DETAILED ACTION
Acknowledgements
Claims 1-11 are pending.
Claims 1-11 have been examined.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Amendment/Arguments
Regarding applicant’s arguments on Claim Rejections - 35 U.S. C. § 112(a), the arguments have been fully considered, but the examiner respectfully disagrees.
With respect to Lack of Written Description to support the claim 1 limitations “initiating… a dynamic key exchange…”; “causing said first network-based computing device to…”; “causing said second network-based computing device to…”; and “processing at said second network-based computing device…”, Applicant argues “Such fundamental and basic computer functions are well understood among those skilled in the art, and 35 U.S.C. §112 requires nothing more than recitation of those fundamental functions as is the case in the current claims.” Examiner respectfully disagrees.
MPEP 2161.01 states “When examining computer-implemented functional claims, examiners should determine whether the specification discloses the computer and the algorithm (e.g., the necessary steps and/or flowcharts) that perform the claimed function in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor possessed the claimed subject matter at the time of filing. An algorithm is defined, for example, as "a finite sequence of steps for solving a logical or mathematical problem or performing a task." Microsoft Computer Dictionary (5th ed., 2002). Applicant may "express that algorithm in any understandable terms including as a mathematical formula, in prose, or as a flow chart, or in any other manner that provides sufficient structure." Finisar Corp. v. DirecTV Grp., Inc., 523 F.3d 1323, 1340 (Fed. Cir. 2008) (internal citation omitted). It is not enough that one skilled in the art could write a program to achieve the claimed function because the specification must explain how the inventor intends to achieve the claimed function to satisfy the written description requirement. See, e.g., Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 681-683, 114 USPQ2d 1349, 1356, 1357 (Fed. Cir. 2015) (reversing and remanding the district court’s grant of summary judgment of invalidity for lack of adequate written description where there were genuine issues of material fact regarding "whether the specification show[ed] possession by the inventor of how accessing disparate databases is achieved"). If the specification does not provide a disclosure of the computer and algorithm in sufficient detail to demonstrate to one of ordinary skill in the art that the inventor possessed the invention a rejection under 35 U.S.C. 112(a)  or pre-AIA  35 U.S.C. 112, first paragraph, for lack of written description must be made.” 
Therefore, the rejection maintains.

Regarding applicant’s arguments on Claim Rejections - 35 U.S. C. § 112(b), the arguments have been fully considered, but the examiner respectfully disagrees.
With respect to the claim 1 limitation “(b) remove said encrypted portion of said electronic financial transaction data from said non-persistent memory,”, applicant argues “First, the claim recites that a first network based computing device…removes an encrypted portion of data from non-persistent memory,…. the Examiner appears to be construing the claim as requiring that the steps of element (iv) of claim 1 be carried out in the order in which they appear in the claim, which is improper.”. 
The applicant’s argument does not address the confusion of removing the encrypted data and applying data splitting on the encrypted data. If the encrypted data is removed, then, there is no data to split.  Even without following the sequential steps (a)…(e) in the claim 1 limitation (iv), it is still unclear at what point the (iv)(b) remove encrypted data taken place.
Therefore, the rejection maintains.

