DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Status of claims
Claims 1-20 are pending.
Claims 1-20 were examined.

Claim Interpretation
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: a first/second/third/fourth interface configured to connect to a client device in claims 10 and 13.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 1-8 are directed to a method, claims 9-17 are directed to a system, and claims 18-20 are directed to a data carrier. Therefore, these claims fall within the four statutory categories of invention. According to MPEP 2106 II, it is essential that the broadest reasonable interpretation (BRI) of the claim be established prior to examining a claim for eligibility. Further, MPEP 2103 I C establishes that the subject matter of a properly construed claim is defined by the terms that limit the scope of the claim when given their broadest reasonable interpretation. It is this subject matter that must be examined.  With respect to claims 1, 9 and 18, the claims recite certain language directed to non-functional descriptive material. Claims 1, 9 and 18 recite “information relating to a first/second/third customer order/transaction. However, the limitations refer only to the type of data stored. It has been held that data stored in memory will not distinguish a claimed memory from the prior art (see MPEP 2111.05). 
a. “receiving, from a first client device with a first interface of an apparatus, unencrypted payment information and unencrypted personal information relating to a first customer order”;b. “encrypting, with a processor of the apparatus, the unencrypted payment information and the unencrypted personal information relating to the first customer order, resulting in encrypted payment information and encrypted personal information relating to the first customer order”;c. “returning, with the first interface to the first client device, the encrypted payment information and the encrypted personal information relating to the first customer order”;d. “receiving, from a second client device with a second interface of the apparatus, encrypted payment information and encrypted personal information relating to a second customer order”;e. “decrypting, with the processor of the apparatus, the encrypted personal information relating to the second customer order, resulting in decrypted personal information relating to the second customer order”;returning, with the second interface to the second client device, the decrypted personal information relating to the second customer order”;g. “receiving, from a third client device with a third interface of the apparatus, encrypted payment information and encrypted personal information relating to a third customer order”;h. “decrypt the encrypted payment information and encrypted personal information relating to the third transaction, resulting in decrypted personal information and decrypted payment information relating to the third transaction” (omitted in claims 1 and 18); andi. “returning, with the third interface to the third client device, decrypted personal information and decrypted payment information relating to the third customer order.”

Therefore, the portions highlighted in bold above recite obscuring and revealing secrets on demand, which is an abstract idea grouped within the mathematical concepts and mental processes grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)). The claims are grouped within mathematical concepts because the steps recited describe encrypting and decrypting information, which represents a mathematical calculation. Additionally, the claims are also grouped within mental processes because the steps recited describe collecting information, analyzing it, and outputting certain results of the collection and analysis, which is a concept that can be performed in the human mind or by pen and paper. As explained in 
Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), first/second/third client devices; first/second/third interfaces; at least one processor and a non-transitory data carrier only serves to use computers as a tool to perform an abstract idea. Specifically, these additional elements perform the steps or functions such as: receiving… unencrypted… information… , encrypting… information…, returning… encrypted… information…, receiving… encrypted… information… , decrypting… encrypted… information…, returning… decrypted… information…, receiving… encrypted...information… , decrypt… encrypted… information (omitted in claims 1 and 18), returning… decrypted… information…. The use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional elements of using first/second/third client devices; first/second/third interfaces; at least one processor and a non-transitory data carrier to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of obscuring and revealing secrets on demand. As discussed above, taking the claim elements 
Dependent claims 2-8, 10-17, 19 and 20 further recite the following additional language, in which elements which merely further define the identified abstract idea are marked in bold below:
j) wherein the second interface only returns decrypted personal information and does not return decrypted payment information. k) wherein each of the first interface, the second interface, and the third interface comprises at least one of a unique network address and a unique port number. l) further comprising loading, from a fourth client device with a fourth interface of the apparatus, at least one key into a hardware security module of the apparatus. m) wherein at least one of the first interface, the second interface, and the third interface communicates with a client device via a network connection. n) wherein the apparatus comprises a secure PCI at rest (SPAR) device. o) wherein the apparatus comprises a first device, a second device, and a third device, and wherein the first device comprises the first interface, the second device comprises the second interface, and the third device comprises the third interface. p) wherein the first customer order, the second customer order, and the third customer order comprise a same customer order. q) wherein the at least one processor is further configured to receive, encrypt, decrypt, and output data in a stateless manner. r) further comprising a fourth interface configured to connect to a client device. s) further comprising a hardware security module, wherein the at least one processor is further configured to load at least one key into the hardware security module through the fourth interface. t) wherein the at least one processor comprises a first processor, a second processor, and a third processor, the system further comprising: a first device comprising the first processor; a second device comprising the second processor; and a third device comprising the third processor. u) wherein at least one of the first interface, the second interface, and the third interface receives input via a network connection. v) further comprising a secure PCI at rest (SPAR) device, wherein the at least one processor, the first interface, the second interface, and the third interface are arranged within the SPAR device. 
With respect to claims 2, 11 and 19, the claims further recite item j) above, which do not introduce additional elements/functions. The additional language merely represents statements directed to non-functional descriptive material by describing what the second interface "returns". In addition, claim 2 is a method claim and recites “wherein each of the first interface, the second interface, and the third interface comprises at least one of a unique network address and a unique port number”. 

