DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This is a first office action on the merits, in response to the claims filed on February 22, 2022.
Claims 1-20 are pending.
Claims 9-13 have been withdrawn.
Claims 1-8 and 14-20 have been examined.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  
Such claim limitation(s) is:
A system for binding a device to an identify, comprising: the device…in claim 14
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Therefore, by choosing to use a means-plus-function limitation and invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant limits that claim limitation to the disclosed structure, i.e., implementation by hardware or the combination of hardware and software, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim recites the following mean-plus-functions limitations:
A system for binding a device to an identify, comprising: the device…in claim 14
The noted above means plus function limitations 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because they use generic placeholders such as “device” coupled with functional language “receive from the device” without reciting sufficient structure to achieve the function.  Furthermore, the generic placeholder is not further modified by sufficient structure or material for performing the claimed function.  The generic placeholders mentioned above are considered generic because the following functions can be performed by either hardware or software and the words themselves do not imply obvious structure.
Since the claim limitation(s) invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claims 9, 10, 11 and 13 has been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.
If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).

Claim Rejections - 35 USC § 101
Section 33(a) of the America Invents Act reads as follows:  
Notwithstanding any other provision of law, no patent may issue on a claim directed to or encompassing a human organism.  

Claims 1-8 and 14-20 are rejected under 35 U.S.C. 101 and section 33(a) of the America Invents Act as being directed to or encompassing a human organism.  See also Animals - Patentability, 1077 Off. Gaz. Pat. Office 24 (April 21, 1987) (indicating that human organisms are excluded from the scope of patentable subject matter under 35 U.S.C. 101).
Claim 14 recites a system for binding a device to an identify, comprising: a third party; and a service. The claim further recites “receive from the device a request for binding the identity alias with the third party, and forward the request to the third party”. The third party does not include any structural components. Broadest reasonable interpretation of the third party is a human organism. Therefore, the system cannot include the third party (i.e., a human organism). 

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-5 and 14-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 1-5 are directed to a method and claims 14-18 are directed to a system. Therefore, these claims fall within the four statutory categories of invention. 
The claim recites binding a device to an identify. Specifically, the claims recite “generate an identity alias for the …, receive from the device a request for binding the identity alias with the third party, and forward the request to the third party; wherein the third party is configured to generate a challenge to the … responsive to the binding request; and wherein at least one of the third party and the service is configured to participate in authenticating the challenge, the … being bound to the identity upon successful authentication of the challenge.”, which is grouped within the “certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because it describes a process for carrying out a commercial interaction between parties that involves communicating data needed to complete binding a device. Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claim(s) such as a system and a device merely use(s) a computer as a tool to perform an abstract idea. Specifically, the system and device perform(s) the steps or functions of “generate an identity alias for the device, receive from the device a request for binding the identity alias with the third party, and forward the request to the third party; wherein the third party is configured to generate a challenge to the device responsive to the binding request; and wherein at least one of the third party and the service is configured to participate in authenticating the challenge, the device being bound to the identity upon successful authentication of the challenge.” The use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of using a system and a device to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of binding a device to an identify. As discussed above, taking the claim elements separately, the system and device perform(s) the steps or functions of “generate an identity alias for the device, receive from the device a request for binding the identity alias with the third party, and forward the request to the third party; wherein the third party is configured to generate a challenge to the device responsive to the binding request; and wherein at least one of the third party and the service is configured to participate in authenticating the challenge, the device being bound to the identity upon successful authentication of the challenge.” These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of binding a device to an identify. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.

Dependent claims: claim 2 recites wherein the identity alias is a tokenized personal account number (PAN). Claim 3 recites wherein the third party is an issuer associated with the PAN. Claim 4 recites wherein authenticating the challenge comprises authenticating the challenge at the third party. And claim 5 recites wherein authenticating the challenge comprises authenticating the challenge at the service. The dependent claims 2-5 further describe the abstract idea of binding a device to an identify. The dependent claims 2-5 do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims 2-5 are also not patent eligible.

