DETAILED ACTION
Acknowledgements
This office action is in response to the claims filed 04/24/2021.
Claims 1, 11, and 18 are amended.
Claims 3-5, 9, 13-15 and 19 are cancelled.
Claims 23-30 are new.
Claims 1, 2, 6-8, 10-12, 16-18 and 20-30 are pending.
Claims 1, 2, 6-8, 10-12, 16-18 and 20-30 have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Objections
Claim 18 is objected to because of the following informalities:  Claim 18 is designated as “Currently Amended” but Applicant failed to mark amendments to the claim.  Appropriate correction is required.

Response to Arguments
Applicant's arguments filed 04/24/2021 have been fully considered but they are not persuasive. 
112
Due to amendments, the prior 112 rejections are withdrawn. 
103
Applicant’s independent claims are broader than the previous claims.
Applicant argues prior art does not teach the plurality of strings corresponding to a plurality of data fields” Examiner disagrees.
First, Applicant’s disclosure does not provide support for the limitation, see 112(a) rejection.
Secondly, Olumofin discloses “retrieving one or more sets of encrypted comparison cardholder card data from a cardholder data database, each set of encrypted comparison cardholder card data encrypted according to a homomorphic encryption scheme and comprising a plurality of data fields  corresponding to the plurality of data fields in the confidential card data” (¶ 15, 16, 19); 
Claim Interpretation- “data comprising a plurality of strings corresponding to a plurality of data fields….” According to the disclosure (¶ 99-104, 142), “The remaining fields are: bank name, cardholder name, and the first 6 digits (BIN number) and last 4 digits of the credit card number….  Additionally, further fields may be included in the transaction request and handled without disruption as, since the data is not decrypted, the actual source and content of the data is not significant, only the ability to validate and authenticate it.” The phrase is to describe information within the cardholder card data. For the purpose of claim interpretation, the limitation is understood to mean the cardholder card data contains information about the transaction, and cardholder.
Olumofin states - homomorphic encryption are used to provide strong privacy guarantees for cardholders location information… It provides a means for 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 2, 6-8, 10-12, 16-18 and 20-30 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claims 1 and 11 recite “comprising a plurality of strings corresponding to a plurality of data fields… comparing using one or more homomorphic operations on the plurality of strings collectively to determine which….” According to the disclosure (¶ 99-104, 142) “ an association of data 90 to encrypted data 50 may include a unique identifier, such as a hash or serial number, of the user in both the encrypted data 50 and the data 90. It may be beneficial to include the unique identifier in the encrypted data 50 in plaintext form, such as via an unencrypted metadata field attached to the encrypted data 50, a file name, or an unencrypted database field in association with encrypted data 50 stored in a database… The remaining fields are: bank name, cardholder name, and the first 6 digits (BIN number) and last 4 digits of the credit card number….  Additionally, further fields may be included in the transaction request and handled without disruption as, since the data is not decrypted, the actual source and content of the data is not significant, only the ability to validate and authenticate it. ” The specification does not make mention of a plurality of strings corresponding to a plurality of data fields in the cardholder data. The fields, as taught in the disclosure, refer to transaction and payment information, the “plurality of strings” that correspond to a plurality of data fields are not taught by the disclosure. 

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 2, 6-8, 10-12, 16-18 and 20-30 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 1 and 11 recite “receiving a transaction request to complete a financial transaction, with at least a portion of the request encrypted according to a homomorphic encryption scheme,.. comparing the encrypted confidential cardholder data”. The claim is unclear and indefinite. Applicant has claimed a portion of the transaction request is encrypted but does not distinctly claim what portion, and later claims the comparison of “the encrypted confidential cardholder data”. The claim is unclear and indefinite. First the lack of antecedent basis of “the encrypted confidential cardholder data” and secondly as to what entity chooses what portion of the request to encrypt, given that an homomorphic operation is claimed for encrypted data. Dependent claims 2, 6-8, 10, 12, 16, 18 and 20-30 are also rejected. 
Claim 7 recites “the set of comparison data”, claim 11 recites “the method”.  There is insufficient antecedent basis for this limitation in the claim. 12, 16, 18, 20, 22, and 27-30 are also rejected.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