With respect to claims 3, 12 and 20, the claims further recite item k) above, which do not introduce additional elements/functions. The additional language merely represents statements directed to non-functional descriptive material by describing what the interfaces comprise (i.e. addresses or numbers). Those statements are insufficient to significantly alter the eligibility analysis.

With respect to claim 5, the claim further recites item m) above, which do not introduce additional elements/functions. The additional language merely represents statements directed to not positively recited method steps by describing what an interface "communicates". Those statements are insufficient to significantly alter the eligibility analysis.

With respect to claim 6, the claim further recites item n) above, which do not introduce additional elements/functions. The additional language merely represents statements directed to what an apparatus "comprise". Claim 6 is a method claim and recites “wherein the apparatus comprises a secure PCI at rest (SPAR) device”; . However, it has been held that structural limitations are not given weight in a method 

With respect to claim 7, the claim further recites item o) above, which do not introduce additional elements/functions. The additional language merely represents statements directed to what an apparatus "comprise". Claim 7 is a method claim and recites “wherein the apparatus comprises a first device, a second device, and a third device, and wherein the first device comprises the first interface, the second device comprises the second interface, and the third device comprises the third interface” . However, it has been held that structural limitations are not given weight in a method claim unless those limitations “affect the method in a manipulative sense and not amount to mere claiming of a particular structure.” (See Ex Parte Pfeiffer, 135 USPQ 31 (Bd. App. 1961)). Those statements are insufficient to significantly alter the eligibility analysis.

With respect to claim 8, the claim further recites item p) above, which do not introduce additional elements/functions. The additional language merely represents statements directed to non-functional descriptive material by describing what orders "comprise", i.e. a "same customer order". Those statements are insufficient to significantly alter the eligibility analysis.


With respect to claim 4, the claim recites item l) above, which represent the additional elements/functions of loading a key into an apparatus. This language further elaborates in the abstract idea of obscuring and revealing secrets on demand identified above with respect to the independent claims 1, 9 and 18. The additional elements/functions are insufficient to integrate the abstract idea into a practical application implementing the judicial exception with a particular machine or manufacture. The additional elements/functions do not offer significantly more than the abstract idea, because the additional elements/functions merely further recite additional instructions to implement the abstract idea on a computer.

With respect to claim 10, the claim recites item q) above, which represent the additional elements/functions of receive, encrypt, decrypt and output data in a stateless manner. This language further elaborates in the abstract idea of obscuring and revealing secrets on demand identified above with respect to the independent claims 1, 9 and 18. The additional elements/functions are insufficient to integrate the abstract idea into a practical application because the additional elements/functions do not pertain to an improvement to the functioning of a computer or to another technology. The 

With respect to claim 13, the claim recites item r) above, which represent the additional elements/functions of connect to a client device. This language further elaborates in the abstract idea of obscuring and revealing secrets on demand identified above with respect to the independent claims 1, 9 and 18. The additional elements/functions are insufficient to integrate the abstract idea into a practical application because the additional elements/functions do not pertain to an improvement to the functioning of a computer or to another technology. The additional elements/functions do not offer significantly more than the abstract idea, because the additional elements/functions merely further recite additional instructions to implement the abstract idea on a computer. 