Dependent claims: claim 15 recites wherein the identity is a financial instrument of the user. Claim 16 recites wherein the service is a token service provider, and wherein the identity alias is a tokenized personal account number (PAN). Claim 17 recites wherein the third party is an issuer associated with the PAN. And claim 18 recites wherein the device is enrolled with the token service provider. The dependent claims 15-18 further describe the abstract idea of binding a device to an identify. The dependent claims 15-18 do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims 15-18 are also not patent eligible.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-8 and 14-20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding claims 1 and 14: claim 14, recites “a system for binding a device to an identify, comprising: …; and a service configured to generate an identity alias for the device” which renders the claims indefinite. This claim is recited as a system (e.g., apparatus) claim. The proper claim construction of an apparatus is a description of the structural elements and their functions. However, the service appears to be an act rather than structural element of the system. It is unclear to a person of ordinary skill in the art, how the service can be a structural element of the system. Appropriate correction is required.

Regarding claims 1 and 14: claim 14, recites “wherein the third party is configured to generate a challenge to the device responsive to the binding request” which renders the claims indefinite. It is unclear to a person of ordinary skill in the art, in the manner generating the challenge for the device or sending the challenge to the device. Appropriate correction is required.

Claim 14 recites the following mean-plus-functions limitations:
A system for binding a device to an identify, comprising: the device…in claim 14
The noted above claim limitation invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Often the supporting disclosure for a computer-implemented invention discusses the implementation of the functionality of the invention through hardware, software, or a combination of both. In this situation, a question can arise as to which mode of implementation supports the means-plus-function limitation. The language of 35 U.S.C. 112(f) requires that the recited "means" for performing the specified function shall be construed to cover the corresponding "structure or material" described in the specification and equivalents thereof. Therefore, by choosing to use a means-plus-function limitation and invoke 35 U.S.C. 112(f) applicant limits that claim limitation to the disclosed structure, i.e., implementation by hardware or the combination of hardware and software, and equivalents thereof.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 103
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-5, 8, 14-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over LAHKAR et al. (US 20170032362 A1, “LAHKAR”) in view of ROYYURU et al. (US 20210279699 A1, “ROYYURU”).

Regarding claim 1: LAHKAR discloses: A method of binding a device to an identity, the method comprising:
enrolling the device with a service (LAHKAR [0040], “In some embodiments, the wallet server 300 may have already associated the device ID with the unique number. In that case, the wallet server 300 may confirm that the device ID and the unique number are correct, i.e., that the device ID is the correct ID for the mobile device identified by the unique number (block 72). If the device ID is not already associated with a unique number, the wallet server may associate the device ID and the unique number in block 72.”), (see paragraphs [0040], [0053], [0034] and [0036] and Fig. 2, Fig. 7 and Fig. 10);
generating an identity alias for the device (LAHKAR [0043], “the wallet server 300 generates a payment token (block 78) for each payment card for which payment information was received.”), (see paragraphs [0043] and [0054] and Fig. 2, Fig. 7 and Fig. 10);
requesting a binding of the identity alias with a [wallet server 300] (LAHKAR [0034], “an end user 50 of a mobile wallet app 200 requests 62 that the mobile wallet app 200 enroll the user's payment cards in the mobile wallet app 300. The user 50 may communicate this request to the mobile wallet app by, for example, selecting an appropriate button or menu option in the app, e.g., by tapping on a touchscreen. In some embodiments, this action may be the only user action required for the enrollment to complete.”), (see paragraphs [0041], [0053] and [0054] and Fig. 2, Fig. 7 and Fig. 10);
generating a challenge responsive to the binding request, the challenge being provided by the third party to the device (LAHKAR [0057], “In some embodiments, additional authentication may be required by the issuer server. For example, referring to FIG. 10, after the wallet server 300 sends a request for payment account (EMV) data to the issuer server 400 at message 74, the issuer server may respond with a request 55 for additional authentication from the user. The wallet server 300 may forward the request to the mobile wallet app 200, which prompts the user 50 to provide authentication data. The authentication data may include, for example, a PIN number associated with the payment account, a password, or other authentication data”), (see paragraph [0057] and Fig. 10);
authenticating the challenge (LAHKAR [0058], “The wallet server 300 then provides the authentication data to the issuer server 400, which validates the authentication data (block 59).”), (see paragraph [0058] and Fig. 10); and
binding the device to the identity alias at the service (LAHKAR [0043], “The wallet server 300 sends the payment token 80 to the mobile wallet app 200 to be provisioned on the mobile device 100. It will be appreciated that the actual primary account number (e.g., credit card number) is not stored on the mobile device 100.” [0044] “The mobile wallet app 200 then notifies 82 the user 50 that the registration process is complete. At this point, the mobile wallet app 200 has all the required information to perform financial transactions using the registered payment cards.”), (see paragraphs [0043]-[0044] and [0031] and Fig. 2, Fig. 7 and Fig. 10).