Regarding applicant’s arguments on Claim Rejections - 35 U.S.C. §103, the arguments have been fully considered.  However, the examiner respectfully disagrees.
reading or capturing the data at POS or reader or first network-based computing device) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
With respect the to claim 1 limitation “(iv) (a) encrypt at least a portion of said electronic financial transaction data .. . (c) apply cryptographic bitsplitting comprising a key information dispersal algorithm to break said encrypted portion of said electronic financial transaction data into a predetermined number of discrete data splits . . . [and] (d) store said predetermined number of discrete data splits across a plurality of distinct memory locations.” , Applicant assets “the Examiner then goes on to state that the very same client device of Dodgson et al. performs the functions…. However, none of these functions are performed by the client device of Dodgson et al. — rather, all of them are performed by the secure storage appliance.”
The examiner is in agreement with the applicant on Dodgson et al. teaches these limitations.  Specifically, “the secure storage appliance” of Dodgson et al. maps to “the first network-based computing device” in the present application.  However, the examiner respectfully disagrees with the applicant’s assertion “the Examiner then goes on to state that the very same client device of Dodgson et al. performs the functions”.  It is unclear the base of this assertion.  It would be helpful if the applicant can clarify.  
With respect to the claim 1 limitation “providing a first network-based computing device including at least one processor and memory storing instructions, said first network-based computing device further comprising one of a credit card reader or a POS system associated with a merchant”, Dodgson et al. ¶0016 discloses “The secure storage appliance includes a programmable circuit configured to execute program instructions which, when executed, configure the secure storage appliance to receive a block of data…” and Sanchez et al. ¶0031 discloses “An electronic transaction is initiated at POS terminal 110.”  Therefore, Dodgson et al. in view of Sanchez et al. teaches the limitation.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Dodgson et al. discloses a methods and systems of data security by applying cryptographic splitting (Dodgson et al. abs). Sanchez et al. discloses a system and method of secure processing of financial transaction (Sanchez et al. abs), Kirsch discloses a method and system of using cryptography to determine financial transaction authorization level (Kirsch et al. abs, ¶0052) and Farina et al. discloses a method and system of providing cryptographically secure communications (Farina et al. abs).  These are analogous arts that utilizing cryptography to secure financial data in rest and transit.  
In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper.  See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971).


Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):

(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:



Claims 1-11 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.

Claim 1 recites “initiating… a dynamic key exchange…”; “causing said first network-based computing device to…”; “causing said second network-based computing device to…”; and “processing at said second network-based computing device…” However, the Specification does not provide an algorithm for ‘initiating”, “causing”, “causing” and “processing”. Therefore, the claim lacks written description as it fails define “initiating”, “causing”, “causing” and “processing”  without sufficiently describing how the function is performed or the result is achieved (MPEP 2161.01 I)
Dependent claims 2-11 inherit the same deficiency and are rejected for the same reason.

The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Unclear
Claim 1 recites “(b) remove said encrypted portion of said electronic financial transaction data from said non-persistent memory,” and “(c) apply cryptographic bitsplitting comprising a key information dispersal algorithm to break said encrypted portion of said electronic financial transaction data into a predetermined number of discrete data splits;” This renders the claim 1 indefinite because it is unclear if there is any data remain to be split since the encrypted portion of the data has been removed prior applying data splits to it.  
Dependent claims 2-11 are also rejected as each depends from claim 1.	


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and
103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for
the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale
supporting the rejection, would be the same under either status.

The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained through the invention is not identically disclosed or described as set
forth in section 102, if the differences between the subject matter sought to be patented and the prior
art are such that the subject matter as a whole would have been obvious at the time the invention was
made to a person having ordinary skill in the art to which said subject matter pertains. Patentability
shall not be negatived by the manner in which the invention was made.

Claims 1-11 are rejected under 35 U.S.C. 103 as being unpatentable over US Application Publication US20100153703A1 (“Dodgson et al.”), in view of US Application Publication US20100049658A1 (“Sanchez et al.”), in further view of US Application Publication US20120323717A1 (“Kirsch”), and US Application Publication US20120084544A1 (“Farina et al.”). 

Regarding claim 1, Dodgson et al. teaches:
providing a first network-based computing device including at least one processor and memory storing instructions, (Fig. 3; paras 0016, 0210);
initiating at said first network-based computing device a dynamic key exchange between said first network based computing device operating in an encryption endpoint mode and a second network based computing device operating in a decryption endpoint mode; (Fig. 19 items 1006 and 1008; paras 0167-0168, 0184)
causing said first network-based computing device to 
encrypt at least a portion of said electronic financial transaction data, (paras 0013, 0063)
apply cryptographic bitsplitting comprising a key information dispersal algorithm to break said encrypted portion of said electronic financial transaction data into a predetermined number of discrete data splits; (Fig. 16 items 858 and 860; paras 0013, 0147)
store said predetermined number of discrete data splits across a plurality of distinct memory locations, and (Fig. 16 item 862; paras 0045, 0063, 0065, 0147)
transferring said plurality of discrete data splits and said metadata to said second network-based computing device operating in said decryption endpoint mode; (para 0016; claim 20)
processing at said second network-based computing device said dynamic key exchange between said second network-based computing device operating in said decryption endpoint mode and said first network-based computing device operating in said encryption endpoint mode; (Fig. 19 items 1006 and 1008; paras 0167-0168, 0184)

