DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed February 3, 2022 has been entered. Claims 1-9 and 11-21 remain pending in the application. Applicant’s amendments to the Claims have overcome each and every objections and 112(b) rejections previously set forth in the Non-Final Office Action mailed November 10, 2021.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-9 and 11-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. 
The 2019 Revised Patent Subject Matter Eligibility Guideline (“2019 PEG”) also provides step(s) in determining eligibility under 35 U.S.C. § 101. Specifically, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter (Step 1).  If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so, it must additionally be determined whether the claim is a patent-eligible application of the exception (Step 2A Prong One). If an abstract idea is present in the claim, any additional elements in the claim must integrate the judicial exception into a practical application (Step 2A Prong Two). If not, the inquiry continues to see whether any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself (Step 2B).  Examples of abstract ideas include mathematical concepts, mental processes, and certain methods of organizing human activities including fundamental economic principles or practices.
Under the Step 1, Claims 1-11 are drawn to a method which is within the four statutory categories (i.e., a process). Claims 12-15 are drawn to a non-transitory computer-readable medium which is within the four statutory categories (i.e., a manufacture).Claims 16-20 are drawn to a device which is within the four statutory categories (i.e. a machine). 
Since the claims are directed toward statutory categories, it must be determined if the claims are directed towards a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea). Based on consideration of all of the relevant factors with respect to the claim as a whole, claims 1-20 are determined to be directed to an abstract idea. The rationale for this determination is explained below:  
With respect to claims 1, 12, and 16:
Claims 1, 12, and 16 are drawn to an abstract idea without significantly more. The claims recite receiving an electronic provisioning request, transmitting an electronic signal providing approval of the electronic provisioning request, initiating determination of an authentication score, comparing a location associated with the user of the first user device against an origin identifier of the first user device, electronically comparing transactions conducted on the first user device after transmitting approval of the electronic provisioning request with transactions conducted prior to the electronic provisioning request, determining whether the user has accessed an umbrella user account prior to the reception of the electronic provisioning request, transmitting an electronic suspend message to suspend the digital token, determining not to suspend the first user account, calculating an updated authentication score based on the compared transactions, determining that the updated authentication score fails to satisfy a threshold requirement, determining that the approval was proper, receiving a second provisioning request, determining whether the second provisioning request is for provisioning the second user account on the first user device, transmitting an electronic signal providing approval of the second provisioning request, and initiating determination of an updated authentication score for the provisioning of the first user account on the second user device. 
Under the Step 2A Prong One, the limitations of receiving a provisioning request, transmitting a signal providing approval of the provisioning request, determining that the approval was proper, receiving a second provisioning request, determining whether the second provisioning request is for provisioning the second user account on the first user device, and transmitting a signal providing approval of the second provisioning request,  as stated, are processes that, under its broadest reasonable interpretation, cover Certain Methods Of Organizing Human Activity such as managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions). In addition, the limitations of initiating determination of an authentication score, comparing a location associated with the user of the first user device against an origin identifier of the first user device, comparing transactions conducted on the first user device after transmitting approval of the provisioning request with transactions conducted prior to the provisioning request, determining whether the user has accessed an umbrella user account prior to the reception of the provisioning request, transmitting a suspend message to suspend the token, comparing transactions conducted after transmitting approval with transactions conducted prior to the provisioning request, calculating an updated authentication score based on the compared transactions, determining whether the updated authentication score fails to satisfy a threshold requirement, transmitting a suspend message to instruct limiting utilization of the token on the first user device, determining not to limit utilization of the token, and initiating determination of an updated authentication score for the provisioning of the first user account on the second user device, as stated, are processes that, under its broadest reasonable interpretation, cover Mental Processes such as concepts performed in the human mind (including an observation, evaluation, judgment, opinion). For example, but for the “electronic device”, “server”, “user device”, “electronic signal/request/message”, “digital token”, “electronically comparing”, “non-transitory computer-readable medium”, “processors”, and “computing device” language, “receiving a provisioning request”, “transmitting a signal”, “determining that the approval was proper”, “receiving a second provisioning request”, “determining whether the second provisioning request is for provisioning the second