LAHKAR does not specifically disclose, however, ROYYURU, an analogous art of payment tokenization, discloses:
requesting a binding of the identity alias with a third party (ROYYURU [0049], “if the account has not previously been provisioned by the pay wallet 140, the user may wish to use push provisioning to provision the pay source into the pay wallet 140.” [0061] “The token service provider 115 may identify within the decrypted provision data the account information including the PAN data (e.g., the sixteen digit account number), the user information, the wallet data, and so forth, and use the identified information to generate a token to be used by the user within the pay wallet 140. The token service provider 115 may transmit a provision authorization, including the token and the issuer nonce, to the issuing host platform 155 as shown by arrow 250.” [0092], “in some embodiments, the issuing host platform and the issuer application server may be combined together into a single system (e.g., the domain servers 120).” [0108], “Upon receiving the logo, button image, or other identifying indicia information from the gateway 724, the issuer application server 708 may add that information to the third list of merchants.”), (see paragraphs [0049], [0061] and [0092] and Fig. 2 and Fig. 7).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify LAHKAR with ROYYURU to include a well-known function of provisioning token with an issuer (e.g., issuer of PAN) to cut cost, time and to enhance user experience and security. Issuing physical takes time and costs the issuer and/or user money to generate the card due to labor, material, and shipping costs and costs the issuer and/or user time to wait for generation and shipping of the card before the card can be used.

Regarding claim 2: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR further discloses: The method of claim 1, wherein the identity alias is a tokenized personal account number (PAN), (see paragraphs [0003] and [0032]).

Regarding claim 3: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR further discloses: The method of claim 2, wherein the third party is an issuer associated with the PAN (see paragraph [0032]).

Regarding claim 4: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR further discloses: The method of claim 1, wherein authenticating the challenge comprises authenticating the challenge at the third party (see paragraphs [0058] and [0017] and Fig. 10).

Regarding claim 5: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR further discloses: The method of claim 1, wherein authenticating the challenge comprises authenticating the challenge at the service (see claim 6 and paragraphs [0010]-[0011] and Fig. 2).

