DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This Office Action is in response to the RCE filed November 11, 2021.
The amendments filed have been accepted and are hereby entered.
Independent Claims 1 and 11 have been amended.
No claims have been added.
Claims 1-21 are pending and claims 1-8, 10-16, and 18-21 have been examined.
This action is Final.


ACKNOWLEDGMENT OF ISSUES RAISED BY THE APPLICANT
Response to Amendment
The 112(a) rejection of claims 11-16 and 18-21 directed to “selecting a restriction template that corresponds to the accessor specified in the reservation request” is withdrawn in 

Applicant’s arguments with respect to 101 rejection of claims 1-21 have been fully considered but are not found to be persuasive. 

Applicant’s arguments with respect to the 35 U.S.C. 103 rejection of claims 1-21 have been fully considered but are moot under the new grounds of rejection, necessitated by amendment. Examiner notes arguments directed to amendments are addressed in the office action (below).

As required by M.P.E.P. § 707.07(f), a response to arguments appears below.



RESPONSE TO ARGUMENTS
With respect to 101 arguments, Examiner notes Applicant arguments include:
“The claim does not organize human activity […] the claim recites a computer-based access management system that can be used to assign different account identifiers to different interfaces associated with an account and cause one of the account identifiers to become invalid without invalidating the others” (page 8 of 

“Moreover, the claimed system is also used to select a restriction template for a reservation request based on an account identifier and accessor data specified in the request and to authorize the attempted transaction if the parameters of the restriction template are satisfied. As such, the claim does not organize human activity but rather recites an access management system that generates mappings between account identifiers and interfaces and evaluates received reservation requests for compliance with restriction template parameters” (pages 8-9 of Remarks).

“the above claim language [of "receiving a reservation request specifying an account identifier and accessor data and requesting reservation of one or more resources in the account," "selecting a restriction template that corresponds to the account identifier and the accessor data specified in the reservation request," and "authorizing the reservation of the one or more resources if the reservation request satisfies the parameters of the selected restriction template."]  Illustrates a practical application of the purported abstract idea” (Page 9 of Remarks).

[system determines not only] whether a transaction is authorized (i.e., if the reservation request satisfies the parameters of the restriction template), but also performs the transaction processing by authorizing the reservation of resources (Page 9 of Remarks).

Akin to Example 42, the claims integrate an alleged method of organizing human activity into a practical application by reciting specific improvements over prior art systems (Page 10 of Remarks).

[…] the claims recite an access management system that provides increased security over existing systems by authorizing a transaction only if the reservation request satisfies restriction template criteria (Page 10 of Remarks).

Moreover, mapping different account identifiers to the various interfaces of a card (e.g., a visual interface printed or embossed on the card, a magnetic stripe, and an integrated circuit) allows a single interface/account identifier to be disabled without preventing the account holder from using the other interfaces of the card.

With respect to arguments ‘a’, ‘b’, ‘d’, ‘f’, and ‘g’, Examiner respectfully disagrees with conclusion that these elements render the claims patent eligible, and maintains the stance that the steps/ concept of logically mapping/associating account identifiers to different interfaces associated with an account, and performing a transaction based on restriction information comprising expected transaction details for a given transaction constitutes an abstract idea of fundamental economic principles and practices— more specifically an abstract idea of transaction authentication. Examiner respectfully maintains that determining logical mappings between sets of data (e.g., restriction information and transaction/credential information), and performing or disallowing a transaction based on said logical mapping/comparison of transaction information/credentials to transaction rules constitutes an abstract idea directed to 

Furthermore, more specifically, with respect to arguments ‘f’ and ‘g’, Examiner notes that logically narrowing contexts for which transactions may occur based on comparison of abstract information is not an improvement directed to technical problem or technical field, as the logical comparison operation to authorize or reject a transaction is recitation of fundamental economic principles.  The additional elements (e.g., generic, general-purpose access management system comprising generic memory and generic processors) merely carry out an abstract business solution to a business problem of logically restricting contexts for transactions based on specific business rules (e.g., restriction template) identified by account credentials, where the restriction templates are merely information which are compared with Synopsys, Inc. v. Mentor Graphics Corp., 839 F.3d 1138, 1151 (Fed. Cir. 2016) (emphasis omitted); see also Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307, 1321 (Fed. Cir. 2016) (“A narrow claim directed to an abstract idea, however, is not necessarily patent-eligible.”).  Accordingly, in view of the aforementioned, Examiner respectfully submits that the aforementioned arguments from Applicant are relying on aspects of the abstract idea to claim improvement / practical application, where improvement(s) asserted by Applicant is/are not reliant upon or directed to any particular details of the generic additional elements (e.g., the generic access management system, or its generic components), and are accordingly not convincing arguments. In view of such, the Examiner fails to see a technical solution to a technical problem addressed by, or corresponding to, the additional elements of the claims. 

Arguendo, while the rationale of this paragraph is not relied upon in 101 rejection, Examiner notes technical field of tokenization is known to generally involve rules for when tokens are valid / can be used. See United States Application Publication No.   US-20180068130-A1 to Chan (“Chan”), ¶88: “[…] It should also be understood that tokens are reflectable in that you can associate rules for what can and cannot be done with them, e.g., timeouts, requirement for multiple signatures, etc. These features are well-known aspects of token-based systems. […]”. Furthermore, see Non-Patent literature, "EMV Payment Tokenisation Specification - Technical Framework 1 Introduction v1.0" to EMVCo (“EMVCo”), disclosing payment scheme similar to that of Dill reference  previously applied, and discloses a Token Vault definition (page 19) which states: “token vault may also maintain other attributes of the token requestor that are determined at the time of registration and that may be used by the Token Service Provider to apply domain restrictions or other controls during transaction processing”. §1.1 overview of EMVCo discloses that tokenisation in general is advantageous since the tokens may limit token use to a specific domain (as indicated by attributes), similar to previously applied Dill reference. Examiner notes EMVCo reference dates back to 2014, and that EMVCo is an organization which develops EMV standards/specifications for what Examiner believes are the largest credit/debit card payment network companies in the United States (e.g., Visa, and Mastercard). (i.e., Examiner takes the stance that the claims are merely using a generic tokenization server with specific business transaction restriction settings to implement abstract idea of transaction authorization, and do not reflect any improvements in the field of tokenization / authorization, and is accordingly relying upon a mere general link to tokenization for claiming patent eligibility).

With respect to argument ‘c.’, Examiner respectfully disagrees the claims integrate the judicial exception into a practical application. Examiner respectfully/conversely submits the following claim limitations in question are recitation of abstract elements under step 2A Prong I of the 2019 PEG: “receiving a reservation request specifying an account number and accessor data and requesting reservation of one or more resources in the account; selecting a restriction template that corresponds to the account identifier and the accessor data specified in the  (Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307, 1321 (Fed. Cir. 2016)). Accordingly, Examiner respectfully maintains that the claims are not reciting additional elements that integrate the judicial exception into a practical application (See aforementioned MPEP §2106.04(d)(I)). 

Furthermore, Examiner notes the generic access management system receiving request via data transmission is merely adding insignificant extra-solution activity to the judicial exception under Step 2A Prong II, and is Well-understood, routine, and conventional activity under step 2B of 2019 PEG. The Applicant specification does not provide any indication that the data transmission is anything other than generic data transmission, and the OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) court decisions (MPEP 2106.05 (d)(II)) indicate that a computer merely sending/receiving information over a network is well-understood, routine, and conventional function when claimed at a high level of generality, as it is here.  Thus, even when viewed as a whole, nothing in the claim adds significantly more (i.e. an inventive concept) to the abstract idea.

With respect to argument ‘e.’, Examiner respectfully disagrees that the claims are similar to that of Example 42. As an initial matter, with respect to USPTO Examples, the Examiner analyzes the claims under the two-part framework under Alice/Mayo.  The Examples 

Considering the aforementioned rationales in responding to arguments, Examiner respectfully maintains that the claims are not indicative of integration into a practical application per claims limitations failing to show any particular improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), fails to show the judicial exception with, or by use of, a particular machine (MPEP 2106.05(b)), or 

Accordingly, in view of the aforementioned rationales, Examiner respectfully maintains the 101 rejection.

Claim Objections: 
Claim 16 is objected to because of the following informalities:  typographical error.  Claim 16 seems to have been intended to depend upon claim 11, as it recites: “The access management method, but incorrectly states depending upon claim 1, which is a system. Appropriate correction is required. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-8, 10-16, and 18-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Based upon consideration of all relevant factors with respect to the claims as a whole, claims 1-21 are determined to be directed to an abstract idea. The Examiner has identified system claim 1 as the claim that mutatis mutandis)). The rationale for the aforementioned determination of patent ineligibility under 35 USC §101 is explained below:

With respect Step 1 of 2019 PEG analysis, the claims are either directed to a system of method, which are statutory categories of invention (Step 1 of 2019 PEG analysis: YES).

With respect Step 2A Prong I of 2019 PEG analysis, Claims 1-21 recite as a whole a method of organizing human activity because the claims recite a method of storing a plurality of account identifiers, performing operations including: determining, based on the plurality of account identifiers, a set of account identifiers to be assigned to an account, the set including a first account identifier assigned to a first interface of a first account identification card associated with the account, a second account identifier assigned to a second interface of the first account identification card, and a third account identifier assigned to an interface of a second account identification card associated with the account, the first second, and third account identifiers sharing identical account provider identifiers and an identical set of terminal identifiers; generating mapping data indicating that the first, second, and third account identifiers are assigned to the first account identification card and the third account identifier assigned to the first account identification card and the third account identifier is assigned to the second account identification card; updating [information] to reflect that the set of account identifiers is unavailable for use with another account identification card; and causing the first account identifier to become invalid without causing the second account identifier and the third fundamental economic principles and/or practices of mitigating risk by comparing credentials received in transaction request to account rules for restricting access. Thus, the claim recites an abstract idea (Step 2A Prong I: Yes).

