Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
2.	The Amendment filed February 11, 2022 has been entered.  Claims 1, 2, 4, 7, 8, 11-14, and 16 are pending and are rejected for the reasons set forth below. 

 
Claim Rejections - 35 USC § 101
5.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


6.	In sum, claims 1, 2, 4, 7, 8, 11-14, and 16 are rejected under 35 U.S.C. §101 because the claimed invention recites and is directed to a judicial exception to patentability (i.e., a law of nature, a natural phenomenon, or an abstract idea) and does not include an inventive concept that is “significantly more” than the judicial exception under the January 2019 and October 2019 patentable subject matter eligibility guidance (2019 PEG) analysis which follows. 

Step 1
7.	Under the 2019 PEG step 1 analysis, it must first be determined whether the claims are directed to one of the four statutory categories of invention (i.e., process, machine, manufacture, or composition of matter).  Applying step 1 of the analysis for patentable subject matter to the claims, it is determined 

Step 2A, Prong 1
8.	Under the 2019 PEG step 2A, Prong 1 analysis, it must be determined whether the claims recite an abstract idea that falls within one or more designated categories of patent ineligible subject matter (i.e., organizing human activity, mathematical concepts, and mental processes) that amount to a judicial exception to patentability.  
	Claim 1, at its core, recites the abstract idea of: 
receiving a login of a user into a personal account of the user,
obtaining credit card information from the personal account of the user input by the user for initiating a payment transaction, and
sending the credit card information to a [[payment server]]; and at the [[payment server]]:
receiving the credit card information from the [[client]], wherein the [[payment server]] operates in a PCI (Payment Card Industry) region, 
storing the credit card information,
generating a respective temporary payment token representing the credit card information for each of a plurality of payment transactions which are initiated by the user,
storing, in a table, each of the temporary payment tokens, a valid period of each temporary payment token, and a corresponding relationship between the credit card information and each temporary payment token,
sending the temporary payment token to the [[client]] for the [[client]] to submit a payment request comprising the temporary payment token to an [[application server]] that processes the payment request,
wherein processing the payment request comprisesSMRH:4814-5963-7494.1-2-Application No. 16/372,719 Attorney Docket No. 50GL-291069deleting unnecessary user information;
receiving, from the [[application server]], a processed payment request including the temporary payment token, wherein the processed payment request is generated by the [[application server]] based on the payment request, the [[application server]] does not receive the credit card information, and the [[application server]] does not operate in the PCI region,
determining that the temporary payment token included in the processed payment request matches the temporary payment token stored in the table,
locating, in the table, the credit card information and the valid period based on the temporary payment token and the corresponding relationship between the credit card information and the temporary payment token,
determining whether the valid period of the temporary payment token has expired, and
responsive to determining that the valid period of the temporary payment token has not expired, processing the processed payment request based on the credit card information.
	Here, the recited abstract idea falls within one or more of the three enumerated 2019 PEG categories of patent ineligible subject matter, to wit: certain methods of organizing human activity, which includes fundamental economic practices or principles and/or commercial interactions (e.g., here, conducting a transaction using a token). 

Step 2A, Prong 2
9.	Under the 2019 PEG step 2A, Prong 2 analysis, the identified abstract idea to which claim 1 is directed does not include limitations or additional elements that integrate the abstract idea into a practical application. 
	Besides reciting the abstract idea, the limitations of claim 1 also recite generic computer components (e.g. a payment server, an application server, and a client). In particular, the recited features of the abstract idea are merely being applied on a computer or computing device or via software programming that is simply being used as a tool (“apply it”) to implement the abstract idea. (See e.g., MPEP §2106.05(f)). Therefore, these additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using generic computer components. In other words, the additional elements are simply used as tools to perform the abstract idea.
	Thus, claim 1 does not include any limitations or additional elements that integrate the abstract idea into a practical application. As a result, claim 1 is directed to an abstract idea.