Claims 1, 2, 10-12, 20 and 23-30 are rejected under 35 U.S.C. 103 as being unpatentable over Olumofin et al. (2017/0053282) (“Olumofin”), and in view of Soon-Shiong et al. (2016/0072800) (“Soon”).
Regarding claims 1 and 11, Olumofin discloses retrieving one or more sets of encrypted comparison cardholder card data from a cardholder data database, each set of encrypted comparison cardholder card data encrypted according to a homomorphic encryption scheme and comprising a plurality of data fields  corresponding to the plurality of data fields in the confidential card data (¶ 15, 16, 19); 
Claim Interpretation- “data comprising a plurality of strings corresponding to a plurality of data fields….” According to the disclosure (¶ 99-104, 142), “The remaining fields are: bank name, cardholder name, and the first 6 digits (BIN number) and last 4 digits of the credit card number….  Additionally, further fields may be included in the transaction request and handled without disruption as, since the data is not decrypted, the actual source and content of the data is not significant, only the ability to validate and authenticate it.” The phrase is to describe information within the cardholder card data. For the purpose of claim interpretation, the limitation is understood to mean the cardholder card data contains information about the transaction, and cardholder.
Olumofin states - homomorphic encryption are used to provide strong privacy guarantees for cardholders location information… It provides a means for retrieving data from a database/service without the database/service (or its provider) being able to learn any information about which particular item was 

comparing the encrypted confidential cardholder data to each set of the encrypted comparison card cardholder data using one or more homomorphic operations on the plurality of strings collectively to determine which set of comparison cardholder card data matches the confidential cardholder data and validating the confidential cardholder data (¶ 15, 19); 
Olumofin states - server 20 of the issuer bank 10 uses the public key received from the service provider 16 to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the cardholder location (locc), that is response-E(r(locp-locc)), where r is a random non-Zero integer. It does this without learning locc. (¶ 19)

generating an encrypted indicator indicating authorization or rejection of the request to complete the financial transaction based upon at least the validation of the confidential cardholder data (¶ 15, 19); and 
Olumofin states - server 20 of the issuer bank 10 uses the public key received from the service provider 16 to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the 

forwarding the encrypted indicator indicating authorization or rejection of the request to complete the financial transaction to a party seeking authorization to complete the financial transaction (¶ 15, 19), 
Olumofin states - the server 22 returns the encrypted response back to the server 20 of the issuer bank 10 issuer… In step 60, the server 20 of the issuer bank utilizes the adjusted fraud risk score to determine if the transaction will be approved or not.  (¶ 15)

Olumofin does not disclose receiving a transaction request to complete a financial transaction, with at least a portion of the request encrypted according to a homomorphic encryption scheme, the transaction request comprising confidential cardholder data comprising a plurality of strings corresponding to a plurality of data fields in the confidential card holder data, the plurality of data fields including an account number, other cardholder data, and transaction data; wherein the confidential cardholder data is never decrypted during the method.  

Soon teaches receiving a transaction request to complete a financial transaction, with at least a portion of the request encrypted according to a homomorphic encryption scheme, the transaction request comprising confidential cardholder data comprising a plurality of strings corresponding to a plurality of data fields in the confidential card 
Claim Interpretation- Claim 1 recites “with at least a portion of the request encrypted according to a homomorphic encryption scheme, the transaction request comprising confidential cardholder data including an account number,… the encrypted confidential cardholder data”. Similarly, Claim 11 recites “wherein the confidential cardholder data is never decrypted during the method”. The claim first recites “receiving a request to complete a financial transaction, with at least a portion of the request encrypted according to a homomorphic encryption scheme, the transaction request comprising confidential cardholder data including an account number.” The “at least a portion of the request” was not explained to definitively be the encryption of the confidential cardholder data. For purposes of claim interpretation, given that the limitations claim the “confidential cardholder data” is never decrypted and the use of “the encrypted confidential cardholder data” in claim 1, the “confidential cardholder data” will be interpreted as the portion of the request that was encrypted. 
Claim Interpretation- “data comprising a plurality of strings corresponding to a plurality of data fields….” According to the disclosure (¶ 99-104, 142), “The remaining fields are: bank name, cardholder name, and the first 6 digits (BIN number) and last 4 digits of the credit card number….  Additionally, further fields may be included in the transaction request and handled without disruption as, since the data is not decrypted, the actual source and content of the data is not significant, only the ability to validate and authenticate it.” The phrase is to 
Soon states - transaction request 150 can comprise transaction data submitted to transaction device 110. Example transaction attributes may include an account number, identifier of external device 170, identifier of account servers 190, or other information. The transaction data can include context data possibly comprising a location, a time, a transaction identifier, an account identifier, a user identifier, an external device identifier, an event (e.g., new event, local event, life event, etc.), a user preference, a protocol identifier, public key information, a password, a routing number, account information, genomic partition information (e.g., desired strength, location, length, etc.), a cryptographic suite, or other information in support of transaction 180. derive digital transaction token 160 from digital genomic data 135 within partition 137… digital transaction token 160 may comprise encrypted data from a message where the message is encrypted based on a key derived from partition 137…  the communication or processing session among the various devices (e.g., genome-transaction device, external device 440, authentication server 480, etc.) can exist within a homomorphic encryption space or a somewhat homomorphic encryption (SHE) space, possibly keyed based on one or more of digital image-based token 420, digital genome-based token 413, genome-based token objects 433, image-based token object 463, transaction ID 471, stakeholder information, or other factors. (¶ 48-50, 98)

wherein the confidential cardholder data is never decrypted during the method (¶ 98, 149) 
Soon states - the homomorphic space allows for transmission of encrypted data and the processing of the encrypted data within the corresponding encryption space without requiring decryption of the encrypted. This approach is considered advantageous because it allows for processing of the secure data without compromising confidentiality or data integrity. (¶ 98) 