Addressing Step 2A Prong II of 2019 PEG analysis, this judicial exception is not integrated into a practical application. The claims as a whole merely describe how to generally apply the generic system, generic database, generic processor, and generic memory (See MPEP 2106.05(f)), such that they are a stand in for merely carrying out the abstract idea of transaction authorization based on transaction details. (Examiner notes that the card devices are not necessarily additional elements, as the claimed system, in the case of claim 1, is only determining and generating assignment of the identifiers via mapping information. i.e., the specifics of the abstract elements of the system/method (i.e., the identifiers’ assignment) do not point to the card / interfaces as being additional elements. Reworded, the identifiers being assigned to an interface does not mean the corresponding interface is an additional element of the claim, as the recited interface is merely further characterizing an abstract element (the identifier) of the abstract idea. Accordingly, Examiner maintains that the additional elements of )Additionally, the receiving of request to by generic management system is adding insignificant extra-solution activity to the judicial exception (See MPEP 2106.05(g)). Simply implementing the abstract idea on the aforementioned generic hardware is not a practical application of the abstract idea. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application. The claims are directed to an abstract idea. (Step 2A Prong II: NO, the additional claimed elements are not integrated into a practical application).

Addressing Step 2B of 2019 PEG analysis, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As previously discussed, the claims as a whole merely describe how to generally apply a generic management system, a generic database, and generic processor/memory (MPEP 2106.5(f)). For the step of management system receiving request that was previously considered extra-solution, this has been further evaluated here and determined to be well-understood, routine, and conventional activity in the field. The specification does not provide any indication that claimed receiving of reservation request is performed by anything other than a generic form of data transmission, and the OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) court decisions (MPEP 2106.05 (d)(II)) indicate that a computer merely sending/receiving information over a network is well-understood, routine, and conventional function when claimed at a high level of generality, (as the case is here). Thus, even when viewed as a whole, nothing in the claim adds significantly more (i.e. an inventive concept) to the abstract idea. Thus, claims 1 and 11 are not patent eligible. (Step 2B: NO. The claims do not amount to significantly more).

With respect to the dependent claims, the dependent claims have been given the full analysis including analyzing the additional limitations both individually and in combination as a whole. The dependent claims, when analyzed both individually and in combination, are also held to be patent ineligible under 35 U.S.C. 101 because of the same reasoning as above and the additional recited limitations fail to establish that the claims are not directed to an abstract idea. The additional limitations of the dependent claims, when considered individually and as an ordered combination, do not recite additional elements that integrate the judicial exception into a practical application, and do not amount to significantly more than the abstract idea, as they do not recite any further additional elements outside of the abstract idea, and also do not indicate that the previously mentioned additional elements are successfully integrated / amounting to significantly more, either alone or in combination .. For these reasons the dependent claims are also not patent eligible.

Furthermore, claims 1-8, 10, and 21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The aforementioned claims do not fall within at least one of the four categories of patent eligible subject matter because claims 1-8, 10, and 21, under broadest reasonable interpretation, include products that do not have a physical or tangible form, such as information (often referred to as "data per se") or a computer program per se (often referred to as "software per se"). Products without any structural recitations are patent ineligible (See MPEP §2106.03 (I)). In the instant case, Examiner notes the access management system, database, processors, and computer-readable 1: 
¶35 of Applicant Specification: A computer may include one or more physical computers, virtual computers, and/or computing devices. As an example, a computer may be one or more server computers, cloud- based computers, cloud-based cluster of computers, virtual machine instances or virtual machine computing elements such as virtual processors, […].

¶38 of Applicant Specification: […] Additionally or alternatively, database(s) 102 may be one or more data structures stored in memory on one or more computers […]

¶166 of Applicant Specification: The term "storage media" as used herein refers to any media that store data and/or instructions that cause a machine to operation in a specific fashion. Such storage media may comprise non-volatile media and/or volatile media. […]. Such media may also be transitory or non-transitory, except where specified otherwise. […]

Despite the claims also encompassing embodiments which may be one of the four statutory categories of statutory subject matter (e.g., a machine), Examiner maintains that this rejection is proper, as MPEP §2106.03 (II) states: 
A claim whose BRI covers both statutory and non-statutory embodiments embraces subject matter that is not eligible for patent protection and therefore is directed to non-statutory subject matter. Such claims fail the first step (Step 1: NO) and should be rejected under 35 U.S.C. 101, for at least this reason.



Claim Rejections - 35 USC§ 103
In the event the determination of the status of the application as subject to AIA  35
U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or
non-obviousness.
Claims 1-4, 7-8, 10-14, and 18-21 are rejected under 35 U.S.C. 103 as being US-20180268405-A1 to Lopez (“Lopez”), in further view of United States Application Publication No.  US 20150199679 A1 to Palanisamy (hereinafter Palanisamy), in further view of PCT document WO 2018/017068 A1 to Wang et. al, designating US (“Wang”), in further view of United States Application Publication No.  US-20150032626-A1 to Dill (“Dill”), in further view of United States Patent Publication No.  US-11062302-B1 to Ho (“Ho”), in further view of United States Patent Publication No. US-20160314487-A1 to Martin (“Martin”).

With respect to claim 1, Lopez discloses: An access management system (Fig. 2, Processing Network 210 of Lopez:) 

    PNG
    media_image1.png
    792
    567
    media_image1.png
    Greyscale

comprising: 

a database configured to store a plurality of account identifiers; (Token Vault 280, in further view of at least:



¶52 of Lopez: “the tokens generated by the tokenization module 240 and the mapping between the tokens and the corresponding account identifier (e.g., PAN) may be stored in the token vault 280. The tokenization module 240, in conjunction with the data processor 222, may access the token vault 280 to store the generated tokens and the mapping between the tokens and the corresponding account identifier”)

one or more processors; Fig. 2, data processor 222, in further view of at least ¶¶23, 47-48 of Lopez:
	
	¶23: A “processor” may refer to any suitable data computation device or devices. A processor may comprise one or more microprocessors working together to accomplish a desired function. The processor may include CPU comprises at least one high-speed data processor adequate to execute program components for executing user and/or system-generated requests. The CPU may be a microprocessor such as AMD's Athlon, Duron and/or Opteron; IBM and/or Motorola's PowerPC; IBM's and Sony's Cell processor; Intel's Celeron, Itanium, Pentium, Xeon, and/or XScale; and/or the like processor(s).


¶¶47-48: Other modules and submodules may also reside on the computer readable medium 230. […]. Each module in the processing network 210 may comprise one or submodules, where each submodule may comprise one or more functions implemented by code, executable by the data processor 222. The data processor 222 (e.g., a microprocessor) may process functions of the server computer 220. The data processor 222 may include hardware that can carry out instructions embodied as code in a computer-readable medium.  [Bold added for emphasis].

 and one or more computer-readable media coupled to the one or more processors and storing instructions which when executed by the one or more processors cause the one or more processors to perform operations including: Fig. 2, Computer readable medium 230, in further view of at least ¶¶24, 47 102 of Lopez:

¶24: A “memory” may be any suitable device or devices that can store electronic data. A suitable memory may comprise a non-transitory computer readable medium that stores instructions that can be executed by a processor to implement a desired method. Examples of memories may comprise one or more memory chips, disk drives, etc. Such memories may operate using any suitable electrical, optical, and/or magnetic mode of operation. [Bold added for emphasis].

¶47: Other modules and submodules may also reside on the computer readable medium 230. […]. Each module in the processing network 210 may comprise one or submodules, where each submodule may comprise one or more functions implemented by code, executable by the data processor 222. The data processor 222 (e.g., a microprocessor) may process functions of the server computer 220. The data processor 222 may include hardware that can carry out instructions embodied as code in a computer-readable medium.  [Bold added for emphasis].

¶102: Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. […] [Bold added for emphasis].

determining, […] a set of account identifiers to be assigned to an account, (Fig. 3, S318, in further view of at least ¶¶45, 66, of Lopez discloses assignment of tokens (e.g., set of account identifiers of claim) to an account);(See also ¶¶38, 52 of Lopez disclosing an actual account identifier (e.g., PAN) corresponding to the tokens):

    PNG
    media_image2.png
    757
    935
    media_image2.png
    Greyscale



¶17: FIG. 3 shows a swim-lane diagram of a tokenized transaction card generation according to an embodiment of the invention.

¶45: FIG. 2 illustrates an exemplary processing network 210 according to various embodiments. For example the processing network 210 (e.g. a transaction processing network) […][Bold added for emphasis].¶66: […] According to various embodiments, the token service computer 304 may be a part of or managed by the transaction processing network […].[Bold added for emphasis][i.e., Token Service Computer 304 may be a part of the system of Fig. 2 above]

¶66: At S318, the token service computer 304 may generate one or more tokens for the account identifier in response to the request from the authorization computer 302. At S320, the token service computer 304 may store the generated tokens, as well as a mapping between the tokens and the account identifier at a storage (e.g. token vault 306). At S322, the token service computer 304 may transmit the one or more generated tokens to the authorization computer 302. According to various embodiments, the token service computer 304 may be a part of or managed by the transaction processing network. […]


Examiner’s Note: With respect to “account identifier” terminology, Examiner notes Lopez characterizes this term as a PAN or a token, particularly with respect to Fig. 3. (i.e., terminology used in Lopez is broader than that of Applicant. See ¶¶33, 64 of Lopez compared to ¶78 of Applicant specification:

¶33 of Lopez: “An "account identifier" may include any suitable information associated with an account of a user which identifies the account. Such information may be directly related to the account or may be derived from information related to the account. For example, an account identifier may include an account number, an employment identification number, a virtual account identifier, a primary account number (PAN), a token,” 

¶64 At S314, the authorization computer 302 may create the account for the account holder 300 in response to the request and assign an account identifier to the account. The account identifier may include an account number (e.g. PAN) that is used to identify the account.