Regarding claims 8 and 20: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR does not specifically disclose, however, ROYYURU, an analogous art of payment tokenization, discloses: The method of claim 1, wherein authenticating the challenge comprises:
receiving an encrypted authorization code from the third party at a third party application running on the device, the authorization code encrypted with a third party key (ROYYURU [0059], “…The issuer mobile application server 160 may transmit the encrypted provision data to the issuer mobile application 130 as shown by arrow 240.”), (see paragraphs [0059] and [0056] and Fig. 2);
passing the encrypted authorization code from the third party to a service application running on the device (ROYYURU [0060], “The software development kit 135 may initiate a request to add the card to the pay wallet 140 by transmitting the encrypted provision data to the pay wallet 140 as shown by arrow 244.”), (see paragraph [0060] and Fig. 2);
receiving the encrypted authorization code at the service (ROYYURU [0060], “The pay wallet may transmit the provision request to the pay wallet server 125 by transmitting the encrypted provision data as shown by arrow 246. The pay wallet server 125 may transmit the provision request and the encrypted provision data to the token service provider 115 as shown by arrow 248.”), (see paragraph [0060] and Fig. 2);
decrypting the encrypted authorization code at the [The token service provider] using the third party key (ROYYURU [0061], “The token service provider 115 may use the encryption key to decrypt the encrypted provision data and may use the validation key to authenticate the data as from the encryption gateway.”), (see paragraph [0061] and Fig. 2) and
matching the decrypted authorization code with a known authorization code (ROYYURU [0061], “The token service provider 115 may identify within the decrypted provision data the account information including the PAN data (e.g., the sixteen digit account number), the user information, the wallet data, and so forth, and use the identified information to generate a token to be used by the user within the pay wallet 140.”), (see paragraph [0061] and Fig. 2)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify LAHKAR with ROYYURU to include a well-known function of provisioning token with an issuer (e.g., issuer of PAN) to cut cost, time and to enhance user experience and security. Issuing physical takes time and costs the issuer and/or user money to generate the card due to labor, material, and shipping costs and costs the issuer and/or user time to wait for generation and shipping of the card before the card can be used.

Regarding claim 14: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR further discloses: A system for binding a device to an identify, comprising:
the device (e.g., communication device 100), (see abstract and paragraph Fig. 1);
a third party (e.g., issuer servers 400), (see paragraph [0041] and Fig. 2); and 
a service configured to generate an identity alias for the device (LAHKAR [0043], “the wallet server 300 generates a payment token (block 78) for each payment card for which payment information was received.”), receive from the device a request for binding the identity alias with the [wallet server 300], and forward the request to the [wallet server 300] (LAHKAR [0034], “an end user 50 of a mobile wallet app 200 requests 62 that the mobile wallet app 200 enroll the user's payment cards in the mobile wallet app 300. The user 50 may communicate this request to the mobile wallet app by, for example, selecting an appropriate button or menu option in the app, e.g., by tapping on a touchscreen. In some embodiments, this action may be the only user action required for the enrollment to complete.” [0041], “Next, the mobile wallet app 200 connects 64 to the wallet server 300 to obtain a unique device ID for the mobile device 100.), (see paragraphs [0034] and [0041] and Fig. 2, Fig. 7 and Fig. 10);
wherein the third party is configured to generate a challenge to the device responsive to the binding request (LAHKAR [0057], “In some embodiments, additional authentication may be required by the issuer server. For example, referring to FIG. 10, after the wallet server 300 sends a request for payment account (EMV) data to the issuer server 400 at message 74, the issuer server may respond with a request 55 for additional authentication from the user. The wallet server 300 may forward the request to the mobile wallet app 200, which prompts the user 50 to provide authentication data. The authentication data may include, for example, a PIN number associated with the payment account, a password, or other authentication data”), (see paragraph [0057] and Fig. 10) and
wherein at least one of the third party and the service is configured to participate in authenticating the challenge (LAHKAR [0058], “The wallet server 300 then provides the authentication data to the issuer server 400, which validates the authentication data (block 59).”), the device being bound to the identity upon successful authentication of the challenge (LAHKAR [0043], “The wallet server 300 sends the payment token 80 to the mobile wallet app 200 to be provisioned on the mobile device 100. It will be appreciated that the actual primary account number (e.g., credit card number) is not stored on the mobile device 100.” [0044] “The mobile wallet app 200 then notifies 82 the user 50 that the registration process is complete. At this point, the mobile wallet app 200 has all the required information to perform financial transactions using the registered payment cards.”), (see paragraphs [0058], [0043]-[0044] and [0031] and Fig. 2, Fig. 7 and Fig. 10).

