DETAILED ACTION

Status of Claims
This is a first office action on the merits in response to the application filed 1 April 2020.
Claims 1-14 are currently pending and have been considered by the examiner.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 21 July 2020 and 28 July 2021 was considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

 (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-2 and 4-6 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Dimmick et al (US 2016/0321652 A1).

In regards to Claim 1, Dimmick discloses a system for source independent consistent tokenization, the system comprising: 
one or more processors (See Para [0009] the present invention is directed to a server computer comprising a processor and a computer readable medium coupled to the processor); and 
one or more memories having stored thereon instructions that (See Para [0122] non-volatile, removable and nonremovable media implemented in any method or technology for storage and/or transmission of data such as computer readable instructions, data structures, program modules, or other data, including RAM, ROM, EEPROM, flash memory or other memory technology), upon execution by the one or more processors, cause the one or more processors to: 
receive, from a merchant server, a first authorization request for a first transaction, the first authorization request comprising a primary account number for an account of a customer (See Para [0008] receiving, by a first server computer transaction data. The first server computer may be a merchant plug-in module at a merchant computer, para (0039] A transaction authorization request message may be an electronic message that is transmitted to an authorization computer and requests authorization for a transaction, para [0057] The transaction request message may be for conducting a payment transaction using the primary account number); 
generate a first token associated with the primary account number (See Para [0057] The transaction request message may be for conducting a payment transaction using the primary account number represented by the token included in the transaction request message., See Para [0117] the merchant computer 204 may start the payment transaction by generating a transaction authorization request message including at least the authentication value and the token.); 
request a first authorization for the first transaction from an issuing host platform based on the primary account number (See Para [0021] The transaction data may include a token, an account number (e.g. a primary account number (PAN), user name, user billing address, etc. The merchant may forward the authentication request message to other servers in the system., See Para (0040] payment processing network and/or an issuer (i.e., an issuer computer) of a payment account to request authorization for a payment transaction, See Para (0118] When merchants or wallet providers send tokenized authentication request messages to the issuers it desirable to resolve the token to the corresponding account number before the authentication request reaches the issuer.); 
receive, from the issuing host platform, the first authorization for the first transaction (See Para [0041] The transaction authorization response message may include an authorization code, which may be a code that an account issuing bank returns in response to an transaction request message in an electronic message (either directly or through the payment processing network) to the merchant's access device); 
transmit, to the merchant server, an indication of the first authorization for the first transaction comprising the first token (See Para [0058] The issuer authorization computer 224 may authorize or deny the transaction. The issuer authorization computer 224 may generate a transaction response message indicating whether the transaction is authorized or denied. The issuer authorization computer 224 may send the transaction response message to the merchant computer 204 via the financial switch 222 and the acquirer 220., See Para [0115] the issuer access control server 21S may perform authentication using the data in the modified authentication request message to determine whether the user is the right); 
receive, from the merchant server, a second authorization request for a second transaction, the second authorization request comprising a second token representing the account of the customer, wherein the second token is not the first token or the primary account number (See Para [0064] the merchant plug-in module 206 may send the token to the token service provider 210. The token service provider 210 may interact with a token vault where tokens and corresponding account numbers are stored ... The token service provider 210 may query the token vault (e.g. the tables or the databases) and retrieve the account number (e.g. a primary account number (PAN)) corresponding to the token., See Para [0112] example, the token router module 402 may determine the token service provider 210 based on a format of the token. The format of the token may include a series of predetermined characters that are assigned to a specific token service provider.);
detokenize the second token (See Para [0057] The acquirer 202 or the financial switch 222 may then interact with the identified token provider to detokenize the token (send the token to the token service provider and receive the account number represented by the token). The acquirer 202 or the financial switch 222 may modify the transaction request message to replace the token with the corresponding account number);
identify the first token based on the detokenized second token (See Para [0075] If the authentication request message includes a token, the merchant plug-in module identifies a token provider associated with the token and interacts with the identified token provider to detokenize the token (e.g. receive an account number associated with the token)., See Para [0104] the token router module 402 may store the token and/or the mapping between the token and the credentials. In such embodiments, the token router module 402 may retokenize the credentials without communicating with the token service provider.);
request a second authorization for the second transaction from the issuing host platform based on the second token (See Para [0104] the token router module 402 may store the token and/or the mapping between the token and the credentials. In such embodiments, the token router module 402 may retokenize the credentials without communicating with the token service provider., See Para [0109] The merchant computer 204 may generate an authentication request message to be forwarded to an issuer access control server 21 S in order to authenticate that the consumer is the rightful owner or assignee of a payment account associated with the data transmitted by the consumer., See Para [0117] the merchant computer 204 may start the payment transaction by generating a transaction authorization request message including at least the authentication value and the token. The transaction authorization request message may also include the transaction amount, user identifying information, merchant identifying information, etc.); 
receive, from the issuing host platform, the second authorization for the second transaction (para [0074] the authorization computer 224 may send the transaction authorization response message to the payment processing network 222. At step 269, the payment processing network 222 may forward the transaction authorization response message to the acquirer 220. The acquirer 220 may interact with the token service provider 210 to re-tokenize the transaction authorization response message (steps 270 and 271) ... authorization response message to the merchant 204 informing the merchant 204 whether the transaction has been authorized by the authorization computer 224.); and
transmit, to the merchant server, an indication of the second authorization for the second transaction comprising the first token (See Para [0061] If the authentication information provided by the consumer matches the authentication information previously associated with the account being used for the proposed transaction, then the authentication response message may include data indicating that the authentication process was successful., See Para [0090] The token service provider 210 may query the token vault (e.g. the tables or the databases) and retrieve the account number (e.g. a primary account number (PAN)) corresponding to the token.).