user account on the first user device”, and “transmitting a signal providing approval of the second provisioning request”, encompass the human activity, and “initiating determination of an authentication score”, “comparing a location associated with the user of the first user device against an origin identifier of the first user device”, “comparing transactions conducted on the first user device after transmitting approval of the provisioning request with transactions conducted prior to the provisioning request”, “determining whether the user has accessed an umbrella user account prior to the reception of the provisioning request”, “transmitting a suspend message to suspend the token”, “determining not to suspend the first user account”, “calculating an updated authentication score based on the compared transactions”, “determining that the updated authentication score fails to satisfy a threshold requirement”,   and “initiating determination of an updated authentication score for the provisioning of the first user account on the second user device” encompass the mental processes. The series of steps including receiving, transmitting, determining, receiving, determining, and transmitting belong to a typical following rules or instructions, because the data or information are exchanged among the parties (server, user devices, and third party) according to rules and instructions for the tokenized transactions. In addition, the series of steps including initiating, comparing, comparing, determining, transmitting, determining, calculating, determining, transmitting, determining, and initiating belong to a typical observation, evaluation, judgment, and/or opinion in human mind, because the steps are similar to what the human mind performs with concepts in its mind. Especially when the server, user device, third party are recited without technical details, they may be interpreted as people and their interaction as human interaction. Transmitting or computing of data and comparing data such as transactions can be performed manually by people or human mind. A term like “electronically” without technical details or context does not contribute much with respect to the 101 rejections.
Under the Step 2A Prong Two, this judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements – electronic device, server, user device, electronic signal/request/message, digital token, ‘electronically’, non-transitory computer-readable medium, processors, and computing device. The electronic device, server, user device, electronic signal/request/message, digital token, ‘electronically’, non-transitory computer-readable medium, processors, and computing device are recited at a high-level of generality (i.e., performing generic functions of an interaction) such that it amounts no more than mere instructions to apply the exception using a generic computer component, merely implementing an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea - see MPEP 2106.05(f). The additional elements are recited without technical details, which is surely at a high-level of generality, and the instant invention is not integrated in any deeper level into their conventional operations, indicating that the limitations are not indicative of integration into a practical application: Generally linking the use of the judicial exception to a particular technological environment or field of use—see MPEP 2106.05(h). Accordingly, these additional elements, individually or in combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea.
Under the Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception, reaffirming that the limitations are not indicative of integration into a practical application: Generally linking the use of the judicial exception to a particular technological environment or field of use. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements in the process amounts to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.
With respect to claims 2-9, 11, 13-15, and 13-21:
Dependent claims 2-9, 11, 13-15, and 13-21 include additional limitations, for example, determining whether the user accessed the umbrella user account on the first user device, comparing an operating system identifier of the first user device to an operating system identifier associated with the user, analyzing at least one location factor, utilizing only user access conducted via non-cellular networks, determining whether an International Mobile Equipment Identity (IMEI) of the first user device matches an IMEI associated with a prior access to the first user account, deleting the digital token, and determining whether the provisioning request is for provisioning the user devices, but none of these limitations are deemed significantly more than the abstract idea because, as stated above, they require no more than generic computer structures or signals to be executed, and do not recite any Improvements to the functioning of a computer, e.g., a modification of conventional Internet hyperlink protocol to dynamically produce a dual-source hybrid webpage, as discussed in DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1258-59, 113 USPQ2d 1097, 1106-07 (Fed. Cir. 2014) (see MPEP § 2106.05(a)); Improvements to any other technology or technical field, e.g., a modification of conventional rubber-molding processes to utilize a thermocouple inside the mold to constantly monitor the temperature and thus reduce under- and over-curing problems common in the art, as discussed in Diamond v. Diehr, 450 U.S. 175, 191-92, 209 USPQ 1, 10 (1981) (see MPEP § 2106.05(a)); or Applying the judicial exception with, or by use of, a particular machine, e.g., a Fourdrinier machine (which is understood in the art to have a specific structure comprising a headbox, a paper-making wire, and a series of rolls) that is arranged in a particular way to optimize the speed of the machine while maintaining quality of the formed paper web, as discussed in Eibel Process Co. v. Minn. & Ont. Paper Co., 261 U.S. 45, 64-65 (1923) (see MPEP § 2106.05(b)).
