DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	This communication is in response to applicant's amendment dated 10/08/2020 and interview dated 1/15/2021.
3.	The claims objection is hereby withdrawn; since Applicants’ amendments the claims.  
4.	Applicant's remarks, filed on 10/08/2020, with respect to the art rejection of the claims have been fully considered and they are persuasive as amended and in the light of the Examiner's amendments. 
EXAMINER’S AMENDMENT
5.1.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 
Authorization for this examiner’s amendment was given in a telephone interview with William L. Jaffe (Reg. No. 64,977) on 1/15/2021.

5.2.	This listing of claims will replace all prior versions and listings of claims in the application:
	(Currently Amended) A method of encrypting sensitive information, comprising:
hashing sensitive information by a hash function;

performing a modulo operation on the hashed sensitive information with a number of salts in a numbered list of salts, the number of salts being a total number of salts in the numbered list, and the numbered list being ordered based on numbers associated with each salt
identifying a number of a respective salt in the numbered list of salts based on a remainder of the modulo operation, and
selecting the respective salt from the ordered list according to the identified number;
combining the selected salt with the sensitive information to yield combined
sensitive information;
encrypting the combined sensitive information by a destructive, non-reversible
encryption function, wherein the destructive, non-reversible encryption function comprises an authentication code algorithm and an iterative encryption function; and
storing the encrypted combined sensitive information.

(Original)  The method of claim 1, comprising storing the encrypted combined sensitive information in a secure database.

(Cancelled)

(Cancelled)

(Cancelled)  

(Previously Presented)  The method of claim 1, further comprising, prior to encrypting the sensitive information:
generating a number of salts;
forming the numbered list of salts into an ordered listing;
concatenating the salts in the numbered list of into a binary large object in an ordering defined by the ordered list;
sending the binary large object to a cryptographic processing system for encryption with a key encryption key to form an encrypted binary large object; and
storing the encrypted binary large object received from the cryptographic processing system in a database.

(Original)  The method of claim 6, wherein the database comprises a secure database.

(Original)  The method of claim 6, further comprising:
retrieving the stored encrypted binary large object;
sending the retrieved encrypted binary large object to the cryptographic processing system for decryption;
parsing the decrypted binary large object into respective salts;

storing the numbered list of salts in a volatile memory.

(Original)  The method of claim 8, comprising:
retrieving the binary large object by a processing device after booting of the processing device.

(Previously Presented)  The method of claim 1, wherein the sensitive information comprises a first portion and a second portion, the method further comprising:
hashing the first portion by the hash function; and
combining the hashed first portion with the selected salt.

(Original)  The method of claim 10, wherein:
the sensitive information comprises received plain text card data;
the first portion of the plain text card data comprises a personal account number; and
the second portion of the plain text card data comprises other data in the plain text card data.

(Original)  The method of claim 11, wherein the other data comprises:
cardholder name, expiration date, a CVV, a PIN verification Key, a PIN Verification


(Original)  The method of claim 11, further comprising: hashing the second portion by a hash function; and encrypting the hashed second portion.

(Cancelled) 


(Currently Amended)  A method of encrypting information, comprising:
hashing sensitive information by a hash function;
	selecting an encryption key based, at least in part, on the hashed sensitive information, wherein selecting the encryption key comprises:
performing a modulo operation on the hashed sensitive information with a number of encryption keys in a numbered list of encryption keys, the number of encryption keys being a total number of encryption keys in the numbered list, and the numbered list being ordered,
identifying a number of a respective encryption keys in the numbered list of encryption keys based on a remainder of the modulo operation, and
selecting the respective encryption keys from the ordered list according to the identified number;
encrypting the sensitive information by the selected encryption key using a destructive, non-reversible encryption function, wherein the destructive, non-reversible encryption function comprises an authentication code algorithm and an iterative encryption function; and
storing the encrypted sensitive information.

16.– 58.  (Cancelled) 

(New):  The method of claim 15, wherein the encryption key comprises an AES key.

(New)  The method of claim 15, comprising storing the encrypted sensitive information in a secure database.

(New): The method of claim 15, further comprising, prior to encrypting the sensitive information:
generating a number of encryption keys;
sending the generated number of encryption keys to a cryptographic processing system for encryption with a key encryption key;
receiving the encrypted encryption keys; and
storing the encrypted encryption keys in a database.

(New)  The method of claim 61, wherein the sensitive information comprises a first portion and a second portion, the method further comprising:
hashing the first portion by the hash function; and


(New)  The method of claim 62, wherein:
the sensitive information comprises received plain text card data including a personal account number and other data;
the first portion of the plain text card data comprises the other data; and
the second portion of the plain text card data comprises the personal account number.

(New)  The method of claim 63, wherein the first portion comprises:
cardholder name, expiration date, a CVV, a PIN verification Key, a PIN Verification value, a card verification value, a card verification code, and/or EMV information.

(New)  The method of claim 63, further comprising: hashing the second portion by a hash function; and encrypting the hashed second portion.