Step 2B
10.	Under the 2019 PEG step 2B analysis, the additional elements of claim 1 are evaluated to determine whether they amount to something “significantly more” than the recited abstract idea. (i.e., an innovative concept). Here, the recited additional elements (e.g. a payment server, an application server, and a client), do not amount to an innovative concept since, as stated above in the Step 2A, Prong 2 analysis, the claims are simply using the additional elements as a tool to carry out the abstract idea (i.e., “apply it”) on a computer or computing device and/or via software programming (See e.g., MPEP §2106.05(f)). The additional elements are specified at a high level of generality such that they are being used in the claims to simply implement the abstract idea and are not themselves being 
	Thus, claim 1 does not recite any additional elements that amount to “significantly more” than the abstract idea.

Additional Independent Claims
11.	Independent claims 7 and 13 are similarly rejected under 35 U.S.C. 101 for the reasons described below:
	Claim 7 recites the abstract idea of:
A credit card payment processing method applicable on [[an application server]], comprising: SMRH:4867-0106-2401.1-3-Application No. 16/372,719 Attorney Docket No. 50GL-291069 
receiving a payment request from a client, the payment request including a temporary payment token generated [[by a payment server]], 
the temporary payment token representing credit card information input by a user for initiating a payment transaction, 
wherein the temporary payment token, a valid period of the temporary payment token and a corresponding relationship between the credit card information and the temporary payment token are stored, in a table, [[at the payment server]], 
wherein a respective temporary payment token is generated for each payment transaction which is initiated, 
wherein the application server does not operate in a PCI (Payment Card Industry) region, and 
wherein the [[application server]] does not receive the credit card information; 
processing the payment request by deleting unnecessary user information; and 
sending a processed payment request, the processed payment request including the temporary payment token, [[to the payment server]] for the [[payment server]] to determine that the temporary payment token included in the processed payment request matches the temporary payment token stored in the table and 
locate, in the table, the credit card information and the valid period based on the temporary payment token and, 
if the valid period of the temporary payment token has not expired, process the processed payment request based on the credit card information, 
wherein the credit card information, and a relationship between the credit card information and the temporary payment token, are stored [[at the payment server]], 
wherein the [[payment server]] locates the credit card information based on the payment token and the relationship between the credit card information and the payment token, and wherein the [[payment server]] operates in the PCI region.
	Similarly, as described above regarding claim 1, the recited abstract idea falls within one or more of the three enumerated 2019 PEG categories of patent ineligible subject matter, to wit: certain methods of organizing human activity, which includes fundamental economic practices or principles and/or commercial interactions (e.g., here, conducting a transaction using a token).
	Under the 2019 PEG step 2A, Prong 2 analysis, the identified abstract idea to which claim 7 is directed does not include limitations or additional elements that integrate the abstract idea into a practical application.
	Besides reciting the abstract idea, the remaining limitations of claim 7 (additional elements) recite generic computer components (e.g. an application server, a client, and a payment server). In particular, the recited features of the abstract idea are merely being applied on a computer or computing device or via software programming that is simply being used as a tool (“apply it”) to 
	Under the 2019 PEG step 2B analysis, the additional elements of claim 7 are evaluated to determine whether they amount to something “significantly more” than the recited abstract idea. (i.e., an innovative concept). Here, the recited additional elements, such as: an application server, a client, and a payment server, do not amount to an innovative concept since, as stated above in the Step 2A, Prong 2 analysis, the claims are simply using the additional elements as a tool to carry out the abstract idea (i.e., “apply it”) on a computer or computing device and/or via software programming (See e.g., MPEP §2106.05(f)).