	Thus, taken alone, the additional elements do not amount to significantly more than the above-identified judicial exception (the abstract idea). Furthermore, looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology, and their collective functions merely provide conventional computer implementation or implementing the judicial exception on a generic computer. 
Therefore, whether taken individually or as an ordered combination, claims 2-9, 11, 13-15, and 13-21 are nonetheless rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.

Claim Rejections - 35 USC § 103
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8 and 11-21 are rejected under 35 U.S.C. 103 as being unpatentable over Powell et al. (US 2015/0127547 A1; hereinafter Powell) in view of Wong (US 2017/0295155 A1; hereinafter Wong), and in further view of Teso (US 2014/0136346 A1; hereinafter Teso).
With respect to claim 1:
	Powell teaches
A computerized method for authorizing an electronic device to conduct tokenized transactions, comprising: (See at least Powell: Abstract) 
receiving, by a provisioning server, an electronic provisioning request requesting authorization to provision a first user account associated with a user on a first user device; (By disclosing, a token requestor ID can identify a pairing of a token requestor (e.g., a mobile device, a mobile wallet provider, etc.) with a token domain (e.g., e-commerce, contactless, etc.). See at least Powell: paragraph(s) [0051], [0050] & [0048]) 
in real-time, transmitting an electronic signal providing approval of the electronic provisioning request... (By disclosing, the token request and issuance interface 912 may support real-time requests for issuance of a token for the PAN requested. See at least Powell: paragraph(s) [0172] & [0077])
in response to transmitting the electronic signal providing the approval of the electronic provisioning request, initiating determination of an authentication score for the provisioning of the first user account on the first user device, the determination comprising: (By disclosing, the token assurance (ID&V) interface 914 may pass a request for performing the ID&V at the issuance of the token to verify the account holder information and the PAN. Also, the input data elements passed through token assurance (ID&V) interface includes Token Requestor Risk Score. In addition, the issuer 104 or issuer agent(s) to perform account holder verification for satisfying the assurance necessary to complete the binding of the token to the PAN. See at least Powell: paragraph(s) [0176], [0091], [0192], [0077] & [0083]; Table 3) 
comparing a location associated with the user of the first user device against an origin identifier of the first user device; (As stated above, and by further disclosing, the input data elements passed through token assurance (ID&V) interface includes Device Information Variable. The Device Information attribute is comprised of a set of attributes regarding the credential, including IP address, operating system, geo-location, device ID and device category (origin identifier), such as laptop or phone. See at least Powell: paragraph(s) [0176]; Table 3)
electronically comparing transactions conducted on the first user device after transmitting approval of the electronic provisioning request with transactions conducted prior to the electronic provisioning request;... (By disclosing, in the event of lost or stolen device, original credential no longer valid, token requestor no longer carries the card-on-file, lost or stolen PAN, fraud alert on PAN, or fault alert on token, the token is unlinked from the PAN and the mapping is disabled for further use. That is, the transactions after and prior to the request are compared to manage the tokens. See at least Powell: paragraph(s) [0185]-[0186]; Table 9) 
based on the authentication score, transmitting an electronic suspend message to suspend the digital token. (By disclosing, the token service provider 904 may provide lifecycle updates through the interfaces to manage changes that affect an issued token. Lifecycle events may be handled using interfaces such as unlink token interface, suspend token interface, activate token interface, update token assurance interface and update PAN attributes interface. See at least Powell: paragraph(s) [0185]-[0186])
However, Powell does not teach ...determining whether the user has accessed an umbrella user account prior to the reception of the electronic provisioning request, wherein the umbrella user account is an account that, once credentials are provided, allows authorized access to one or more accounts, comprising the first user account.