With respect to claim 14, the claim recites item s) above, which represent the additional elements/functions of loading a key into an apparatus. This language further elaborates in the abstract idea of obscuring and revealing secrets on demand identified above with respect to the independent claims 1, 9 and 18. The additional elements/functions are insufficient to integrate the abstract idea into a practical application because the additional elements/functions do not pertain to an improvement to the functioning of a computer or to another technology. The additional elements/functions do not offer significantly more than the abstract idea, because the a potential suggestion would be to recite in which manner the keys loaded into the HSM are used in performing the functions recited by the independent claims. While merely loading keys into a secure module is not sufficient to overcome the judicial exception, the recitation of details of intra-device mechanisms (i.e. the inter-relationship between the HSM, processors and interfaces) could be a potential avenue for overcoming step 2A prong two, by incorporating the abstract idea into a practical application.

With respect to claim 15, the claim recites item t) above, which represent the additional elements/functions of additional elements of devices comprising processors. This language further elaborates in the abstract idea of obscuring and revealing secrets on demand identified above with respect to the independent claims 1, 9 and 18. The additional elements/functions are insufficient to integrate the abstract idea into a practical application because the additional elements/functions do not pertain to an improvement to the functioning of a computer or to another technology. The additional elements/functions do not offer significantly more than the abstract idea, because the additional elements/functions merely further recite additional instructions to implement the abstract idea on a computer. 

With respect to claim 16, the claim recites item u) above, which represent the additional elements/functions of receiving input via a network connection. This language 
With respect to claim 17, the claim recites item v) above, which represent the additional elements/functions of interface arrangements within a device labeled SPAR. This language further elaborates in the abstract idea of obscuring and revealing secrets on demand identified above with respect to the independent claims 1, 9 and 18. The additional elements/functions are insufficient to integrate the abstract idea into a practical application because the additional elements/functions do not pertain to an improvement to the functioning of a computer or to another technology. The additional elements/functions do not offer significantly more than the abstract idea, because the additional elements/functions merely further recite additional instructions to implement the abstract idea on a computer. 
Therefore, while dependent claims 4, 10 and 13-17, which represent additional language l), q), r), s), t), u), v), slightly modify the analysis provided with respect to independent claims 1, 9 and 18, these additional elements/functions are insufficient to 

Claim Rejections - 35 USC § 112
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 1 recites: “a first/second/third customer order”. It is unclear by the claim language whether the language “first/second/third” refers to “customer ” (i.e. “orders of three customers”), or whether it refers to “order” (i.e. “three orders of the same customer”). This duality renders the scope of the claims unclear. This duality renders the scope of the claims unclear. Dependent claims 2-8 are also rejected since they depend on claim 1.

Claim 8 recites “wherein the first customer order, the second customer order, and the third customer order comprise a same customer order. ”. This language is unclear as it is unclear whether each of the first/second/third customer orders comprise a "same customer order" (i.e. each order comprise the same order) or whether the claims attempt to recite three distinct orders that are "the same" customer order. One of ordinary skill in the art would not be able to reasonably convey whether the claims recite 

Claims 9 and 18 recite: “receive unencrypted payment information and unencrypted personal information relating to a first/second/third transaction through the first/second/third interface”. It is unclear by the claim language whether the language “relating to” refers to “both unencrypted payment information and unencrypted personal information” (i.e. “receive A. (unencrypted payment information and unencrypted personal information) relating to a first/second/third transaction through the first/second/third interface”), or whether it refers to “unencrypted personal information only” (i.e. “receive B. unencrypted payment information and C. unencrypted personal information relating to a first/second/third transaction through the first/second/third interface”). In other words, it is unclear whether both data items "relate" to each transaction or whether only the personal information "relate" to each transaction. It is also unclear whether the unencrypted payment information is required to be received "through” the recited interfaces or not. This duality renders the scope of the claims unclear. Dependent claims 10-17, 19 and 20 are also rejected since they depend on claims 9 and 18, respectively.

Claim 10 recites: “wherein the at least one processor is further configured to receive, encrypt, decrypt, and output data in a stateless manner.”. It is unclear by the claim language whether the language “in a stateless manner” refers to “receive, encrypt decrypt, and output” (i.e. “wherein the at least one processor is further configured to A. 