In regards to Claim 2, Dimmick further discloses wherein the second token represents a pay wallet token for the account of the customer (See Para [0057], [0074], [0119]). 

In regards to Claim 4, Dimmick further discloses wherein the instructions to identify the first token based on the detokenized second token comprises further instructions that, upon execution by the one or more processors, cause the one or more processors to: obtain a merchant token from a token service provider based on the detokenized second token (See Para [0020], [0022], [0031], [0071], [0048]); and 
search a mapping database for the first token based on the merchant token (See Para (0056], [0070], (0082], [0095]).

In regards to Claim 5, Dimmick further discloses wherein the instructions to identify the first token based on the detokenized second token comprises further instructions that, upon execution by the one or more processors, cause the one or more processors to: 
obtain the primary account number based on the detokenized second token (See Para [0020], [0024], [0047], [0054]); and
search a mapping database for the first token based on the primary account number (See Para [0025], [0056], [0074], [0082]).

In regards to Claim 6, Dimmick further discloses wherein the one or more memories have stored thereon further instructions that, upon execution by the one or more processors, cause the one or more processors to:
receive, from the merchant server, a third authorization request for a third transaction, the third authorization request comprising the first token (See Para [0009], [0110]-[0112], [0117]); 
identify a merchant token associated with the primary account number based on the first token (See Para [0020], [0022], [0031], [0071], [0048]);
request a third authorization for the third transaction from an issuing host platform based on the merchant token (para [0031], [0071]-[0072], [0074], [0117]);
receive, from the issuing host platform, the third authorization for the third transaction (See Para [0031], [0058], [0065], [0074], [0117]); and
transmit, to the merchant server, an indication of the third authorization for the third transaction comprising the first token (para [0045], [0061], [0080], [0090]).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 3 and 7-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dimmick in view of Laxminarayanan et al (US 2017/0200165 A1).

In regards to Claim 3, Dimmick fails to disclose wherein the primary account number received from the merchant server is encrypted.  
However, in a similar field of endeavor, Laxminarayanan discloses wherein the primary account number received from the merchant server is encrypted (See Laxminarayanan: Para [0066], [0102], [0136].

Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the tokenization authentication of Dimmick’s with the merchant token verification of Laxminarayanan’s because this would allow for multiple merchants to be authorized to retrieve payment information from a particular account (See Dimmick: Para [0031], [0045], [0048], [0056], [0064]). 