    PNG
    media_image3.png
    569
    909
    media_image3.png
    Greyscale
the set including a first account identifier assigned to a first interface of a first account identification card associated with the account, (¶¶36, 43, in further view of at least Fig. 1 of Lopez: 
¶36: The transaction card can be issued with at least two tokens: a first token and a second token. A first token may be provisioned on a contact, contactless or dual interface chip. The first token may be restricted to in-person transaction channels such as terminal entry modes for contact, contactless or magnetic stripe transactions. In some embodiments, a different token may be issued and domain restricted to magnetic stripe transactions where chip card based cryptograms are not required for the transaction. A magnetic stripe transaction may be configured to work only in situations where a chip transaction is not supported. A second token (different from the first token) may be issued and displayed on the transaction card. In some embodiments, the second token may be dynamically displayed on the transaction card. For example, the second 

¶43: A digital display 108 such as an electronic paper display (EPD or e-paper), a light emitting diode (LED) display, a liquid crystal display (LCD), an organic light emitting diode (OLED) display, etc. may be coupled to the substrate 102. The digital display 108 may dynamically display a second token 110 representative of the account.

a second account identifier that is different from the first account identifier, (¶36 of Lopez discloses at least one second token different from the first, which may be associated with different payment interface (e.g., chip, magnetic stripe, face of card interfaces):

¶36: The transaction card can be issued with at least two tokens: a first token and a second token. A first token may be provisioned on a contact, contactless or dual interface chip. The first token may be restricted to in-person transaction channels such as terminal entry modes for contact, contactless or magnetic stripe transactions. In some embodiments, a different token may be issued and domain restricted to magnetic stripe transactions where chip card based cryptograms are not required for the transaction. A magnetic stripe transaction may be configured to work only in situations where a chip transaction is not supported. A second token (different from the first token) may be issued and displayed on the transaction card. In some embodiments, the second token may be dynamically displayed on the transaction card. For example, the second token may be displayed using a digital display. […] The second token may be domain restricted to remote or e-commerce transactions (including key entered transactions). [bold added for emphasis].

the second account identifier assigned to a second interface of the first account identification card, (¶36 in further view of at least ¶¶37, 67 of Lopez):

¶36: The transaction card can be issued with at least two tokens: a first token and a second token. A first token may be provisioned on a contact, contactless or dual interface chip. The first token may be restricted to in-person transaction channels such as terminal entry modes for contact, contactless or magnetic stripe transactions. In some embodiments, a different token may be issued and domain restricted to magnetic stripe transactions where chip card based cryptograms are not required for the transaction. […] The second token may be domain restricted to remote or e-commerce transactions (including key entered transactions). [bold added for emphasis].

¶37: […] The second token and the replacement second token are domain restricted to the same transaction type. That is, the second token and the replacement second token are restricted to the same communication channel between the transaction card and a token recipient device. [bold added for emphasis].

¶67: […] The tokens may be provisioned on the transaction card. According to various embodiments, each provisioned token may be associated with a different communication channel between the transaction card and a token recipient device. [bold added for emphasis].

In other words, in view of the aforementioned, domain restrictions set on a given account identifier may show assignment of a given account identifier (token) to card interfaces, such as dual interface chip, magnetic stripe, and face of the card, contact/contactless interfaces, etc.

 […] a second account identification card associated with the account, ¶25 of Lopez discloses that account holders may generally have more than one user device, where ¶27 discloses the user devices are transaction instruments: 

¶25: An “account holder” may hold an account. An “account holder” may include an individual or an entity that uses a system. An account holder may be associated with one or more accounts and/or user devices. In some cases, the account holder may also be referred to as a user or a consumer.


¶27: A “user device” may include any suitable device that may be used to conduct a financial transaction, such as to provide payment credentials to a merchant. Suitable payment devices can be hand-held and compact so that they can fit into a user's wallet and/or pocket (e.g., pocket-sized). Example payment devices may include smart cards, keychain devices (such as the Speedpass™ commercially available from Exxon-Mobil Corp.), etc. Other examples of user devices include transaction cards, payment cards, smart media, transponders, objects that are connected via a network (i.e. internet of things (IoT) connected devices), and the like. If the payment device is in the form of a debit, credit, or smartcard, the payment device may also optionally have features such as magnetic stripes. Such devices can operate in either a contact or contactless mode.


[causing] the first account identifier and the second account identifier [to be] assigned to the first account identification card (¶36 in further view of at least ¶¶37, 67 of Lopez):

 ¶36: The transaction card can be issued with at least two tokens: a first token and a second token. A first token may be provisioned on a contact, contactless or dual interface chip. The first token may be restricted to in-person transaction channels such as terminal entry modes for contact, contactless or magnetic stripe transactions. In some embodiments, a different token may be issued and domain restricted to magnetic stripe transactions where chip card based cryptograms are not required for the transaction. […] The second token may be domain restricted to remote or e-commerce transactions (including key entered transactions). [bold added for emphasis].

¶37: […] The second token and the replacement second token are domain restricted to the same transaction type. That is, the second token and the replacement second token are restricted to the same communication channel between the transaction card and a token recipient device. [bold added for emphasis].

¶67: […] The tokens may be provisioned on the transaction card. According to various embodiments, each provisioned token may be associated with a different communication channel between the transaction card and a token recipient device. [bold added for emphasis].

In other words, in view of the aforementioned, domain restrictions set on a given account identifier may show assignment of a given account identifier (token) to card interfaces, such as dual interface chip, magnetic stripe, and face of the card, contact/contactless interfaces, etc.

2causing the first account identifier to become invalid without causing the second account identifier […] and [a] third account identifier to become invalid 
Fig. 5 in view of ¶¶19,81 of Lopez, in further view of Abstract and ¶¶9, 37 of Lopez discloses causes for how a single account identifier (of a plurality) may become invalidated without causing the other plurality of identifiers / tokens to become invalid:
 

    PNG
    media_image4.png
    631
    907
    media_image4.png
    Greyscale



¶19: FIG. 5 shows a swim-lane diagram of updating a token on a tokenized transaction card at an access device according to an embodiment of the invention.

¶81: Upon being notified that the second token was compromised, the authorization computer 302 may deactivate the second token (S353). According to various embodiments, when one of the tokens (e.g. second token) provisioned on the payment card is deactivated, the transaction card includes at least one active token that can be used to conduct transactions.

Abstract: Embodiments of the invention are directed to methods, systems, and devices for replacing a token on a user device, such as a transaction card. The transaction card includes tokens representing an actual account identifier which The transaction card may store a first token on a and include a digital display that displays a second token. When the first token or the second token is compromised, the compromised token is replaced without replacing the transaction card. When the second token is compromised, the compromised token is replaced with a new replacement second token using an electronic device. The replacement second token replaces the old second token on the digital display. After the second token is compromised and before the replacement second token is provisioned on the transaction card, the transaction card may still be used for transactions using other tokens provisioned on the card. [Bold/underline added for emphasis.  Examiner notes ¶9 recites similar language as abstract above.]

¶37: According to various embodiments, if the second token is compromised, the transaction card may still be used to conduct transactions using the first token. In embodiments where the second token is digitally displayed on the card, the second token, if compromised, may be renewed or replaced with a replacement second token without having to replace the transaction card. The second token and the replacement second token are domain restricted to the same transaction type. That is, the second token and the replacement second token are restricted to the same communication channel between the transaction card and a token recipient device.

¶54: The token verification module 260 may query, using the data processor 222, the token vault 280 to determine if there is an entry for the token. If an entry is found, the token verification module 260, in conjunction with the data processor 222, may retrieve the account identifier corresponding to the token. In some embodiments, the token verification module 260, in conjunction with the data processor 222, may query databases and/or lists to determine whether the token or the account identifier has been associated with fraudulent activities. For example, the token verification module 260, in conjunction with the data processor 222, may determine whether the token or the account identifier has been blacklisted or has been reported as stolen or otherwise compromised. The token verification module 260, in conjunction with the data processor 222, may further determine whether the token has expired. The token verification module 260, in conjunction with the data processor 222, may transmit the account identifier to the transaction processing module 270. If the token verification module 260 obtained any information about the token and/or the account identifier (e.g. the token being expired, stolen or compromised), the token verification module may pass that information to the transaction processing module 270 along with the account identifier. [bold added for emphasis]

Examiner’s Note: Examiner interprets token deactivation as a form of causing token invalidation.


Lopez fails to explicitly teach the third account identifier assigned to […] a second account identification card associated with the account,  

However, Palanisamy, of a similar field of endeavor, teaches: A third account identifier that is different from the first account identifier and the second account identifier, the third account identifier assigned to […] a second account identification card associated with the account, (Fig. 6, note: “First Payment Token” and “Second Payment Token” corresponding to Bob’s Device 1, and “First Payment Token” corresponding to Bob’s second device);(See also ¶¶2-4, ¶¶25, 69, and ¶81 of Palanisamy):

    PNG
    media_image5.png
    528
    815
    media_image5.png
    Greyscale


Relevant portions of ¶¶2-4, 6, and ¶25 of Palanisamy: To reduce the risk of payment card fraud, the payments industry has proposed the use of payment tokens. A payment token is a substitute for a PAN or primary account number. […] 
Since a consumer may often have multiple payment devices, those payment devices may be provisioned with the same payment token. For example, a consumer may have a payment card and a mobile phone. Both of these devices may be used as payment devices, and both may store the same payment token. While conventional systems are useful, they could be improved. For example, if one of the payment devices is compromised (e.g., a mobile phone), then the other payment devices (e.g., a credit card) that store the same payment token will need to be provisioned with the new token. This can be inconvenient for the consumer and the issuer of the tokens.
:  Embodiments of the invention address these and other problems individually and collectively. ¶25 of Palanisamy: In embodiments of the invention, different payment devices are provisioned with different payment tokens. If one payment token on one payment device is obtained by an unauthorized person, then the other payment tokens on the other payment devices advantageously do not have to be replaced. […] [Bold added for emphasis]

¶69 of Palanisamy: […] As shown in FIG. 6, the first payment token 7891 is provided for Bob's device 1, and another first payment token 4111131028799471 (that is also linked with the PAN 0256) is provided for Bob's device 2. Channel-specific first payment tokens can also be provided for consumer accounts (e.g. card-on-file accounts at merchants), for usage in e-commerce transactions, and for any other suitable payment channels. […]

¶81 of Palanisamy: The first payment token 7891 may be a channel-specific payment token that is generated specifically for the communication device 120. Also, the first payment token 7891 may be one of a plurality of first payment tokens associated with the PAN 0256. […][Bold added for emphasis]

Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the system of Lopez could determine a third account identifier that is different from the first account identifier and the second account identifier, the third account identifier assigned to the third account identifier assigned to an interface (per Lopez, e.g., ¶36) of a second account identification card associated with the account, resulting in system determined tokens corresponding to interfaces of multiple distinct devices, in order to advantageously have cards associated with system of Lopez only having to invalidate a compromised token corresponding to compromised device or interface of device (¶25 of Palanisamy (and ¶36 of Lopez previously mentioned)): 

In embodiments of the invention, different payment devices are provisioned with different payment tokens. If one payment token on one payment device is obtained by an unauthorized person, then the other payment tokens on the other payment devices advantageously do not have to be replaced. Further, because the issuer computer generates the first plurality of payment tokens, the first plurality of payment tokens can serve as a tokenization layer that is under the control of the issuer. If the consumer contacts the issuer and informs the issuer that a second payment token on a particular payment device has been compromised, then the issuer may simply remove or invalidate the corresponding first payment token. In this way, the issuer does not need to contact the central payment processor server computer that generated the second tokens to prevent further use of the compromised second payment token.

