DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 01/26/2022.

Response to Arguments
Applicant’s arguments with respect to claim(s) are rejected under 35 USC 103(a) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 3, 5,20 and 41 are rejected under 35 U.S.C. 103 as being unpatentable over Guglani et al US 2016/0092696 in view of Palanisamy et al US 2015/0199679.

As per claim 3, Guglani discloses a method comprising:
 	 receiving, by a token service computer, a token request message, the token request message being originated from a token requestor computer ( par 0006/0061The mobile device generates a token request message including the encrypted user data and sends the token request message to the token server computer); 
determining, by the token service computer, two or more access tokens based upon a single credential (0032 /0062 multiple tokens can be associated with a single account and 0032 The token can a substitute for the sensitive user data, i.e. a single credential. For example, a token may include any data that represents or is associated with a user, such as a payment account identifier, i.e. a token and par 0061 token(s) can be provisioned on the mobile device 110); and
 transmitting, by the token service computer, the two or more access tokens to the token requestor computer in a token response message (par 0063  0062] The token server computer 160 may be a server configured to receive a token request (also referred as a token provisioning request or a token request message), decrypt encrypted user data incorporated in the token request, identify an account (e.g. a payment account) associated with the user data, generate a token associated with the account, store the token, and/or provide the token to the mobile device 110.  And  The token generated by the token server computer 160 may be provided to the token SDK 112 provided on the mobile device 110 ), wherein the two or more access tokens comprise a cloud token for a mobile communication device that is associated with the token requestor computer (par 0066  The token SDK 112 may be in direct communication 182 with the token server computer 160 and request payment tokens , 160. Moreover, the token SDK 112 may be able to provide payment information for a mobile payment transaction in response to a request from the mobile application 111 in order to complete a payment transaction with an access device 120. And 0067 The mobile application 111 may provide the token key to the token SDK 112 during a transaction and request (or automatically cause) the token SDK 112 to retrieve the payment token from the token memory 113, i.e. the token requestor computer ).

wherein the two or more access tokens comprise a device specific token for a mobile communication device that is associated with the token requestor computer ( par 0040 tokens may be device-specific such that each device associated with an account may be provisioned with a particular token. And 0040 each token may be associated with a single device, one PAN or account may have multiple tokens associated with it, where each PAN may have a different token for the different devices that may be used to initiate a transaction associated with the PAN using a specific token and 0093  the token key provides additional security and can be shared with the mobile application 111 because the token key is not an account substitute  ).
 	Guglani does not disclose wherein the cloud token is a first payment token and the device specific token is a second payment token, the first payment token and the second payment token being substitutes for the single credential, the single credential being an account identifier.
 
 	Palanisamy  disclose wherein a token is a first payment token and the device specific token is a second payment token, the first payment token and the second payment token being substitutes for the single credential, the single credential being an account identifier ( par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN. ).

 Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of providing the multiple tokens for single account of Guglani, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.
 	


 	As per claim 5, Guglani disclose a method comprising: 
 	receiving, by a token service computer, a token request message, the token request message being originated from a token requestor computer ( par 0006/0061The mobile device generates a token request message including the encrypted user data and sends the token request message to the token server computer); 
 	determining, by the token service computer, two or more access tokens based upon a single credential (0032 /0062 multiple tokens can be associated with a single account and 0032 The token can a substitute for the sensitive user data, i.e. a single credential. For example, a token may include any data that represents or is associated with a user, such as a payment account identifier, i.e. a token and par 0061 token(s) can be provisioned on the mobile device 110); and wherein the two or more access tokens comprise a cloud token ( par 0062  generate a token associated with the account, store the token, and/or provide the token. i.e. access token a cloud token,  to the mobile device 110);
 	 transmitting, by the token service computer, the two or more access tokens to the token requestor computer in a token response message (par 0063  0062] The token server computer 160 may be a server configured to receive a token request (also referred as a token provisioning request or a token request message), decrypt encrypted user data incorporated in the token request, identify an account (e.g. a payment account) associated with the user data, generate a token associated with the account, store the token, and/or provide the token to the mobile device 110.  And  The token generated by the token server computer 160 may be provided to the token SDK 112 provided on the mobile device 110 ), wherein the two or more access tokens comprise a cloud token for a mobile communication device that is associated with the token requestor computer (par 0066  The token SDK 112 may be in direct communication 182 with the token server computer 160 and request payment tokens , i.e. cloud token , from token server computer 160. Moreover, the token SDK 112 may be able to provide payment information for a mobile payment transaction in response to a request from the mobile application 111 in order to complete a payment transaction with an access device 120. And 0067 The mobile application 111 may provide the token key to the token SDK 112 during a transaction and request (or automatically cause) the token SDK 112 to retrieve the payment token from the token memory 113, i.e. the token requestor computer ).