LAHKAR does not specifically disclose, however, ROYYURU, an analogous art of payment tokenization, discloses:
receive from the device a request for binding the identity alias with the third party, and forward the request to the third party (ROYYURU [0049], “if the account has not previously been provisioned by the pay wallet 140, the user may wish to use push provisioning to provision the pay source into the pay wallet 140.” [0061] “The token service provider 115 may identify within the decrypted provision data the account information including the PAN data (e.g., the sixteen digit account number), the user information, the wallet data, and so forth, and use the identified information to generate a token to be used by the user within the pay wallet 140. The token service provider 115 may transmit a provision authorization, including the token and the issuer nonce, to the issuing host platform 155 as shown by arrow 250.” [0092], “in some embodiments, the issuing host platform and the issuer application server may be combined together into a single system (e.g., the domain servers 120).” [0108], “Upon receiving the logo, button image, or other identifying indicia information from the gateway 724, the issuer application server 708 may add that information to the third list of merchants.”), (see paragraphs [0049], [0061] and [0092] and Fig. 2 and Fig. 7).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify LAHKAR with ROYYURU to include a well-known function of provisioning token with an issuer (e.g., issuer of PAN) to cut cost, time and to enhance user experience and security. Issuing physical takes time and costs the issuer and/or user money to generate the card due to labor, material, and shipping costs and costs the issuer and/or user time to wait for generation and shipping of the card before the card can be used.

Regarding claim 15: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR further discloses: The system of claim 14, wherein the identity is a financial instrument of the user (see paragraph [0032]).

Regarding claim 16: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR further discloses: The system of claim 15, wherein the service is a token service provider, and wherein the identity alias is a tokenized personal account number (PAN) (see paragraph [0032] and [0043] and Fig. 1 and Fig. 2).

Regarding claim 17: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR further discloses: The system of claim 15, wherein the third party is an issuer associated with the PAN (see paragraph [0032] and [0058] and Fig. 1 and Fig. 2).

Regarding claim 18: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR further discloses: The system of claim 17, wherein the device is enrolled with the token service provider (see paragraphs [0040], [0053], [0034] and [0036] and Fig. 2, Fig. 7 and Fig. 10).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over LAHKAR et al. (US 20170032362 A1, “LAHKAR”) in view of ROYYURU et al. (US 20210279699 A1, “ROYYURU”) further in view of Sprague et al. (US 20180254898 A1, “Sprague”).

Regarding claim 6: LAHKAR and ROYYURU, discloses as shown above.
LAHKAR further discloses: The method of claim 1, wherein enrolling the device with the service comprises:
sending a token request from the wallet server to the service, the token request including a PAN (LAHKAR [0050], “a mobile wallet app 200 may receive a request from a user 50 to enroll the user's financial accounts in the mobile wallet app (block 502). In response, the mobile wallet app 200 sends an enrollment request to a wallet server 300 (block 504).”);
creating a token at the service (LAHKAR [0043], “…the wallet server 300 generates a payment token (block 78) for each payment card for which payment information was received.”); and
sending the token to the [mobile wallet app 200] (LAHKAR [0043], “The wallet server 300 sends the payment token 80 to the mobile wallet app 200 to be provisioned on the mobile device 100.”) and […] (see paragraph [0043] and Fig. 2).

LAHKAR does not specifically disclose, however, ROYYURU, an analogous art of payment tokenization, discloses:
sending the token to the third party (ROYYURU [0061] “The token service provider 115 may identify within the decrypted provision data the account information including the PAN data (e.g., the sixteen digit account number), the user information, the wallet data, and so forth, and use the identified information to generate a token to be used by the user within the pay wallet 140. The token service provider 115 may transmit a provision authorization, including the token and the issuer nonce, to the issuing host platform 155 as shown by arrow 250.”);
sending an enrollment request from the wallet server to the service (ROYYURU [0040], “The pay wallet server 125 may interface between the token service provider 115 and the pay wallet 140 to provision the payment source in the pay wallet 140.”), (see paragraphs [0040] and Fig. 1);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify LAHKAR with ROYYURU to include a well-known function of provisioning token with an issuer (e.g., issuer of PAN) to cut cost, time and to enhance user experience and security. Issuing physical takes time and costs the issuer and/or user money to generate the card due to labor, material, and shipping costs and costs the issuer and/or user time to wait for generation and shipping of the card before the card can be used.