	Claim 13 recites the abstract idea of:
A credit card payment processing method applicable on [[a client]], comprising: 
receiving a login of a user into a personal account of the user; 
obtaining credit card information from the personal account of the user input by the user for initiating a payment transaction; 
sending the credit card information [[to a payment server]], wherein the [[payment server]] operates in a PCI (Payment Card Industry) region; 
obtaining, [[from the payment server]], a temporary payment token generated [[by the payment server]], the temporary payment token representing the credit card information for the payment transaction, 
wherein the payment token, a valid period of the temporary payment token and a corresponding relationship between the credit card information and the temporary payment token are stored in a table [[at the payment server]], 
wherein a respective temporary payment token is generated for each payment transaction which is initiated; 
submitting a payment request to an [[application server]], the payment request including the temporary payment token, 
wherein, responsive to receiving the payment request, the [[application server]] processes the payment request by deleting unnecessary user information and, respectively, 
submits a processed payment request to the [[payment server]], the processed payment request including the temporary payment token for the [[payment server]] to locate the credit card information based on the temporary payment token and process the processed payment request based on the credit card information, 
wherein the SMRH:4867-0106-2401.1-5-Application No. 16/372,719Attorney Docket No. 50GL-291069credit card information, and a relationship between the credit card information and the temporary payment token, are stored at the [[payment server]], 
wherein the [[payment server]] locates the credit card information based on the temporary payment token and the relationship between credit card information and temporary payment token, 
wherein the [[application server]] does not operate in the PCI region, and wherein the [[application server]] does not receive the credit card information.
	Similarly, as described above regarding claim 1, the recited abstract idea falls within one or more of the three enumerated 2019 PEG categories of patent ineligible subject matter, to wit: certain methods of organizing human activity, which includes fundamental economic practices or principles and/or commercial interactions (e.g., here, conducting a transaction using a token).

	Besides reciting the abstract idea, the remaining limitations of claim 13 (additional elements) recite generic computer components (e.g. an application server, a client, and a payment server). In particular, the recited features of the abstract idea are merely being applied on a computer or computing device or via software programming that is simply being used as a tool (“apply it”) to implement the abstract idea. (See e.g., MPEP §2106.05(f)). Therefore, these additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using generic computer components.
	Under the 2019 PEG step 2B analysis, the additional elements of claim 13 are evaluated to determine whether they amount to something “significantly more” than the recited abstract idea. (i.e., an innovative concept). Here, the recited additional elements, such as: an application server, a client, and a payment server, do not amount to an innovative concept since, as stated above in the Step 2A, Prong 2 analysis, the claims are simply using the additional elements as a tool to carry out the abstract idea (i.e., “apply it”) on a computer or computing device and/or via software programming (See e.g., MPEP §2106.05(f)).

Dependent Claims
12.	Dependent claims 2, 4, 8, 11, 12, 14, and 16 are also rejected under 35 U.S.C. 101 for the reasons described below: 
	Claims 2, 8, and 14 merely add further description to the “token” recited in claims 1, 7, and 13. Merely stating that the token comprises letters and/or numbers does not provide any indication of an 
	Regarding Claims 4 and 16, merely stating that the system receives/transmits the credit card data via an API does not integrate the abstract idea into a practical application. Rather, these claims merely apply generic computing components (e.g. an API) in order to implement the abstract idea on a computer.
	Regarding Claim 11, this claim merely adds further description to the “token” recited in claim 7. Merely stating that the token is created based on the credit card information does not provide any indication of an improvement to transaction processing technology. Rather, this merely defines the type of data that is used to generate the token.  
	Regarding Claim 12, this claim merely adds further description to the “payment request” recited in claim 7. Merely stating that the payment request is an order received from the client does not provide any indication of an improvement to transaction processing technology. Rather, this merely defines the type of payment that is processed.
	Thus, the dependent claims do not add any additional element or subject matter that provides a technological improvement (i.e., an integration into a practical application) that results in the claims being directed to patent eligible subject matter or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B).


Claim Rejections - 35 USC § 103
13.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

14.	Claims 1, 2, 7, 8, and 11-14 are rejected under 35 U.S.C. 103 as being unpatentable over Fisher (U.S. Pre-Grant Publication No. 20030126094) in view of Gaddam (U.S. Patent No. 20150269566), Yanak (U.S. Pre-Grant Publication No. 20080077438), and Subbarayan (U.S. Pre-Grant Publication No. 20180174138).

