Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Office Action is in response to the reply filed by Applicant on 2/4/2021.  No claims were added as New.  No claims were cancelled.  Claims 1-20 are pending. This Office Action is Final.

Response to Arguments
A) Applicant’s arguments with respect to claims 1, 10 and 18 have been considered but are moot because the arguments in view of a new ground(s) of rejection. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 5-11 and 13-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu et al. (US 2016/0254918) in view of Golin (US 9,652,769) and Slater et al. (US 2015/0379505).

As per claim 1, Liu teaches a point to point encryption and tokenization system, comprising: a pin entry device (PED) configured to receive and encrypt card holder data (CHD); a first computing system in communication with the PED and configured to receive the encrypted CHD; a second computing system in communication with the first computing system via a communications network and configured to receive the encrypted CHD from the first communication system (Liu, Paragraph 0071 recites “ According to various embodiments, the electronic device 705 (e.g., TEE 720) may use the TEE private key in encrypting the signed card information used in the payment function (735). According to various embodiments, the electronic device 705 (e.g., TEE 720) may transfer, to the token server 715, the PAN, CVV, or card valid term, which have been subjected to the signature and encryption (740). According to various embodiments, the card information having been subjected to the signature and encryption may be transferred either to the token server 715 through the payment server 710 or directly to the token server 715 without passing through the payment server 715.”),
the second computing system including: a decryption module configured to decrypt the CHD, and a database configured to store a token representing the decrypted CHD and the decrypted CHD (Liu, Paragraph 0072 recites “According to various embodiments, the token server 715 may signature-decrypt using the token server private key, the card information which has been received from the electronic device and has been subjected to the signature and encryption (745). According to various embodiments, when the card information has been decrypted using the token server private key, the token server 715 may identify the signed card information. According to various embodiments, the token server 715 may check whether the signature-authentication of the signed card information is valid, using the TEE public key (747). According to various embodiments, the token server 715 may use the decrypted and signature-identified card information or store it in the token server 715.”).
But fails to teach the second computing system hosting a Payment Card Industry Data Security Standard (PCI DSS)-compliant environment, a tokenization module configured to generate a token representing the CHD,  transmit a confirmation of the processed CHD and a copy of the token representing the CHD to the first computing system, the copy of the token stored by the first computing system to enable 
However, in an analogous art Golin teaches the second computing system hosting a Payment Card Industry Data Security Standard (PCI DSS)-compliant environment, a tokenization module configured to generate a token representing the CHD (Golin, Col. 2 Lines 56-64 recites “To this end, the Visa Best Practices outlines four recommendations for secure implementation of a tokenization system, namely: 1) token generation, in which recovery of the original PAN is not computationally feasible based only on the token; 2) token mapping, in which a PAN is not returned to, or accessible by, a merchant/vendor, 3) PCI-DSS compliant tokenization systems, in which encrypted PANs are stored, and 4) minimum requirements for encryption keys used to encrypt PANs.”), 
transmit a confirmation of the processed CHD and a copy of the token representing the CHD to the first computing system, the copy of the token stored by the first computing system to enable subsequent transactions requiring the CHD (Golin, Col. 11 Lines 47-51 recites “ In block 308 of the method 300 shown in FIG. 3, the token 500 is transmitted from the secure network 125 (e.g., via the tokenization system 145 and the billing service system 135) to the vendor system 105 for storage in a customer record of the customer database 110.” And Col. 2 Lines 23-26 recites “Once the vendor has received and stored the token, the vendor may use the token to authorize subsequent purchase transactions by the cardholder.”); and
and a database configured to store the token representing the decrypted CHD and the decrypted CHD (Golin, Col. 11 Lines 36-39 recites “The tokenization system 145 employs the encryption/decryption system 147 to encrypt the payment information, and stores encrypted payment information in the token/PI database 150.”)
It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Golin’s Methods, apparatus and systems for securely storing and/or accessing payment information or other sensitive information based on tokens with Liu’s trust-zone-based end-to-end security because it offers the advantage of not having to require a new token for every transaction.
And fails to teach an authorization module configured to re-encrypt the CHD for an outside authorization device to process the CHD, and in response to receiving a confirmation from the outside authorization device, transmit the confirmation. 
However, in an analogous art Slater teaches an authorization module configured to re-encrypt the CHD for an outside authorization device to process the CHD, and in response to receiving a confirmation from the outside authorization device, transmit the confirmation (Slater, Paragraphs 0030-0031 recites “In Step 314, the payment service receives the encrypted card data keyed to the card data token from the token service. In Step 316, the payment service decrypts the encrypted card data to obtain decrypted card data. In Step 318, the payment service sends an authorize payment request (i.e. a transfer request) including the sale data and the decrypted card data to the payment authorization service. In one or more embodiments of the invention, the card data is reencrypted for secure transmission to the payment authorization service. In Step 320, the payment service receives a payment response from the payment authorization service in response to the process payment request. In Step 322, the payment service sends the payment response to the POS system. In one or more embodiments of the invention, the payment response is sent to the POS system via a gateway.”).
It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Slater’s using limited life tokens to ensure pci compliance with Liu’s trust-zone-based end-to-end security because it offers the advantage of having secure communications of sensitive data.