 	wherein the two or more access tokens comprise a device specific token for a mobile communication device that is associated with the token requestor computer ( par 0040 tokens may be device-specific such that each device associated with an account may be provisioned with a particular token. And 0040 each token may be associated with a single device, one PAN or account may have multiple tokens associated with it, where each PAN may have a different token for the different devices that may be used to initiate a transaction associated with the PAN using a specific token and 0093  the token key provides additional security and can be shared with the mobile application 111 because the token key is not an account substitute ).

 	Guglani does not disclose wherein the cloud token is a first payment token and the device specific token is a second payment token, the first payment token and the second payment token being substitutes for the single credential, the single credential being an account identifier.
 
 	Palanisamy  disclose wherein a token is a first payment token and the device specific token is a second payment token, the first payment token and the second payment token being substitutes for the single credential, the single credential being an account identifier ( par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN. ).

  	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of providing the multiple tokens for single account of Guglani, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.
 	



 	As per claim 20,  Guglani discloses a token service computer comprising: 
 	a processor (par 0156  the central processor 1406 to communicate with each subsystem and to control the execution of instructions from system memory 1404 ); and 
 	a non-transitory computer readable medium (par 0156  the central processor 1406 to communicate with each subsystem and to control the execution of instructions from system memory 1404 ), the non-transitory computer readable medium comprising code, executable by the processor to implement a method ( par 0156  the central processor 1406 to communicate with each subsystem and to control the execution of instructions from system memory 1404 ) comprising: 
 	receiving, by a token service computer, a token request message, the token request message being originated from a token requestor computer ( par 0006/0061The mobile device generates a token request message including the encrypted user data and sends the token request message to the token server computer); 
determining, by the token service computer, two or more access tokens based upon a single credential (0032 /0062 multiple tokens can be associated with a single account and 0032 The token can a substitute for the sensitive user data, i.e. a single credential. For example, a token may include any data that represents or is associated with a user, such as a payment account identifier, i.e. a token and par 0061 token(s) can be provisioned on the mobile device 110); and
 transmitting, by the token service computer, the two or more access tokens to the token requestor computer in a token response message (par 0063  0062] The token server computer 160 may be a server configured to receive a token request (also referred as a token provisioning request or a token request message), decrypt encrypted user data incorporated in the token request, identify an account (e.g. a payment account) associated with the user data, generate a token associated with the account, store the token, and/or provide the token to the mobile device 110.  And  The token generated by the token server computer 160 may be provided to the token SDK 112 provided on the mobile device 110 ), wherein the two or more access tokens comprise a cloud token for a mobile communication device that is associated with the token requestor computer (par 0066  The token SDK 112 may be in direct communication 182 with the token server computer 160 and request payment tokens , i.e. cloud token , from token server computer 160. Moreover, the token SDK 112 may be able to provide payment information for a mobile payment transaction in response to a request from the mobile application 111 in order to complete a payment transaction with an access device 120. And 0067 The mobile application 111 may provide the token key to the token SDK 112 during a transaction and request (or automatically cause) the token SDK 112 to retrieve the payment token from the token memory 113, i.e. the token requestor computer ).

wherein the two or more access tokens comprise a device specific token for a mobile communication device that is associated with the token requestor computer ( par 0040 tokens may be device-specific such that each device associated with an account may be provisioned with a particular token. And 0040 each token may be associated with a single device, one PAN or account may have multiple tokens associated with it, where each PAN may have a different token for the different devices that may be used to initiate a transaction associated with the PAN using a specific token and 0093  the token key provides additional security and can be shared with the mobile application 111 because the token key is not an account substitute  ).