Wong, directed to tokenization of co-network accounts and thus in the same field of endeavor, teaches
...determining whether the user has accessed an [umbrella] user account prior to the reception of the electronic provisioning request, ...; and (By disclosing, as part of generating the authorization request message, the transacting entity may communicate with a database which stores data such as data regarding the account owner, the payment device, or the account owner's transaction history with the transacting entity. See at least Wong: paragraph(s) [0052]; Abstract)
Furthermore, Wong, in the same field of endeavor, further teaches 
...receiving, by a provisioning server, an electronic provisioning request requesting authorization to provision a first user account associated with a user on a first user device; (By disclosing, the user (e.g. the account holder) 204 may have a co-network account that the user wishes to provision on the user device 202. The user 204 may send the provisioning request using the authorizing entity application 206 or the e-wallet application 208 stored on the user device by providing an account identifier (e.g. a primary account number (PAN)) for the co-network account to either one of these applications. See at least Wong: paragraph(s) [0042] & [0020]) 
[in real-time,] transmitting an electronic signal providing approval of the electronic provisioning request, the approval configured to authorize a third party to issue a digital token to the first user device authorizing the first user device to digitally utilize the first user account for tokenized transactions; (By disclosing, the authorizing computer system 212 may approve the tokenization of the account identified by the account identifier provided in the first provisioning request. See at least Wong: paragraph(s) [0045]) 
[in response to transmitting the electronic signal providing the approval of the electronic provisioning request,] initiating determination of an authentication score for the provisioning of the first user account on the first user device, the determination comprising: (By disclosing, examples of ID&V methods may include, but are not limited to, an account verification message, a risk score based on assessment of the primary account number (PAN) and use of one time password by the issuer or its agent to verify the account holder. See at least Wong: paragraph(s) [0044])
...based on the authentication score, transmitting an electronic [suspend] message [to suspend the digital token]. (By disclosing, the account may be restricted for use with transaction based on transaction location, transaction value, transaction time, etc. In such cases, the transaction analysis module 402 and the processor 412 may inform the token generation module 403 of such restrictions so that restricted use token(s) may be generated for that account. See at least Wong: paragraph(s) [0060])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the network token system teachings of Powell to incorporate the tokenization of co-network accounts teachings of Wong for the benefit of tokenization. (See at least Wong: paragraph(s) [0020])
However, Powell and Wong do not teach ...an umbrella user account, and ...wherein the umbrella user account is an account that, once credentials are provided, allows authorized access to one or more accounts comprising the first user account. 
Teso, directed to system and methods for processing in-stream transactions on micro-blogs and other social networks and thus in the same field of endeavor, teaches 
...determining whether the user has accessed an umbrella user account prior to the reception of the electronic provisioning request, wherein the umbrella user account is an account that, once credentials are provided, allows authorized access to one or more accounts comprising the first user account; and. (By disclosing, the account manager 402 may also include an umbrella account manager 412 that allows a user to manage multiple entities (or brands) under a single umbrella account. See at least Teso: paragraph(s) [0050])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Wong and Powell to incorporate the system and methods for processing in-stream transactions on micro-blogs and other social networks teachings of Teso for the benefit of managing multiple entities under a single umbrella account. (See at least Teso: paragraph(s) [0050])
Examiner’s Note: 
The limitations “to provision a first user account associated with a user on a first user device” in claim 1, lines 4-5; “to issue a digital token to the first user device authorizing the first user device to digitally utilize the first user account for tokenized transactions” claim 1, lines 7-9 are an intended use. No patentable weight is given. The recitation of the intended use of the claimed invention does not serve to differentiate the claim from the prior art. MPEP § 2103 I C states that language that suggests or makes optional but does not require steps to be performed or does not limit a claim to a particular structure does not limit the scope of a claim or claim limitation. An example of such language includes statements of intended use or field of use (MPEP §2103 I C).