As per claim 2, Liu in combination with Golin and Slater teaches the system of claim 1, Golin further teaches wherein the second computing system is further configured to: receive a request from the first computing system for an operation on decrypted CHD, the request accompanied by the copy of the token; receive the copy of the token representing the decrypted CHD at the tokenization module; retrieve the decrypted CHD using the copy of the token; and process the operation using the decrypted CHD (Golin, Col. 16 Line 54 – Col. 17 Line13 recites “In block 910 of FIG. 9, the tokenization system 145 receives a token 500 (e.g., from the payment processor system 140 shown in FIG. 1) and parses the token to separate the first token information 610 identifying the first memory record 605 of the token/PI database 150 and the second token information 620 representing the unique identifier for the payment information. Based on the first token information 610, in block 920 the tokenization system 145 reads from the first memory record the encrypted payment information 614, the initialization vector 616, and the token key identifier 612. In block 930, based on the token key identifier 612 that identifies the second memory record 650, the tokenization system reads from the second memory record the key label 624 that identifies the first key 149 used to encrypt the encrypted payment information 614 (and that uniquely corresponds to the token 500). In block 950, the tokenization system transmits (e.g., via the communications interface 146) the encrypted payment information 614, the initialization vector 616, and the key label 624 to the encryption/decryption system 147, which decrypts the encrypted payment information based on the first key 149. As discussed above, in some exemplary implementations the encryption/decryption system 147 may include an HSM constituting at least part of the memory in which the first key 149 is stored (which is accessed based on the key label 624), and may employ an Advanced Encryption Standard (AES) for the decryption.”).
 It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Golin’s Methods, apparatus and systems for securely storing and/or accessing payment information or other sensitive information based on tokens with Liu’s trust-zone-based end-to-end security because it offers the advantage of not having to require a new token for every transaction.

As per claim 5, Liu in combination with Golin and Slater teaches the system of claim 1, Liu further teaches wherein the first computing system and the second computing system are located in different geographic locations (Liu, Paragraph 0064 recites “FIGS. 7A and 7B illustrate flow diagrams 700 and 750 of an encryption operation of a payment system according to various embodiments of the present disclosure. FIG. 7A illustrates a signal flow 700 of an end-to-end encryption operation according to various embodiments. According to an embodiment, the payment system may include an electronic device 705, a payment server 710, or a token server 715. The electronic device 705 may include a TEE 720 or a rich execution environment (REE) 725 having a lower security level than the TEE.”).

As per claim 6, Liu in combination with Golin and Slater teaches the system of claim 1, Liu further teaches wherein the CHD is encrypted using asymmetric encryption (Liu, Paragraph 0053 recites “In this embodiment, the manufacturing server 505 generates a device unique private key for the electronic device 300 (510) that is unique to the device 300 so that each device made by the manufacturer can be uniquely identified. For example, the manufacturing server 505 is a server used in the manufacturing process for example to program data or software for the electronic device 300 prior to sale of the electronic device 300. In this example, the certificate for the device unique private key is signed with the manufacture root CA private key (e.g., for the manufacturer root CA certificate 415). For example, the manufacturer root CA server 400 may sign the certificate for the device unique private key so that later the TSP may verify and authorize the electronic device to enable trust-zone-based end-to-end security. In some embodiments, the manufacturer root CA server 400 and the manufacturing server 505 may be the same.”). 

