Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2.	Applicant’s arguments filed on 10/17/2022, with respect to the rejection of claim 20 rejected under 35 U.S.C. §102(a)(1) as allegedly being anticipated by Shearer (U.S. 2017/0213206),  claims 1, and 11-18 stand rejected under 35 U.S.C. §103 as allegedly being unpatentable over Shearer in view of Vasu (U.S. 2017/0270517) and Holtmanns (U.S. 2012/0239936), claims 2-4 and 10 stand rejected under 35 U.S.C. §103 as allegedly being unpatentable over Shearer in view of Vasu and Holtmanns in view of Tolba (U.S. 8,862,888), claims 5-9 stand rejected under 35 U.S.C. §103 as allegedly being unpatentable over Shearer in view of Vasu and Holtmanns in view of Forte (U.S. 2015/0149359). Claim 19 stands rejected under 35 U.S.C. §103 as allegedly being unpatentable over Holtmanns in view of Vasu have been fully considered.  However, upon further consideration, a new ground(s) of rejection is made in view of amended claims.

Remarks
3.	Examiner request Applicant review relevant prior art under the conclusion of this office action.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
4.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Shearer (US PG-PUB No. 20170213206 A1) in view of Brudnicki et al (US PG-PUB No. 20120239936 Al).

As per claim 1, Shearer discloses:
A method for provisioning credentials to computing devices, the method comprising, at an administration entity (AE) subsystem
authenticating a user account associated with a first computing device (paragraph [0005]: at an administration entity subsystem, receiving, from a host electronic device (first electronic device), host transaction data including host transaction credential data. Paragraph [0067]: If a user of host device 100 is willing and able to select or confirm a particular payment credential for use in funding the potential transaction in response to transaction request data 666 received at operation 616, process 600 may proceed to operation 625, at which device 100 may receive intent and authentication by a user of host device 100 (first electronic device is authenticated for a user account) to utilize a specific credential for carrying out the potential transaction for a particular merchant, product, price, and shipping destination based on potential transaction data 666).
	provisioning the first device, a credential associated with the funding account (paragraph [0021]: provisioning a first transaction credential (credential associated with a funding account) on host device 100 (first electronic device));
	        generating an ownership token based on the credential and a user of the user account (paragraph [0007]: the administration entity subsystem to generate a unique voucher (ownership token) that can be redeemed (provisioned) by a client electronic device to obtain the host transaction credential data. Paragraph [0074] further discloses the client device ID 119’ and/or a token associated with a client user account (token based on the credential and a user of the user account) at AE subsystem 400 (e.g., an iCloud™ account token), which may be common to both a user of host device 100 and a user of client device 100‘); and
storing the ownership token in an AE locker of the user account (paragraph [0049]: the administration entity subsystem (AE) may store the unique voucher (storing the ownership token) data against... the host transaction credential data of the received host transaction data. Paragraph [0074] further discloses the token associated with a client user account at AE subsystem 400 (e.g., an 1Cloud™ account token - AE Locker));
	          providing the ownership token the second computing device (paragraph [0049]: the administration entity subsystem may communicate (storing) the unique voucher (ownership token) data to...the client electronic device (second electronic device));
	         receiving from the second electronic computing device a request to provision the credential to the second computing device (paragraph [0022]: client device 100' (second electronic device) may share any suitable data with an identified and selected host device 100 for requesting that such a transaction credential on host device 100 be shared with SP subsystem 200 for funding the transaction on behalf of client device 100' (request to provision the credential on the second electronic device));
          determining that the request includes the ownership token and provisioning the credential to the second computing device (paragraph [0025]: in response to host device 100 receiving a client transaction (or payment) request from client device 100' (e.g., via an IDS service facilitated by AE subsystem 400) ... host device 100 may share host transaction credential data or host payment credential data of a credential provisioned on host device 100 with AE subsystem 400 ... host transaction credential data may then be shared with client device 100' via host device 100 using a unique host transaction voucher (ownership token) communicated from AE subsystem 400 to host device 100 that may then be communicated from host device 100 to client device 100' ... while that voucher may then be redeemed by client device 100' (credentials are provisioned on the second device))