Dodgson et al. does not teach:
first network-based computing device further comprising one of a credit card reader or a POS system associated with a merchant;
using an Elliptical Curve Cryptography algorithm,
receiving at said first network-based computing device electronic transaction information associated with a financial transaction and including at least a personal account number in non-persistent memory; 
remove said encrypted portion of said electronic financial transaction data from said non-persistent memory, 
generate metadata including routing and transaction information and excluding said encrypted portion of electronic financial transaction data;
receiving at said second network-based computing device said plurality of discrete data splits and metadata from said first network-based computing device operating in said encryption endpoint mode, wherein said discrete data splits and metadata further comprise discrete portions of data corresponding to a single electronic financial transaction data set that has been processed at step (iv) by said first network based computing device;
causing said second network-based computing device to decrypt said electronic financial transaction data; and
processing at said second network-based computing device a financial transaction corresponding to said electronic financial transaction data set.

However, Sanchez et al. teaches:
first network-based computing device further comprising one of a credit card reader or a POS system associated with a merchant: (FIG. 1 item 110 FIG. 2 item 200; para 0031)
receiving at said first network-based computing device electronic transaction information associated with a financial transaction and including at least a personal account number in non-persistent memory; (FIG. 2 item 200; para 0031)
processing at said second network-based computing device a financial transaction corresponding to said electronic financial transaction data set. (abs; paras 0030-0032)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filling date of the invention to modify the system of Dodgson et al. by adding support for financial transaction in accordance with the teaching of Sanchez et al.  This modification enables Dodgson et al.’s system be used in financial transaction. 

Dodgson et al. and Sanchez et al. do not teach:
using an Elliptical Curve Cryptography algorithm,

(e)	generate metadata including routing and transaction information and excluding said encrypted portion of electronic financial transaction data;
(vii)	receiving at said second network-based computing device said plurality of discrete data splits and metadata from said first network-based computing device operating in said encryption endpoint mode, wherein said discrete data splits and metadata further comprise discrete portions of data corresponding to a single electronic financial transaction data set that has been processed at step (iv) by said first network based computing device;
(viii)	causing said second network-based computing device to decrypt said electronic financial transaction data; and
However, Kirsch teaches:
using an Elliptical Curve Cryptography algorithm, (para 0069)
(b)	remove said encrypted portion of said electronic financial transaction data from said non-persistent memory, (paras 0647 and 0661)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filling date of the invention to modify the combined system of Dodgson et al. and Sanchez et al. by utilizing Elliptical Curve Cryptography and adding the feature of removing data from memory in accordance with the teaching of Kirsch.  This modification improves the data security.

Dodgson et al., Sanchez et al. and Kirsch do not teach:
(e)	generate metadata including routing and transaction information and excluding said encrypted portion of electronic financial transaction data;
(vii)	receiving at said second network-based computing device said plurality of discrete data splits and metadata from said first network-based computing device operating in said encryption endpoint mode, wherein said discrete data splits and metadata further comprise discrete portions of data corresponding to a single electronic financial transaction data set that has been processed at step (iv) by said first network based computing device;

However, Farina et al. teaches:
(e)	generate metadata including routing and transaction information and excluding said encrypted portion of electronic financial transaction data;(paras 0092; 0114)
(vii)	receiving at said second network-based computing device said plurality of discrete data splits and metadata from said first network-based computing device operating in said encryption endpoint mode, wherein said discrete data splits and metadata further comprise discrete portions of data corresponding to a single electronic financial transaction data set that has been processed at step (iv) by said first network based computing device; (FIG. 8 item 806; paras 0113-0115)
(viii)	causing said second network-based computing device to decrypt said electronic financial transaction data; and (FIG. 7 item 712, FIG. 8 item 808; paras 0112, 0116)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the filling date of the invention to modify the combined system of Dodgson et al., Sanchez et al. and Kirsch by including routing information in the metadata in accordance with the teaching of Farina et al.  This modification enables the bitsplitted data be reassembled.