Claim 1
Regarding claim 1, Fisher teaches:
A credit card payment processing method, comprising: at a client (See at least Paragraphs 119 and 120: Describes a process for enrolling a user in a payment processing system using proxy account numbers. The user may access a Persistent Dynamic Payment Service portal [i.e. a client] on their personal computer):
receiving a login of a user into a personal account of the user (See at least Paragraph 92: After a user is enrolled, they may complete an authentication process [e.g. entering a username and password] to access the Persistent Dynamic Payment Service [PDPS] portal on their personal computer),
obtaining credit card information from the personal account of the user input by the user for initiating a payment transaction, and sending the credit card information to a payment server 
at the payment server: receiving the credit card information from the client (See at least Paragraphs 92 and 119: Describes an enrollment process in which a user provides a credit card/account number to the PDPS/payment processor [payment server] via a browser on their computer system),
storing the credit card information (See at least Paragraph 119: The proxy account number and the cardholder's information is stored in a PDP database);
generating a respective [[temporary]] payment token representing the credit card information (See at least Paragraph 119: The user is issued a proxy account number [token] which is associated with the user's actual account number. The proxy account number is stored in a database. Additionally, Paragraph 14 describes an existing system that utilizes one-time or limited-time credit card numbers [i.e. a different card number/token is generated for each transaction conducted by the user]. Examiner’s Note: Fisher does not explicitly teach that a plurality of “temporary” payment tokens are generated. However, Gaddam does teach this aspect of the invention as described below);
storing, in a table, [[each]] of the temporary payment tokens… and a corresponding relationship between the credit card information and [[each]] temporary payment token (See at least Paragraph 26: The PDPS includes a database which associates the proxy account number with the one or more valid account numbers [Also see Paragraph 178: describes data tables that comprise information regarding the proxy account number]);
sending the temporary payment token to the client for the client to submit a payment request comprising the payment token to an application server that processes the payment request (See at least Paragraphs 119 and 123: The user is issued the proxy 
receiving, from the application server, a processed payment request including the temporary payment token, wherein the processed payment request is generated by the application server based on the payment request, the application server does not receive the credit card information, [[and the application server does not operate in the PCI region]] (See at least Paragraph 123 and 124: Once the merchant receives the proxy account number, the merchant forwards the proxy account number to the payment processor via their acquiring bank [i.e. the processed payment request]. The merchant does not receive the user's actual account information);
determining that the temporary payment token included in the processed payment request matches the temporary payment token stored in the table (See at least Paragraphs 124 and 125: The payment processor obtains the user's real account number from the PDPS using the proxy account number. Examiner's Note: Fisher does not explicitly disclose a step for matching the proxy account number with a proxy account number stored at the PDPS. However, as stated in Paragraph 26, the PDPS associates the proxy account number with the user's real account number. Therefore, in order to obtain the user's real account number using the proxy account number, the system must first match the received proxy account number with the proxy account number associated with the user's real account number), and
locating, in the table, the credit card information and the valid period based on the temporary payment token and the corresponding relationship between the credit card information and the temporary payment token (See at least Paragraphs 124 and 125: 

Regarding claim 1, Fisher does not explicitly teach, but Gaddam, however, does teach:
generating a respective temporary payment token representing the credit card information for each of a plurality of payment transactions which are initiated by the user (See at least Paragraphs 83-85: Describes a system for generating a "token" that allows a user to conduct a transaction at a merchant. Each token may be a "one-time use" token [i.e. a new token is generated each time the user wishes to conduct a transaction, See Paragraph 91]),
storing… a valid period of each temporary payment token (See at least Paragraph 56: Each token may be associated with a "token expiration time." The token expiration time may indicate the last time at which a token is valid. This expiration time may be stored in a database [See Paragraph 59 and Table 1]),
determining whether the valid period of the temporary payment token has expired (See at least Paragraph 89: The token vault computer may receive and validate the token. Validating the token may comprise determining if the current time is past the token expiration time [i.e. whether the token has expired]), and
responsive to determining that the valid period of the temporary payment token has not expired, processing the processed payment request based on the credit card information (See at least Paragraphs 90 and 91: If the token is validated, the token vault computer may store an association between the token and received account information. The access device may then conduct a transaction using the token).


