DETAILED ACTION
Acknowledgements
This office action is in response to the claims filed 11/24/2020.
Claims 1, 8, 11, and 18 are amended.
Claims 3-5, 9, 13-15 and 19 are cancelled.
Claims 1, 2, 6-8, 10-12, 16-18 and 20-22 are pending.
Claims 1, 2, 6-8, 10-12, 16-18 and 20-22 have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Arguments
Applicant's arguments filed 11/24/2020 have been fully considered but they are not persuasive. 
112
Due to amendments, the prior 112(a) rejection is withdrawn. 
Regarding the 112(b) rejection, Applicant argues “the Applicant submits that the claims are clear as the confidential cardholder data and non- confidential cardholder data are received as such in a transaction request, so that it is not unclear as to whether the receiving entity chooses when a portion of the account data is non-confidential or confidential.” Applicant’s claim language has differentiated and defined terms as “non-confidential” and “confidential” data. The processing entity receives both 
103
Applicant argues that Olumofin “does not teach or suggest this claim element as recited in claims 1 and 11….” Examiner disagrees.
First, the combination of Olumofin and Soon teach the claims elements as recited in claims 1 and 11. Applicant specifically argues Olumofin is different from the Applications specification paragraphs ¶ 19, 90, 115, 153, 154 etc. The probable specificity of the specification is not reflected in the language of the claims. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  
 According to Olumofin(¶ 11, 17, 18) explains “the issuer bank 10 wants to detect fraudulent uses of their card at the point of payment using the cardholder location information. The cardholders 12 are consumers that have been issued a card by some issuer bank 10. Each cardholder 12 has an associated mobile device 14, e.g., smartphone or the like. The cardholders 12 are willing to allow issuer banks 10 to infer fraudulent transactions using their location information that can be obtained from their mobile device, but are concerned about the privacy of their location information… In step 84, a payment transaction by a cardholder 12 of an issuer bank 10 begins with the cardholder 12 submitting payment information to a merchant who forwards it to the merchant's bank….  the payment information is forwarded to the server 20 of the issuer 10 through the merchant bank. In step 88, using the payment information, the server 20 determines the payment location (locp).” The cardholder uses the card in the transaction and the location of the transaction is determined based on the payment information. The determined location of the transaction defines cardholder card data as it give the location of the card for server to determine potential fraud. 

Again Applicant argues Olumofin “is not making any comparisons of confidential data stored in a database.” Examiner disagrees.
Olumofin states - Cryptographic techniques of private information retrieval (PIR) and homomorphic encryption are used to protect consumer location information even as ii is used to enhance fraud risk scares. PIR is used to enable m issuer to retrieve non-specific location information using a consumer mobile number as the query criterion without needing to Snare or disclose the mobile number with the service provider… server 20 of the issuer bank 10 uses the public key received from the service provider 16 to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the cardholder location (locc), that is response-E(r(locp-locc)), where r is a random non-Zero integer. It does this without learning locc. (Abstract; ¶ 19)

Regarding claims 21 and 22, Applicant argues “The present application discusses verifying that the confidential cardholder data is for a valid account such as by matching a credit card in a transaction request against separate, additional list of stolen/lost cards and denying the transaction if the card also appears on the stolen/lost list even if the 

Claims 21 and 22 recite “wherein determining whether a transaction amount can be authorized includes verifying an account active status or an account balance or both.” There is no recitation of lost or stolen card or matching credit cards or lists of cards. 
Staddon teaches wherein determining whether a transaction amount can be authorized includes verifying an account active status or an account balance or both (column 4, line 50-59, column 11, line 19-35).
Staddon states - The updating phase both revises the encrypted balance of the purchasing online buyer C's account and adjusts the encryptions of the prices of the digital goods. The online seller S first determines a new encrypted balance. (column 11, line 19-35)

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1, 2, 6-8, 10-12, 16-18 and 20-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 1 and 11 recite “wherein the confidential cardholder data includes one or more of: a portion of the account number, the account number … and wherein the non-confidential cardholder data includes one or more of: … a further portion”. The claim is unclear and indefinite. Applicant has claim a portion of an account number and the entire account number as “confidential cardholder data”, but has also claimed that a portion of the account number is also “non-confidential cardholder data”. The claim is unclear and indefinite as to whether the processing entity chooses when a portion of the account data is non-confidential or confidential. Dependent claims 2, 6-8, 10, 12, 16-18 and 20-22 are also rejected. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 10-12 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Olumofin et al. (2017/0053282) (“Olumofin”), and in view of Soon-Shiong et al. (2016/0072800) (“Soon”).
Regarding claims 1 and 11, Olumofin discloses retrieving one or more sets of encrypted comparison cardholder card data from a cardholder data database, each set of encrypted comparison cardholder card data encrypted according to a homomorphic encryption scheme (¶ 15, 16, 19); 
Olumofin states - homomorphic encryption are used to provide strong privacy guarantees for cardholders location information… It provides a means for retrieving data from a database/service without the database/service (or its provider) being able to learn any information about which particular item was retrieved. the server 20 uses PIR to encode the mobile number of the cardholder into a PIR query, the server 22 encodes a result containing the cardholder location, (locc) using the received query in conjunction with its list of encrypted locations to determine the location of the user. (¶ 16, 19)