 	Guglani does not disclose wherein the cloud token is a first payment token and the device specific token is a second payment token, the first payment token and the second payment token being substitutes for the single credential, the single credential being an account identifier.
 
 	Palanisamy  disclose wherein a token is a first payment token and the device specific token is a second payment token, the first payment token and the second payment token being substitutes for the single credential, the single credential being an account identifier ( par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN. ).

 Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of providing the multiple tokens for single account of Guglani, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.
 	
   	As per claim 41, Guglani in view of Palanisamy disclose the method of claim 3, Palanisamy discloses wherein the first payment token and the second payment token are each sixteen digits long(  [0053] The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN).
 
Claims 6, 25, 26, 35 and 37 are rejected under 35 U.S.C. 103 as being unpatentable over Guglani et al US 2016/0092696 in view of Palanisamy et al US 2015/0199679 in view of Kojima US 2019/0007306.

 	As per claim 6,  Guglani in view of Palanisamy disclose the method of claim 5, the combination discloses  the combinations discloses Palanisamy discloses wherein the two or more access tokens comprise a first token and a second token to be stored in the communication device (par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN), and a second token to be stored in the cloud storage location on the cloud server computer ( par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN).   
 	The combination does not discloses routing table for token type indicators.
 	However, Kojima discloses routing table for token type indicators (par 0098 and par 0100 Thus, according to the route identification information management table, the route indication processor 41 determines a route of a traffic flow identified by the token #1.[0100] The route controller 42 stores the route information given by the route indication processor 41 in a route information table. As illustrated in FIG. 9, the route information table stores therein a “route” in association with a token that identifies a target traffic flow. In this example, “App #5.fwdarw.App #4.fwdarw.App #3.fwdarw.App #2.fwdarw.App #1” is registered for the token #1. Further, “App #8.fwdarw.App #7.fwdarw.App #6” is registered for the token #5. As described above, applications stored in the edge server 40 are grouped by being associated with a token.).

   	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of providing the multiple tokens for single account of Guglani, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, based on the teaching of routing table for different tokens of Kojima, because doing so would control the routing of the token improve the traffic flow in the network (par 0098).

 	As per claim 25, Guglani in view of Palanisamy disclose the method of claim 21,  the combination disclose Palanisamy discloses wherein the token requestor computer that stores relationships between a communication device operated by a user( par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN), and a cloud storage location on a cloud server computer ( par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN).   
 	The combination does not discloses routing table for token type indicators.
 	However, Kojima discloses routing table for token type indicators ( par 0098 and par 0100 Thus, according to the route identification information management table, the route indication processor 41 determines a route of a traffic flow identified by the token #1.[0100] The route controller 42 stores the route information given by the route indication processor 41 in a route information table. As illustrated in FIG. 9, the route information table stores therein a “route” in association with a token that identifies a target traffic flow. In this example, “App #5.fwdarw.App #4.fwdarw.App #3.fwdarw.App #2.fwdarw.App #1” is registered for the token #1. Further, “App #8.fwdarw.App #7.fwdarw.App #6” is registered for the token #5. As described above, applications stored in the edge server 40 are grouped by being associated with a token).

   	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of providing the multiple tokens for single account of Guglani, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, based on the teaching of routing table for different tokens of Kojima, because doing so would control the routing of the token improve the traffic flow in the network (par 0098). 

 	As per claim 35, Guglani in view of Palanisamy disclose the token requestor computer of claim 31, Palanisamy discloses comprising relationships between a communication device operated by a user, (par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN), and a cloud storage location on a cloud server computer (par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN).   

