DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This communication is in response to the applicant’s request for continued examination filed on 04/14/2022. Claims 1-2, 4, 9, 14-15, 17, 22, 33, and 35-36 are amended. Claims 6, 11-13, 18-19, and 23-26 have been cancelled. Claims 1-5, 7-10, 14-17, 20-22, and 27-36 are pending and have been examined on the merits.

Continued Examination
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 04/14/2022 has been entered.

Allowable Subject Matter
Claims 1-5, 7-10, 14-17, 20-22, and 27-36 are allowed. The proposed detecting and provisioning limitations appear to distinguish over prior art.
	detecting, by the financial institution computing system via the graphical user interface, a second selection of the second toggle to enable the second third-party account to access the financial account; 
	provisioning, by the financial institution computing system responsive to the second selection, a payment token that corresponds to the financial account, the second third-party account, and the second external device or system; 

	Vo teaches in Column 1: Lines 35 to Column 2, Line 8 that there is a second selection for a second toggle via a graphical user interface but does not teach it enabling a second third party account to access the financial account. Nor does Vo teach the provisioning.

Double Patenting
Claims 1-35 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-14 of U.S. Patent No. 10963589 further in view of Fakhraie, et al (US10963589) “Fakhraie”.

US Patent Application #15/629423
US Patent #10963589
1. (Currently Amended) A method of enabling users to change, via graphical interface, accessibility of accounts administered by a financial institution computing system, the method comprising: 

displaying, by the financial institution computing system via a computing device of a user, a graphical user interface that identifies a financial account of the user and that visually presents: 


a listing with a first account that is administered by a first external device or system, and 
a second account that is administered by a second external device or system, and 
a first toggle corresponding to the first account, and a second toggle corresponding to the second account, wherein the first toggle visually indicates that the financial account is accessible to the first account, and  the second toggle visually indicates that the financial account is not accessible to the second account; 









detecting, by the financial institution computing system via the graphical user interface, a first selection of the first toggle to disable access to the first account;

updating, by the financial institution computing system, in response to the first selection, a permission associated with an application programming interface facilitating access to the first account by the first external device or system; and 
















transmitting, by the financial institution computing system, to the first external device or system, based on the updated permission, at least one of (i) a denial of a request, received from the first external device or system via the application programming interface, to access the financial account, or (ii) a command revoking access of the first external device or system to the financial account.  






Claim 33

detecting, via the graphical user interface, a second selection of the second toggle to enable access to the financial account by the second device; 





updating, by the financial institution computing system, in response to the second selection, associated with an application programming interface facilitating access to the first account by the second device; 

transmitting, by the financial institution computing system to the second external device or system, based on the second permission, at least one of (i) an approval of a second request to access the financial account received from the second device via the application programming interface, or (ii) a second command granting access of the second device to the financial account
1. A security system of a first entity, the security system comprising one or more hardware processors configured to: 



serve, to a user device, an internet portal comprising an interactive graphical user interface (GUI) granting security control over account access permissions for client applications, wherein 


the internet portal is used as an access control portal provided for controlling account access by a service provider computing system of a second entity; 
present, by the first entity in the GUI of the internet portal, in response to verifying that the login credential grants access to the internet portal, an account listing comprising a financial account linked with one or more client applications which communicate, when executed on the user device, with the service provider computing system of the second entity; 


accept, via the internet portal, a login credential and verify that the login credential grants access to the internet portal; 


detect, via the account listing in the GUI of the internet portal, selection of the financial account comprising financial and nonfinancial account data; 

present, by the first entity in the GUI of the internet portal, an access permissions listing comprising one or more security settings attributable to a client application of the linked one or more client applications as a service provider client application running on the user device; 


detect, by the first entity via the access permissions listing in the GUI of the internet portal, selection of a first set of one or more security settings corresponding to one or more data types or functionalities associated with the client application; 

generate, by the first entity in response to the selection of the first set of security settings, an access token corresponding to the first set of security settings attributed to the client application and 