Regarding claim 1, the combination of Fisher and Gaddam does not explicitly teach, but Yanak, however, does teach:
wherein processing the payment request comprises deleting unnecessary user information (See at least Paragraphs 61 and 62: Describes a system for modifying a payment message by deleting personal information from the payment message [e.g. removing personal healthcare data from a payment message]).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Fisher, Gaddam, and Yanak in order to increase the privacy afforded to users during a payment transaction by anonymizing the payment message (Yanak: Paragraph 62).

Regarding claim 1, the combination of Fisher, Gaddam, and Yanak does not explicitly teach, but Subbarayan, however, does teach:
Wherein the payment server operates in a PCI (Payment Card Industry) region, and the application server does not operate in the PCI region (See at least Paragraphs 103-106: Describes a system which utilizes "payment gateways" to eliminate the need for merchants to store credit card information and deal with PCI compliance rules [see Paragraphs 3 and 4]. The payment gateway system [payment server] implements PCI standards. This allows the merchant system [application server] to forward a payment 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Fisher, Gaddam, Yanak, and Subbarayan in order to reduce the burden on merchants from PCI compliance rules, and other expensive/time-consuming systems and regulations associated with processing payment transactions (Subbarayan: Paragraphs 2-8).

Claim 2
Regarding claim 2, Fisher teaches:
Where the temporary payment token comprises a combination of letters and/or numbers (See at least Paragraph 119: The proxy account number is composed of numbers).

Claim 7
Regarding claim 7, Fisher teaches:
A credit card payment processing method applicable on an application server, comprising:SMRH:4867-0106-2401.1-3-Application No. 16/372,719 Attorney Docket No. 50GL-291069receiving a payment request from a client, the payment request including a [[temporary]] payment token generated by a payment server, the temporary payment token representing credit card information input by a user for initiating a payment transaction (See at least Paragraph 123: The user initiates a payment request at a merchant website [i.e. an application server] which includes the proxy account 
wherein the temporary payment token… and a corresponding relationship between the credit card information and the temporary payment token are stored, in a table, at the payment server (See at least Paragraph 26: The PDPS includes a database which associates the proxy account number with the one or more valid account numbers [Also see Paragraph 178: describes data tables that comprise information regarding the proxy account number), 
wherein the application server does not receive the credit card information (See at least Paragraph 123 and 124: Once the merchant receives the proxy account number, the merchant forwards the proxy account number to the payment processor via their acquiring bank [i.e. the processed payment request]. The merchant does not receive the user's actual account information); 
sending a processed payment request, the processed payment request including the temporary payment token, to the payment server for the payment server to determine that the temporary payment token included in the processed payment request matches the temporary payment token stored in the table (See at least Paragraphs 123-125: Once the merchant receives the proxy account number, the merchant forwards the proxy account number to the payment processor via their acquiring bank [i.e. the application server sends the processed payment request].The payment processor obtains the user's real account number from the PDPS using the proxy account number. Examiner's Note: Fisher does not explicitly disclose a step for 
locate, in the table, the credit card information… (See at least Paragraphs 124 and 125: The payment processor obtains the user's real account number from the PDPS using the proxy account number) and, 
wherein the credit card information, and a relationship between the credit card information and the temporary payment token, are stored at the payment server (See at least Paragraph 26: The PDPS includes a database which associates the proxy account number with the one or more valid account numbers [Also see Paragraph 178: describes data tables that comprise information regarding the proxy account number]), 
wherein the payment server locates the credit card information based on the payment token and the relationship between the credit card information and the payment token (See at least Paragraphs 124 and 125: The payment processor obtains the user's real account number from the PDPS using the proxy account number).