Shearer does not disclose:
receiving, from the first computing device, a proof of ownership of a funding account
generating an ownership token based on the credential and a user of the user account
 authenticating that the user account is associated with the second computing device

Brudnick discloses:
receiving, from the first computing device, a proof of ownership of a funding account (para 0064 “Once a payment credential provisioned on device 100 has been identified for use in funding a fund transfer along with an amount of funds to be transferred and along with any suitable receiver information operative to identify a social token associated with an account for use in receiving the funds to be transferred at operation 534, any suitable first user device transfer funds request data 536d may be generated and transmitted from device 100 (e.g., to AE subsystem 400) at operation 536 for carrying out the transfer. Continuing with the particular example mentioned above for transferring $50 from the fund account identified by account token AT-1a at first issuing subsystem 391 (see, e.g., entry 393a of table 393 of FIG. 4F) and the fund account identified by account token AT-2a at second issuing subsystem 392 (see, e.g., entry 394a of table 394 of FIG. 4G) due to user U1 of device 100 identifying an amount of $50 to be transferred from a sender funding account associated with the payment credential provisioned on SSD 154a of sender device 100 including send token ST-1a to a receiver account associated with an identified social token LT-2, particular first user device transfer funds request data 536d may be generated at and transmitted from device 100 indicative of such a transfer request.” para 0068 “ For example, using receiver user identifier U2-ID and/or unique electronic device identifier ED2-ID and/or unique user credential identifier PID-2a and/or any other suitable data (e.g., in table 473 and/or in table 493) that may be associated with receive token RT-2a of entry 493c, as well as using receiver user identifier U2-ID and/or unique electronic device identifier ED2-ID and/or unique user credential identifier PID-2b and/or any other suitable data (e.g., in table 473 and/or in table 493) that may be associated with receive token RT-2b of entry 493d, AE subsystem 400 may communicate with device 200 to determine which one of the payment credentials provisioned on device 200 and associated with such unique user credential identifiers PID-2a and PID-2b (e.g., which one of the payment credential on SSD 254a with ST-2a and the payment credential on SSD 254b with ST-2b) ought to be used to determine the funding account that is to receive the funds being transferred. Such a determination may be achieved by providing any suitable prompt to a user of device 200 via any suitable user interface of device 200 (e.g., via a push notification or otherwise to card management application 213b or the like) that may enable a user of device 200 to selectively elect a particular one of those provisioned payment credentials in order to identify its associated funding account as the account to receive the funds being transferred..”)
generating an ownership token based on the credential and a user of the user account (para 0064 “For example, such sender device payment credential data of device transfer funds request data 536d generated by device 100 may include any suitable data that may be operative to securely prove proper ownership of the particular secure element credential of device 100 (e.g., the credential of SSD 154a of secure element 145 of device 100) and necessary to make a payment with that credential, including, but not limited to, (i) token data (e.g., send token ST-1a (e.g., a virtual DPAN) with or without any other suitable data of SSD 154a, such as a PAN expiry date, a card security code (e.g., a card verification code (“CVV”)), and/or name and/or address associated with the credential of credential information 161a of SSD 154a) and (ii) crypto data (e.g., a cryptogram that may be generated by secure element 145 using a shared secret of SSD 154a and issuer subsystem 300 (e.g., credential key 155a′ of first issuer subsystem 391) and any other suitable information (e.g., some or all of the token data, information identifying device 100 (e.g., ED1-ID), information identifying the selected amount of the transfer (e.g., $50), any suitable counter values, nonce, etc.) that may be available to device 100 and that may also be made available to issuer subsystem 300 for independently generating the crypto data using the shared secret (e.g., to validate the sender device payment credential data from device 100 (e.g., at operation 548))).”)
 authenticating that the user account is associated with the second computing device (para 0071 “If the sender account is validated and sufficient funds are identified in the validated sender account to meet the specific fund amount from request data 546d (e.g., $50) at operation 548, then an account to account transfer may be carried out at operation 550 between issuing subsystem 391 responsible for the validated sender account being used to fund the transfer (e.g., the account identified by account token AT-1a associated with the send token ST-1 of data 546d as validated at operation 548) and an issuing subsystem (e.g., issuing subsystem 392) associated with the receive token for the transfer (e.g., receive token RT-2a identified by subsystem 391 at operation 546 or operation 547) by communicating transfer data 550d therebetween. A receive token (e.g., receive token RT-2a) may be configured to identify (e.g., to issuing subsystem 391) a particular receiver target issuing subsystem that is responsible for the account associated with that receive token and to be used for receiving the funds of the transfer (e.g., a receive token may be a PAN or a DAR operative to identify a particular receiver target issuing subsystem to which a sender issuing subsystem may conduct an account to account transfer). Transfer data 550d may include any suitable fund data operative to transfer at operation 550 the appropriate funds (e.g., $50) from the sender account at issuing subsystem 391, as identified by and associated with the validated send token ST-1A of request data 536d/538d/546d at operation 548, to receiver target issuing subsystem 392, as may be identified by the receive token of the transfer (e.g., receive token RT-2a), but also transfer data 550d may include at least a portion of the receive token of the transfer itself (e.g., receive token RT-2a). At operation 552, receiver target issuing subsystem 392 may be operative to receive and process transfer data 550d in order to use the receive token of data 550d (e.g., receive token RT-2a) to identify a particular receiver account at receiver target issuing subsystem 392 associated with the receive token of data 550d (e.g., the account associated with account token AT-2a as linked to receive token RT-2a in entry 394a of table 394) and then to add the appropriate funds (e.g., $50) to that identified receiver account using the fund data of data 550d. Therefore, receiver target issuing subsystem 392 may be operative to translate a receive token of data 550d to a particular receiver account token of an entry of table 394 in order to identify the account that is to receive the funds of the transfer.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Shearer to include the receiving, from the first computing device, a proof of ownership of a funding account, generating an ownership token based on the credential and a user of the user account and authenticating that the user account is associated with the second computing device, as taught by Brudnick.
The motivation would have been to create a token to prove ownership of a funding account in order to properly control access to transaction transfers.