(New)  A system for encrypting sensitive information, comprising:
storage; and
a processing device coupled with the storage configured to:
hash sensitive information by a hash function;

performing a modulo operation on the hashed sensitive information with a number of salts in a numbered list of salts, the number of salts being a total number of salts in the numbered list, and the numbered list being ordered based on numbers associated with each salt,
identifying a number of a respective salt in the numbered list of salts based on a remainder of the modulo operation, and
selecting the respective salt from the ordered list according to the identified number;
combine the selected salt with the sensitive information to yield combined sensitive information;
encrypt the combined sensitive information by a destructive, non-reversible encryption function, wherein the destructive, non-reversible encryption function comprises an authentication code algorithm and an iterative encryption function; and
store the combined sensitive information in the storage.

(New)  The system of claim 66, wherein the storage comprises a secure database.

(New)  The system of claim 66, wherein the processing device is configured to select the salt by:

identifying a number of a respective salt in the numbered list of salts based on the remainder; and
selecting the respective salt corresponding to the selected number.

(New) The system of claim 66, wherein:
the storage comprises a secure database; and
the processing device is configured to store the encrypted binary object in the secure database.

(New) The system of claim 66, wherein the processing device is further configured to:
retrieve the stored encrypted binary large object;
send the retrieved encrypted binary large object to the cryptographic processing system for decryption;
parse the decrypted binary large object into respective salts;
form the numbered list of salts; and
store the numbered list of salts in a volatile memory.

(New)  The system of claim 70, wherein the processing device is configured to:
retrieve the binary large object by the processing device after booting of the processing device.

(New)  The method of claim 66, wherein the sensitive information comprises a first portion and a second portion, the processing device being further configured to:
hash the first portion by the hash function; and
combine the hashed first portion with the selected salt.

(New)  The system of claim 72, wherein:
the sensitive information comprises plain text card data;
the first portion of the plain text card data comprises a personal account number; and
the second portion of the plain text card data comprises other data in the plain text card data.

(New)  The system of claim 73, wherein the other data comprises:
cardholder name, expiration date, a CVV, a PIN verification Key, a PIN Verification
value, a card verification value, a card verification code and/or EMV data.

(New)  The system of claim 72, wherein the processing device is further configured to:
hash the second portion by a hash function; and
encrypt the hashed second portion.

(New)  A system for encrypting information, comprising:
storage; and
a processing device coupled with the storage and configured to:
hash sensitive information by a hash function;
select an encryption key based, at least in part, on the hashed sensitive information, wherein the selection of the encryption key comprises:
performing a modulo operation on the hashed sensitive information with a number of encryption keys in a numbered list of encryption keys, the number of encryption keys being a total number of encryption keys in the numbered list, and the numbered list being ordered,
identifying a number of a respective encryption keys in the numbered list of encryption keys based on a remainder of the modulo operation, and
selecting the respective encryption keys from the ordered list according to the identified number;
encrypt the sensitive information by the selected encryption key using a destructive, non-reversible encryption function, wherein the destructive, non-reversible encryption function comprises an authentication code algorithm and an iterative encryption function; and
store the encrypted sensitive information in the storage.

(New)  The system of claim 76, wherein the encryption key comprises an AES key.

(New)  The system of claim 76, wherein:
the storage comprises a secure database; and
the processing device is configured to store the encrypted sensitive information in the secure database.

(New)  The system of claim 76, wherein the processing device is further configured to, prior to encrypting the sensitive information:
generate a number of encryption keys;
send the number of encryption keys to the cryptographic processing system for
encryption with a key encryption key; and
store the encrypted encryption keys in the database.

(New)  The system of claim 77, wherein the sensitive information comprises a first portion and a second portion, the processing device being further configured to:
hash the first portion by the hash function;
encrypt the hashed first portion by the selected encryption key.

(New)  The system of claim 80, wherein:
the sensitive information comprises plain text card data including a personal account number and other data;

the second portion of the plain text card data comprises the personal account number.

(New)  The method of claim 81, wherein the other data comprises:
cardholder name, expiration date, a CVV, a PIN verification Key, a PIN Verification value, a card verification value, a card verification code and/or EMV data.

(New)  The system of claim 80, wherein the processing device is further configured to:
hash the second portion by a hash function; and
encrypt the hashed second portion.
Allowable Subject Matter
6.1.	Claims 1-2, 6-13, 15, 59-83 are allowed.
6.2. 	The following is an examiner's statement of reasons for allowance: thecombination of Arumugam, et al., Schneider et al., whether alone or in combination with the other prior arts of record fail to teach or render obvious "… salt comprises: performing a modulo operation on the hashed sensitive information with a number of salts in a numbered list of salts, the number of salts being a total number of salts in the numbered list, and the numbered list being ordered based on numbers associated with each salt, identifying a number of a respective salt in the numbered list of salts based on a remainder of the modulo operation, and selecting the respective salt from the ordered list according to the identified number; combining the selected salt with 
Therefore independent claim 1 is allowable over the prior arts of record.  The other independent claims 15, 66, 76 recite similar subject matter. Consequently, independent claims 15, 66, 76 are also allowable over the prior arts of record.
Claims 2, 6-13, 59-65, 67-75, 77-83 are directly or indirectly dependent upon claims 1, 15, 66, 76 therefore, they are also allowable over the prior arts of record.

Conclusion
7.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195.  The examiner can normally be reached on 9 AM to 5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-


HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/Primary Examiner, Art Unit 2497