As per claim 7, Liu in combination with Golin and Slater teaches the system of claim 1, Liu further teaches wherein the second computing system further comprising a key management system configured to issue public keys and store security certificates (Liu, Paragraph 0053 recites “In this embodiment, the manufacturing server 505 generates a device unique private key for the electronic device 300 (510) that is unique to the device 300 so that each device made by the manufacturer can be uniquely identified. For example, the manufacturing server 505 is a server used in the manufacturing process for example to program data or software for the electronic device 300 prior to sale of the electronic device 300. In this example, the certificate for the device unique private key is signed with the manufacture root CA private key (e.g., for the manufacturer root CA certificate 415). For example, the manufacturer root CA server 400 may sign the certificate for the device unique private key so that later the TSP may verify and authorize the electronic device to enable trust-zone-based end-to-end security. In some embodiments, the manufacturer root CA server 400 and the manufacturing server 505 may be the same.”). 

As per claim 8, Liu in combination with Golin and Slater teaches the system of claim 1, Liu and Golin further teaches wherein the decrypted CHD is in a first format, the encrypted CHD is in a second format and the token representing the decrypted CHD is in a third format (Liu, Paragraph 0072 recites “According to various embodiments, the token server 715 may signature-decrypt using the token server private key, the card information which has been received from the electronic device and has been subjected to the signature and encryption (745). According to various embodiments, when the card information has been decrypted using the token server private key, the token server 715 may identify the signed card information. According to various embodiments, the token server 715 may check whether the signature-authentication of the signed card information is valid, using the TEE public key (747). According to various embodiments, the token server 715 may use the decrypted and signature-identified card information or store it in the token server 715.”) And (Golin, Col. 16 Line 54 – Col. 17 Line13 recites “In block 910 of FIG. 9, the tokenization system 145 receives a token 500 (e.g., from the payment processor system 140 shown in FIG. 1) and parses the token to separate the first token information 610 identifying the first memory record 605 of the token/PI database 150 and the second token information 620 representing the unique identifier for the payment information. Based on the first token information 610, in block 920 the tokenization system 145 reads from the first memory record the encrypted payment information 614, the initialization vector 616, and the token key identifier 612. In block 930, based on the token key identifier 612 that identifies the second memory record 650, the tokenization system reads from the second memory record the key label 624 that identifies the first key 149 used to encrypt the encrypted payment information 614 (and that uniquely corresponds to the token 500). In block 950, the tokenization system transmits (e.g., via the communications interface 146) the encrypted payment information 614, the initialization vector 616, and the key label 624 to the encryption/decryption system 147, which decrypts the encrypted payment information based on the first key 149. As discussed above, in some exemplary implementations the encryption/decryption system 147 may include an HSM constituting at least part of the memory in which the first key 149 is stored (which is accessed based on the key label 624), and may employ an Advanced Encryption Standard (AES) for the decryption.”).
 It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Golin’s Methods, apparatus and systems for securely storing and/or accessing payment information or other sensitive information based on tokens with Liu’s trust-zone-based end-to-end security because it offers the advantage of not having to require a new token for every transaction.

As per claim 9, Liu in combination with Golin and Slater teaches the system of claim 1, Golin further teaches wherein the token is an alphanumeric string (Golin, Col. 2 Lines 3-6 recites “The token also may include alphanumeric characters that represent miscellaneous cardholder information and/or data specific to a particular purchase transaction.”). 
 It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Golin’s Methods, apparatus and systems for securely storing and/or accessing payment information or other sensitive information based on tokens with Liu’s trust-zone-based end-to-end security because it offers the advantage of not having to require a new token for every transaction.

Regarding claims 10 and 18, claims 10 and 18 are directed to a method and a non-transitory readable medium associated with the system of claim 1. Claims 10 and 18 are of similar scope to claim 1, and are therefore rejected under similar rationale.