LAHKAR does not specifically disclose, however, Sprague discloses:
self-generating a key at the device (see paragraph [0099]); 
sending a device identifier and the key to a [website 206] (see paragraph [0099]);
sending an enrollment request from the wallet server to the service, the service capturing the device identifier and the key (see paragraph [0099]);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of LAHKAR and ROYYURU with Sprague to include a well-known function of generating keys for devices to enhance security.

Claims 7 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over LAHKAR et al. (US 20170032362 A1, “LAHKAR”) in view of ROYYURU et al. (US 20210279699 A1, “ROYYURU”) in view of Sprague et al. (US 20180254898 A1, “Sprague”) further in view of BYINGTON et al. (US 20210279699 A1, “US 20200154270 A1”).

Regarding claim 7: LAHKAR, ROYYURU and Sprague, discloses as shown above.
LAHKAR further discloses: sending a binding approval from the third party to the service (LAHKAR [0058], the Examiner considers the issuer server 400 provides 76 the EMV data to the wallet server 300 to be binding approval), (LAHKAR [0058], “The user 50 submits 57 the authentication data to the mobile wallet app 200, which forwards the data to the wallet server 300. The wallet server 300 then provides the authentication data to the issuer server 400, which validates the authentication data (block 59). If the authentication data is valid, the issuer server 400 provides 76 the EMV data to the wallet server 300, and operations proceed as described with respect to FIG. 2.”), (see paragraphs [0058] and Fig. 10).

LAHKAR does not specifically disclose, however, ROYYURU, an analogous art of payment tokenization, discloses:
decrypting the [encrypted provision data] at the service to recover the [provision data] (ROYYURU [0044], “The encryption ensures that only the destined token service provider 115 or the destined pay wallet server 125 can decrypt the data.” [0061], “The token service provider 115 may use the encryption key to decrypt the encrypted provision data and may use the validation key to authenticate the data as from the encryption gateway.”), (see paragraphs [0044] and [0061]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of LAHKAR and Sprague with ROYYURU to include a well-known function of provisioning token with an issuer (e.g., issuer of PAN) to cut cost, time and to enhance user experience and security. Issuing physical takes time and costs the issuer and/or user money to generate the card due to labor, material, and shipping costs and costs the issuer and/or user time to wait for generation and shipping of the card before the card can be used.