With respect to claim 12:
	Powell teaches
	A non-transitory computer-readable medium comprising instructions that, when executed by one or more processors, cause a computing device to perform steps comprising: (See at least Powell: Abstract)
	As stated above with respect to claim 1, Powell, Wong, and Teso teach the limitations:
...receiving a provisioning request requesting authorization to provision a first user account associated with a user on a first user device; 
in real-time, transmitting an electronic signal providing approval of the provisioning request, the approval configured to authorize a third party to issue a digital token to the first user device authorizing the first user device to digitally utilize the first user account for tokenized transactions;  
in response to transmitting the electronic signal providing the approval of the provisioning request, initiate determining of an authentication score for the provisioning of the first user account on the first user device, the determination comprising: 
comparing a location associated with a user of the first user device against an origin identifier of the first user device; and 
determining whether the user has accessed an umbrella user account prior to the reception of the provisioning request;  
based on the authentication score, determining not to suspend the first user account;
electronically comparing transactions conducted on the first user device after transmitting approval of the provisioning request with transactions conducted prior to the provisioning request on at least one other device associated with the user; ... 
Powell further teaches
calculating an updated authentication score based on, at least, the compared transactions; and (By disclosing, the token service provider 904 may provide lifecycle updates through the interfaces to manage changes that affect an issued token. See at least Powell: paragraph(s) [0185])  
based on determining that the updated authentication score fails to satisfy a threshold requirement, transmitting an electronic suspend message to instruct limiting utilization of the digital token on the first user device. (By disclosing, examples of ID&V methods may include, but are not limited to, an account verification message, a risk score based on assessment of the primary account number (PAN) and use of one time password by the issuer or its agent to verify the account holder. In addition, a "token assurance level" may refer to an indicator or a value that allows the token service provider to indicate the confidence level of the token to PAN binding. Furthermore, the token service provider 904 may provide lifecycle updates through the interfaces to manage changes that affect an issued token. Lifecycle events may be handled using interfaces such as unlink token interface, suspend token interface, activate token interface, update token assurance interface and update PAN attributes interface. See at least Powell: paragraph(s) [0041]-[0042], [0078] & [0185]-[0186]; Table 9)   
Examiner’s Note: 
The limitations “to provision a first user account associated with a user on a first user device” in claim 12, lines 4-5; and “to issue a digital token to the first user device authorizing the first user device to digitally utilize the first user account for tokenized transactions” claim 12, lines 7-9 are an intended use. No patentable weight is given. The recitation of the intended use of the claimed invention does not serve to differentiate the claim from the prior art. MPEP § 2103 I C states that language that suggests or makes optional but does not require steps to be performed or does not limit a claim to a particular structure does not limit the scope of a claim or claim limitation. An example of such language includes statements of intended use or field of use (MPEP §2103 I C).
With respect to claim 16:
	Powell teaches
	A computing device comprising: (See at least Powell: Abstract) 
at least one processor; and (See at least Powell: paragraph(s) [0050], [0068] & [0071]; cl. 11) 
a non-transitory computer-readable medium comprising computer-executable instructions that, when executed, cause the computing device to: (See at least Powell: cl. 11) 
As stated above with respect to claim 1, Powell, Wong, and Teso teach the limitations:
...receive a provisioning request requesting authorization to provision a first user account associated with a user on a first user device; 
in real-time, transmit an electronic signal providing approval of the provisioning request, the approval configured to authorize a third party to issue a digital token to the first user device authorizing the first user device to digitally utilize the first user account; 
in response to transmitting the electronic signal providing the approval of the provisioning request, initiate determination of an authentication score for the provisioning of the first user account on the first user device by: 
comparing a location associated with the user of the first user device against an origin identifier of the first user device; 
electronically comparing transactions conducted on the first user device after transmitting approval of the electronic provisioning request with transactions conducted prior to the electronic provisioning request on at least one other device associated with the user; 
determining whether the user has accessed an umbrella user account prior to the reception of the provisioning request;...