Regarding claims 11 and 19, claims 11 and 19 are directed to a method and a non-transitory readable medium associated with the system of claim 2. Claims 11 and 19 are of similar scope to claim 2, and are therefore rejected under similar rationale.

Regarding claim 13, claim 13 is directed to a method associated with the system of claim 5. Claim 13 is of similar scope to claim 5, and are therefore rejected under similar rationale.

Regarding claim 14, claim 14 is directed to a method associated with the system of claim 6. Claim 14 is of similar scope to claim 6, and are therefore rejected under similar rationale.
Regarding claim 15, claim 15 is directed to a method associated with the system of claim 7. Claim 15 is of similar scope to claim 7, and are therefore rejected under similar rationale.

Regarding claim 16, claim 16 is directed to a method associated with the system of claim 8. Claim 16 is of similar scope to claim 8, and are therefore rejected under similar rationale.

Regarding claim 17, claim 17 is directed to a method associated with the system of claim 9. Claim 17 is of similar scope to claim 9, and are therefore rejected under similar rationale.

Claims 3, 12 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu et al. (US 2016/0254918), Golin (US 9,652,769) and Slater et al. (US 2015/0379505) and in further view of Himawan et al. (US 2016/0036854).

As per claim 3, Liu in combination with Golin and Slater teaches the system of claim 2, but fails to teach wherein the decryption module is a Hardware Security Module (HSM).
	However, in an analogous art Himawan teaches wherein the decryption module is a Hardware Security Module (HSM) (Himawan, Paragraph 0018 recites “Non-limiting examples of cryptographic operations that may be carried out on HSM device 102e may be encryption, decryption, signing, signature verification, message digest, key generation, key derivation function, and random number generation. Non-limiting examples of a type of cryptographic APIs that may be used on HSM device 102e may include PKCS11, MS-CAPI (Microsoft Cryptographic API), or vendor specific APIs.”).
It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Himawan’s Apparatus and method for sharing a hardware security module interface in a collaborative network with Liu’s trust-zone-based end-to-end security because it offers the advantage of using a dedicated crypto processor that is specifically designed for the protection of the cryptographic data.

Regarding claims 12 and 20, claims 12 and 20 are directed to a method and a non-transitory readable medium associated with the system of claim 3. Claims 12 and 20 are of similar scope to claim 3, and are therefore rejected under similar rationale.
 
Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu et al. (US 2016/0254918), Golin (US 9,652,769) and Slater et al. (US 2015/0379505) and in further view of Jenkinson et al. (US 2016/0254915).

As per claim 4, Liu in combination with Golin and Slater teaches the system of claim 1 wherein the first computing system is further configured to: store the copy of the token representing the CHD in a transaction log.
 (Jenkinson, Paragraph 0030 recites “Optionally, the work message 214 may also comprise a copy of the transaction origin token generated by the client 12. In this way, the resource manager 4a may be provided with proof that the transaction associated with the work item was requested by the client 12. If a dispute arises as to the authenticity of the transaction origin token, the transaction log 12 and/or the certificate authority 117 may be consulted. For example, if the transaction origin token is time stamped at the log 20 during a time when the certificate authority 117 had a valid association between the client 12 and the public key that can decrypt the transaction origin token, then the client 12 may be prevented from repudiating the transaction request 207. Also optionally, at 222, the transaction manger 2 may send to the client 12 a work item receipt message comprising a copy of the work item receipt token generated by the resource manager 4a. The client 12 may receive the work item receipt token message at 224. The work item receipt token, in conjunction with the timestamp generated by the transaction manager 2 at the transaction log 20, may serve as proof that the resource manager 4a received the work item, thus preventing the resource manager 4a from later claiming otherwise. Because the transaction manager 2 acts as a trusted third party, the resource manager 4a may be willing to generate the work item receipt token confirming receipt of the work item (at 214) before it actually receives the work item (at 220).”).
It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Jenkinson’s NON-REPUDIABLE atomic commit with Liu’s trust-zone-based end-to-end security because it offers the advantage of having a record .

















Conclusion
	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661.  The examiner can normally be reached on Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 


RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439