Lopez in view of Palanisamy fails to teach (bolded), but Wang discloses (bolded): determining, based on the plurality of account identifiers, a set of account identifiers to be assigned to an account

[having] the database […] reflect that [a] set of account identifiers is unavailable for use with another account identification card; (¶57 of Wang):

¶57: In some embodiments, the token generation module 342 may access a token range table that represents available token ranges provisioned by a payment processing network computer and token ranges that have not been associated with PAN ranges. The token generation module 342 may access another table that includes minimum and maximum account ranges for the PAN and the associated token ranges. The token ranges may include the token ranges provisioned by a payment processing network computer 160 and token ranges provisioned by an issuer computer.

Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the system of Lopez in view of Palanisamy utilize the technique of Wang, resulting in system of Lopez in view of Palanisamy to only issue tokens that are available (i.e., not currently in use by another PAN) via a token table and PAN range, in order to advantageously ensure duplicative tokens mapped to two accounts are not issued.

Lopez in view of Palanisamy and Wang fails to explicitly teach, but Dill discloses updating a database (i.e., the token table) to reflect token status (¶197 of Dill):

¶197 of Dill: The network token system, payment processing network, and/or an issuer may update a routing table file to include issued, generated, or designated token issuer identifiers and/or token issuer identifier ranges. In some embodiments, the updating entity (e.g., network token system, payment processing network, or issuer) may send the updated information to a third party that manages the token routing table and updates the token routing table file and sends to transaction processing entities. In other embodiments, the updating entity may alter the routing table file to include the new definitions of the token issuer identifiers (e.g., token BINs) and other token related information and may send to entities as may be a typical or periodic update. Any suitable manner may be used to update and distribute the token routing table file. In some embodiments, the token routing table may include routing information for both tokens and real issuer identifiers. Accordingly, a single routing table file may be updated and sent to registered and/or existing transaction processing entities for routing and processing token (as well as non-token) based transactions.

Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the system of Lopez in view of Palanisamy and Wang update the token tables used to prevent duplicative issuance of tokens (See Wang 

Additionally, Lopez in view of Palanisamy and Wang fails to explicitly teach, but Dill discloses: generating mapping data indicating that tokens are associated to different cards, generally (Fig. 4 and ¶167 in further view of ¶¶41, 53-55 of Dill): 

    PNG
    media_image6.png
    650
    820
    media_image6.png
    Greyscale



¶167 of Dill: Note that the entries [i.e., corresponding to attributes] shown in FIG. 4 are for illustrative purposes only and the token registry database 202A may include more or less entries. For example, the token registry database 202A may also include a PAN expiration date, MSISDN, PAN alias, UUID, IMEI, IMSI, MAID, authorization code of consumer verification done, etc.

a set of token attributes can be provided for each token. In some cases, the token attributes can govern how a token corresponding to a PAN may be subsequently used. [[…]

¶55 of Dill: "Token attributes" may include any feature or information about a token. For example, token attributes may include any information that can determine how a token can be used, delivered, issued, or otherwise how data may be manipulated within a transaction system. For example, token attributes may determine how a token may be used in place of a real account identifier (e.g., PAN) for a transaction. […] For example, token attributes may include a wallet identifier associated with the token, an additional account alias or other user account identifier (e.g., an email address, username, etc.), a device identifier, an invoice number, etc. […]


¶54 of Dill: Further, in some embodiments, an issuer may generate and notify a token vault of a token value and provide the token record information (e.g., token attributes) for storage in the token vault.


¶53 of Dill: In some embodiments, tokens may be device-specific such that each device associated with an account may be provisioned with a particular token. As such, if a transaction uses a token that is initiated by a different device than the device that the token was provisioned into, the transaction may be fraudulent. Accordingly, device information may be stored in the token vault and used to ensure that the device used in a transaction is associated with the token that is being used in the transaction. Additionally, because each token may be associated with a single device, one PAN or account may have multiple tokens associated with it, where each PAN may have a different token for the different devices that may be used to initiate a transaction associated with the PAN using a specific token. This provides additional security for transactions because network token systems have additional information to validate in order to control the use of sensitive information in a transaction processing system.

Accordingly, it would have been additionally obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the system of Lopez in view of Palanisamy and Wang generate mapping data of the tokens stored as records in the token vault of Lopez, as suggested by Dill, in order to advantageously facilitate verification of token with the stored record when a transaction is submitted. Examiner further notes the limitation of the third account identifier assigned to an interface of a second account identification card associated with the account is rendered obvious in view of aforementioned advantageous combination, particularly in view of Dill disclosing that an account holder of a given account may have a plurality of devices with different tokens (¶53 of Dill (above)), disclosing specific domain restrictions to both interface and device attributes (i.e., presentment/entry mode, e.g., ¶¶47-48, in further view of ¶55 “token attributes may include a wallet identifier associated with the token […] a device identifier”(see above), respectively), and  ¶89 of Dill disclosing the consumer devices being provisioned tokens may generally be a traditional payment card and/or mobile device / payment application:
¶89 of Dill: The consumer device 120 may be associated with a payment account of the consumer 110. In some implementations, the consumer device 120 may be a mobile device such as a mobile phone, a tablet, a PDA, a notebook, a key fob or any suitable mobile device. For example, the consumer device 120 may include a wallet or a payment application that may be associated with one or more payment accounts of the consumer 110. In some implementations, the consumer device 120 may be configured to display a machine readable code (e.g., QR.TM. code, bar code, etc.). The consumer device 120 may also include a camera or a scanning device capable of scanning a machine readable code. In some implementations, the consumer device 120 may be capable of communicating with the access device 130 using a short range communication technology such as NFC. For example, the consumer 110 may interact with the access device 130 by tapping or waving the consumer device 120 in proximity of the access device 130. In some implementations, the consumer device 120 may be a payment card such as a credit card, debit card, prepaid card, loyalty card, gift card, etc.
i.e., domain restrictions based on attributes of Dill advantageously provide tokens specific to both devices and interfaces corresponding to device, resulting in increased cross-channel security (e.g., ¶48 of Dill: “Since tokens can be limited to a specific domain, the risk of account number theft as a result of a large data breach is decreased as the potential for cross-channel fraud is diminished.”)

Lopez in view of Palanisamy and Wang fails to explicitly teach, but Dill teaches: receiving a reservation request specifying an account identifier and accessor data and requesting reservation of one or more resources in the account; (¶82 of Dill discloses authorization request message (e.g., reservation request for funds, i.e., reservation of resources in account) includes a payment token (e.g., account identifier), and a token requestor identifier (e.g., accessor data));

¶82 of Dill: An "authorization request message" may be an electronic message that is sent to a payment processing network and/or an issuer of a payment account to request authorization for a transaction. An authorization request message according to some embodiments may comply with ISO 8583, which is a standard for systems that exchange electronic transaction information associated with a payment made by a consumer using a payment device or a payment account. In some embodiments of the invention, an authorization request message may include a payment token, an expiration date, a token presentment mode, a token requestor identifier, an application cryptogram, and an assurance level data. […]. An authorization request message may also comprise "transaction information," such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, etc., as well as any other information that may be utilized in determining whether to identify and/or authorize a transaction.
selecting a restriction [template] that corresponds to the account identifier and the accessor data specified in the reservation request, each restriction [template] comprising a plurality of parameters including at least two of 
an interface, (¶¶100, 256, Fig. 4 of Dill)
a merchant, (¶47 and table 1, “Merchant of Record (MOR)” definition, and at least ¶¶167, 260 in view of Fig. 4 of Dill)
and a merchant type; (¶¶47 in further view of ¶¶ 100, 167, 256, 260, Fig. 4 and table 1, “Merchant of Record (MOR)” of Dill):