	Wong, in the same field of endeavor, further teaches 
...based on the authentication score, determine that the approval was proper; (By disclosing, the authorizing computer system 212 may approve the tokenization of the account identified by the account identifier provided in the first provisioning request. See at least Wong: paragraph(s) [0045])
receive a second provisioning request requesting authorization to provision a second user account associated with the user; and (As stated above with respect to claim 1, and by further disclosing, the account (which may be associated with one or more user devices) may refer to any suitable account including payment accounts (e.g. a credit card account, a checking account, a savings account, a merchant account assigned to a consumer, a prepaid account, etc.). See at least Wong: paragraph(s) [0045] & [0026]) 
determine whether the second provisioning request is for provisioning the second user account on the first user device, and in response: (As stated above, see at least Wong: paragraph(s) [0045] & [0026]) 
if it is determined that the second provisioning request is for provisioning the first user device, transmit, in real time, an electronic signal providing approval of the second provisioning request, the approval based, at least in part, on the authentication score; or (As stated above with respect to claim 1, see at least Wong: paragraph(s) [0044]-[0045]) 
if it is determined that the second provisioning request is for provisioning on a second user device, initiate determination of an updated authentication score for the provisioning of the first user account on the second user device. (As stated above with respect to claim 1, see at least Wong: paragraph(s) [0044]-[0045]) 
Examiner’s Note: 
The limitations “to provision a first user account associated with a user on a first user device” in claim 16, lines 5-6; “to issue a digital token to the first user device authorizing the first user device to digitally utilize the first user account” claim 16, lines 8-10; and “to provision a second user account associated with the user” in claim 16, lines 22-23 are an intended use. No patentable weight is given. The recitation of the intended use of the claimed invention does not serve to differentiate the claim from the prior art. MPEP § 2103 I C states that language that suggests or makes optional but does not require steps to be performed or does not limit a claim to a particular structure does not limit the scope of a claim or claim limitation. An example of such language includes statements of intended use or field of use (MPEP §2103 I C).
With respect to claim 2:
	Powell, Wong, and Teso teach the method of claim 1, as stated above.
Teso, in the same field of endeavor, further teaches 
wherein determining whether the user accessed the umbrella user account comprises determining whether the user accessed the umbrella user account on the first user device. (By disclosing, the account manager 402 may also include an umbrella account manager 412 that allows a user to manage multiple entities (or brands) under a single umbrella account. In addition, the modules may be distributed over the web server 302, the API server 304, the APP server 306 and/or the user devices 324a-d. See at least Teso: paragraph(s) [0050] & [0072])
With respect to claim 3:
	Powell, Wong, and Teso teach the method of claim 1, as stated above.
Powell further teaches 
wherein it is determined that the user did not access the umbrella user account on the first user device prior to the electronic provisioning request, the method further comprising: 
comparing an operating system identifier of the first user device to an operating system identifier associated with the user. (By disclosing, the Device Information attribute is comprised of a set of attributes regarding the credential. This includes IP address, operating system, geo-location, device ID and device category. See at least Powell: Table 3)
With respect to claim 4:
	Powell, Wong, and Teso teach the method of claim 3, as stated above.
Powell further teaches wherein it is determined that the operating system identifier of the first user device does not match the operating system identifier associated with the user, the method further comprising: 
analyzing at least one location factor comprising at least one of: a location of the first user device upon receiving the electronic provisioning request; a current location of the first user device, a location of a second user device associated with the user at a point in time that the user accessed the umbrella user account, or a current location of the second user device. (By disclosing, the token requestor 114 may provide, among other information, account age and history, bill to/ship to addresses and contact information, IP address, device ID and device information, geo-location, and transaction velocity.. See at least Powell: paragraph(s) [0089] & [0176]; Table 3)
With respect to claim 5:
	Powell, Wong, and Teso teach the method of claim 1, as stated above.
Teso, in the same field of endeavor, further teaches 
wherein determining whether the user has accessed the umbrella user account prior to the reception of the electronic provisioning request comprises utilizing only user access conducted via non-cellular networks. (By disclosing, the request may be initiated from a social network. See at least Teso: paragraph(s) [0051])
With respect to claims 6 and 13:
	Powell, Wong, and Teso teach the method of claim 1 and the non-transitory computer-readable medium of claim 12, as stated above.