As per claim 2, Shearer in view of Brudnick discloses:
The method of claim 1, wherein generating the ownership token comprises performing a cryptographic hash function on a combination of a unique credential identifier of the credential and a unique user identifier of a user of the first computing device when the first computing device is fully authenticated for the user account (Brudnick para 0073 “For example, the mandate key that may be generated by sender device 100 and that may be included as a portion of transfer funds request data 536d may be any suitable hash of (i) any suitable unique identifier of device 100 and (ii) the receiver social token of the request, where the unique identifier may be electronic device identifier ED1-ID, user identifier U1-ID, or any other suitable universally unique identifier (“UUID”) that may be a unique one-time device generated UUID (e.g., a device transfer unique identifier FX1-ID, which may be stored in entry 173a of storage 173 of device 100). Such a device transfer unique identifier FX1-ID may be shared with and used by all devices associated with a particular user account, such that the same mandate key may be generated by both a first user's cellular telephone and that same first user's desktop computer when each device attempts to transfer funds to the same receiver social token. The mandate key generated by sender device 100 (e.g., using any suitable hash function) and communicated from sender device 100 in transfer funds request data 536d for a particular receiver social token of a particular fund transfer may or may not be stored on sender device 100.” The motivation would have been to create a token to prove ownership of a funding account in order to properly control access to transaction transfers)

As per claim 3, Shearer in view of Brudnick discloses:
The method of claim  1, further comprising, in response to the receiving the proof of ownership storing the ownership token against data indicative of a type of the proof of ownership (Brudnick Fig. 5, elements 510, 514, 526, and 530. The motivation would have been to create a token to prove ownership of a funding account in order to properly control access to transaction transfers.).