¶47 of Dill: Embodiments of the invention provide improved protection against the misuse of payment accounts by providing usage controls for tokens. Usage controls may include limiting tokens to a specific domain (e.g., a specified merchant, an assigned presentment mode or channel, etc.). For example, during transaction processing in some embodiments, a number of a validation steps may be performed including (1) validating the presence of the token as being provisioned to a device and being associated with a token record in the token vault, (2) validating the status of the token as active, and (3) verifying domain restriction controls including token entry mode, application authentication cryptogram validation, and token requestor identifier with the transaction information. Additionally, at the time that a token is issued, steps may be taken to ensure that the provisioned token is replacing a PAN that was being used legitimately by the token requestor and/or a consumer associated with the token requestor. The token assurance level may also be used to drive transaction fraud liability requirements. Additionally, life-cycle management requests may be validated by (1) ensuring entities requesting life-cycle management are authorized to do so (e.g., validating a token requestor identifier 
¶100 of Dill: The token requestor 204 may specify configuration preferences or token attributes associated with tokens requested by the token requestor including, for example, token type (e.g., static or dynamic), supported token presentment modes (e.g., scan, contactless, e-commerce, etc.) and any other relevant token configuration information during the onboarding process. Further, the token requestor 204 may include limitations to certain channels (e.g., card-on-file, contactless, etc.) for use of requested tokens.
¶167 of Dill: The token 402 [see Fig. 4 above] may be a sixteen digit numerical value. In one embodiment, the token 402 conforms to the account number rules in an ISO message. The token 402 corresponds to the sixteen digit payment account number 404. The token BIN "490000" is mapped to the issuer BIN "414709." The token requestor identifier 406 is a ten digit numerical value that corresponds to an entity that is registered with the network token system 202. For example, the token requestor identifier 406 may correspond to an e-commerce merchant associated with the merchant computer 140. The token presentment mode 408 shows that the token may be presented in the form of a QR.TM. code as part of the transaction. The token type 410 is shown as dynamic which may indicate that the token 402 may be for one time use only or may expire on Jul. 16, 2014 at 2:35 pm as indicated by the token expiration date 412. Merchant restrictions 414 indicate that the token 402 may be restricted to merchants with merchant category code 5111. The token assurance level 416 indicates "issuer authenticated," meaning, for example, that the issuer computer 170 interacted with the consumer 110 through a standard protocol (ACS) and authenticated the original credential and the consumer 110. The token timestamp 418 indicates that token was issued on Jul. 15, 2014 at 2:35 pm. The token status 420 indicates that the status of the token 402 is active. The For example, the token registry database 202A may also include a PAN expiration date, MSISDN, PAN alias, UUID, IMEI, IMSI, MAID, authorization code of consumer verification done, etc.
¶256 of Dill: A token validation request may include a request for a network token system to determine and provide transaction restrictions (e.g., merchant category code), transaction channel or domain restrictions (e.g., NFC token, e-commerce token), token status information (e.g., active, inactive, deactivated, etc.), and/or any other relevant information to a requestor. […]
¶260 of Dill: For example, for a token validation request from the merchant computer 140 and the token processing server computer 202B may interact with the token registry database 202A to determine transaction restrictions associated with the first token. For instance, the token processing computer may search a token database for transaction restrictions associated with a first token included in the token validation request. The token processing computer may determine whether the second entity has authorization to request the token validation, determine a token record associated with the received token, obtain the transaction restrictions (e.g., merchant category codes, transaction channel, etc.) associated with the token record, generate a token validation response message, and send the token validation response including the transaction limitations and other validation conditions to the requesting entity.
See Fig. 4, ref 414: “Merchant Restrictions” (above)
Table 1 of Dill:

    PNG
    media_image7.png
    356
    483
    media_image7.png
    Greyscale


Examiner’s Note: Examiner takes the stance that ¶100 in further view of ¶260 of Dill indicates the token records are templates, under broadest reasonable interpretation, as they are generated, stored in memory, and then are used in lookup for transaction verification, but understands a narrower interpretation may disagree in view of ¶90 of Applicant specification. Examiner addresses this ‘template’ limitation again, further below in the rejection of claim 1 : 
The one or more access restrictions may be individually customized for the account identifier and/or applied to the account identifier as a set of templated restrictions.
and authorizing the reservation of the one or more resources if the reservation request satisfies the parameters of the selected restriction [record]. (¶¶234, 236, of Dill in further view of at least ¶11 of Dill disclosing the tokens are to facilitate payment transactions, ¶48 of Dill disclosing the tokens used in transaction are limited to specific domains, and ¶211 

¶234 of Dill:  In step 820 [referring to Fig. 8 of Dill], the payment processing network computer 160 may receive the authorization request message, may determine that the authorization request message comprises a token, and may provide the token 804 to the network token system 202 to receive a PAN in exchange for the transaction. […]
¶236 of Dill: In step 822, the token processing computer of the network token system 202 may receive the token, search the token registry for the token record associated with the received token, may determine an account identifier (e.g., PAN) associated with the token, determine any limitations and/or validation information associated with the token, and may provide the PAN 802 (and any other relevant validation information) to the payment processing network computer 160 for processing of the transaction.
¶11 of Dill: In embodiments of the invention, a network token system is provided. The network token system provides a platform that can be leveraged by various entities such as third party wallet providers, merchants, acquirers, payment processors, etc. that use tokens to facilitate payment transactions. […]
¶48 of Dill: Using embodiments of the invention, consumers and issuers may benefit from new and more secure ways to pay and improved approval levels. Since tokens can be limited to a specific domain, the risk of account number theft as a result of a large data breach is decreased as the potential for cross-channel fraud is diminished. […]
¶211 of Dill: […] Additionally, the application cryptogram [referring to exemplary authentication request message of Fig. 7] may be dependent on the transaction initiation method and type of application used to initiate the transaction. For example, the application cryptogram field 702G may have different values for 706G for different presentment modes such as QR.TM. code, NFC, etc. As such, in some embodiments, the application cryptogram may be used to ensure a token is being used in the designated transaction channel. For example, a token that is limited to NFC transactions only, may be associated with a NFC transaction application cryptogram algorithm and if the received application cryptogram is not validated with the NFC transaction application, the transaction may be declined. Accordingly, the application cryptogram allows for further transaction validation and control and provides the security benefits described above in reference to the token presentment mode.
Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the access management system of Lopez in view of Palanisamy, Wang, and Dill perform the above methods of Dill, resulting in system to receive a reservation request specifying an account identifier and accessor data and requesting reservation of one or more resources in the account; selecting a restriction [record] that corresponds to the account identifier and the accessor data specified in the reservation request, each restriction template comprising a plurality of parameters including at least two of an interface, a merchant, and a merchant type; and authorizing the reservation of the one or more resources if the reservation request satisfies the parameters of the selected restriction [record], in order to advantageously mitigate cross channel fraud in transactions (¶48 of Dill), and also to provide token requestors more granular control over their domains (¶76 of Dill discloses users may have multiple requestor identifiers per domain type: In some embodiments, a token requestor identifier may uniquely identify the pairing of a token requestor with a token domain. As such, in some embodiments, if a token requestor may request tokens for multiple domains, the token requestor may have multiple token requestor identifiers, one for each domain.)

the first, second, and third account identifiers sharing identical set of account provider identifiers (e.g., Fig. 6 of Palanisamy (above, note 4111…)))2, 
[tokens] sharing identical account provider identifiers[…]: (Fig. 6 of Dill, 608, discloses at least 3 tokens with first 6 digits being the same, of which map to a real Bank Identification Number (BIN) of a Bank Identification number (BIN) range, as explained in ¶65 of Dill);(At least ¶192 of Dill discloses the first six digits of 16 digit token may include the BIN (e.g., 490000))(i.e., disclosures of Dill, Lopez, and Palanisamy makes obvious that a user / system comprising multiple tokens corresponding to a single account, as previously disclosed by at least Palanisamy, would realistically have at least 3 tokens corresponding to one account (understood to be issued by bank  per being single account, and correspondingly, since three or more tokens are associated with one account (see at least Palanisamy above), would logically have the same BINs, i.e., first 6 digits of the tokens), as shown in aforementioned figure).







    PNG
    media_image8.png
    647
    845
    media_image8.png
    Greyscale
¶65 of Dill: A "payment token issuer identifier" may include any series of characters, numbers, or other identifiers that may be used to identify an issuer associated with a payment token. For example, a payment token issuer identifier may include a token BIN that identifies a particular issuer associated with an account identified using the token. In some embodiments, a payment token issuer identifier may be mapped to a real issuer identifier (e.g., a BIN) for an issuer. For example, a payment token issuer identifier may include a six digit numerical value that may be associated with an issuer. For instance, any token including the payment token issuer identifier may be associated with a particular issuer. As such, the issuer may be identified using the corresponding issuer identifier range associated with the token issuer identifier. For example, a payment token issuer identifier "490000" corresponding to a payment token "4900 0000 0000 0001" can be mapped to an issuer identifier "414709" corresponding to a payment account identifier "4147 0900 0000 1234." [i.e., payment token issuer identifier of tokens is a form of account provider identifiers per mapping].
4900 0000 0000 0001" corresponding to this PAN include the token BIN range "490000-4900001" mapped to the issuer BIN "414709." In some embodiments of the invention, the same PAN number may be mapped to different network token numbers as shown in the rows 610 and 614. [i.e., per mapping to corresponding pan, and Lopez in view of Palanisamy and Wang disclosing at least three tokens as characterized in claims (corresponding to one account, understood to correspond to one bank per being single account), it is understood applying technique of Dill would result in the three tokens (e.g., 16 digit token) sharing the first 6 digits].
e
Accordingly, it would have been rendered obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to have the first, second, and third account identifiers (i.e., tokens) of Lopez in view of Palanisamy, Wang, and Dill advantageously all  be sharing identical BINs (account provider identifiers) as part of the token’s digits, as suggested by Dill, in order to advantageously maintain compatibility / interoperability with BIN enabled payment processing networks (e.g., Visa, MasterCard, etc.), and support authentication by different entities (e.g., issuers, wallet providers, merchants, etc);(¶30 of Dill);

¶30 of Dill: Further, a token may be compatible with the current and further payment technologies, may be interoperable with Bank Identification Number (BIN) enabled payment processing networks (e.g., Visa[…] MasterCard[…], Discover […], etc.), and may be able to support authentication by different entities (e.g., issuers, wallet providers, merchants, etc.) in the payment system.
Furthermore, Lopez in view of Palanisamy, Wang and Dill fails to explicitly teach the first, second, and third account identifiers sharing [identical account provider identifiers and ] an identical set of terminal identifiers;

 However, Ho discloses: [an account identifier having ]   a terminal identifier[…]; Col 9, lines 8-31 of Ho:

The payment token generated by the token provisioning circuit 142 may be any type of digital token or code suitable for use as a payment credential, such as a numerical code, an alphanumeric code, a collection of abstract characters, and so on. In some arrangements, the token is a unique digital tag associated with sensitive information that can be interpreted by an authorized computing system (e.g., the token provisioning circuit 142 can identify a given token, and retrieve the token's corresponding information from the token database 144). In some embodiments, the payment token is a tokenized sixteen digit number. For instance, where the source payment account is a credit or debit card account, the tokenized sixteen digit number may be used as a payment credential in place of the original sixteen digit number of the credit or debit card. In this embodiment, the payment card token may have a unique BIN (e.g., the first four digits of the original card number), but retains the same last four digits as the original card number in order to accurately match the payment card token to the account holder (i.e., the payment card owner). The remaining numbers may be generated by the token provisioning circuit 142 using various tokenization or encryption algorithms. In some arrangements, the token is an encrypted copy of sensitive information itself (e.g., an encrypted charge account number).