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Olumofin (¶ 19) , which teaches to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the cardholder location (locc) and Soon (¶ 98), which teaches the homomorphic space allows for transmission of encrypted data and the processing of the encrypted data within the corresponding encryption space without requiring decryption of the encrypted  in order to provide further protection for user information and secure user data in transactions (Soon; ¶ 98).
Regarding claims 2 and 12, Soon teaches wherein the homomorphic encryption scheme is a fully homomorphic encryption scheme or a somewhat homomorphic encryption scheme (¶ 98).  
Regarding claims 10 and 20, Olumofin discloses wherein the request to complete the financial transaction is received by one or more of: a financial institution, a credit card company, a card issuer or a payment processor (¶ 11, 17-19).

Regarding claims 24 and 28, Olumofin discloses wherein the other cardholder data includes one or more of: a bank name, a cardholder name, a Bank Identification Number (BIN) and a further portion of the account number (¶ 13, 17).
Regarding claims 25 and 29, Olumofin discloses wherein the transaction data includes one or more of. a transaction amount, a transaction date and a merchant identifier (¶ 13, 17, 18).
Regarding claims 26 and 30, Olumofin discloses wherein the financial transaction is a credit card transaction or a debit card transaction or a stored-value card transaction (¶ 11).
Claims 6, 16, 21 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Olumofin et al. (2017/0053282) (“Olumofin”), in view of Soon-Shiong et al. (2016/0072800) (“Soon”) and further in view of Staddon et al. (8,712,915) (“Staddon”).
Regarding claims 6 and 16, Neither Olumofin nor Soon teaches further including executing a step of retrieving the transaction data and executing the step of comparing the transaction data using one or more homomorphic operations to determine whether a transaction amount can be authorized.  Staddon teaches further including executing a step of retrieving the transaction data and executing the step of comparing the transaction data using one or more homomorphic operations to determine whether a transaction amount can be authorized (Figure 9; column 6, line 8-10, column 8, line 1-15, 29-37, column 10, line 54-67).  Therefore, it would have been obvious to one of to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the cardholder location (locc), Soon (¶ 98), which teaches the homomorphic space allows for transmission of encrypted data and the processing of the encrypted data within the corresponding encryption space without requiring decryption of the encrypted  and Staddon (column 6, line 8-10), which teaches Private online purchasing is transacted under both protocols using a combination of partially homomorphic encryption and symmetric encryption,  in order to provide demand driven pricing while allowing customers to make purchases privately (Staddon; column 2, line 4-22).
Regarding claims 21 and 22, Staddon teaches wherein determining whether a transaction amount can be authorized includes verifying that the confidential cardholder data is for a valid account (column 4, line 50-59, column 5, line 59-64, column 11, line 19-35).
Claims 7, 8, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Olumofin et al. (2017/0053282) (“Olumofin”), in view of Soon-Shiong et al. (2016/0072800) (“Soon”) and further in view of Bacon et al. (2017/0149557) (“Bacon”).
Regarding claims 7 and 17, Neither Olumofin nor Soon teaches wherein a portion of the request is compared to the set of comparison data to reduce size of the set of comparison data prior to comparing the encrypted confidential cardholder data. Bacon wherein a portion of the request is compared to the set of comparison data to reduce size of the set of comparison data prior to comparing the encrypted confidential cardholder data (¶ 44-47). Therefore, it would have been obvious to one of ordinary skill to compute a response that is a homomorphically-blinded encryption of the difference between the payment location (locp) and the cardholder location (locc), Soon (¶ 98), which teaches the homomorphic space allows for transmission of encrypted data and the processing of the encrypted data within the corresponding encryption space without requiring decryption of the encrypted  and Bacon (¶ 45), which teaches multiple operations can be performed slotwise in a single homomorphic multiplication,  in order to provide secure and efficient data comparisons on encrypted data (Bacon; ¶ 3, 4).
Claim Interpretation - Claims 7 and 17 recite “a portion of the request is compared to the set of comparison data to reduce size of the set of comparison data”. Claim 1 and 11 reference “comparing the encrypted confidential cardholder data to each set of the encrypted comparison cardholder data”. For purposes of claim interpretation, “the set of comparison data” will be interpreted as being the same as the “set of the encrypted comparison cardholder data”.
Regarding claims 8 and 18, Bacon teaches wherein the one or more homomorphic operations combine to form an XNOR operation (¶ 24, 32, 49, 52).  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ISIDORA I IMMANUEL whose telephone number is (469)295-9094.  The examiner can normally be reached on Monday-Friday 9:00 am to 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA PATEL can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ISIDORA I IMMANUEL/Examiner, Art Unit 3685