	Powell further teaches 
	wherein the location is determined from a source other than the first user device. (By disclosing, the mobile device 602 may initiate a QRC-based payment at a merchant location using a QRC reader 604. See at least Powell: paragraph(s) [0147])
With respect to claims 7 and 14:
	Powell, Wong, and Teso teach the method of claim 1 and the non-transitory computer-readable medium of claim 13, as stated above.
	Wong, in the same field of endeavor, further teaches 
	wherein the location is determined based on the user accessing the umbrella user account at the location using a second user device. (By disclosing, the account (which may be associated with one or more user devices) may refer to any suitable account including payment accounts. See at least Wong: paragraph(s) [0026])
With respect to claims 8 and 15:
	Powell, Wong, and Teso teach the method of claim 1 and the non-transitory computer-readable medium of claim 12, as stated above.
	Powell further teaches
	wherein the location comprises a known permanent address of the user. (By disclosing, the input data requested/obtained from the account holder 102 may include landline phone number or confirmed shipping address. See at least Powell: paragraph(s) [0091])
With respect to claim 11:
	Powell, Wong, and Teso teach the method of claim 1, as stated above.	Wong, in the same field of endeavor, further teaches
	wherein the electronic suspend message causes the first user device to delete the digital token. (By disclosing, the Token-to-PAN Token due to lost or stolen mapping is temporarily suspended and further use may be withheld. See at least Powell: paragraph(s) [0185]; Table 9)
With respect to claim 17:
	Powell, Wong, and Teso teach the computing device of claim 16, as stated above.
	Wong, in the same field of endeavor, further teaches 
	wherein it is determined that the second provisioning request is for provisioning the second user device for the second user account, the non-transitory computer-readable medium further comprises computer-executable instructions that when executed by the processor, cause the computing device to: (As stated above with respect to claim 1, see at least Wong: paragraph(s) [0042])
based on the updated authentication score, transmit an electronic message providing approval of the second provisioning request. (As stated above with respect to claim 1, see at least Wong: paragraph(s) [0045])
With respect to claim 18:
	Powell, Wong, and Teso teach the computing device of claim 17, as stated above.
	Powell further teaches 
	wherein the approval of the second provisioning request is done in real time. (By disclosing, the token request and issuance interface 912 may support real-time requests for issuance of a token for the PAN requested. See at least Powell: paragraph(s) [0172])
With respect to claim 19:
	Powell, Wong, and Teso teach the computing device of claim 16, as stated above.
	Powell further teaches 
	wherein it is determined that the second provisioning request is for provisioning the first user device based on receiving the second provision request from a device identifier associated with the first user device. (By disclosing, token attributes may include a wallet identifier associated with the token, an additional account alias or other user account identifier (e.g., an email address, username, etc.), a device identifier, an invoice number, etc. See at least Powell: paragraph(s) [0045])
With respect to claim 20:
	Powell, Wong, and Teso teach the computing device of claim 16, as stated above.
	Powell further teaches 
	wherein it is determined that the second provisioning request is for provisioning the second user device, and wherein the non-transitory computer-readable medium further comprises computer-executable instructions that when executed by the processor cause the computing device to:  (As stated above with respect to claim 1, see at least Wong: paragraph(s) [0042]) 
	based on the updated authentication score, transmit an electronic suspend message configured to provide instructions to limit utilization of the digital token on the first user device. (As stated above with respect to claim 1, Powell: paragraph(s) [0185]-[0186])
With respect to claim 21:
	Powell, Wong, and Teso teach the method of claim 1, as stated above.	Powell further teaches
	wherein when electronically comparing transactions conducted on the first user device after transmitting approval of the electronic provisioning request with transactions conducted prior to the electronic provisioning request, the transactions conducted prior to the electronic provisioning request were performed on at least one other device associated with the user. (By disclosing, in the event of lost or stolen device, original credential no longer valid, token requestor no longer carries the card-on-file, lost or stolen PAN, fraud alert on PAN, or fault alert on token, the token is unlinked from the PAN and the mapping is disabled for further use. That is, the transactions after and prior to the request are compared to manage the tokens. See at least Powell: paragraph(s) [0185]-[0186]; Table 9)
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Powell in view of Wong, and in further view of Teso, as applied to claim 1, and in still further view of Jain et al. (US 2018/0025148 A1; hereinafter Jain).
