them as disclosed by the combination of BASU and GRIFFIN by allowing data that is stored in memory be deleted upon request. Doing so would allow more control of users in regards to what they want to be stored by a separate memory device, as well as increase security by allowing users to delete potentially sensitive data in places they don’t want it to be, as well as reduce the difficulty of managing private/sensitive information across service/products that need access to the information, as recognized by VELTMAN.

 Regarding claim 20:
	VELTMAN teaches preventing the data to be protected from being accessed by any entity upon receipt of a request by the provider to delete the data to be protected. ([0028], “The system 100 provides a centralized privacy vault 111 that is centrally controlled , such that should a user request removal of private / sensitive information ; the deletion can occur in one location and each of the retailers are assured to be on compliance with government regulations and the users are assured that the private/sensitive information is removed from the Internet.”)
It would have been obvious to one of ordinary skill in the art at the time of applicant’s filing to combine the teachings of deleting data when requested as disclosed by VELTMAN to the teachings of using data to form tokens and store them as disclosed by the combination of BASU and GRIFFIN by allowing data that is stored in memory be deleted upon request. Doing so would allow more control of users in regards to what they want to be stored by a separate memory device, as well as increase security by 

Regarding claim 21:
VELTMAN further teaches the corresponding token is invalidated upon receipt of a request by the customer to delete the data to be protected. ([0063], claim 17, “According to an embodiment, at 360, the information consent gatekeeper exclusively manages and controls access to the privacy vault. The requesting retailer and other requesting retailers cannot access the info of the user without providing a valid token to the information consent gatekeeper. A valid token identifies the user, the requesting retailer, and user - provided consent for accessing specific elements of the info within the privacy vault.”).

Regarding claim 23:
BASU further teaches the data to be protected is personally identifiable information of the data provider. ([0032], “As used herein, an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment transaction, that credits value to the account, debits value to the account, or performs any other suitable action on the account. Credit card numbers, checking and saving account numbers, prepaid account numbers, aliases and/or a passwords, phone numbers, and any other suitable identifier are all examples of account identifiers”).

Regarding claim 24:
BASU further teaches the data to be protected is an email address, a phone number or a physical address. ([0032], “As used herein, an "account identifier" can refer to any information that identifies an account that holds value for a user. An account identifier can be represented as a sequence of characters or symbols. An account identifier is typically provided as part of a transaction, such as a payment 

Regarding claim 25:
BASU further teaches performing an audit, by the tokenization engine, of access to the data to be protected in the data vault. ([0022], “Each retailer is provided a specific user token that is specific to the user and specific to the retailer (based on each retailer's roles). Each user token includes an indication as to the consents that have been recorded and stored by the user for that particular retailer. The consent may be viewed as the retailers ’ security roles for accessing the privacy vault 111 of a particular user and based on the user tokens possessed by the retailers with the roles mapping to the consents available for those retailers . A user may have different personas with each retailer that maps to a single specific identity for the user in the privacy vault 111.”).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure is cited in the Notice of Reference Cited (PTO-892). The additional cited art, including but not limited to the excerpts below, further establishes the state of the art prior to the effective filing date for the applicant’s claimed invention:
Daniel (US 20160283936 A1) (“Daniel”) discloses:
Systems and methods for facilitating anonymous communications between a user and a merchant vie a social networking system, wherein the user’s identifying information is obfuscated from the merchant. Daniel recites a token manager that can generate a permanent opaque token by creating a hash based on: a unique identifier associated with a particular social networking system user, a unique identifier associated with a particular merchant, and other information such as the date and time at which the token is created.
Yoo (US 20200051070 A1) (“Yo”) discloses:
A system and method that may generate a virtual token generated at each time point without duplication and may search for an actual card number based on the virtual token to make a payment. In Yoo, a virtual token is generated based on a combination of a first code and a second code, where the first code is generated based on an unique value and the card security code, and the second code is generated based on the unit count elapsing from a time point when the actual card number is registered.
Ko (US 10878411 B2) (“Ko”) discloses:
An apparatus and a method for issued token management for multiple instantiations for a virtual currency instrument. In Ko, a token server may generate a plurality of tokens for the plurality of devices. Each token is generated based on a reversible cryptographic function, a one-way non-reversible hash function, or an index function. Each of the plurality of tokens may comprise information utilized for instantiation of the virtual currency instrument. The information may comprise electronic device information that indicates an associated electronic device associated with the token, time information that indicates at least one of an issue date and an expiration date of the token, and/or virtual currency instrument information of the virtual currency instrument linked to the token. The information may further comprise metadata of a service provider of the associated electronic device. 

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick MacAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JOHANN Y CHOO/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        02/11/2022