In regards to Claim 7, Dimmick discloses a system for synchronizing payment account information with merchants, the system comprising: 
one or more processors (See Dimmick: Para [0009] the present invention is directed to a server computer comprising a processor and a computer readable medium coupled to the processor); and
one or more memories having stored thereon instructions that, upon execution the one or more processors (See Dimmick: Para [0122] non-volatile, removable and nonremovable media implemented in any method or technology for storage and/or transmission of data such as computer readable instructions, data structures, program modules, or other data, including RAM, ROM, EEPROM, flash memory or other memory technology), cause the one or more processors to:
receive, from an issuer server, a primary account number for a payment account of a user and a list (See Dimmick: Para (0020) the token in an authentication request may be resolved to corresponding credentials (e.g. a unique primary account number, para [0052] issuer access control server 21S may communicate with an authentication history server. The authentication history server may be a database connected to the issuer access control server 21S that can be accessed as part of the authentication process. For example, the authentication history server may store user authentication data associated with user device or primary account numbers (PAN).). 

Dimmick fails to disclose:
a plurality of merchant names, wherein each merchant name corresponds to a respective one of the plurality of merchants, and an access link for each of the plurality of merchants; obtain a token status for each merchant in the list, where each token status is associated with the primary account number and the associated merchant; provide the token status for each merchant in the list to the issuer server; receive a request to facilitate saving the payment account to a first merchant from the list, the request comprising merchant provision data for the first merchant; obtain a merchant token associated with the first merchant and the payment account based on the merchant provision data and the primary account number for the payment account; transmit the merchant token to a merchant server of the first merchant receive confirmation that the first merchant successfully saved the merchant token; and transmit a success indication to the issuer server.

However, in a similar field of endeavor, Laxminarayanan discloses a plurality of merchant names, wherein each merchant name corresponds to a respective one of the plurality of merchants, and an access link for each of the plurality of merchants (See Laxminarayanan: Para [0120] the payment token may be provided to and used by multiple token requesters. In this case, there may be multiple token requester IDs associated with the payment token in the token record database.); 
obtain a token status for each merchant in the list, where each token status is associated with the primary account number and the associated merchant (See Laxminarayanan: Para [0125] The verification value request message may also include information about the resource provider computer 530, such as a token requester ID, a merchant ID, an IP address or physical address, an acquirer BIN, See Laxminarayanan: Para [0127] the token provider computer 570 may identify the token record in the token record database based on the payment token, token expiration date, token requester ID, acquirer BIN, and/or any other suitable information in the verification value request message. The token provider computer 570 may authenticate the request); 
provide the token status for each merchant in the list to the issuer server (See Laxminarayanan: Para [0152] the resource provider computer 530 may inform the user device 120 that the transaction was successfully authorized. For example, the resource provider computer 530 may display a transaction success window on a website or email a transaction receipt. Settlement can happen at a later time (e.g., in a batch settlement process)., See Laxminarayanan: Para [0184] each verification value can be generated and provided individually. Accordingly, domain controls can be tailored and assigned for each intended transaction. For example, the token provider computer can assign token domain controls based on the identity of the token requester, the intended transaction amount (or maximum limit), the intended merchant);
receive a request to facilitate saving the payment account to a first merchant from the list, the request comprising merchant provision data for the first merchant (See Laxminarayanan: Para [0122] The payment token may be associated with a user account, a user device 520 identifier, or otherwise associated with the user. As a result, the payment token can be identified and utilized for future transactions between the user and resource provider. Thus, the resource provider computer 530 can be a card-on-file merchant that stores a payment token instead of a PAN., See Laxminarayanan: Para [0126] if the resource provider computer 530 is not a card-on­file merchant, it may not store the user's payment token, and thus may obtain both the payment token and verification value at the same time.);
obtain a merchant token associated with the first merchant and the payment account based on the merchant provision data and the primary account number for the payment account (See Laxminarayanan: Para [0111] The record format of FIG. S can be created by concatenating a payment token 401 with a token expiration date 402 and optionally a service code 403); 
transmit the merchant token to a merchant server of the first merchant (See Laxminarayanan: Para [0120] the payment token may be provided to and used by multiple token requesters. In this case, there may be multiple token requester IDs associated with the payment token in the token record database, See Laxminarayan: Para [0122] the resource provider computer 530 may store the payment token and token expiration date (e.g., in a token database or user database);
receive confirmation that the first merchant successfully saved the merchant token (See Laxminarayan: Para [0043] token domain may include, but are not limited to, payment channels (e.g., e­commerce, physical point of sale, etc.), POS entry modes (e.g., contactless, magnetic stripe, etc.), and merchant identifiers to uniquely identify where the token can be used. A set of parameters may be established as part of token issuance by the token service provider that may allow for enforcing appropriate usage of the token in payment transactions, See Laxminarayan: Para [0122] the payment token can be identified and utilized for future transactions between the user and resource provider. Thus, the resource provider computer 530 can be a card-on-file merchant that stores a payment token instead of a PAN.); and
transmit a success indication to the issuer server (See Laxminarayan: Para [0121] the token provider computer 570 may send a token response message back to the resource provider computer 530. The token response message may include the payment token, token expiration date, token requester ID, and/or any other suitable information., para [0169] The enabler computer 625 can then inform the resource provider computer 630 that goods can be released, and inform the user device 620 (e.g., via the content publisher computer). 

Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the tokenization authentication of Dimmick’s with the merchant token verification of Laxminarayanan’s because this would allow for multiple merchants to be authorized to retrieve payment information from a particular account (See Laxminarayana: Para [0031], [0045], [0048], [0056], [0064]).

In regards to Claim 8, Dimmick further discloses wherein the instructions to obtain a merchant token associated with the first merchant and the payment account comprises further instructions that, upon execution by the one or more processors, cause the one or more processors to:
transmit a provision request to a token service provider, the provision request comprising at least a portion of the merchant provision data (See Dimmick: Para [0071], [0095], [0117]. [0119]);
receive, in response to the provision request, an issuer token from the token service provider, wherein the merchant token is different from the issuer token (See Dimmick: Para [0043], [0049], [0095], [0142]); and 
save the merchant token, the issuer token, and a mapping that associates the merchant token and the issuer token in a secure data store (See Dimmick: Para [0042], [0049], [0062]-[0063], [0168]).

In regards to Claim 9, Laxminarayanan further discloses wherein the instructions to obtain a merchant token associated with the first merchant and the payment account comprises further instructions that, upon execution by the one or more processors, cause the one or more processors to save the merchant token, the primary account number, and a mapping that associates the merchant token and the primary account number in a secure data store (See Laxminarayanan: Para [0042], [0049], [0062]-[0063], [0168]).

In regards to Claim 10, Laxminarayanan further discloses wherein the request to facilitate saving the payment account to the first merchant comprises an indication that the payment account is a default payment account at the first merchant for the user and wherein the instructions to transmit the merchant token to the merchant server of the first merchant comprises further instructions that, upon execution by the one or more processors, cause the one or more processors to transmit an indication to save the merchant token as the default payment account for the user (See Laxminarayana: Para [0043], [0067), [0117], [0125], [0132]).

In regards to Claim 11, Dimmick discloses a system for synchronizing payment account information at a merchant, the system comprising: one or more processors (See Dimmick: Para [0009] the present invention is directed to a server computer comprising a processor and a computer readable medium coupled to the processor); and 
one or more memories having stored thereon instructions that, upon execution by the one or more processors (See Dimmick: Para [0122] non-volatile, removable and nonremovable media implemented in any method or technology for storage and/or transmission of data such as computer readable instructions, data structures, program modules, or other data, including RAM, ROM, EEPROM, flash memory or other memory technology), cause the one or more processors to:
generate a first token associated with the merchant and the payment account (See Dimmick: Para [0057] The transaction request message may be for conducting a payment transaction using the primary account number represented by the token included in the transaction request message., See Dimmick: Para [0071] The transaction authorization request message may also include the transaction amount, user identifying information, merchant identifying information, See Dimmick: Para [0117] the merchant computer 204 may start the payment transaction by generating a transaction authorization request message including at least the authentication value and the token.); and 
transmit the first token to the merchant server (See Dimmick: Para [0008] the third server computer may include a merchant server computer. The third server computer may generate the transaction authorization request message incorporating the token and the authentication value. In various embodiments, the transaction authorization request message may be de-tokenized using the token service provider and sent to an authorization computer for transaction authorization., See Dimmick: Para [0070] the merchant plug-in module 206 may send the account number to the token service provider 210 and receive the corresponding token from the token service provider 210.). 