Regarding claim 7, Fisher does not explicitly teach, but Gaddam, however, does teach:
wherein a respective temporary payment token is generated for each payment transaction which is initiated (See at least Paragraphs 83-85: Describes a system for generating a "token" that allows a user to conduct a transaction at a merchant. Each 
locate, in the table… the valid period based on the temporary payment token (See at least Paragraph 89: The token vault computer may receive and validate the token. Validating the token may comprise determining if the current time is past the token expiration time [i.e. whether the token has expired]),
if the valid period of the temporary payment token has not expired, process the processed payment request based on the credit card information (See at least Paragraphs 90 and 91: If the token is validated, the token vault computer may store an association between the token and received account information. The access device may then conduct a transaction using the token),
wherein… a valid period of the temporary payment token… are stored, in a table, at the payment server (See at least Paragraph 56: Each token may be associated with a "token expiration time." The token expiration time may indicate the last time at which a token is valid. This expiration time may be stored in a database [See Paragraph 59 and Table 1]).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Fisher and Gaddam in order to allow tokens to be generated and utilized to complete a payment, even when communication between the various entities involved in the payment is limited (Gaddam: Paragraph 39).

Regarding claim 7, the combination of Fisher and Gaddam does not explicitly teach, but Yanak, however, does teach:
processing the payment request by deleting unnecessary user information (See at least Paragraphs 61 and 62: Describes a system for modifying a payment message by deleting personal information from the payment message [e.g. removing personal healthcare data from a payment message]).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Fisher, Gaddam, and Yanak in order to increase the privacy afforded to users during a payment transaction by anonymizing the payment message (Yanak: Paragraph 62).

Regarding Claim 7, the combination of Fisher, Gaddam, and Yanak does not explicitly teach, but Subbarayan, however, does teach:
Wherein the application server does not operate in a PCI (Payment Card Industry) region, and wherein the payment server operates in the PCI region (See at least Paragraphs 103-106: Describes a system which utilizes "payment gateways" to eliminate the need for merchants to store credit card information and deal with PCI compliance rules [see Paragraphs 3 and 4]. The payment gateway system [payment server] implements PCI standards. This allows the merchant system [application server] to forward a payment token without the need to receive/store the user's actual payment information [see Paragraphs 104-106 and Figure 3A]. Although not explicitly stated, the merchant system does not need to comply with PCI regulations [see Paragraphs 3, 4, and 38]. Instead, the payment gateway system provides these services for the merchant).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Fisher, Gaddam, Yanak, and Subbarayan in 

Claim 8
Regarding claim 8, this claim is rejected under the same rationale as claim 2 described above.

Claim 11
Regarding claim 11, Fisher teaches:
Where the payment token is generated by the payment server based on the credit card information (See at least Paragraph 119: The proxy account number is generated in association with the user's actual account number).

Claim 12
Regarding claim 12, Fisher teaches:
Where the payment request is associated with an order received from the client (See at least Paragraph 122 and 123: The purchase is initiated based on merchandise picked out by the user in an online shop).

Claim 13
Regarding claim 13, Fisher teaches: 
A credit card payment processing method applicable on a client, comprising: receiving a login of a user into a personal account of the user (See at least Paragraphs 119 and 120: Describes a process for enrolling a user in a payment processing system using proxy 
obtaining credit card information from the personal account of the user input by the user for initiating a payment transaction (See at least Paragraph 119: The PDPS extracts account information [e.g. an account number] from the payer during the enrollment process. The account information may be entered via a browser operating on the payer's computer system);
sending the credit card information to a payment server (See at least Paragraphs 92 and 119: The account number is sent to the PDPS/payment processor [payment server]),
obtaining, from the payment server, a [[temporary]] payment token generated by the payment server, the temporary payment token representing the credit card information for the payment transaction (See at least Paragraph 119: The user is issued a proxy account number [token] which is associated with the user's actual account number. Examiner’s Note: Fisher does not explicitly teach that the token is a “temporary” payment token. However, Gaddam does teach this aspect of the invention as described below);
wherein the payment token… and a corresponding relationship between the credit card information and the temporary payment token are stored in a table at the payment server (See at least Paragraph 26: The PDPS includes a database which associates the proxy account number with the one or more valid account numbers [Also 
submitting a payment request to an application server, the payment request including the [[temporary]] payment token (See at least Paragraphs 119 and 123: The user may use the proxy account number in place of their actual account number when making a purchase at a merchant website [application server]),
submits a processed payment request to the payment server, the processed payment request including the temporary payment token for the payment server to locate the credit card information based on the temporary payment token and process the processed payment request based on the credit card information (See at least Paragraphs 123-126: The payment request, which includes the proxy account number, is then forwarded through the merchant's acquiring bank to the payment processor. The payment processor obtains the user's real account number from the PDPS using the proxy account number. The payment processor then settles the transaction with the user's issuing bank using the user's real account number),
wherein the credit card information, and a relationship between the credit card information and the temporary payment token, are stored at the payment server (See at least Paragraph 26: The PDPS includes a database which stores and associates the proxy account number with the one or more valid account numbers),
wherein the payment server locates the credit card information based on the temporary payment token and the relationship between credit card information and temporary payment token
wherein the application server does not receive the credit card information (See at least Paragraph 123 and 124: The merchant receives the proxy account number. However, the merchant does not receive the user's actual account information).