transmit the access token to the service provider computing system of the second entity indicating limited access, by the client application, to a first subset of the financial and nonfinancial data of the financial account; receive, from the service provider computing system of the second entity, a first application programming interface (API) call comprising the access token generated by the first entity and a first account request associated with the client application; 







present, in the GUI of the internet portal, the access permissions listing comprising the one or more security settings attributable to the client application; detect, via the access permissions listing in the GUI of the internet portal, selection of a different second set of one or more security settings corresponding to the one or more data types or functionalities associated with the client application;

in response to authenticating the received access token sent by the second entity and verifying that the first account request complies with the first set of security settings, 


grant the first account request to the client application; 

authenticate by the first entity the access token received and sent by the second entity and verify that the first API call complies with the first set of security settings attributed to the client application; 

receive by the first entity, from the service provider computing system of the second entity, a different second API call comprising the access token generated by the first entity and a second account request for the client application; determine by the first entity that the second API call does not comply with the second set of security settings attributed to the client application; and in response to determining by the first entity that the second API call does not comply with the second set of security settings, decline the second account request.

2. The system of claim 1, wherein the one or more processors are configured to verify that the first API call complies with the first set of security settings attributed to the client application by determining that the first request is for a data type or a functionality granted to the client application through the first set of security settings.


5. The system of claim 4, wherein the access control listing presented by the one or more processors comprises an access control corresponding to accessing information on financial transactions involving the financial account.

6. The system of claim 1, wherein the first set of security settings defines one or more data types in the account data that are accessible to the client application.

7. The system of claim 1, wherein the access control listing presented by the one or more processors comprises an access control corresponding to access to nonfinancial account data.


10. The system of claim 1, wherein the second set of security settings revokes all access permissions granted by the first set of security settings.

11. The system of claim 1, wherein the second set of security settings adds one or more access permissions not granted in the first set of security settings.

12. The system of claim 1, wherein the one or more processors are configured to, in response to detecting selection of the second set of security settings, deactivate the access token.

13. The system of claim 1, wherein the one or more processors are configured to, in response to detecting selection of the second set of security settings: generate a second access token corresponding to the second set of security settings attributed to the client application; and transmit the second access token to the service provider computing system for limited access, by the client application, to a second subset of the financial and nonfinancial data of the financial account.
2. (Currently Amended) The method of claim 1, wherein the command is a first command, and further comprising: detecting, by the financial institution computing system via the graphical user interface, a second selection of the second toggle to enable access to the second account; and transmitting, by the financial institution computing system, and in response to the second selection, a second command to the second external device or system to add a payment token associated with the financial account to a mobile wallet in order to add the financial account to the mobile wallet. 
4. The system of claim 1, wherein the access control listing presented by the one or more processors comprises an access control corresponding to financial transactions involving the financial account.