 	The combination does not discloses a routing table that stores relationships between a communication device operated by a user.
 	However, Kojima discloses a routing table that stores relationships between a communication device operated by a user (par 0098 and par 0100 Thus, according to the route identification information management table,  the route indication processor 41 determines a route of a traffic flow identified by the token #1.[0100] T ), and a cloud storage location on a cloud server computer( par 0098 and par 0100 Thus, according to the route identification information management table, the route indication processor 41 determines a route of a traffic flow identified by the token #1.[0100] The route controller 42 stores the route information given by the route indication processor 41 in a route information table. As illustrated in FIG. 9, the route information table stores therein a “route” in association with a token that identifies a target traffic flow. In this example, “App #5.fwdarw.App #4.fwdarw.App #3.fwdarw.App #2.fwdarw.App #1” is registered for the token #1. Further, “App #8.fwdarw.App #7.fwdarw.App #6” is registered for the token #5. As described above, applications stored in the edge server 40 are grouped by being associated with a token).
   	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of providing the multiple tokens for single account of Guglani, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, based on the teaching of routing table for different tokens of Kojima, because doing so would control the routing of the token improve the traffic flow in the network (par 0098).

 	As per clam 37, Guglani in view of Palanisamy disclose The token requestor computer of claim 35, Palanisamy discloses a second token to be stored in the cloud storage location on the cloud server computer (par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN).   

 	The combination does not discloses wherein the routing table also stores token type indicators associated with a first token to be stored in the communication device	However, Kojima discloses wherein the routing table also stores token type indicators associated with a first token to be stored in the communication device ( par 0098 and par 0100 Thus, according to the route identification information management table, the route indication processor 41 determines a route of a traffic flow identified by the token #1.[0100] The route controller 42 stores the route information given by the route indication processor 41 in a route information table. As illustrated in FIG. 9, the route information table stores therein a “route” in association with a token that identifies a target traffic flow. In this example, “App #5.fwdarw.App #4.fwdarw.App #3.fwdarw.App #2.fwdarw.App #1” is registered for the token #1. Further, “App #8.fwdarw.App #7.fwdarw.App #6” is registered for the token #5. As described above, applications stored in the edge server 40 are grouped by being associated with a token).
   Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of providing the multiple tokens for single account of Guglani, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, based on the teaching of routing table for different tokens of Kojima, because doing so would control the routing of the token improve the traffic flow in the network (par 0098).  
As per claim 26, Guglani in view of Palanisamy in Kojima disclose the method of claim 25, Palanisamy discloses wherein the token requestor computer uses the routing table to retrieve the second payment token (par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN).
    Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of providing the multiple tokens for single account of Guglani, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, based on the teaching of routing table for different tokens of Kojima, because doing so would control the routing of the token improve the traffic flow in the network (par 0098).  


Claims 21-22, 26-29,31-36, 38-40, and 42 are rejected under 35 U.S.C. 103 as being unpatentable over Chan et al US 2016/0226879 in view of Spiers et al US 2012/0266231 in view of Palanisamy et al US 2015/0199679.

 	As per claim 21, Chan disclose a method comprising (fig.6): 
receiving, by a token requestor computer , i.e. the token client 404. from a communication device, i.e. a client computing device, , a single credential ( par 0082 ,a client computing device session with a web service according to an example embodiment. In step 410, in response to an initialization request to access protected web resources associated with the web service, an application or service 402 transmits an initialization message to the token client 404. Par 0085 the token client 604 requests a username and a password from the user, e.g., the web service credentials. The token client 604 receives the username and password from the user); 
transmitting, by the token requestor computer, i.e. the token client 604 .  a token request message comprising the single credential to a token service computer ( par 0086  In step 618, the token client 604 sends, i.e. transmitting..  a request for a new token to the token service computer 508).
receiving, by the token requestor computer from the token service computer, a token response message comprising two or more access tokens including a first access token and a second access token ( par 0084 , in step 520, the token service computer 508 transmits a valid access token to the token client 504.  And fig.6, at step 620 token service computer 608 returns access token to the token client 604 and  at step 630 return access token);
Chan does not explicitly disclose 
 transmitting, the first access token to the communication device; and 
transmitting, the second access token to a cloud server computer.  
However, Spiers discloses transmitting, the first access token to the communication device(par 0012,0154, transmitting, to a first computing system, the first token   and 0176  the organization network 302 may transmit the first token to the cloud zone 306, which then transmits the first token to a computing system in the cloud infrastructure 310 and claim 29 wherein the at least one memory of the cloud DMZ network stores computer-executable instructions that, when executed, cause the secure boot server at least to: receive, from the virtual machine, a request to download the operating system components, wherein the request includes at least a first token; transmit, to the organization computer network, the first token after receiving the request from the virtual machine to download components;) and; transmitting, the second access token to a cloud server computer( par 0178  the cloud orchestrator system 318 may transmit (see step 1004) the second token to the secure cloud zone 306 (e.g., secure boot server 1204). And claim 29 receive, from the organization computer network, a second token indicating authorization to transmit unique components to the virtual machine in response to the request to download components; and transmit, to the virtual machine, the unique components and the second token).
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, because doing so would provide cloud storage for the token. 
 The combination fails to disclose wherein the first access token is a first payment token and the second access token is a second payment token, the first payment token and the second payment token being substitutes for the single credential, the single credential being an account identifier.
 However Palanisamy  disclose wherein a token is a first payment token and the device specific token is a second payment token, the first payment token and the second payment token being substitutes for the single credential, the single credential being an account identifier ( par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN. ).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.