Claim limitation “the first/second/third interface” of claim 10 and “the fourth interface” of claim 13 invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The closest language from the specification as filed recites:
[0030] As stated above, the SPAR device 100 may include one or more interfaces, including a front end interface 102, a middle tier interface 104, a back end interface 106, and an administrative interface 108. A single SPAR device 100 may use all the interfaces or as few as a single interface. Each of the interfaces may have a unique network address (IP address) and/or port number. Further, they may be bound to one or more distinct Ethernet interfaces.
[0042] It is to be appreciated that the SPAR device 100 described herein may embody a single component (as shown in FIG. 1), or it may be integrated within multiple components in the form of hardware integration, such as multiple SPAR devices 100 connected to a network (as shown in FIG. 3) and/or in combination with a software solution.
Therefore, since one of ordinary skill in the art would not be able to reasonably identify in the specification as filed the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function for the recited generic placeholders, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.

(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181. Dependent claim 14 is also rejected since it depends on claim 13.


Claim 19 is indefinite because it is unclear to one of ordinary skill in the art whether Applicants are claiming the subcombination of a “non-transitory data carrier” or the combination of a “non-transitory data carrier” and “second interface”. If it is Applicants’ intent to claim only the subcombination, the body of the claims must be amended to remove any positive recitation of the combination. If it is Applicants’ intent to claim the combination, the preamble of the claim must be amended to be consistent with the language in the body of the claim. For the latter, Examiner recommends claiming a “system”. For purposes of Examination, Examiner is considering the scope set by the preamble of the claims.

Claim 20 is indefinite because it is unclear to one of ordinary skill in the art whether Applicants are claiming the subcombination of a “non-transitory data carrier” or the combination of a “non-transitory data carrier” and “first, second and third interfaces”. If it is Applicants’ intent to claim only the subcombination, the body of the claims must be amended to remove any positive recitation of the combination. If it is Applicants’ intent to claim the combination, the preamble of the claim must be amended to be consistent with the language in the body of the claim. For the latter, Examiner recommends claiming a “system”. For purposes of Examination, Examiner is considering the scope set by the preamble of the claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim 1-9 and 11-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Yokota et al. (US 2003/0177363 A1) in view of Ginter et al. (US 5,892,900).

With respect to claims 1, 9 and 18, Yokota et al. teach a system for processing transaction data, comprising: a first interface configured to connect to a client device; a second interface configured to connect to a client device; a third interface configured to connect to a client device; and at least one processor in communication with the first interface, the second interface, and the third interface; a non-transitory data carrier storing instructions (see Fig. 1, service providing system 1, personal information verification apparatus 11, plurality of service user apparatuses 12, paragraph [0049]); and a computer-implemented method (Service providing system in which services are 
receiving, from a first client device with a first interface of an apparatus, unencrypted payment information and unencrypted personal information (see Fig. 2, personal information verification apparatus receives user's personal information, paragraph [0065]; Fig. 3, user's personal information comprising unencrypted personal information (i.e. name, telephone number, address, birth date, height and weight, blood type) and unencrypted payment information (i.e. credit card number) as data description examples, paragraph [0065]); 
encrypting, with a processor of the apparatus, the unencrypted payment information and the unencrypted personal information..., resulting in encrypted payment information and encrypted personal information… (see Fig. 4, the personal information verification apparatus signs and encrypts the personal information, paragraphs [0069]-[0072]); 
returning/output, with the first interface to the first client device, the encrypted payment information and the encrypted personal information… (see Fig. 4, the personal information verification apparatus 11 transmits the encrypted signed-personal information to the service user apparatus 12, paragraph [0072]); receiving, from a second client device with a second interface of the apparatus, encrypted payment information and encrypted personal information… (see Fig. 4, a second service user apparatus receives second encrypted signed-personal information, paragraphs [0049] and [0072]); 

returning, with the second interface to the second client device, the decrypted personal information… (see the second service user apparatus transmits the partial personal information to the service provider apparatus 13, paragraphs [0083] and [0084]); 
receiving, from a third client device with a third interface of the apparatus, encrypted payment information and encrypted personal information… (see Fig. 4, a third service user apparatus receives third encrypted signed-personal information, paragraphs [0049] and [0072]);
decrypt the encrypted payment information and encrypted personal information..., resulting in decrypted personal information and decrypted payment information… (Claim 9) (see the third service user apparatus receives the signed-personal information and first decrypts the signed-personal information, paragraph [0075]); and
returning, with the third interface to the third client device, decrypted personal information and decrypted payment information… (see the service user apparatus transmits the partial personal information to the service provider apparatus 13, paragraphs [0083] and [0084], in which the partial personal information is represented by Fig. 6 (i.e., personal data and credit card number), paragraph [0085]). 