LAHKAR does not specifically disclose, however, BYINGTON, an analogous art of payment discloses: The method of claim 1, wherein authenticating the challenge comprises:
generating a one-time passcode (OTP) at the device (BYINGTON [0016], “The applet generates a symmetric key (e.g., randomly), encrypts the symmetric key and, optionally, a nonce and provides the encrypted symmetric key and the nonce to a server of the third party entity via the mobile payment system TSM server.”);
signing and encrypting the OTP at the device to generate an SEOPT (BYINGTON [0069], “generating a nonce, and generating a signed state, which may refer to generating a symmetric key and encrypting the symmetric key with the public key of the third party server 120.”), (see paragraphs [0069] and [0016] and Figs 5A-5B).
sending the SEOTP from the device to the service (BYINGTON [0070], The secure hardware component 208 may transmit the signed state to the SMP TSM server…” [0071], “The provisioning server 506 may transmit a request for a provisioning bundle to the card issuer server 508…”), (see paragraphs [0070]-[0071] and [0061]);
encrypting the OTP with a third party key to create an IOTP (BYINGTON, “encrypt all symmetric keys using OGBK…” step 27 of Fig. 5B. [0071], “The provisioning bundle may include a provisioning bundle token, a provisioning bundle certificate, and/or a provisioning data encryption certificate…”), (see paragraph [0071] and Fig. 5B);
sending the IOTP to the third party (BYINGTON [0070]-0071], “The secure hardware component 208 may transmit the signed state to the SMP TSM server 114. The SMP TSM server 114 may forward the signed state to the provisioning server 506. The provisioning server 506 may transmit a request for a provisioning bundle to the card issuer server 508,”), (see paragraphs [0070]-[0071] and Figs. 5A and 5B);
decrypting the IOTP at the third party to recover the OTP (BYINGTON [0071], “The card issuer server 508 decrypts the OBGK, verifies the signed state, and derives the symmetric key(s).” [0062], “The third party server 120 receives the encrypted symmetric key and nonce (422) and decrypts the symmetric key and, optionally, nonce using the private key that corresponds to the public key that was provisioned onto the secure hardware component 208 with the applet instance (424).”), (see paragraphs [0071], [0062] and [0016] and Fig. 5B); 
displaying the OTP at the device (BYINGTON [0035], “a mobile payment application on the electronic device 102 is instructed to refresh the displayed data to reflect the transaction. An example process flow for secure third party script generation and deployment through the mobile payment system 110 is discussed generally below with respect to FIG. 4, and is discussed in more detail below with respect to FIGS. 5A-B”[0078], “The output device interface 606 may enable, for example, the display of images generated by electronic system 600.”);
receiving the OTP at the service from a user of the device (BYINGTON [0061], “the secure hardware component 208 of the electronic device 102 transmits the encrypted script and nonce to the mobile payment system 110, such as to the SMP TSM server 114…” [0070], “The secure hardware component 208 may transmit the signed state to the SMP TSM server 114. The SMP TSM server 114 may forward the signed state to the provisioning server 506...”), (see paragraphs [0061] and [0070] and Figs. 5A-B);
comparing the recovered OTP with the OTP received from the user (BYINGTON [0063], “performs the transaction based at least in part on the decrypted data element (e.g., when the decrypted nonce matches the previously generated nonce (414)) (438).”), (see paragraph [0063]); and
responsive to the recovered OTP matching the OTP received from the user (see paragraph [0063]), […].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of LAHKAR, ROYYURU and Sprague with BYINGTON to include well-known function of encryption and decryption of data to enhance data security and user experience.

Regarding claim 19: LAHKAR, ROYYURU, Sprague and BYINGTON, discloses as shown above.
LAHKAR further discloses: approving the binding responsive to the [authentication] received from the user (LAHKAR [0058], the Examiner considers the issuer server 400 provides 76 the EMV data to the wallet server 300 to be binding approval), (LAHKAR [0058], “The user 50 submits 57 the authentication data to the mobile wallet app 200, which forwards the data to the wallet server 300. The wallet server 300 then provides the authentication data to the issuer server 400, which validates the authentication data (block 59). If the authentication data is valid, the issuer server 400 provides 76 the EMV data to the wallet server 300, and operations proceed as described with respect to FIG. 2.”), (see paragraphs [0058] and Fig. 10).

LAHKAR does not specifically disclose, however, ROYYURU, an analogous art of payment tokenization, discloses:
decrypting the signed and encrypted payload at the token service provider to recover the OTP (ROYYURU [0044], “The encryption ensures that only the destined token service provider 115 or the destined pay wallet server 125 can decrypt the data.” [0061], “The token service provider 115 may use the encryption key to decrypt the encrypted provision data and may use the validation key to authenticate the data as from the encryption gateway.”), (see paragraphs [0044] and [0061]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of LAHKAR, Sprague and BYINGTON with ROYYURU to include a well-known function of provisioning token with an issuer (e.g., issuer of PAN) to cut cost, time and to enhance user experience and security. Issuing physical takes time and costs the issuer and/or user money to generate the card due to labor, material, and shipping costs and costs the issuer and/or user time to wait for generation and shipping of the card before the card can be used.

LAHKAR does not specifically disclose, however, Sprague discloses:
validating that the payload contains a portion of the public key of the device (see paragraph [0006]);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of LAHKAR, ROYYURU and BYINGTON with Sprague to include a well-known function of generating keys for devices to enhance security.