Regarding claim 2, Dodgson et al. in view of Sanchez et al. and in further view of Kirsch and Farina et al. discloses all the limitations described above.  Kirsch further discloses:
generating public / private key pairs for said first network-based computing device operating in said encryption endpoint mode and said second network-based computing device operating in said decryption endpoint mode; (paras 0409 and 0518)
Dodgson et al. further discloses:
exchanging public keys between said first network-based computing device and said second network-based computing device; (FIG. 19 items 1006 and 1008; paras 0167-0168, 0184)
generating a shared symmetric key configured for use in block cypher encryption at said first network-based computing device. (para 0131)

Regarding claim 3, Dodgson et al. in view of Sanchez et al. in further view of Kirsch and Farina et al. discloses all the limitations described above.  Dodgson et al. further discloses:
shared symmetric key expires after a predetermined amount of time (abs). 

Regarding claim 4, Dodgson et al. in view of Sanchez et al. and in further view of Kirsch and Farina et al. discloses all the limitations described above.  Dodgson et al. further discloses::
further comprising the step of storing said shared symmetric key within a secure data container at each of said first network-based computing device and said second network-based computing device. (abs; paras 0013, 0139, 0180-0182)

Regarding claim 5, Dodgson et al. in view of Sanchez et al. and in further view of Kirsch and Farina et al. disclose all the limitations described above.  Dodgson et al. further discloses: 
causing said first network-based computing device to encrypt at least a portion of said electronic financial transaction data further comprises encrypting said portion using an AES-256 block cipher. (para 0123)

Regarding claim 6, Dodgson et al. in view of Sanchez et al. and in further view of Kirsch and Farina et al. disclose all the limitations described above. With respect to “wherein said metadata further comprises one or more of an identification of an issuing bank, a transaction total, an identification of a merchant, a listing of the last four digits of a purchaser’s account number, and a hash-based message authentication code.”, it describes the content of metadata.  However, the description is not used to perform any of the recited steps/functions.  Therefore, it is non-functional descriptive material. (See MPEP 2111.05 I-III) ( In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994)).

Regarding claim 7, Dodgson et al. in view of Sanchez et al. and in further view of Kirsch and Farina et al. discloses all the limitations described above.  Farina et al. further discloses:
wherein said step of transferring said plurality of discrete data splits and said metadata to said second network-based computing device operating in said decryption endpoint mode further comprises transferring said plurality of discrete data splits and said metadata through one or more intermediate data transfer points. (FIG. 9; paras 0111, 0115, 0117)

Regarding claim 8, Dodgson et al. in view of Sanchez et al. and in further view of Kirsch and Farina et al. discloses all the limitations described above.  Farina et al. further discloses:
causing said second network-based computing device to decrypt said electronic financial transaction data further comprises consolidating said discrete data splits into a single encrypted data file. (FIG. 9; paras 0111, 0115, 0117, 0121)

Regarding claim 9, Dodgson et al. in view of Sanchez et al. and in further view of Kirsch and Farina et al. discloses all the limitations described above.  Farina et al. further discloses:
causing said second network-based computing device to decrypt said electronic financial transaction data further comprises decrypting at least a portion of said single encrypted data file. (FIG. 7 item 712, FIG. 8 item 808; paras 0112, 0116)

Regarding claim 10, Dodgson et al. in view of Sanchez et al. and in further view of Kirsch and Farina et al. discloses all the limitations described above.  Dodgson et al. further discloses:
decrypting at least a portion of said single encrypted data file further comprises using an AES-236 block cipher. (paras 0123, 0182)

Regarding claim 11, Dodgson et al. in view of Sanchez et al. and in further view of Kirsch and Farina et al. discloses all the limitations described above.  Dodgson et al. further discloses:
storing said unencrypted data sets in memory for processing by said second network-based computing device. (paras 0139)


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Yingying Zhou whose telephone number is (571)272-5308.  The examiner can normally be reached on Monday-Friday 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Hayes can be reached on 571-272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact 

/YINGYING ZHOU/Examiner, Art Unit 3685                                                                                                                                                                                                                                                                                                                                                                                                   /ZESHAN QAYYUM/Primary Examiner, Art Unit 3685