DETAILED ACTION
	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114 was filed in this application after a decision by the Patent Trial and Appeal Board, but before the filing of a Notice of Appeal to the Court of Appeals for the Federal Circuit or the commencement of a civil action. Since this application is eligible for continued examination under 37 CFR  1.114 and the fee set forth in 37 CFR 1.17(e) has been timely paid, the appeal has been withdrawn pursuant to 37 CFR 1.114 and prosecution in this application has been reopened pursuant to 37 CFR 1.114. Applicant’s submission filed on October 21, 2020 has been entered.

Response to Amendment
	The amendment filed on October 21, 2020 has been entered.  Applicant has amended claims 1, 9, 17, and 26-28.  Claims 1, 3, 9, 11, 17, 19 and 26-28 are now pending and currently stand rejected.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable 

	Claims 1, 3, 9, 11, 17, 19 and 26-28 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention.  
	The “written description” requirement implements the principle that a patent must describe the technology that is sought to be patented; the requirement serves both to satisfy the inventor’s obligation to disclose the technologic knowledge upon which the patent is based, and to demonstrate that the patentee was in possession of the invention that is claimed.  Capon v. Eshhar, 418 F.3d 1349, 1357, 76 USPQ2d 1078, 1084 (Fed. Cir. 2005).	Claim 1 recites, in part, “improving security of the card data by deleting the card data token responsive to at least one of the TTL value expiring or the detokenize and erase request.”  Examiner has reviewed Applicant’s disclosure and is unable to find support to demonstrate that Applicant was in possession of an invention that deleted card token data responsive to a TTL value expiring.  Applicant’s disclosure indicates that “In one or more embodiments of the invention, the token service (106) is configured to delete existing tokenized card data once the card data is read or once the token has expired.”  Specification [0018].  However, Applicant’s disclosure fails to indicate how the token service is configured (i.e. what steps does the token service perform in order to complete this process).  For example, it is unknown if the token service periodically scans for expired tokens and deletes them, or if the token service monitors the expiration dates of tokens and alerts a user to delete the token(s) when expired, or if there is some specific instruction/coding in the token itself that is added when it is generated instructing it to delete upon the expiration, or something else altogether.  While one of Centocor Ortho Biotech, Inc. v. Abbott Labs, 636 F.3d 1341, 1348 (Fed. Cir. 2011).
	Furthermore, since this is, or at least appears to be a computer implemented invention (e.g., an invention implemented, at least in part, by a token service, See e.g., Specification [0018]), Applicant must provide the corresponding algorithm (e.g., the necessary steps and/or flowcharts) that performs the recited functions in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter, however, no such details are found in the disclosure.  Accordingly, there is no description as to how the claimed function(s) are achieved.  See Ariad Pharmaceuticals Inc. v. Eli Lilly & Co., 94 USPQ2d 1161 (Fed. Cir. 2010).  It is further noted that the written description requirement under 112(a) is not satisfied by stating that one of ordinary skill in the art could devise an algorithm to perform the specialized programmed functions.  See, e.g., Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 681-683, 114 USPQ2d 1349, 1356, 1357 (Fed. Cir. 2015); also see MPEP 2161.01(I).
	Independent claims 9 and 17 recite a substantially similar limitation to that described above and found in claim 1, accordingly, claims 9 and 17 are also rejected under 35 U.S.C. 112(a) for the same reasons and rational explained above with respect to claim 1.  Claims 3, 11, 19 and 26-28 are rejected under 35 U.S.C. 112(a) based on their dependency to claim 1, 9 or 17.

	Claim 26 recites, in part, “wherein deleting the card data token is performed responsive to failure of the detokenize and erase request.”  Examiner has reviewed Applicant’s disclosure and is or once the token has expired.  Specification [0018].  Applicant fails to support a third scenario where the card data token is deleted responsive to failure of the detokenize and erase request.  Claims 27 and 28 recite a substantially similar limitation, accordingly, claims 27 and 28 are also rejected under 35 U.S.C. 112(a) for the same reasons and rational explained above with respect to claim 26.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

	Claims 26-28 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.	Claim 26 recites, in part, “wherein deleting the card data token is performed responsive to failure of the detokenize and erase request.”  The limitation is unclear when read in combination with claim 1.  That is, claim 1 indicates that the card data token is deleted responsive to at least one of the TTL value expiring or the detokenize and erase request.  It is unclear if Applicant is attempting to refine the deleting process described in claim 1, or if they are describing an additional deleting process, a combination of these, or something else altogether.  Furthermore, it is unclear what happens in the scenario where the card data token is deleted response to the TTL value expiring.  That is, if the card data token is deleted as a result of the TTL expiring it is unclear how it could be deleted again responsive to failure of the detokenize and erase request.  Applicant’s specification only mentions the failure of a detokenize and erase operation one time.  There, the specification states “the token may live at most an amount of time equal to the TTL value, so even if the explicit detokenize and erase operation fails, the token will be erased.”  Specification [0033].  As best understood, this statement is merely a reason 

Claim Rejections - 35 USC § 101
	35 U.S.C. 101 reads as follows:
	Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 	matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 	conditions and requirements of this title.
	