As per claim 22, Chan in view of Spiers  in view of Palanisamy discloses the method of claim 21, wherein the single credential is a real credential (Chan, par 0057  [0057] The authorization grant module 206 transmits an access token request to the token service computer 104 including the credential information. The token service computer 104 verifies the credential information in the access token request and if the credential information is valid that provides the real credential, transmits a response with an access token to the authorization grant module 206.).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.


 
 	As per claim 26. Chan in view of Spiers in view of Palanisamy discloses The method of claim 25, wherein the token requestor computer uses the routing table to retrieve a cloud token (Chan, 0068  The token refresh module 210 retrieves the access token using the access token parameter map and stores the access token in the token cache 204, i.e. routing table).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.
 
 	As per claim 27. Chan in view of Spiers in view of Palanisamy discloses the method of claim 21, wherein the token request message also comprises a token requestor computer identifier (par 0006, token metadata, cache the credentials information and the token metadata in a token cache and return a session identifier that maps to a cache key to retrieve the token metadata and the credentials information).  
  	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.

 	As per claim 28. Chan in view of Spiers in view of Palanisamy discloses the method of claim 21, wherein destinations of the two or more access tokens are determined by token type indicators ( Chan, par 0019  requesting access tokens from a token service computer  and par 0021 In a cloud or federated computer environment, the client computing device may have to obtain, cache, and utilize a large number of access tokens ).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.

 	As per claim 29. Chan in view of Spiers in view of Palanisamy discloses The method of claim 28, wherein the token type indicators include at least a type for device bound tokens and a type for cloud tokens (Spiers, par 0012,0154, transmitting, to a first computing system, the first token   and 0176  the organization network 302 may transmit the first token to the cloud zone 306, which then transmits the first token to a computing system in the cloud infrastructure 310 and claim 29 wherein the at least one memory of the cloud DMZ network stores computer-executable instructions that, when executed, cause the secure boot server at least to: receive, from the virtual machine, a request to download the operating system components, wherein the request includes at least a first token; transmit, to the organization computer network, the first token after receiving the request from the virtual machine to download components).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.

 	 