comparing the encrypted confidential cardholder data to each set of the encrypted comparison card cardholder data using one or more homomorphic operations and determining which set of comparison cardholder card data matches the confidential cardholder data and validating the confidential cardholder data (¶ 15, 19); 
Olumofin states - server 20 of the issuer bank 10 uses the public key received from the service provider 16 to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the cardholder location (locc), that is response-E(r(locp-locc)), where r is a random non-Zero integer. It does this without learning locc. (¶ 19)

generating an encrypted indicator indicating authorization or rejection of the request to complete the financial transaction based upon at least the validation of the confidential cardholder data (¶ 15, 19); and 
Olumofin states - server 20 of the issuer bank 10 uses the public key received from the service provider 16 to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the cardholder location (locc), that is response-E(r(locp-locc)), where r is a random non-Zero integer. It does this without learning locc. (¶ 19)

forwarding the encrypted indicator indicating authorization or rejection of the request to complete the financial transaction to a party seeking authorization to complete the financial transaction (¶ 15, 19), 
Olumofin states - the server 22 returns the encrypted response back to the server 20 of the issuer bank 10 issuer… In step 60, the server 20 of the issuer bank utilizes the adjusted fraud risk score to determine if the transaction will be approved or not.  (¶ 15)
wherein the non-confidential cardholder data includes one or more of: a bank name, a cardholder name, a Bank Identification Number (BIN) and a further portion
Olumofin states - a payment transaction by a cardholder 12 of an issuer bank 10 begins with the cardholder 12 submitting payment information to a merchant who forwards if to the merchant's bank… The payment information can include, for example, the name of the merchant, the name of the cardholder, the amount of the transaction, a description of the transaction, the physical location of the merchant POS terminal, the location of the cardholder's computer if the transaction is an on-line transaction (¶13)

Olumofin states - a payment transaction by a cardholder 12 of an issuer bank 10 begins with the cardholder 12 submitting payment information to a merchant who forwards if to the merchant's bank… The payment information can include, for example, the name of the merchant, … the amount of the transaction, a description of the transaction, the physical location of the merchant POS terminal, the location of the cardholder's computer if the transaction is an on-line transaction (¶13)
wherein the financial transaction is a credit card transaction or a debit card transaction or a stored-value card transaction, and (¶11)
Olumofin states -  there are three main parties involved in the authorization process for debit/credit card (hereinafter referred to as card payments)—the issuer bank(s) 10, cardholder(s) 12, and a service provider(s) 16. The issuer bank 10 is a financial institution that issues credit and/or debit cards to its customers or cardholders… The cardholders 12 are consumers that have been issued a card by some issuer bank 10. (¶11)


Olumofin does not disclose receiving a transaction request to complete a financial transaction, with at least a portion of the request encrypted according to a homomorphic encryption scheme, the transaction request comprising confidential cardholder data including an account number, non-confidential cardholder data, and transaction data; 

Soon teaches receiving a transaction request to complete a financial transaction, with at least a portion of the request encrypted according to a homomorphic encryption scheme, the transaction request comprising confidential cardholder data including an account number, non-confidential cardholder data, and transaction data (¶ 48-50, 52, 53, 98); 
Claim Interpretation- Claim 1 recites “with at least a portion of the request encrypted according to a homomorphic encryption scheme, the transaction request comprising confidential cardholder data including an account number,… the encrypted confidential cardholder data”. Similarly, Claim 11 recites “wherein the confidential cardholder data is never decrypted during the method”. The claim first recites “receiving a request to complete a financial transaction, with at least a portion of the request encrypted according to a homomorphic encryption scheme, the transaction request comprising confidential cardholder data including an account number.” The “at least a portion of the request” was not explained to definitively be the encryption of the confidential cardholder data. For purposes of claim interpretation, given that the limitations claim the “confidential cardholder data” is never decrypted and the use of “the encrypted confidential cardholder 
Soon states - transaction request 150 can comprise transaction data submitted to transaction device 110. Example transaction attributes may include an account number, identifier of external device 170, identifier of account servers 190, or other information. The transaction data can include context data possibly comprising a location, a time, a transaction identifier, an account identifier, a user identifier, an external device identifier, an event (e.g., new event, local event, life event, etc.), a user preference, a protocol identifier, public key information, a password, a routing number, account information, genomic partition information (e.g., desired strength, location, length, etc.), a cryptographic suite, or other information in support of transaction 180. derive digital transaction token 160 from digital genomic data 135 within partition 137… digital transaction token 160 may comprise encrypted data from a message where the message is encrypted based on a key derived from partition 137…  the communication or processing session among the various devices (e.g., genome-transaction device, external device 440, authentication server 480, etc.) can exist within a homomorphic encryption space or a somewhat homomorphic encryption (SHE) space, possibly keyed based on one or more of digital image-based token 420, digital genome-based token 413, genome-based token objects 433, image-based token object 463, transaction ID 471, stakeholder information, or other factors. (¶ 48-50, 98)