	Claims 1, 3, 9, 11, 17, 19 and 26-28 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
	The 2019 Revised Patent Subject Matter Eligibility Guidance (hereinafter “2019 PEG”) discusses a multi-step analysis which is followed to determine subject matter eligibility under 35 U.S.C. §101.  In view of this analysis, it must first be determined whether the claims are directed to one of the four statutory categories of invention (i.e., process, machine, manufacture, or composition of matter).  Under the 2019 PEG step 1 analysis, it is determined that the claims are directed to the statutory category of a process (claims 1, 3 and 26), a manufacture (claims 9, 11 and 27), and a machine (claims 17, 19 and 28), where the manufacture and machine include the process limitations that are directed to substantially the same subject matter of the process.  Therefore, we proceed to step 2A, Prong 1. 
	Under the 2019 PEG step 2A, Prong 1 analysis, it must be determined whether the claims recite an abstract idea that falls within one or more designated categories of patent ineligible subject matter 
	generating, at a token service operating in a payment card industry data security standard (PCI-DSS) system and in response to receiving a card data tokenize request from a point of sale (POS) system, a card data token,
wherein the card data tokenize request includes card data received from a card reader, 
wherein the card data token is a sequence of characters representing the card data and matching the format of the card data,
wherein the PCI-DSS system comprises a payment processing system governed by the PCI-DSS, and wherein the PCI-DSS comprises a standardized security requirement for payment processing systems that perform at least one selected from a group consisting of storing, processing, and transmitting the card data, and
wherein generating the card data token includes adding a time to life (TTL) value to the card data token, the TTL value indicating a maximum amount of time the token service maintains the card data in storage before deleting the card data;
transmitting, by the token service, the card data token to the POS system;
thereafter receiving, by a payment service operating in the PCI-DSS system and from the POS system, a payment request comprising both sale data and the card data token, wherein the payment request is received via a gateway, and wherein the sale data includes a transaction amount, a tax amount, and an itemized list of items purchased, wherein the gateway does not store card data, and wherein the gateway is excluded from being governed by the PCI-DSS system;
generating, by the payment service, the detokenize and erase request comprising the card data token;
sending, by the payment service, the detokenize and erase request to the token service;
detokenizing, by the token service, card data from the card data token;
transmitting, by the token service, the card data;
receiving, by the payment service, the card data;
generating, by the payment service, a payment process request comprising the sale data and the card data;
sending, by the payment service, the payment process request to a payment authorization service operating in the PCI-DSS system;
receiving, at the payment service, a payment response from the payment authorization service in response to the sending the payment process request; 
sending, by the payment service, the payment response to the POS system; and 
improving security of the card data by deleting the card data token responsive to at least one of the TTL value expiring or the detokenize and erase request.