  	As per claim 31, Chan discloses a token requestor computer comprising: 
a processor (par 0039 The processor 114 and memory 116   ); and a non-transitory computer readable medium (par 0039 memory 116    ), the non-transitory computer readable medium comprising code, executable by the processor (par 0039 The processor 114 and memory 116 ), for implementing a method comprising: 
 	receiving, from a communication device i.e. the token client 604  , a single credential (par 0082 ,a client computing device session with a web service according to an example embodiment. In step 410, in response to an initialization request to access protected web resources associated with the web service, an application or service 402 transmits an initialization message to the token client 404. par 0085  the token client 604 requests a username and a password from the user, e.g., the web service credentials. The token client 604 receives the username and password from the user);  
 	transmitting a token request message comprising the single credential to a token service computer (par 0086  In step 618, the token client 604 sends, i.e. transmitting..  a request for a new token to the token service computer 508 ); 
 	receiving, from the token service computer, a token response message comprising two or more access tokens including a first access token and a second access token (par 0084 , in step 520, the token service computer 508 transmits a valid access token to the token client 504.  And fig.6, at step 620 token service computer 608 returns access token to the token client 604 and  at step 630 return access token ); 
Chan does not explicitly disclose 
 transmitting, the first access token to the communication device; and 
transmitting, the second access token to a cloud server computer.  
However, Spiers discloses transmitting, the first access token to the communication device(par 0012,0154, transmitting, to a first computing system, the first token   and 0176  the organization network 302 may transmit the first token to the cloud zone 306, which then transmits the first token to a computing system in the cloud infrastructure 310 and claim 29 wherein the at least one memory of the cloud DMZ network stores computer-executable instructions that, when executed, cause the secure boot server at least to: receive, from the virtual machine, a request to download the operating system components, wherein the request includes at least a first token; transmit, to the organization computer network, the first token after receiving the request from the virtual machine to download components;) and; transmitting, the second access token to a cloud server computer( par 0178  the cloud orchestrator system 318 may transmit (see step 1004) the second token to the secure cloud zone 306 (e.g., secure boot server 1204). And claim 29 receive, from the organization computer network, a second token indicating authorization to transmit unique components to the virtual machine in response to the request to download components; and transmit, to the virtual machine, the unique components and the second token).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, because doing so would provide cloud storage for the token. 
The combination fails to disclose wherein the first access token is a first payment token and the second access token is a second payment token, the first payment token and the second payment token being substitutes for the single credential, the single credential being an account identifier.
 However Palanisamy  disclose wherein a token is a first payment token and the device specific token is a second payment token, the first payment token and the second payment token being substitutes for the single credential, the single credential being an account identifier ( par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN. ).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.


 
 As per claim 32, Chan in view of Spiers in view of Palanisamy discloses The method of claim 31, wherein the single credential is sixteen digits long(Chan, par 0057  [0057] The authorization grant module 206 transmits an access token request to the token service computer 104 including the credential information. The token service computer 104 verifies the credential information in the access token request and if the credential information is valid that provides the real credential, transmits a response with an access token to the authorization grant module 206.).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.

 	As per claim 33, Chan in view of Spiers in view of Palanisamy discloses The token requestor computer of claim 31, wherein the first access token is used by the communication device to access a secure location (Chan, par 0060 [0060] Thus, the authorization grant module 206 is a module for transmitting an authorization request together with credentials to one or more token services and retrieving access tokens from responses using the access token parameter map).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.

 	As per claim 34, Chan in view of Spiers in view of Palanisamy discloses The token requestor computer of claim 31, wherein the non- transitory computer readable medium comprises a token determining module and a credential transmitting module(Chan, 0068  The token refresh module 210 retrieves the access token using the access token parameter map and stores the access token in the token cache 204, i.e. routing table.).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.

 	As per claim 36, Chan in view of Spiers in view of Palanisamy discloses The token requestor computer of claim 35, wherein the routing table can be used to retrieve a cloud token( par 0006, token metadata, cache the credentials information and the token metadata in a token cache and return a session identifier that maps to a cache key to retrieve the token metadata and the credentials information).  
  	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.

 	
 	As per claim 38, Chan in view of Spiers discloses The token requestor computer of claim 31, wherein destinations of the two or more access tokens are determined by token type indicators (Chan, par 0019 requesting access tokens from a token service computer and par 0021 In a cloud or federated computer environment, the client computing device may have to obtain, cache, and utilize a large number of access tokens).   
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.


 	As per claim 39, Chan in view of Spiers in view Palanisamy discloses The token requestor computer of claim 38, wherein the token type indicators may include at least a type for device bound tokens and a type for cloud tokens(Spiers, par 0012,0154, transmitting, to a first computing system, the first token   and 0176  the organization network 302 may transmit the first token to the cloud zone 306, which then transmits the first token to a computing system in the cloud infrastructure 310 and claim 29 wherein the at least one memory of the cloud DMZ network stores computer-executable instructions that, when executed, cause the secure boot server at least to: receive, from the virtual machine, a request to download the operating system components, wherein the request includes at least a first token; transmit, to the organization computer network, the first token after receiving the request from the virtual machine to download components).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.