Regarding claim 13, Fisher does not explicitly teach, but Gaddam, however, does teach:
wherein… a valid period of the temporary payment token… are stored in a table at the payment server, (See at least Paragraph 56: Describes a system for generating a "token" that allows a user to conduct a transaction at a merchant. Each token may be associated with a "token expiration time." The token expiration time may indicate the last time at which a token is valid. This expiration time may be stored in a database [See Paragraph 59 and Table 1]); and
wherein a respective temporary payment token is generated for each payment transaction which is initiated (See at least Paragraphs 83-85: Each token may be a "one-time use" token [i.e. a new token is generated each time the user wishes to conduct a transaction, See Paragraph 91].
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Fisher and Gaddam in order to allow tokens to be generated and utilized to complete a payment, even when communication between the various entities involved in the payment is limited (Gaddam: Paragraph 39).

Regarding claim 13, the combination of Fisher and Gaddam does not explicitly teach, but Yanak, however, does teach:
wherein, responsive to receiving the payment request, the application server processes the payment request by deleting unnecessary user information (See at least 
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Fisher, Gaddam, and Yanak in order to increase the privacy afforded to users during a payment transaction by anonymizing payment message (Yanak: Paragraph 62).

Regarding claim 13, the combination of Fisher, Gaddam, and Yanak does not explicitly teach, but Subbarayan, however, does teach:
Wherein the application server does not operate in a PCI (Payment Card Industry) region, and wherein the payment server operates in the PCI region (See at least Paragraphs 103-106: Describes a system which utilizes "payment gateways" to eliminate the need for merchants to store credit card information and deal with PCI compliance rules [see Paragraphs 3 and 4]. The payment gateway system [payment server] implements PCI standards. This allows the merchant system [application server] to forward a payment token without the need to receive/store the user's actual payment information [see Paragraphs 104-106 and Figure 3A]. Although not explicitly stated, the merchant system does not need to comply with PCI regulations [see Paragraphs 3, 4, and 38]. Instead, the payment gateway system provides these services for the merchant).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Fisher, Gaddam, Yanak, and Subbarayan in order to reduce the burden on merchants from PCI compliance rules, and other expensive/time-

Claim 14
Regarding claim 14, this claim is rejected under the same rationale as claim 2 described above.


15.	Claims 4 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Fisher (U.S. Pre-Grant Publication No. 20030126094) in view of Gaddam (U.S. Patent No. 20150269566), Yanak (U.S. Pre-Grant Publication No. 20080077438), and Subbarayan (U.S. Pre-Grant Publication No. 20180174138), and in further view of Amancherla (U.S. Patent No. 10453042).

Claim 4
	Regarding claim 4, the combination of Fisher, Gaddam, Yanak, and Subbarayan does not explicitly teach, but Amancherla, however, does teach:
wherein the receiving credit card information from the client comprises: receiving the credit card information from the client via an API interface of the payment server (See at least Col. 22, Line 50 - Col. 23, Line 21: The system may receive user credentials [e.g. an account number and PIN] via an API).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Fisher, Gaddam, Yanak, Subbarayan, and Amancherla in order to incorporate payment processing functionality into their applications via published application programming interfaces (APIs) and code blocks that are available for insertion into 