Although Yokota et al. disclose a service providing system in which various services (e.g., sale of commodities and pay distribution of digital content including music and video) are provided from a provider to a user via a network, such as the Internet (see paragraph [0002]), Yokota et al. do not explicitly disclose a method, system and data carrier comprising: the information "relating to a first/second/third customer order/transaction". While this language represents non-functional descriptive material and is therefore not given patentable weight, this difference is insufficient to distinguish the claims over Yokota et al. However, in the interest of compact prosecution and assuming weight was to be given to the non-functional descriptive material recitations above, Ginter et al. disclose a method, system and data carrier (Systems and methods for secure transaction management and electronic rights protection) comprising: 
the information "relating to a first/second/third customer order/transaction" (see Fig. 16, PERCs 808 and col. 155 to col. 156, line 14; VDE electronic negotiation, col. 271, lines 3-48; Fig. 75A PERC 3100, Budget method 3108); 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the access protection mechanisms as disclosed by Ginter et al. in the method, system and data carrier of Yokota et al., the motivation being to protect the rights of parties who create electronic content and efficiently operate as a highly configurable content control system, for instance, providing a user a method that summarizes information for reporting to a clearinghouse in a way that does not convey confidential information (see Ginter et al., col. 4, lines 14-27; col. 25, lines 36 to col. 26, line 24; col. 43, lines 21-56).

With respect to claims 2, 11 and 19, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the method, system and data carrier as described above with respect to claims 1, 9 and 18. Furthermore, Yokota et al. disclose a method, system and data carrier wherein the second interface only returns decrypted personal information and does not return decrypted payment information (see The service user apparatus transmits the partial personal information to the service provider apparatus 13, paragraphs [0083] and [0084]). 

With respect to claims 3, 12 and 20, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the method, system and data carrier as described above with respect to claims 1, 9 and 18. Furthermore, Yokota et al. disclose a method, system and data carrier wherein each of the first interface, the second interface, and the third interface comprises at least one of a unique network address and a unique port number (see The personal information verification, apparatus 11, a service user apparatus 12, and a service provider apparatus 13 are connected with one another via a network "N", paragraph [0049], as evidenced by electronic appliance 600 of Ginter, describing a machine signature consisting of an Ethernet (or other) network adapter 666 address, col. 239, lines 26-33). 

With respect to claim 4, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the method as described above with respect to claim 1. Furthermore, Yokota et al. disclose a method further comprising loading, from a fourth 

With respect to claim 5, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the method as described above with respect to claim 1. Furthermore, Yokota et al. disclose a method wherein at least one of the first interface, the second interface, and the third interface communicates with a client device via a network connection (see the personal information verification, apparatus 11, a service user apparatus 12, and a service provider apparatus 13 are connected with one another via a network "N", paragraph [0049]). 

With respect to claim 6, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the method as described above with respect to claim 1. Furthermore, Yokota et al. disclose a method wherein the apparatus comprises a secure PCI at rest (SPAR) device (see Fig. 1, service providing system 1, personal information verification apparatus 11, plurality of service user apparatuses 12, paragraph [0049]). 

With respect to claim 7, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the method as described above with respect to claim 1. 

With respect to claim 8, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the method as described above with respect to claim 1. Furthermore, Yokota et al. disclose a method wherein the first customer order, the second customer order, and the third customer order comprise a same customer order (see i.e. the first, second and third orders are from the same customer operating distinct service user apparatuses 12). 

With respect to claim 13, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the system as described above with respect to claim 9. Furthermore, Yokota et al. disclose a system further comprising a fourth interface configured to connect to a client device (see Fig. 1, service providing system 1, plurality of service user apparatuses 12 (i.e. fourth service user apparatus 12), paragraph [0049]). 

With respect to claim 14, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the system as described above with respect to claim 

With respect to claim 15, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the system as described above with respect to claim 9. Furthermore, Yokota et al. disclose a system wherein the at least one processor comprises a first processor, a second processor, and a third processor, the system further comprising: a first device comprising the first processor; a second device comprising the second processor; and a third device comprising the third processor (see Fig. 1, service providing system 1, personal information verification apparatus 11, plurality of service user apparatuses 12, paragraph [0049]). 