3. (Previously Presented) The method of claim 2, wherein the financial institution computing system is associated with a financial institution, and wherein the mobile wallet is not operated by the financial institution.  
8. The system of claim 1, wherein the access control listing presented by the one or more processors corresponds to financial transactions involving the financial account.
4. (Currently Amended) The method of claim 2, further comprising: detecting, by the financial institution computing system via the graphical user interface, a third selection of the second toggle to disable access to the second account; and transmitting, by the financial institution computing system, and in response to the third selection, a third command to the second external device or system to remove the payment token associated with the financial account from the mobile wallet in order to remove the financial account from the mobile wallet.  
It would be obvious to one of ordinary skill in the art before the filing of the instant application to include the toggles of Fakhraie to determine which accounts are accessible to other parties.
(Column 13, Line 65-Column 14, Line 5)
5. (Currently Amended) The method of claim 2, further comprising updating the second toggle to visually indicate that the financial account is not accessible to the second account.  
It would be obvious to one of ordinary skill in the art before the filing of the instant application to include the toggles to visually indicate an account is accessible or not. “The status indicators 416 indicate the status of various access permissions that the customer 102 has provided to various merchants.” (Column 27, Lines 38-44)
7. (Currently Amended) The method of claim 1, further comprising applying, based on the first and second toggles, purchase controls to a payment card associated with the financial account.  
Additionally, the user interface 1900 includes a plurality of different purchase controls 1904. Each of the purchase controls 1904 includes a toggle slider 1906 that allows the customer 102 to activate or deactivate a particular control associated with the debit card. 
(Column 45, Lines 46-50)
8. (Original) The method of claim 7, wherein the purchase controls prevent the payment card from being used at an automated teller machine or at a merchant point of sale.  
3. The system of claim 1, wherein the one or more processors are configured to determine that the second API call does not comply with the second set of security settings attributed to the client application by determining that the second request is for a data type or a functionality not granted to the client application through the second set of security settings.
9. (Currently Amended) The method of claim 1, further comprising: detecting, by the financial institution computing system via the graphical user interface, a second selection of the second toggle to enable access to the second account; and configuring, by the financial institution computing system, the application programming interface to communicate with the second external device or system and permit the second external device or system to access the financial account. 
9. The system of claim 1, wherein the second set of security settings revokes one or more access permissions granted in the first set of security settings.

10. (Currently Amended) The method of claim 1, further comprising updating the first toggle to visually indicate that the financial account is not accessible to the first account.  
Various embodiments relate to a method that may comprise providing a portal. The portal may be provided via a network such as the internet. The portal may be accessible via, for example, a user device (Summary)
27. (Currently Amended) The method of claim 1, wherein at least one of the first account and the second account is a mobile wallet. 
It would be obvious to one of ordinary skill in the art before the filing of the instant application to include the toggles of Fakhraie to use a mobile wallet.
28. (Currently Amended) The method of claim 1, wherein at least one of the first account and the second account is an ATM.  
The method 300 begins when a customer 102 is authenticated at 302. The financial institution computing system 110 receives an authentication request from the customer 102 via a computing device associated with the customer (e.g., a smartphone via a mobile banking application, a computing device via a web-based banking portal, etc.). In an alternate arrangement, the request may be received via an ATM (or other computing device allowing a user to perform financial transactions, such as receiving cash, making payments, transferring funds, etc.) (Column 25, lines 60-65)
29. (Currently Amended) The method of claim 1, wherein the first account is a mobile wallet, and the first external device or system is associated with a mobile wallet provider. 
As shown in FIG. 4, the customer 102 has selected a checking account. After selecting a specific account, a merchant listing 412 and a wallet listing 418 is populated. Each entry in the merchant listing 412 identifies a merchant (e.g., brick-and-mortar merchants and ecommerce merchants) to which the customer 102 has provided or may provide permission to make a payment with an account (e.g., the selected checking account) held by the customer 102 at the financial institution 104. (Column 26, Lines 55-60)
35. (New) The method of claim 1, further comprising deactivating, by the financial institution computing system, based on the updated permission, a payment token associated with the first account and stored on the computing device.
In some embodiments, responsive to the customer 102 revoking an access permission to a particular wallet, the financial institution computing system 110 may transmit a signal to a third party wallet provider associated with the wallet configured to cause a payment token or the like to be deleted at the third party wallet provider (Column 28, Lines 50-65)


	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time-wise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Response to Arguments
Applicant’s arguments, see pg. 11, filed March 9, 2022, with respect to 35 U.S.C. 112 (a) rejection have been fully considered and are persuasive.  The 35 U.S.C. 112 (a) rejection of Dec 29, 2021 has been withdrawn. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Each of the prior art listed in the PTO-892 and not directly recited in this office action, disclose anticipation and/or obviousness to combine concerning the applicant’s claims and are therefore included.
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TERRY N MURRAY whose telephone number is (313)446-6556. The examiner can normally be reached Monday-Thursday 6 AM-4 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/T.N.M./Examiner, Art Unit 3685                                                                                                                                                                                                        
/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685