Accordingly, in view of at least Lopez and Palanisamy disclosing the first, second, third, etc. tokens may correspond to one account (abstract, ¶¶7-8 of Lopez, Fig. 6 of Palanisamy (above), ), it would have been rendered obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to  have the the first, second, and third account identifiers sharing identical account provider identifiers of Lopez in view of  also have an identical set of terminal identifiers; modify the first, second, third, etc. tokens of Lopez in view of Palanisamy, Wang and Dill to all be sharing an identical set of terminal identifiers indicating the original customer PAN to which it corresponds to (and the account provider identifier, as explained above), in order to advantageously match the payment card token to the account holder (i.e., the payment card owner) (Col 9, lines 8-31 of Ho), and have user be able to more easily identify the underlying account being used in tokenized transaction.

While Examiner maintains Lopez in view of Palanisamy, Wang, Dill, and Ho disclose a restriction template (as noted in Examiner’s note above), since the set of restrictions are understood to be saved for later after being generated by token requestor per being used in subsequent transaction authorization processes using corresponding token (i.e., are templates), Examiner understands a narrower interpretation of the claims may disagree.  Arguendo, Martin discloses that the access control settings may be a template (¶60 in view of at least Fig. 5 and at least ¶102 of Martin)
¶60 of Martin: […] For example, if the criterion is “merchant category,” a drop down including “grocery,” “gas,” and the other merchant categories might be provided, while a criterion of “merchant” might allow free-form text entry and a criterion of “purchase amount” might allow numeric text entry. In some embodiments, a special value of “any” is available that will match any value for the criterion. Thus, one complete condition might be “If merchant is Wal-Mart” and another might be “If purchase amount is less than $10.00.” Of course, the flexibility of the funding account interface allows the user to specify a virtually limitless number of potential conditions. In some embodiments, some or all of the elements of the condition (or allocation) are fixed in the template provided to the user and cannot be altered.
Relevant portions of ¶102 of Martin: […] In some embodiments, multiple rules may apply to a given transaction, and payments may be assigned according to the rules […]. In some embodiments, rules may assign payments among multiple virtual budgeting accounts statically as defined by the rules […].
Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention for the method of Lopez in view of Palanisamy, Wang, Dill, Ho to have the domain controls be templates, as suggested by Martin, in order to advantageously save the user time from having to enter the cross-domain restrictions manually.

With respect to claim 2, Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin discloses: The access management system of claim 1, as mapped above.

Furthermore, Lopez discloses:  wherein each account identifier of the set of account identifiers independently identifies the account. (At least ¶¶65-66 in further view of ¶73 of Lopez, ):

¶65 of Lopez (In view of Fig. 3): […]. According to various embodiments, each token may serve as a proxy for the account identifier (e.g. the tokens may be used in lieu of the account identifier). […]
¶66 of Lopez (in further view of Fig. 3, S318): At S318, the token service computer 304 may generate one or more tokens for the account identifier in response to the request from the authorization computer 302. At S320, the token service computer 304 may store the generated tokens, as well as a mapping between the tokens and the account identifier at a storage (e.g. token vault 306).
¶73 of Lopez: (in view of Fig. 4 block diagram of Lopez): The transaction processing network 412 may analyze the authorization request message to determine whether the message includes a token. If the transaction processing network 412 determines that the authorization request message includes a token, the transaction processing network 412 provides the token to the token vault 414 and retrieves the account identifier (e.g. PAN) corresponding to (e.g. represented by) the token. The transaction processing network 412 may then replace the token with the account identifier in the authorization request message. 

With respect to claim 3, Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin discloses or otherwise renders obvious The access management system of claim 1 as mapped above.

    PNG
    media_image5.png
    528
    815
    media_image5.png
    Greyscale
Lopez fails to explicitly teach, but Palanisamy teaches wherein the second account identification card 
Lopez fails to disclose, but Dill discloses: is a virtual card […]. At least ¶¶54, 88, 229 of Dill, and ¶34 of Applicant Specification: “For example, a virtual card (e.g., stored in a user's smartphone) may be associated with multiple account identifiers.”)

¶54 of Dill: "Provisioning" may include a process of providing data for use. For example, provisioning may include providing, delivering, or enabling a token on a device. Provisioning may be completed by any entity within or external to the transaction system. For example, in some embodiments, tokens may be provisioned by an issuer or a payment processing network onto a mobile device.
¶88 of Dill: In some implementations, the consumer device 120 may be a mobile device such as a mobile phone
¶229 of Dill: In one embodiment, if the token 804 is a static token, the token 804 may be stored in a secure location on the consumer device 120, e.g., a secure element of the mobile device.
Examiner’s Note: Examiner interprets a virtual card includes mobile device comprising any credential corresponding to underlying account (whether or not it’s a token), under broadest reasonable interpretation, particularly in view of ¶34 of Applicant Specification (shown above). 
Accordingly, it would have been rendered obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the system of Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin be modified or otherwise capable of supporting tokenization for at least one accountholder account with multiple user devices (¶25 of Lopez and Fig. 6 of Palanisamy),  where devices of accountholder include at least one of a virtual card 

With respect to claim 4, Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin discloses the access management system of claim 1 (as shown above in claim 1 mapping).

 Lopez further discloses: the first account identifier is assigned to the first interface of the first account identification card, the second account identifier is assigned to the second interface of the first account identification card, (¶36 of Lopez):
¶36 of Lopez: The transaction card can be issued with at least two tokens: a first token and a second token. A first token may be provisioned on a contact, contactless or dual interface chip. […]. A second token (different from the first token) may be issued and displayed on the transaction card. In some embodiments, the second token may be dynamically displayed on the transaction card. For example, the second token may be displayed using a digital display. […].
Lopez fails to teach, but Palanisamy discloses: the third account identifier is assigned to the interface of the second account identification card: (Fig. 6, note: “First Payment Token” and “Second Payment Token” corresponding to Bob’s Device 1, and “First Payment Token” corresponding to Bob’s second device);(See also obviousness rationale of parent claim 1 above)

Lopez fails to teach, but Dill suggests: wherein the mapping data indicates [the first account identifier is assigned to the first interface of the first account identification card, the second account identifier is assigned to the second interface of the first account identification card and the third account identifier is assigned to the interface of the second account identification card.], generally (Fig. 4 and ¶167 in further view of ¶¶41, 53-55 of Dill): 

    PNG
    media_image6.png
    650
    820
    media_image6.png
    Greyscale



¶167 of Dill: Note that the entries [i.e., corresponding to attributes] shown in FIG. 4 are for illustrative purposes only and the token registry database 202A may include more or less entries. For example, the token registry database 202A may also include a PAN expiration date, MSISDN, PAN alias, UUID, IMEI, IMSI, MAID, authorization code of consumer verification done, etc.

a set of token attributes can be provided for each token. In some cases, the token attributes can govern how a token corresponding to a PAN may be subsequently used. [[…]

¶55 of Dill: "Token attributes" may include any feature or information about a token. For example, token attributes may include any information that can determine how a token can be used, delivered, issued, or otherwise how data may be manipulated within a transaction system. For example, token attributes may determine how a token may be used in place of a real account identifier (e.g., PAN) for a transaction. […] For example, token attributes may include a wallet identifier associated with the token, an additional account alias or other user account identifier (e.g., an email address, username, etc.), a device identifier, an invoice number, etc. […]


¶54 of Dill: Further, in some embodiments, an issuer may generate and notify a token vault of a token value and provide the token record information (e.g., token attributes) for storage in the token vault.


¶53 of Dill: In some embodiments, tokens may be device-specific such that each device associated with an account may be provisioned with a particular token. As such, if a transaction uses a token that is initiated by a different device than the device that the token was provisioned into, the transaction may be fraudulent. Accordingly, device information may be stored in the token vault and used to ensure that the device used in a transaction is associated with the token that is being used in the transaction. Additionally, because each token may be associated with a single device, one PAN or account may have multiple tokens associated with it, where each PAN may have a different token for the different devices that may be used to initiate a transaction associated with the PAN using a specific token. This provides additional security for transactions because network token systems have additional information to validate in order to control the use of sensitive information in a transaction processing system.

[and the third account identifier is assigned to the interface of the second account identification card.] (¶¶53 of Dill in further view of ¶ of Dill)


Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the system of Lopez in view of Palanisamy and Wang generate mapping data of the tokens stored as records in the token vault of Lopez, as suggested by Dill, resulting in records indicating domain restrictions such as the the first account identifier being assigned to the first interface of the first account identification card, the second account identifier being assigned to the second interface of the first account identification card,  the third account identifier assigned to an interface of a second account identification card associated with the account, etc., in order to advantageously implement a more secure restriction domain that further decreases the risk of account number theft originating from a large data breach. (e.g., ¶48 of Dill: “Since tokens can be limited to a specific domain, the risk of account number theft as a result of a large data breach is decreased as the potential for cross-channel fraud is diminished.”


With respect to claim 7, Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin discloses The access management system of claim 1, as shown in mapping above.

Furthermore, Lopez discloses further comprising restricting, […] use of each account identifier of the set of account identifiers to a particular interface. (at least ¶¶36-37, 67 of Lopez in further view of at least ¶¶47-48, 100 and 211 of Dill)
¶36 of Lopez: The transaction card can be issued with at least two tokens: a first token and a second token. A first token may be provisioned on a contact, contactless or dual interface chip. The first token may be restricted to in-person transaction channels such as terminal entry modes for contact, contactless or magnetic stripe transactions. In some embodiments, a different token may be issued and domain restricted to magnetic stripe transactions where chip card based cryptograms are not required for the transaction. […] The second token may be domain restricted to remote or e-commerce transactions (including key entered transactions). [bold added for emphasis].
¶37 of Lopez: […] The second token and the replacement second token are domain restricted to the same transaction type. That is, the second token and the replacement second token are restricted to the same communication channel between the transaction card and a token recipient device. [bold added for emphasis]. 