 	As per claim 40, Chan in view of Spiers in view of Palanisamy discloses The token requestor computer of claim 31, wherein the token request message comprises a token requestor computer identifier (Spiers, par 0061, The credentials or unique tokens used for this validation may be presented by the virtual machine during the connect phase and delivered to the VM during the unlock phase and may be stored in the VM only temporarily in the shared memory).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.
  	As per claim 42, Chan in view of Spiers in view of Palanisamy discloses wherein account identifier is a primary account identifier (Palanisamy, par 0028 A "payment token" may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN)   par 0046  the issuer server computer 150 can generate a plurality of first payment tokens based on a PAN. The payment processing server computer 140 may be part of a payment processing network that can generate a second plurality of payment tokens based on the first plurality of payment tokens. The second payment tokens may be provisioned to the payment device 115 and the communication device 120, and may be used by the consumer 110 to conduct purchase transactions  and 0053 The payment token generation module 445 may comprise code that causes the processor 441 to generate a second payment token, such as a second payment token that includes 16 digits and that resembles a PAN ).
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, because doing so would secure for the account identifier.

Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Chan et al US 2016/0226879 in view of Spiers et al US 2012/0266231 in view of Palanisamy et al 2015/0199679 in view of Yokoyama et al US 2005/0120211.

 	As per claim 24, Chan in view of Spiers in view of Palanisamy discloses the method of claim 21, further comprising: Spiers disclose transmitting the first access token to the communication device(par 0012,0154, transmitting, to a first computing system, the first token   and 0176  the organization network 302 may transmit the first token to the cloud zone 306, which then transmits the first token to a computing system in the cloud infrastructure 310 and claim 29 wherein the at least one memory of the cloud DMZ network stores computer-executable instructions that, when executed, cause the secure boot server at least to: receive, from the virtual machine, a request to download the operating system components, wherein the request includes at least a first token; transmit, to the organization computer network, the first token after receiving the request from the virtual machine to download components).
 	 The combination does not disclose encrypting, by the token requestor computer, the first access token using a public key in an RSA encryption scheme, the first access token being in encrypted form when the first access token is transmitted to the communication device, the communication device storing a private key corresponding to the public key.  
 	However, Yokoyama disclose encrypting, by the token requestor computer, the first access token using a public key in an RSA encryption scheme, the first access token being in encrypted form when the first access token is transmitted to the communication device, the communication device storing a private key corresponding to the public key ( par 0101 a public key cryptosystem such as the RSA (Rivest Shamir Adleman) is used in transferring the access token, which is then encrypted by using a public key of the other party to whom the access token is transferred. However, as another method, such a method, wherein a secret key by a common key encryptosystem such as the DES (Data Encryption Standard) or a triple DES is generated in one time, and the access token is encrypted by the one-time shared key and further the one-time shared key is encrypted by using the public key of the other party to whom the access token is transferred, thereafter the shared-key encrypted access token and the public-key encrypted shared key are transmitted to the other party to whom the access token is transferred, may be used).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  providing the multiple tokens to the token client of Chan, based on the teaching of distribution of the token to client computer and uploading the token to the cloud storage of Spiers, based on the teaching of sending the tokens of external device of token substitutes for an account identifier of Palanisamy, based on the teaching of encrypting the access token using the public key of Yokoyama, because doing so would encrypting token for distributing between client in the network to prevent falsify the permission token. 


Conclusion
Applicant's submission of an information disclosure statement under 37 CFR 1.97(c) with the fee set forth in 37 CFR 1.17(p) on 01/25/2022 and 12/08/2021 prompted the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 609.04(b).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314. The examiner can normally be reached EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JORGE ORTIZ CRIADO can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ABU S SHOLEMAN/Primary Examiner, Art Unit 2496