Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	This office action is in response to the application received 7/22/2019.
2.	Claims 1-20 are pending in the application. Claims 1, 10, and 16 are independent claims.


Information Disclosure Statement
3.	The information disclosure statements (IDS) submitted on 7/22/2019 and 10/13/2020  were filed after the mailing date of the application on 7/22/2019.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.




Claim Rejections - 35 USC § 101
4.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


5.	Claims 16-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
In reference to independent claim 16, the claim recites ‘A computer readable medium on which is stored machine readable instructions that when executed by a processor, cause the computer to:’ The may be a non-transitory computer medium. Thus, the specification does not preclude the examiner from the utilizing the BRI as possibly including transitory propagating signals per se and thus, the claim fails to recite statutory subject matter under 35 U.S.C. 101.  The examiner recommends adding ‘non-transitory’ to the preamble of the claim to cover only cover statutory embodiments of invention. 
In reference to dependent claims 17-20, the claims are dependent upon rejected base claims. Therefore, the claims are rejected for inheriting the same deficiencies of the independent claim.




Claim Rejections - 35 USC § 102
6.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Schenk et al., PGPub. 2017/0053139 filed (10/17/2016).
In reference to independent claim 1, Schenk teaches:
	receive a request for a webpage from a web browser (Schenk, para. [0057]) Figure 4 illustrates a load sequence of HTML content. Specifically, a user initiates the process by requesting the HTML content from the server device. 
	send webpage code of the webpage to the web browser, wherein the webpage loads a secure webpage for a sensitive data field that is separate from the webpage (Schenk, para. [0057-0059 and 0084]) Server device returns HTML content. User device will process the page and complete any processes that would normally be executed as part of the page load. When browser process processes code instruction, a request is made to security device to download modifying code – e.g. reconfiguration scripts and instructions. Security device may provide a script file using the configuration details defined in figures 3A and 3B, by creating a customized script. For each configured block in the reconfiguration script the script will determine the HTML attributes and styles of the block, then it will select the text body of the HTML block. For example, an iFrame may be created at the location that the original content existed in the document, where the iFrame is assigned the same CSS attributes and styles as previously loaded from the content. 
	wherein the secure webpage is provided by a secure server (Schenk, para. [0059]) Security device may provide a script file using the configuration details. 
and corresponds to an identifier that points to the secure server (Schenk, para [0050]) code fragment is configured 20 identify security device, for example, by providing the security device address, which may be a DNS lookup value, IP address or other computer address location that a user browser can interpret.  
wherein sensitive data entered into the sensitive data field of the secure webpage is protected from a script loaded in the webpage (Schenk, para. [0048, 0084]) for each configured block in the reconfiguration script the script will determine the HTML attributes and styles of the block, then it will select the text body of the HTML block. For example, an iFrame may be created at the location that the original content existed in the document, where the iFrame is assigned the same CSS attributes. Through the use of security device to remove secure data from user input and vault provider to persistently store data, system enables the transparent removal of secure data from user input, thereby eliminating the secure data from being stored, processed or viewed by an existing server (e.g. server 120), without changing server 120. 
	receive the sensitive data from the secure server (Schenk, para. [0048]) the existing system would receive a token value, in an acceptable format, where that token value may be later used to obtain the original secure value, where the original value may be required to complete processing or a transaction.
In reference to dependent claim 2, Schenk teaches:
	wherein the webpage includes a non-sensitive data field and wherein non-sensitive data is received into the non-sensitive data field, and wherein the instructions further cause the processor to: collect the non-sensitive data from the non-sensitive data field (Schenk, para. [0066 and 0067]) for any data entered by the user in the original page any validations, scripts, and other processes will execute without any interaction or impact from the reconfiguration script or the secured frame.  
In reference to dependent claim 3, Schenk teaches:
	receive a handle representing the sensitive data from the secure server; and exchange the received handle for the sensitive data to receive the sensitive data from the secure server (Schenk, para. [0011, 0029-0030 and 0041]) reconfigure the webpage to present a replacement field for receiving the user data in the replacement field, transmit the user data to a secured server instead of the defined 
In reference to dependent claim 4, Schenk teaches:
	use the received sensitive data to perform an action (Schenk, para. [0042]) the replaced HTML content may be used to capture sensitive information from the user, such as personal identifying information, payment information, or the like.
In reference to dependent claim 5, Schenk teaches:
	wherein the handle comprises a token or a session identifier associated with the sensitive data(Schenk, para. [0011, 0029-0030 and 0041]) reconfigure the webpage to present a replacement field for receiving the user data in the replacement field, transmit the user data to a secured server instead of the defined server, receive token data form the secured server, and transmit the token data instead of the user data to the defined server.
In reference to dependent claim 6, Schenk teaches:
	communicate an instruction to the secure webpage to post the sensitive data (Schenk, para. [0044]) This action may be any HTML event initiated by a user or browser process such as clicking a field, element, button, page unload or any other event.
	receive, from the secure webpage, a handle representing the sensitive data (Schenk, para. [the persistent action may initiate a call from browser process to security device that may cause security device to initiate a call to the vault provider. The configuration used by then security device provides the ability to configure the token substitutes.
	send the handle to the secure server, wherein the secure server is to send the sensitive data in response to receipt and verification of the handle; and (Schenk, para. [0045]) Security device, when processing secured content to present back to browser process, optionally to replace the substitute token value with either the original secured value or an alternate value as defined by the configuration. 
	receive the sensitive data sent by the secure server (Schenk, para. [0045]) Security device, when processing secured content to present back to browser process, optionally to replace the substitute token value with either the original secured value or an alternate value as defined by the configuration. For example, if the secured field is a payment card number, then the configured view value may be configured to show a masked value with all values replaced with ‘X’, and only the last four digits exposed.
In reference to dependent claim 7, Schenk teaches:
	Wherein the secure webpage is included in an inline frame embedded in the webpage (Schenk, para. [0084]) an iFrame may be created at the location that the original content existed in the document, where the iFrame is assigned the same CSS attributes and styles as previously loaded from the content.
In reference to dependent claim 8, Schenk teaches:
	Wherein the webpage code loads the script from a script library and wherein the script is prevented from accessing the sensitive data entered into the sensitive data field (Schenk, para. [0086-0089] process flow for the loading of security scripts in the secured iFrame. The iFrame loads, is a replica of the original HTML content. Once dependencies have been loaded the security script in the secured content frame will initiate handshaking such that the key is not passed or shared in any call.