¶67 of Lopez: […] The tokens may be provisioned on the transaction card. According to various embodiments, each provisioned token may be associated with a different communication channel between the transaction card and a token recipient device. [bold added for emphasis].

Lopez fails to explicitly teach, but Dill teaches: further comprising restricting, based on the mapping data [use of each account identifier of the set of account identifiers to a particular interface.] (Fig. 4 in further view of ¶¶47, 66 of Dill and ¶¶100, 211 of Dill);
¶¶47-48 of Dill: Embodiments of the invention provide improved protection against the misuse of payment accounts by providing usage controls for tokens. Usage controls may include limiting tokens to a specific domain (e.g., a specified merchant, an assigned presentment mode or channel, etc.). For example, during transaction processing in some embodiments, a number of a validation steps may be performed including (1) validating the presence of the token as being provisioned to a device and being associated with a token record in the token vault, (2) validating the status of the token as active, and (3) verifying domain restriction controls including token entry mode, application authentication cryptogram validation, and token requestor identifier with the transaction information. […] Using embodiments of the invention, consumers and issuers may benefit from new and more secure ways to pay and improved approval levels. Since tokens can be limited to a specific domain, the risk of account number theft as a result of a large data breach is decreased as the potential for cross-channel fraud is diminished. […]
¶66 of Dill: A "token presentment mode" may indicate a method through which a token is submitted for a transaction. Some non-limiting examples of the token presentment mode may include machine readable codes (e.g., QR.TM. code, bar code, etc.), mobile contactless modes (e.g., near-field communication (NFC) communication), e-commerce remote modes, e-commerce proximity modes, and any other suitable modes in which to submit a token.

The token requestor 204 may specify configuration preferences or token attributes associated with tokens requested by the token requestor including, for example, token type (e.g., static or dynamic), supported token presentment modes (e.g., scan, contactless, e-commerce, etc.)
¶211 of Dill: […] Additionally, the application cryptogram [referring to exemplary authentication request message of Fig. 7] may be dependent on the transaction initiation method and type of application used to initiate the transaction. For example, the application cryptogram field 702G may have different values for 706G for different presentment modes such as QR.TM. code, NFC, etc. As such, in some embodiments, the application cryptogram may be used to ensure a token is being used in the designated transaction channel. For example, a token that is limited to NFC transactions only, may be associated with a NFC transaction application cryptogram algorithm and if the received application cryptogram is not validated with the NFC transaction application, the transaction may be declined. Accordingly, the application cryptogram allows for further transaction validation and control and provides the security benefits described above in reference to the token presentment mode.
Accordingly, it would have been additionally obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the system of Lopez in view of Palanisamy and Wang generate mapping data
With respect to claim 8, Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin, discloses: The access management system of claim 1, as mapped above in claim 1 mapping.

 Furthermore, Lopez discloses: wherein the set of account identifiers further includes a fourth account identifier, the fourth account identifier assigned to the first interface, (See mapping of claim 1 where Lopez discloses first and second account identifiers on first card and obviousness statement corresponding to Fig. 6 of Palanisamy disclosing a token on different device (i.e., first, second, and third tokens), in further view of  ¶8 of Lopez disclosing a third token on the first device (i.e., fourth account identifier device of Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin)):
¶8 of Lopez: The transaction card may store the account identifier or a first token representing the account identifier on the contact, contactless or dual-interface chip coupled to the transaction card. The transaction card may include a digital display that displays a second token representing the account identifier. The second token representing the account identifier may be provided on the transaction card using electronic ink. Thus, when the holder of the transaction card (e.g. the account holder, the user) needs to provide account information to a resource provider, the holder may not have access to the account identifier and may provide the second token instead. If the second token is compromised, the second token may be replaced without replacing the transaction card. The transaction card may store additional tokens representing the account identifier. For example, a third token may be stored at a magnetic stripe coupled to the transaction card. [i.e., a fourth token in view of Palanisamy and Lopez, as explained above]

Furthermore, Lopez fails to explicitly teach, but Dill discloses: [the fourth account] identifier only authorized for use in transactions with a specific entity. (¶47 in view of at least ¶78 and Fig. 4 of Dill discloses domain restrictions may include, the token requestor (e.g., accessor identifier, a merchant);
¶47 of Dill: […] (3) verifying domain restriction controls including token entry mode, application authentication cryptogram validation, and token requestor identifier with the transaction information […].
¶78 of Dill (In further view of Fig. 4 of Dill showing token records comprising attributes defining hypothetical restriction domain, as explained in parent claim 1 rejection (above)): In some embodiments, a token requestor identifier may be used in a transaction during authorization processing. For example, a token requestor identifier may be passed through a transaction request message to validate that the entity that is initiating the transaction is the same as the entity that requested and manages the token. In some embodiments, an entity (e.g., digital or mobile wallet provider, merchant, merchant of record, payment enabler, etc.) can be assigned a token requestor identifier during an on-boarding or registration process. In some embodiments, an acquirer/acquirer processor/payment enabler (i.e., payment service provider) may populate the token requestor identifier for each merchant, mobile wallet provider, consumer, etc. into the authorization message field prior to submitting the authorization request message to a payment processing network.
Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to have the system of Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin, incorporate domain restrictions resulting in identifier only being authorized for use in transactions with a specific entity, as disclosed by Dill, in order 
¶48 of Dill: Using embodiments of the invention, consumers and issuers may benefit from new and more secure ways to pay and improved approval levels. Since tokens can be limited to a specific domain, the risk of account number theft as a result of a large data breach is decreased as the potential for cross-channel fraud is diminished. Additionally, merchants and acquirers can obtain new benefits associated with the higher assurance levels that some tokens may offer.


Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the system of Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin could have the fourth account identifier only authorized for use in transactions with a specific entity, as disclosed by Dill, in order to advantageously increase security of the tokens by further limiting their valid domains.

With respect to claim 10, Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin discloses: The access management system of claim 1 as mapped above. 

Furthermore, Lopez discloses: wherein the first interface of the first account identification card comprises: a face of the account identification card that is visually read, one or more tracks of a magnetic stripe, or an integrated circuit (At least claim 4 and ¶8 of Lopez)
Claim 4 of Lopez: The method of claim 3, wherein, after the at least one token is replaced with the replacement token, the replacement token is digitally displayed on the user device instead of the at least one token. 
¶8 of Lopez: The transaction card may store the account identifier or a first token representing the account identifier on the contact, contactless or dual-interface chip coupled to the transaction card. The transaction card may include a digital display that displays a second token representing the account identifier. […] For example, a third token may be stored at a magnetic stripe coupled to the transaction card.

With respect to claim 11, it is rejected under the same rationale as claim 1 (above), mutatis mutandis. 

With respect to claim 12, it is rejected under the same rationale as claim 2 (above), mutatis mutandis. 

With respect to claim 13, it is rejected under the same rationale as claim 3 (above), mutatis mutandis. 

 With respect to claim 14, it is rejected under the same rationale as claim 1 (above), mutatis mutandis. 

With respect to claim 18, it is rejected under the same rationale as claim 8 (above), mutatis mutandis. 

With respect to claim 19, it is rejected under the same rationale as claim 1 (above), mutatis mutandis. 

With respect to claim 20, it is rejected under the same rationale as claim 10 (above), mutatis mutandis.

With respect to claim 21, Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin discloses: The access management system of claim 1, as shown in mapping above.

Lopez fails to explicitly teach, but Dill teaches: wherein the account provider identifiers comprise a first set of digits of the account identifiers. (Fig. 4 in view of ¶¶65, 192 of Dill. Examiner further notes Fig. 6 of Palanisamy suggesting account provider identifiers being first set of digits of the tokens)

    PNG
    media_image8.png
    647
    845
    media_image8.png
    Greyscale


¶65 of Dill: A "payment token issuer identifier" may include any series of characters, numbers, or other identifiers that may be used to identify an issuer associated with a payment token. For example, a payment token issuer identifier may include a token BIN that identifies a particular issuer associated with an account identified using the token. In some embodiments, a payment token issuer identifier may be mapped to a real issuer identifier (e.g., a BIN) for an issuer. For example, a payment token issuer identifier may include a six digit numerical value that may be associated with an issuer. For instance, any token including the payment token issuer identifier may be associated with a particular issuer. As such, the issuer may be identified using the corresponding issuer identifier range associated with the token issuer identifier. For example, a payment token issuer identifier "490000" corresponding to a payment token "4900 0000 0000 0001" can be mapped to an issuer identifier "414709" corresponding to a payment account identifier "4147 0900 0000 1234." [i.e., payment token issuer identifier of tokens is a form of account provider 
¶192 of Dill: As shown in the row 610, the first six digits of the PAN "4147 0900 0000 1234" include issuer BIN "414709." The network token "4900 0000 0000 0001" corresponding to this PAN include the token BIN range "490000-4900001" mapped to the issuer BIN "414709." In some embodiments of the invention, the same PAN number may be mapped to different network token numbers as shown in the rows 610 and 614. [i.e., per tokens mapping to corresponding pan, and Lopez in view of Palanisamy and Wang disclosing at least three tokens mapping to one account, it is understood applying technique of Dill would result in the three tokens (e.g., 16 digit token) sharing the first 6 digits. Furthermore, Examiner notes issuer BINs are bank identification numbers (i.e., account provider identifiers].
Accordingly, it would have been rendered obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to have the first, second, and third account identifiers (i.e., tokens) of Lopez in view of Palanisamy, Wang, and Dill advantageously all  comprise a first set of digits of the account identifiers, as suggested by Dill, in order to advantageously maintain compatibility / interoperability with BIN enabled payment processing networks (e.g., Visa, MasterCard, etc.), and support authentication by different entities (e.g., issuers, wallet providers, merchants, etc);(¶30 of Dill);

¶30 of Dill: Further, a token may be compatible with the current and further payment technologies, may be interoperable with Bank Identification Number (BIN) enabled payment processing networks (e.g., Visa[…] MasterCard[…], Discover […], etc.), and may be able to support authentication by different entities (e.g., issuers, wallet providers, merchants, etc.) in the payment system.