Claim 16
	Regarding claim 16, the combination of Fisher, Gaddam, Yanak, and Subbarayan does not explicitly teach, but Amancherla, however, does teach:
wherein the sending the credit card information to a payment server comprises: sending the credit card information to the payment server via an API interface provided by the payment server to exchange for a payment token (See at least Col. 22, Line 50 - Col. 23, Line 21: Describes a system for completing transactions with a token. The system may receive user credentials [e.g. an account number and PIN] via an API), and 
the obtaining a payment token representing the credit card information from the payment server comprises: obtaining, via the API interface, the payment token representing the credit card information from the payment server (See at least Col. 22, Line 50 - Col. 23, Line 21: The token is then received by the application via the API).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Fisher, Gaddam, Yanak, Subbarayan, and Amancherla in order to incorporate payment processing functionality into their applications via published application programming interfaces (APIs) and code blocks that are available for insertion into the developer's source code. This results in a seamless user experience because the user does not need to leave the application in order to conduct their payment transaction.


Response to Arguments
16.	Applicant’s arguments filed February 11, 2022 have been fully considered. 

Arguments Regarding 35 U.S.C. 112(b)
	The examiner has withdrawn the 112(b) rejection given in the Non-Final rejection dated October 16, 2021. 

Arguments Regarding 35 U.S.C. 101
	Applicant’s arguments (Amendment, Pgs. 8-13) concerning the prior rejection of the claims under 35 USC §101, including supposed deficiencies in the rejection, are not persuasive for the following reasons.  Under the prior and current 101 analysis under 2019 PEG, the amended claims recite and are directed to a patent ineligible abstract idea, without something significantly more, for the reasons given above after consideration of the claimed features and elements.  The abstract idea has been restated herein in line with the 2019 PEG guidance and the amended claims.  Applicant is directed to the above full Alice/Mayo analysis in the 101 rejection.
	Additionally, on page 11 of their remarks, the applicant argues, “The claims do not recite certain methods of organizing human activity.” The examiner respectfully disagrees. As stated in the 101 rejection above, the claims recite a process for completing a payment with a token. The examiner notes that a process for completing a payment clearly falls under the category of fundamental economic principles and practices and/or commercial interactions as described in MPEP 2106.04(a)(2). 
	Additionally, on page 13 of their remarks, the applicant argues, “Claim 1 recites this technical solution at least with the additional elements of "receiving the credit card information from the client, wherein the payment server operates in a PCI (Payment Card Industry) region" and "receiving, from the application server, a processed payment request including the temporary payment token, wherein the processed payment request is generated by the application server based on the payment request, the application server does not receive the credit card information, and the application server does not operate in the PCI region". Thus claim 1 provides a technical solution to a technical problem, resulting in an improvement to the technical field of credit card processing.” The examiner respectfully disagrees. Specifically, the examiner notes that merely stating that the payment server and the application server do/do not operate in the PCI region does not amount to an improvement in technology. As stated in Paragraph 3 of the applicant’s specification, the “PCI region” merely refers to a set of data security standards that must be followed by a shopping platform/merchant. Simply stating that the application server does not need to adhere to these standards does not provide any indication of a technical solution to a problem faced in the transaction processing field. 
	Similarly, the “token” described in the claims is merely a string of letters and/or numbers that represent credit card information of the user. Although using this token may provide benefits to the process of completing a transaction (e.g. the benefits described by the applicant on page 12 of their remarks), these benefits are not a result of an improvement to any technology or technological field. Rather, the claims merely utilize generic computer components to complete a transaction using this temporary payment account number.
Therefore, for these reasons and the reasons given above, the rejection of these claims under 35 USC §101 is maintained. 

Arguments Regarding 35 U.S.C. 103
	Applicant’s arguments regarding the prior art rejections are moot in view of the new grounds of rejection necessitated by applicant’s claim amendments.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM D NEWLON whose telephone number is (571)272-4407.  The examiner can normally be reached on Mon - Fri 9:30 - 5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Namrata Boveja can be reached on (571) 272-8105.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-





/WILLIAM D NEWLON/Examiner, Art Unit 3696 

/EDWARD CHANG/Primary Examiner, Art Unit 3696