Here, the claims are directed to the abstract idea(s) of protecting a customer’s payment information (e.g., credit card information) through the use of a tokenization service/system/process that adheres to industry standards (e.g., PCI-DSS) while processing a payment with a payment service.  This concept/abstract idea, which is identified in the bolded sections seen above, falls within the Certain Methods of Organizing Human Activity grouping of the 2019 PEG because it describes a fundamental economic practice (e.g., protecting consumer information during a transaction) and/or a commercial or legal interaction (e.g., between the point of sale (POS), the token service, and the payment service).  The protecting of customer information, including payment information, through the life cycle of the 
	Since it is determined that the claim(s) contain a judicial exception, it must then be determined, under Step 2A, Prong 2, whether the judicial exception is integrated into a practical application of the exception.  In order to make this determination, the additional element(s), or combination of elements, are analyzed to determine if the claim as a whole integrates the recited judicial exception into a practical application of that exception.  A claim that integrates a judicial exception into a practical application will apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the judicial exception.  Claim 1 recites the additional elements of: a token service operating in a payment card industry data security standard (PCI-DSS) system; and a payment service operating in the PCI-DSS system.  Both the token service and the payment service are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic computer component, system, and/or service.  See MPEP 2106.05(f).  The Specification's description of these 
	Furthermore, the fact that the token service and payment service operate in a payment card industry data security standard (PCI-DSS) system adds nothing to the claim(s) other than tying the abstract idea to a particular technological environment.  In Accenture, the court held a claim to generating tasks based on rules to be completed upon the occurrence of an event was an abstract idea. Accenture Global Servs., GmbH v. Guidewire Software, 728 F.3d 1336, 1344 (Fed. Cir. 2013).  The claim limitations recited a database of tasks, a means to allow a client access to those tasks, and a set of rules that are applied to a task on a given event. Id. at 1345.  Here, claim 1 recites tasks to be completed as part of an electronic payment transaction in which a card data token is generated and transmitted with sales data and card data is stored at a token service.  Even if the tasks are based on rules of a PCI-DSS system, such broadly recited rules, without more, do not take claim 1 out of the abstract idea realm as illustrated by Accenture 's holding.  Furthermore, claim 1 does not recite any steps or rules of a PCI-DSS system or other feature that improve computers or other technological process.
	Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.  Looking at the elements as a combination does not add anything more than the elements analyzed individually.  The claim is directed to an abstract idea.  Examiner further notes that even though the claims may not preempt all forms of the abstraction, this alone, does not make them any less abstract.  See OIP Techs., Inc. v. Amazon.com, Inc., 788 F.3d 1359, 1362-63 (Fed. Cir. 2015).
Symantec, TLI, and OIP Techs. court decisions cited in MPEP 2106.05(d)(II) indicate that mere collection or receipt of data over a network is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here).  Considered as an ordered combination, the different services/computing components recited in the claims adds nothing that is not already present when the steps are considered separately.  Thus, the claims at issue amount to nothing significantly more than instructions to apply the abstract ideas of a fundamental economic practice and/or a commercial or legal interaction using some unspecified, generic computer/service.  Accordingly, this is not enough to transform an abstract idea into a patent-eligible invention.	Therefore, claim 1 is rejected under 35 U.S.C. §101 and is not patent eligible.  Independent claims 9 and 17 recite similar subject matter to that found in claim 1, accordingly, the reasons and rational explained above would also be applicable to claims 9 and 17.  Dependent claims 3, 11, 19 and 26-28 when analyzed are held to be patent ineligible under 35 U.S.C. §101 because the additional recited limitation(s) fail to establish that the claim(s) is/are not directed to an abstract idea. The additional recited limitations in the dependent claims only refine the abstract idea further and do not add significantly more to the claims and fail to cure the deficiencies of their parent claim(s).

Response to Arguments
Claim Rejections – 35 U.S.C. § 112(b)
	Claims 1, 3, 4, 9, 11, 12, 17, 19, 20, and 26-28 were rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.  The August 24, 2020 decision by the Patent Trial and Appeal Board reversed this rejection, accordingly, the prior rejection is moot.
Claim Rejections – 35 U.S.C. § 101	Applicant indicates that they have amended the claims to recite the addition of a time to life (TTL) value to the tokens, as well as the deletion of the token itself.  Amendment, p. 11.  Applicant concludes that “even under the rationale provided by the Board, the amended claims improve computers or networks by improving security of card data by deleting the token via the specific arrangement of components in the network.”  Amendment, pp. 11-12.  Examiner respectfully disagrees with this conclusion.  
	First, Examiner contends that there was no indication by the Board that the inclusion of this subject matter would yield the claim(s) patentable.  Decision, pp. 20-22.  Rather, the Board merely indicated that certain aspects argued by Applicant, including the use of a time to life (TTL) value and deleting the token, were not within the scope of claim 1.  Id.  
	Second, Examiner contends that the adding of a TTL value to the token and possibly deleting the token based on this value (i.e. note that claim 1 does not require the token to be deleted based on the TTL value, rather, the token could be deleted based upon a request) still fall within the abstract idea of protecting a customer’s payment information (e.g., credit card information) through the use of a 
	Accordingly, Examiner is maintaining the 35 U.S.C. §101 rejection on all claims for the reasons cited the response above and for those cited in the 35 U.S.C. §101 rejection.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure is cited in the Notice of References Cited (PTO-892).  The additional cited art further establishes the state of the art prior to the effective filling date of Applicant’s claimed invention.
Kendrick et al. (US 2009/0132424 A1) discloses that it was known in the art to delete stored payment device information from a device in order to comply with various financial regulations or policies.  Kendrick [0022].  Kendrick further discloses that this information may be deleted based upon a number of transactions or a maximum length of time that payment device information can be stored in memory.  Id.
Mattsson et al. (US 2015/0095367 A1) discloses where sensitive data is tokenized and then stored in a data storage module or transmitted to an entity such as a financial institution.  Mattsson [0027].  Mattsson discloses that in order to improve security further a client can be configured to delete stored single-used tokens periodically, or in response to any other suitable factor, such as the completion of a transaction associated with a stored single-use token.  Mattsson [0027]; [0035].
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON FENSTERMACHER whose telephone number is (571)270-3511.  The examiner can normally be reached on Monday - Friday 8:30 AM to 5:30 PM EST, Alternate Fridays Off.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on 571-272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/J.F./Examiner, Art Unit 3685                                                                                                                                                                                                        April 9, 2021

/STEVEN S KIM/Primary Examiner, Art Unit 3685