With respect to claim 16, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the system as described above with respect to claim 9. Furthermore, Yokota et al. disclose a system wherein at least one of the first interface, the second interface, and the third interface receives input via a network connection (see Fig. 1, network "N", paragraph [0049]; for instance, service user apparatus 12 receives a personal information request, paragraphs [0083] and [0084]). 

. 


Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Yokota et al. (US 2003/0177363 A1), in view of Ginter et al. (US 5,892,900), and in view of Buer (US 2006/0072762 A1).

With respect to claim 10, the combination of Yokota et al. and Ginter et al. teaches all the subject matter of the system as described above with respect to claim 9. The combination of Yokota et al. and Ginter et al. does not explicitly teach a system wherein the at least one processor is further configured to receive, encrypt, decrypt, and output data in a stateless manner. 

 However, Buer discloses a system (Stateless hardware security module) wherein the at least one processor is further configured to receive, encrypt, decrypt, and output data in a stateless manner (see Fig. 3, SHSM 322, paragraphs [0049]-[0058]). 
.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Patent Literature
Adams, Jr. et al. (US 5,442,708 A) disclose computer network encryption/decryption device, including selectively encrypting or decrypting only the data portion of a data packet, leaving the routing information contained in the header and trailer portions of the data packet unchanged.
 Diamant (US 7,082,530 B1) discloses method and apparatus for accelerating hardware encryption with multiple networking interfaces, including  idle network interfaces that can be used as dedicated encryption devices.
Wootten et al. (US 6,754,819 B1) disclose method and system for providing cryptographic services in a distributed application, including Encryption input interface object and encryption output interface object, which are two halves of a "container" that form an interface between a distributed application and an encryption portion of a cryptographic function executed on a second processor .

Marvit et al. (US 7,096,355 B1) disclose dynamic encoding algorithms and inline message decryption, including a key layering approach that allows for partial decryption of message contents.
 Seshadri (US 2004/0193871 A1) discloses system and method for transmitting data using selective partial encryption, including means for decrypting a first subset of said first message portion and providing to said receiving device said decrypted first subset of said first message and a second subset of said first message that is not decrypted.
Carter et al. (US 2006/0034179 A1) disclose privileged network routing, including A VPN ensures a dedicated port for traffic over a network for participants of the VPN, where traffic over that port is custom encrypted based on the participants to that VPN.
 Izawa et al. (US 2005/0008160 A1) disclose central encryption management system, including an encryption apparatus having data paths for the respective connected terminals, and performs encrypting/decrypting processes using different encryption keys for the respective terminals.
 Parlan et al. (US 8,266,431 B2) disclose method and apparatus for performing encryption of data at rest at a port of a network device, including encryption and decryption of data at rest supported by ports of a network device.

Carrott (US 2008/0319914 A1) discloses transactional security over a network, including an encryption stream devoid of personal payment information of the customer, such as credit card information, bank account information, etc.
Honjo et al. (US 2010/0064129 A1) disclose network adapter and communication device, including network device drivers mounted on both sides according to the use case, and the host device designates a network IP address assigned to a virtual interface of each network device driver, thereby selecting communication with an external device connected to the network or communication to an encryption/decryption application.
Gim et al. (US 2010/0122083 A1) disclose method and apparatus for securely communicating personal health information, including an encryption algorithm performing primary encryption by using a primary encryption key and secondary encryption by using a first MAC address as a secondary encryption and decryption key.
 Lee et al. (US 2011/0055547 A1) disclose personal information management and delivery mechanism, including forming a decrypted specification of personal information according to a decoding strategy determined based on an 

Non-Patent Literature
Blackwell (NPL 2008, listed in PTO-892 as reference "X") disclose the management of online credit card data using the Payment Card Industry Data Security Standard, including a requirement to encrypt transmission of cardholder data across open, public networks. Wired networks such as Ethernet should be used, as wireless is too risky given the possibility of access from outside the secure physical area.
Anonymous (NPL 04/2010, listed in PTO-892 as reference "U") disclose Leveraging your Large Systems Platform to Achieve Payment Card Industry Compliance, including  storing sensitive information in a unique Data Store known as CEDS.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDUARDO D CASTILHO whose telephone number is (571)270-1592. The examiner can normally be reached Mon-Fri 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/E.C./Examiner, Art Unit 3685                                                                                                                                                                                                        

/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685