Dimmick fails to disclose:
receive, from a merchant server of a merchant, a save request to facilitate saving a payment account of a user at the merchant server; transmit for display via a merchant user interface of the merchant and responsive to receiving the save request, a form comprising a data entry field for the user to enter a primary account number of the payment account; receive the primary account number received from the user via the form. 

However, in a similar field of endeavor, Laxminarayanan discloses receive, from a merchant server of a merchant, a save request to facilitate saving a payment account of a user at the merchant server (See Laxminarayanan: Para [0122] The payment token may be associated with a user account, a user device 520 identifier, or otherwise associated with the user. As a result, the payment token can be identified and utilized for future transactions between the user and resource provider. Thus, the resource provider computer 530 can be a card-on-file merchant that stores a payment token instead of a PAN., para [0126] if the resource provider computer 530 is not a card-on-file merchant, it may not store the user's payment token, and thus may obtain both the payment token and verification value at the same time.);
transmit for display via a merchant user interface of the merchant and responsive to receiving the save request, a form comprising a data entry field for the user to enter a primary account number of the payment account (See Laxminarayanan: Para [0038] Payment credentials may include any suitable information associated with an account (e.g., a payment account and/or payment device associated with the account). Such information may be directly related to the account or may be derived from information related to the account. Examples of payment credentials may include a PAN (primary account number)), para [0110] the verification value can be provided to the token requester. The verification value can be entered into an existing data field for a transaction, such as a CVV data field or any other suitable data field.); 
receive the primary account number received from the user via the form (See Laxminarayanan: Para [0038] "Payment credentials" may include any suitable information associated with an account ... Examples of payment credentials may include a PAN (primary account number, para [0167] the enabler computer 625 may collect a user's payment credentials, obtain a payment token from the token provider computer 670, and/or obtain a verification value associated with the payment credentials on behalf of the resource provider computer 630.). 

Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the tokenization authentication of Dimmick with the merchant token verification of Laxminarayanan’s because this would allow for multiple merchants to be authorized to retrieve payment information from a particular account (See Dimmick: Para [0031], [0045], [0048]. [0056], [0064]).

In regards to Claim 12, Dimmick further discloses wherein the instructions comprise further instructions that, upon execution by the one or more processors, cause the one or more processors to: 
transmit a provision request to a token service provider, the provision request comprising the primary account number and an indication of the merchant (See Dimmick: Para [0065]-[0067]); and
receive, in response to the provision request, a second token associated with the primary account number and the merchant (See Dimmick: Para [0071], [0082], [0104]-[0105]).

In regards to Claim 13, Dimmick further discloses wherein the instructions to generate the first token comprises further instructions that, upon execution by the one or more processors, cause the one or more processors to save the first token, the second token, and a mapping that associates the first token and the second token in a secure data store (See Dimmick: Para [0026], [0028], [0048], [0090]).

In regards to Claim 14, Dimmick further discloses wherein the instructions comprise further instructions that, upon execution by the one or more processors, cause the one or more processors to save the first token, the primary account number, and a mapping that associates the first token and the primary account number in a secure data store (See Dimmick: Para [0025], [0056], [0074], [0082]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Ortiz et al. (US 20180253727 A1) generally discloses systems and methods for processing secure data through the use of multiple secure payment tokens.
Krishnaiah et al. (US 20160071094 A1) generally discloses dynamic hybrid wallet tokens which are then detokenized via a secure connection to authorize transactions.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS K PHAN whose telephone number is (571)272-6748. The examiner can normally be reached M-F 8 am-5 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NICHOLAS K PHAN/Examiner, Art Unit 3685                                                                                                                                                                                                        
/JAMIE R KUCAB/Primary Examiner, Art Unit 3685