Soon states - transaction agent 711 can establish a homomorphic encrypted session among the entities, thus preserving confidentiality, while also providing access to secure container 730 for storing or processing transaction data 731  …  transaction request 150 can comprise transaction data submitted to transaction device 110.  The transaction data can include context data possibly comprising a location, a time, a transaction identifier, an account identifier, a user identifier, an external device identifier, an event (e.g., new event, local event, life event, etc.), a user preference, a protocol identifier, public key information, a password, a routing number, account information, genomic partition information (e.g., desired strength, location, length, etc.), a cryptographic Suite, or other information in support of transaction 180… transaction processor 140 can derive one or more transaction attributes from transaction request 150 or associated context data. Example transaction attributes may include an account number, identifier of external device 170, identifier of account servers 190, or other information.  (¶48, 49, 180)
wherein the cardholder is an account holder of a debit, credit or stored-value account (¶148, 151, 188, 204).
Soon states - When the patient obtains their prescription and checks out, again the Guardian Card can be updated so that the data stored in its memory properly 

wherein the confidential cardholder data is never decrypted during the method (¶ 98, 149) 
Soon states - the homomorphic space allows for transmission of encrypted data and the processing of the encrypted data within the corresponding encryption space without requiring decryption of the encrypted. This approach is considered advantageous because it allows for processing of the secure data without compromising confidentiality or data integrity. (¶ 98) 

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Olumofin (¶ 19) , which teaches to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the cardholder location (locc) and Soon (¶ 98), which teaches the homomorphic space allows for transmission of encrypted data and the processing of the encrypted data within the corresponding encryption space without requiring decryption of the encrypted  in order to provide further protection for user information and secure user data in transactions (Soon; ¶ 98).
Regarding claims 2 and 12, Soon teaches wherein the homomorphic encryption scheme is a fully homomorphic encryption scheme or a somewhat homomorphic encryption scheme (¶ 98).  
.
Claims 6, 16, 21 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Olumofin et al. (2017/0053282) (“Olumofin”), in view of Soon-Shiong et al. (2016/0072800) (“Soon”) and further in view of Staddon et al. (8,712,915) (“Staddon”).
Regarding claims 6 and 16, Neither Olumofin nor Soon teaches further including executing a step of retrieving the transaction data and executing the step of comparing the transaction data using one or more homomorphic operations to determine whether a transaction amount can be authorized.  Staddon teaches further including executing a step of retrieving the transaction data and executing the step of comparing the transaction data using one or more homomorphic operations to determine whether a transaction amount can be authorized (Figure 9; column 6, line 8-10, column 8, line 1-15, 29-37, column 10, line 54-67).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Olumofin (¶ 19) , which teaches to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the cardholder location (locc), Soon (¶ 98), which teaches the homomorphic space allows for transmission of encrypted data and the processing of the encrypted data within the corresponding encryption space without requiring decryption of the encrypted  and Staddon (column 6, line 8-10), which teaches Private online purchasing is transacted under both protocols using a combination of partially homomorphic encryption and symmetric encryption,  in order to provide demand driven pricing while allowing customers to make purchases privately (Staddon; column 2, line 4-22).
Regarding claims 21 and 22, Staddon teaches wherein determining whether a transaction amount can be authorized includes verifying that the confidential cardholder data is for a valid account (column 4, line 50-59, column 5, line 59-64, column 11, line 19-35).
Claims 7, 8, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Olumofin et al. (2017/0053282) (“Olumofin”), in view of Soon-Shiong et al. (2016/0072800) (“Soon”) and further in view of Bacon et al. (2017/0149557) (“Bacon”).
Regarding claims 7 and 17, Neither Olumofin nor Soon teaches wherein a portion of the request is compared to the set of comparison data to reduce size of the set of comparison data prior to comparing the encrypted confidential cardholder data. Bacon wherein a portion of the request is compared to the set of comparison data to reduce size of the set of comparison data prior to comparing the encrypted confidential cardholder data (¶ 44-47). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Olumofin (¶ 19) , which teaches to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the cardholder location (locc), Soon (¶ 98), which teaches the homomorphic space allows for transmission of encrypted data and the processing of the encrypted data within the corresponding encryption space without requiring decryption of the encrypted  and Bacon (¶ 45), which teaches multiple operations can be performed slotwise in a single homomorphic multiplication,  in order to provide secure and efficient data comparisons on encrypted data (Bacon; ¶ 3, 4).
Claim Interpretation - Claims 7 and 17 recite “a portion of the request is compared to the set of comparison data to reduce size of the set of comparison data”. Claim 1 and 11 reference “comparing the encrypted confidential cardholder data to each set of the encrypted comparison cardholder data”. For purposes of claim interpretation, “the set of comparison data” will be interpreted as being the same as the “set of the encrypted comparison cardholder data”.
Regarding claims 8 and 18, Bacon teaches wherein the one or more homomorphic operations combine to form an XNOR operation (¶ 24, 32, 49, 52).  

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA PATEL can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ISIDORA I IMMANUEL/Examiner, Art Unit 3685                                                                                                                                                                                                        
/OLUSEYE IWARERE/Primary Examiner, Art Unit 3687