In reference to dependent claim 9, Schenk teaches:
	 (Schenk, para. [0045]) Security device, when processing secured content to present back to browser process, optionally to replace the substitute token value with either the original secured value or an alternate value as defined by the configuration. For example, if the secured field is a payment card number, then the configured view value may be configured to show a masked value with all values replaced with ‘X’, and only the last four digits exposed.
In reference to independent claim 10, the claim recites similar language and limitations found in independent claim 1. Therefore, the claim is rejected under similar rationale. The limitations below are included in the claim that do not appear in independent claim 1 and thus, are addressed below:
	Receiving, by the processor, a handle corresponding to the sensitive data; sending, by the processor, the handle to the secure server and (Schenk, para. [0011, 0029-0030 and 0041]) reconfigure the webpage to present a replacement field for receiving the user data in the replacement field, transmit the user data to a secured server instead of the defined server, receive token data form the secured server, and transmit the token data instead of the user data to the defined server.
	receiving the sensitive data from the secure server (Schenk, para. [0048]) the existing system would receive a token value, in an acceptable format, where that token value may be later used to obtain the original secure value, where the original value may be required to complete processing or a transaction.
In reference to dependent claim 11, Schenk teaches:
	Receive non-sensitive data entered into the non-sensitive data field; and using the received sensitive data and the received non-sensitive data to perform an action requested through the webpage(Schenk, para. [0066 and 0067]) for any data entered by the user in the original page any validations, scripts, and other processes will execute without any interaction or impact from the reconfiguration script or the secured frame.  (Schenk, para. [0042]) the replaced HTML content may be 
In reference to dependent claim 12, the claim recites similar language to that of dependent claim 6. Therefore, the claim is rejected under similar rationale. 
In reference to dependent claim 13, the claim recites similar language to that of dependent claim 7. Therefore, the claim is rejected under similar rationale. 
In reference to dependent claim 14, Schenk teaches:
	wherein the secure server receives the sensitive data without the client device sending the sensitive data to the processor (Schenk, para. [0044]) This action may be any HTML event initiated by a user or browser process such as clicking a field, element, button, page unload or any other event.
In reference to dependent claim 15, Schenk teaches:
	Downloading the another script from a script library (Schenk, para. [0060]) one of the dependencies could be a Javascript library hosted on a public content delivery network. 
In reference to claims 16-20, the claims include similar language found in rejected claims 1, 3, 6, 7, and 15, respectively. Therefore, the claims are rejected under similar rationale.



Conclusion
8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW J LUDWIG whose telephone number is (571)272-4127.  The examiner can normally be reached on Mon - Fri. 9-5pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Stephen Hong can be reached on 571-272-4124.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MATTHEW J. LUDWIG
Examiner
Art Unit 2178



/STEPHEN S HONG/Supervisory Patent Examiner, Art Unit 2178