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over United Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin, as applied in parent claims 1 (and 11), in further view of United States Application Publication No.  US-20100332387-A1 to Tanner (“Tanner”).

With respect to claim 5, Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin discloses The access management system of claim 1, as mapped above.

Furthermore, Lopez discloses: wherein an account holder of the account has access to the account via the second account identifier and the […](at least ¶96 and claim 4 of Lopez discloses provisioned tokens still being accessible even after one token is invalidated):
¶96 of Lopez: Embodiments also enable the card holder to continue using the account or the transaction card to conduct new transactions if one token is compromised. The card holder does not have to wait for a replacement card to arrive and be activated. Instead, the card holder may continue conducting transactions using the remaining token(s) on the transaction card. In addition, the replacement token may be provisioned on the transaction card on the same day that a token is identified as expired, stolen or compromised. Accordingly, embodiments provide valuable time savings by providing an efficient way to update data on a transaction card. [i.e., it is generally understood compromised credentials are commonly replaced for credit card payment devices]
Claim 4 of Lopez: The method of claim 3, wherein, after the at least one token is replaced with the replacement token, the replacement token is digitally displayed on the user device instead of the at least one token. [Examiner takes 
Lopez fails to explicitly teach, but Palanisamy discloses: the third account identifier: (See Fig. 6 of Palanisamy (above) in further view of obviousness rationale of parent claim 1 (above))

Additionally, Lopez fails to explicitly teach, but Tanner suggests: wherein an account holder of the account has access to [the account via the second account identifier and the third account identifier] while a new card is being issued, and wherein the new card is a replacement of the first account identification card. (¶108 of Tanner discloses that new (i.e., replacement) cards can be issued via the mail, and that a card is still functional until the new card arrives). 
¶108 of Tanner: […] the old card can be left with the holder and used until the new card arrives, and then deactivated. In sum, the relationship with the holder can be retained after the event ends. […]
Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the consumers of Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin could utilize their old payment devices (e.g., the first payment device) with the other valid tokens while a card replacement is ordered, as suggested by Tanner, in order to advantageously provide alternative to the user while replacement is in the mail (¶108 of Tanner).

With respect to claim 15, it is rejected under the same rationale as claim 5 (above), mutatis mutandis. 

Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over United Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin, as applied in parent claims 1 (and 11), in further view of United States Application Publication No.  US-20140236831-A1 to Flitcroft (hereinafter, Flitcroft).

With respect to claim 6, Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin discloses the method of claim 1, as mapped above.

Furthermore, Lopez fails to teach, but Dill discloses: after causing the first account identifier of the set of account identifiers to become invalid, reusing the first account identifier as a valid account identifier for an account that was previously unassociated with the first account identifier for an account that was previously unassociated with the first account identifier. (¶62 in view of ¶162 of Dill suggests token reuse for token requestors in general);
¶62 of Dill: A life-cycle expiration date may include a time or date where the network token system may recycle or reuse a previously issued token. For example, the life-cycle expiration date may be maintained by the network token system for the entire life-cycle of a token once a token has been used for a transaction. This can allow various entities to submit subsequent transactions (or other service requests) with the token for a set period. Once this period is expired, the expired token can be recycled for re-use. 
which can associate the new PAN to the static token or can generate a new static token for the new PAN.
(Examiner maintains the following limitations mapping in Flitcroft below are read upon in view of ¶¶62, 162 of Dill, as one of ordinary skill in the art would implicitly understands valid/active tokens would not be recycled, and the reused are for any token requestors of the tokenization system, but includes Flitcroft mapping for sake of ensuring complete mapping).

Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin arguably fail to disclose, but Flitcroft suggests: reusing for an account that was previously unassociated with the first account identifier for an account that was previously unassociated with the first account identifier. (¶97 in further view of at least ¶¶82-83, and ¶¶ 95-97 of Flitcroft heavily suggests reusing invalidated account identifiers (additional card numbers) as a valid account identifier for an account that was previously unassociated with the first account identifier):
¶97 of Flitcroft:  "While existing credit card formats allow for a sufficiently large number of available card numbers, numbers will need to be recycled for allocation. As the range of available numbers reduces ... additional or recycled numbers should be added back into this range to ensure that the allocation process is performed from a range sufficiently large...Such recycling can only occur after a number has been invalidated for further use and is no longer valid for refunds."));
¶¶82-83 of Flitcroft[…]. An additional constraint is that they must be different from all other conventional account numbers and all other single use numbers during their lifetime of validity. […]
To achieve these allocation requirements, an issuing bank decides within its total available range of credit cards to allocate a certain range or ranges of numbers to the single use system, referred to herein as the "available range." This may represent spare numbers using existing header sequences (e.g., the sequence of usually 4-6 digits that define the issuing institution and are used to route the card to the appropriate transaction processor) or within newly created header sequences. The numbers not allocated include existing credit card accounts for that issuer and sufficient spare capacity for new account holders and replacement numbers for existing customers. The additional non-embossed components of the card details and any card specific information that is transmitted during a transaction may be varied from card to card to enhance security and privacy of credit card transactions.
¶¶95-97 of Flitcroft: ¶95: A preferred feature of these additional credit card numbers is that they be constrained to be in the correct format for a credit card number with a valid check sum, while at the same time be mathematically unrelated to each other or to the master credit card. In certain situations, for single use numbers, the expiration date is virtually irrelevant. Thus, using the month code of the expiration date with said eleven digits, there are 12.times.10.sup.11, i.e., 1.2.times.10.sup.12, i.e., 1,200 billion possible unique codes available for any given credit card provider. This would allow for 50 transactions a month for 10 years for 200 million account holders, before any codes would have to be recycled or a new header code introduced. When it is understood that there are then another 10.sup.4 header numbers that a credit card provider can use, it will be appreciated that the structure and arrangement of existing master credit card numbers is sufficient to operate this invention with the advantage that the existing infrastructure of dealing with credit card transactions can be used with minimum modification. All that is required for the credit card provider is to store the generated numbers against the master credit card number or other type of account number.

¶96:  If, for example, the card is a VISA.RTM., card, there are approximately 21,000 issuing banks. The sixteen digit number has a "4" followed by a five digit code to identify the card issuer. The last number is a checksum to verify that it is a valid number. As a result, there are 21,000.times.10.sup.9.times.12 (252 trillion) unique numbers and associated expiry months. This number of codes is sufficient for 36,000 years of transaction processing at the current annual rate of approximately 7 billion transactions per year.

¶97:  While existing credit card formats allow for a sufficiently large number of available card numbers, numbers will eventually need to be recycled for allocation. As the range of available numbers reduces in size over time, additional or recycled numbers should be added back into this range to ensure that the allocation process is performed from a range sufficiently large to maintain random allocation. The length of time prior to recycling depends on the total number of available unique card codes available to an issuer and the number of transactions that use limited use numbers. Such recycling can only occur after a number has been invalidated for further use and is no longer valid for refunds. Once recycled, automatic fraud detection mechanisms that would normally be activated on the attempted reuse of a previously inactivated card need to be altered by removing the recycled number from the list of previously issued limited use numbers.
Examiner’s note: Examiner takes the stance that it is implicitly understood to one of ordinary skill in the art of tokenization (or one having common sense), that the recycling process considered by Flitcroft accounts for the fact that account holders will eventually die off before the 36,000-year time frame, and that reuse of account numbers may occur when older account holders are 
Accordingly, in view of Flitcroft disclosing that eventual recycling is needed, it would have been rendered obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate into the system of Lopez in view of Palanisamy, Wang, Dill, Ho, and Martin, the technique of reusing the invalidated reusing for an account that was previously unassociated with the first account identifier for an account that was previously unassociated with the first account identifier (as heavily implied by Flitcroft), in order to advantageously account for the eventuality that the range of available numbers of account identifiers (i.e., the tokens) would be used up (See ¶95-97 of Flitcroft), and to not recycle valid tokens.

With respect to claim 16, it is rejected under the same rationale as claim 6 (above), mutatis mutandis. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
United States Patent Publication No.  US-10915899-B2 to Lopez (“Lopez Patent”), corresponding to Lopez United States Application Publication reference relied upon in 103 rejection, disclosing methods for replacing tokens on user devices (Abstract), where user may have a plurality of user devices (Col 4, lines 31-36). Lopez Patent discloses the user devices include any device that may be used to conduct a financial transaction, and 
Non-Patent literature, "EMV Payment Tokenisation Specification - Technical Framework 1 Introduction v1.0" to EMVCo (“EMVCo”), previously mentioned in 101 argument (above), disclosing payment scheme similar to that of Dill / Lopez reference applied, and further disclosing a Token Vault, (similar to that of at least Dill and Lopez, as well as Rewis reference previously relied upon), including a corresponding definition (page 19) which states: 

“token vault may also maintain other attributes of the token requestor that are determined at the time of registration and that may be used by the Token Service Provider to apply domain restrictions or other controls during transaction processing”. 

Furthermore, page 69, Note of EMVCo states a use case of payment token may include payment token being provisioned on issued [physical] card which differs from PAN. §1.1 overview of EMVCo discloses that tokenisation in general is advantageous since the tokens may limit token use to a specific domain (as indicated by attributes), 

 United States Patent Publication No.  US-9256871-B2 to Anderson (“Anderson”), disclosing tokens containing the last 4 digits of the actual card number (Col 5, lines 4-7 and claim 19).

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARK A MALKOWSKI whose telephone number is (313)446-

	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ryan Donlon can be reached on (571) 270-3602.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ABDULMAJEED AZIZ/Primary Examiner, Art Unit 3695                                                                                                                                                                                                         


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Examiner takes the stance it is generally understood databases are software implementations.
        2 Examiner notes it is generally known in the field of payment cards / accounts that the first six digits of card correspond to a BIN (i.e., a unique identifier for issuing bank of account) for transaction routing purposes.