LAHKAR does not specifically disclose, however, BYINGTON, an analogous art of payment discloses: The system of claim 18, wherein authenticating the challenge comprises:
generating a one-time passcode (OTP) at the device (BYINGTON [0016], “The applet generates a symmetric key (e.g., randomly), encrypts the symmetric key and, optionally, a nonce and provides the encrypted symmetric key and the nonce to a server of the third party entity via the mobile payment system TSM server.”); 
creating a payload at the device including the OTP and a portion of a public key of the device, and signing and encrypting the payload at the device (BYINGTON [0069], “generating a nonce, and generating a signed state, which may refer to generating a symmetric key and encrypting the symmetric key with the public key of the third party server 120.”), [0062], “The applet instance encrypts the symmetric key and the nonce using the public key of the third party server 120 (416), and the secure hardware component 208 of the electronic device 102 transmits the encrypted script and nonce to the mobile payment system 110, such as to the SMP TSM server 114 (418).”, (see paragraphs [0069], [0016] and [0040]-[0041] and Figs 5A-5B);
sending the signed and encrypted payload from the device to the token service provider (BYINGTON [0070], The secure hardware component 208 may transmit the signed state to the SMP TSM server…” [0071], The provisioning server 506 may transmit a request for a provisioning bundle to the card issuer server 508,), (see paragraphs [0070]-[0071] and [0061]);
encrypting the OTP with an issuer key to create an IOTP (BYINGTON, “encrypt all symmetric keys using OGBK…” step 27 of Fig. 5B. [0071], “The provisioning bundle may include a provisioning bundle token, a provisioning bundle certificate, and/or a provisioning data encryption certificate…”), (see paragraph [0071] and Fig. 5B);
sending the IOTP to the issuer (BYINGTON [0070]-0071], “The secure hardware component 208 may transmit the signed state to the SMP TSM server 114. The SMP TSM server 114 may forward the signed state to the provisioning server 506. The provisioning server 506 may transmit a request for a provisioning bundle to the card issuer server 508,”), (see paragraphs [0070]-[0071] and Figs. 5A and 5B); 
decrypting the IOTP at the issuer to recover the OTP (BYINGTON [0071], “The card issuer server 508 decrypts the OBGK, verifies the signed state, and derives the symmetric key(s).” [0062], “The third party server 120 receives the encrypted symmetric key and nonce (422) and decrypts the symmetric key and, optionally, nonce using the private key that corresponds to the public key that was provisioned onto the secure hardware component 208 with the applet instance (424).”), (see paragraphs [0071], [0062] and [0016] and Fig. 5B); 
displaying the OTP at the device (BYINGTON [0035], “a mobile payment application on the electronic device 102 is instructed to refresh the displayed data to reflect the transaction. An example process flow for secure third party script generation and deployment through the mobile payment system 110 is discussed generally below with respect to FIG. 4, and is discussed in more detail below with respect to FIGS. 5A-B”[0078], “The output device interface 606 may enable, for example, the display of images generated by electronic system 600.”); 
receiving the OTP at the token service provider from a user of the device (BYINGTON [0061], “the secure hardware component 208 of the electronic device 102 transmits the encrypted script and nonce to the mobile payment system 110, such as to the SMP TSM server 114…” [0070], “The secure hardware component 208 may transmit the signed state to the SMP TSM server 114. The SMP TSM server 114 may forward the signed state to the provisioning server 506...”), (see paragraphs [0061] and [0070] and Figs. 5A-B);
comparing the recovered OTP with the OTP received from the user (BYINGTON [0063], “performs the transaction based at least in part on the decrypted data element (e.g., when the decrypted nonce matches the previously generated nonce (414)) (438).”), (see paragraph [0063]); and 
[…] recovered OTP matching the OTP received from the user (see paragraph [0063]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of LAHKAR, ROYYURU, Sprague with BYINGTON to include well-known function of encryption and decryption of data to enhance data security and user experience.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAHED ALI whose telephone number is (571)270-1085.  The examiner can normally be reached on 8:00 - 5:00 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JAHED ALI/ Examiner, Art Unit 3685


/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685