As per claim 4, Shearer in view of Brudnick discloses:
The method of claim 3, further comprising, prior to provisioning to credential to the second computing device, assessing potential fraud using the data indicative of the type of the proof of ownership (Brudnick para 0046 “ Fraud system component 480 of AE subsystem 400 may be configured to run an administration entity fraud check on a transaction credential based on data known to the administration entity about the transaction credential and/or the sender user and/or the sender user device and/or the receiver user and/or an associated sender user device (e.g., based on data (e.g., transaction credential information) associated with a user account with the administration entity and/or any other suitable data that may be under the control of the administration entity and/or any other suitable data that may not be under the control of issuer subsystem 300). Fraud system component 480 may be configured to determine an administration entity fraud score for the credential based on various factors or thresholds.” Para 0073 “ For example, a sender device (e.g., device 100 in the example of using the payment credential with social token ST-1a of SSD 154a for transferring $50 from the account of account token AT-1a to an account associated with social token LT-2) may be operative to generate and share certain information (e.g., a mandate key) with AE subsystem 400 when sending a transfer request, where such shared information may be unique to the combination of that sender device and the social token LT that the sender device has identified for use in receiving the funds of the transfer, and where such shared information may then be used by AE subsystem 400 (e.g., by transaction protection subsystem 481) to ascertain a fraud risk associated with the transfer and/or to store history data associated with the transfer while not being usable to link a specific sender to a specific receiver at AE subsystem 400. ” The motivation would have been to create a token to prove ownership of a funding account in order to properly control access to transaction transfers.”).

As per claim 5, Shearer in view of Brudnick discloses:
	The method of claim 1, wherein the first computing device is distinct to the second computing device (Brudnick Fig. 5, element 173 and 273, The motivation would have been to have distinct computing device  in order to properly control access to transaction transfers.)
As per claim 6, Shearer in view of Brudnick discloses:
The method of claim 1, wherein the proof of ownership comprises data indicative of information entered on the first computing device by a user of the first computing device in conjunction with authenticating the user account (Brudnick para 0064 “The motivation would have been to have distinct computing device  in order to properly control access to transaction transfers.”)

As per claim 7, Shearer in view of Brudnick discloses:
The method of claim 1 wherein the proof of ownership comprises at least one of: a primary account number; a card verification value; or a one-time verification code generated by a credential issuer (Brudnick para 0064 “The motivation would have been to have distinct computing device  in order to properly control access to transaction transfers.”). 

	As per claim 8, the implementation of the method of claim 1 will execute the 
non-transitory computer readable storage medium (Brudnick paragraph 0080) of claim 8. The claim is analyzed with respect to claim 1.

As per claim 9, the claim is analyzed with respect to claim 2.

As per claim 10, the claim is analyzed with respect to claim 3.

As per claim 11, the claim is analyzed with respect to claim 4.

As per claim 12, the claim is analyzed with respect to claim 5.

As per claim 13, the claim is analyzed with respect to claim 6.

As per claim 14, the claim is analyzed with respect to claim 7.

	As per claim 15, the implementation of the method of claim 1 will execute
the AE subsystem of claim 15. The claim is analyzed with respect to claim 1.

As per claim 16, the claim is analyzed with respect to claim 2.

As per claim 17, the claim is analyzed with respect to claim 3.

As per claim 18, the claim is analyzed with respect to claim 4.

As per claim 19, the claim is analyzed with respect to claim 5.

As per claim 20, the claim is analyzed with respect to claim 6.




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
U.S. Publication No. 20180091538 discloses on paragraph 0050 “Later, after first user U1 may have interacted with device 100 (e.g., at operation 602) for provisioning at least one first user transaction credential on device 100, second user U2 may log-into device 100 as an active user. Then, at operation 610, device 100 (e.g., U2C application 113e) may send second user credential request data 660 to credential protection subsystem 491 that may be operative to request that one or more second user transaction credentials be provisioned on device 100 for second user U2. For example, operation 610 may be at least partially carried out when second user U2 of device 100 selects a particular second user transaction credential of credential issuer subsystem 300 (e.g., of first issuing subsystem 391 or of second issuing subsystem 392) to be provisioned on device 100 (e.g., by interacting with device 100 in any suitable manner). Second user credential request data 660 may include any suitable identification of the second user transaction credential to be provisioned (e.g., at least a portion of a primary account number (“PAN”), PAN expiry date, CVV, etc.), a second user identifier U2-ID that may be any suitable data that may uniquely identify second user U2 to AE subsystem 400 and/or any suitable second user password data U2-PW associated therewith (e.g., user-specific log-in information to a user-specific account with that administration entity (e.g., via user-specific identification and password combinations)), electronic device identifier ED-ID that may be any suitable data that may uniquely identify electronic device 100 to AE subsystem 400 (e.g., device ID 119, etc.), and/or the like.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2499