With respect to claim 9:
	Powell, Wong, and Teso teach the method of claim 1, as stated above.
However, Powell, Wong, and Teso do not teach further comprising determining whether an International Mobile Equipment Identity (IMEI) of the first user device matches an IMEI associated with a prior access to the first user account.
Jain, directed to incorporating risk-based decision in standard authentication and authorization systems and thus in the same field of endeavor, teaches 
further comprising determining whether an International Mobile Equipment Identity (IMEI) of the first user device matches an IMEI associated with a prior access to the first user account. (By disclosing, a non-exhaustive list of attributes used in device authentication is: malware detection; jailbreak/root detection; debugger detection (detecting if a debug session is attached to the application); location reading, accelerometer readings; gyroscope readings; compass readings; user navigation patterns; user swipe pattern; application tamper detection; device identifier (both software and/or hardware); an IMEI, device hardware details (CPU, RAM, GPU, etc.); a device certificate (either granted by an authentication server or provided by the device); a date and time; device software details (OS version, installed applications, etc.); a PIN/password or biometric protection on the device; a device token (hardware and/or software); a WiFi.RTM. Network ID (SSID); whether a device is plugged in; network proxy detection; and VPN detection. See at least Jain: paragraph(s) [0030])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Powell, Wong, and Teso to incorporate the incorporating risk-based decision in standard authentication and authorization systems teachings of Jain for the benefit of computing a risk of data security based on the previously collected and stored user device and/or user profile attributes. (See at least Jain: paragraph(s) [0033])

Response to Arguments
Applicant's arguments filed February 3, 2022 have been fully considered but they are not persuasive.
In response to applicant's argument with respect to the 101 rejections that Claim 1 is directed to a computerized method for authorizing a device to conduct tokenized transactions; claim 12 relates to instructions executed on one or more processors to direct a computing device; claim 14 is a computing device with a processor that computes particular provisioning steps.. the broadest possible reading of this claim could not include "social activities, teaching, and following rules or instructions.", it is noted that the elements such as tokenized transactions, processors, are computing device are recited without technical details, so that they may be interpreted as being performed by people. Transmitting and computing of data can be performed manually or mentally without using technical elements. Also, the term-wise limitation ‘electronically’ does not help with respect to the 101 rejections. In response to applicant’s further argument that as users may log into various devices, improving security protocols to incorporate authenticating the user device is a practical application in the world of tokenized transaction, it is noted that the features such as logging in and security protocols in relation to tokenized transaction are not recited in the rejected claim(s). 
In response to applicant's argument that Wong paragraphs 44-45 fails to disclose first approving the provisioning request and then, in response to the approved provisioning request signal, determining an authentication score, it is noted that Powell teaches that the token is issued (approved) first and then the ID&V method is performed. See at least Powell: paragraph(s) [0077], [0083], [0176], [0091] & [0192]; Table 3.
In response to applicant's argument that Wong fails to disclose the limitation of "comparing a location associated with the user of the first user device against an origin identifier of the first user device" as described in claim 1, it is noted that the input data elements passed through token assurance (ID&V) interface includes operating system, geo-location, device ID and device category (origin identifier). See at least Powell: paragraph(s) [0176]; Table 3.
In response to applicant's argument that Wong in view of Powell fails to disclose the limitation of "electronically comparing transactions conducted on the first user device after transmitting approval of the electronic provisioning request with transactions conducted prior to the electronic provisioning request," it is noted that the token lifecycle update interfaces include Unlink Token and Suspend Token to handle situations including lost or stolen device or PAN, etc. That is, transactions after the issuance of token are compared to transactions prior to it. See at least Powell: paragraph(s) [0185]-[0186]; Table 9.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Hammad et al. (US20080040276A1) teaches Transaction Authentication Using Network, including location of device.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAY LEE whose telephone number is (571)272-3309. The examiner can normally be reached Monday-Friday 8-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571)270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/C.C.L./Examiner, Art Unit 3685                                                                                                                                                                                                        

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685