DETAILED ACTION
This Office Action is in response to the application 16/915,650 filed on June 29th, 2020.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim 1 was canceled. Claims 2-21 are pending and herein considered.

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 06/29/2020, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 2-21 are provisionally rejected on the ground of nonstatutory double patenting over claims 1-25 of U.S. Patented Application 10,263,779 since the claims, if allowed, would improperly extend the “right to exclude” already granted in the patent.
The subject matter claimed in the instant application is fully disclosed in the patent and is covered by the patent since the patent and the application are claiming common subject matter.
Claims 2-21 are provisionally rejected on the ground of nonstatutory double patenting over claims 1-22 of U.S. Patented Application 10,742,622 since the claims, if allowed, would improperly extend the “right to exclude” already granted in the patent.
The subject matter claimed in the instant application is fully disclosed in the patent and is covered by the patent since the patent and the application are claiming common subject matter.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 2-3, 6-9, 11-13, 16-19 and 21 are rejected under 35 U.S.C 103(a) as being unpatentable over Geller, U.S. Pub. Number 2007/0234410, in view of Schibuk, U.S. Pub. Number 2009/0132813.
Regarding claim 2; Geller discloses an apparatus comprising instructions stored on non-transitory machine-readable media, the instructions when executed to cause at least one processor of a first party, in connection with a sales transaction between the first party and the second party which is being processed by the first party, to:
receive first information representing payment information of a second party encrypted using an encryption protocol shared between the second party and a third party, receive information identifying the third party, and route the encrypted first information to the third party (par. 0021; messages sent from some of services; the access manager receives such a message including a secret access key for that service.);
receive, responsive to the routed, encrypted first information, payment information from the third party provided in dependence on processing of the encrypted first information by the third party using the encryption protocol shared between the second party and the third party (par. 0027; Fig. 1B; when the credential is validated, the web service provider provides the requested web service for the user, and sends a response to the application; the application provides corresponding information and/or functionality to the user based on the response.).
Geller fails to explicitly disclose establish a shared private session key with a fourth party, encrypt the payment information received from the third party using the private session key established with the fourth party, and forward the encryption of the payment information received from the third party to a network destination, wherein the encryption of the payment information received from the third party is to be decrypted by the fourth party according the established private session key.
However, in the same field of endeavor, Schibuk discloses apparatus and methods for providing scalable, dynamic, individualized credential services using mobile telephones comprising establish a shared private session key with a fourth party (Schibuk: par. 0316; Fig. 31; a key exchange to generate a share secret, each party using its own private key and the other party’s public key; the shared secret is used to perform symmetric cryptography between the browser and the site.), encrypt the payment information received from the third party using the private session key established with the fourth party, and forward the encryption of the payment information received from the third party to a network destination (Schibuk: par. 0322; cookie data are encrypted end-to-end between the website and a mobile electronic device like a phone or PDA.), wherein the encryption of the payment information received from the third party is to be decrypted by the fourth party according the established private session key (Schibuk: par. 0325; the cookies that the web server provides are encrypted using the same session key established; by using a symmetric encryption and a shared secret, no network communication by the web server to validate certificates is required for the server to perform cookie decryption.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Schibuk into the methods and system of Geller comprising establish a shared private session key with a fourth party, encrypt the payment information received from the third party using the private session key established with the fourth party, and forward the encryption of the payment information received from the third party to a network destination, wherein the encryption of the payment information received from the third party is to be decrypted by the fourth party according the established private session key to authenticate individuals and distribute data using a distributed public key infrastructure (Schibuk: par. 0002).
Regarding claim 3; Geller and Schibuk disclose the apparatus of claim 2, wherein Geller further discloses: the at least one processor of the first party is to receive the encrypted first information via a network comprising at least one of the Internet and a wireless Bluetooth connection (Geller: par. 0041; via the Internet or World Wide Web); the information identifying the third party comprises header information; and the instructions, when executed, are further to cause the at least one processor of the first party to use the header information to identify the third party, and to route the encrypted first information for delivery to the identified third party (Geller: par. 0031; a header of the page or other information displayed to users.).
Regarding claim 6; Geller and Schibuk disclose the apparatus of claim 5, wherein Schibuk further discloses: at least one of the first information and the payment information provided from the third party in dependence on processing of the first information by the third party comprises a time stamp and one of a credit card number and account number; and the network destination comprises at least one of a payment processor website and a banking website (Schibuk: pars. 0234 & 0249; trusted data producers includes banks, credit card companies; a government agency, bank credit issuer).
Regarding claim 7; Geller and Schibuk disclose the apparatus of claim 2, wherein Schibuk further discloses the instructions, when executed, are further to cause the at least one processor to: encrypt information of the first party using an encryption protocol shared between the first party and the fourth party (Schibuk: par. 0322; cookie data are encrypted end-to-end between the website and a mobile electronic device like a phone or PDA.); transmit the encrypted information of the first party to the fourth party; receive encrypted information of the fourth party (Schibuk: par. 0189; transmitting a valid message along with the update digital resume.); and obtain the private session key in dependence on the encrypted information of the fourth party and the information of the first party, wherein the fourth party is to obtain the private session key in dependence on the information of the fourth party and the encrypted information of the first party ((Schibuk: par. 0180; sensitive messages stored in an encrypted form.).
Regarding claim 8; Geller and Schibuk disclose the apparatus of claim 7, wherein Schibuk further discloses the instructions, when executed, are further to cause the at least one processor to computationally combine the encrypted information of the fourth party and the information of the first party to generate the private session key (Schibuk: par. 0316; Fig. 31; a key exchange to generate a share secret, each party using its own private key and the other party’s public key; the shared secret is used to perform symmetric cryptography between the browser and the site.).
Regarding claim 9; Geller and Schibuk disclose the apparatus of claim 7, wherein Schibuk further discloses the instructions, when executed, are further to cause the at least one processor to select the private session key, encrypt the private session key using an encryption key that is dependent on a combination of the encrypted information of the fourth party and the information of the first party, and transmit the encrypted private session key to the fourth party, wherein the fourth party is to decrypt the encrypted private session key using the information of the fourth party and the encrypted information of the first party (Schibuk: par. 0343; fig. 35; if the request should be denied, a denial notice is sent back to the requesting individual, and appropriate security measures may be taken to validate the access; if the request should be honored, the data including decrypted using individual’s private key are encrypted using the requestor’s public encryption key and transmitted to the requestor; upon receiving the response, the requestor can decrypt it using her own private encryption key and use the data contained within.).
Regarding claim 11; Geller and Schibuk disclose the apparatus of claim 2, wherein Schibuk further discloses: the instructions, when executed, are further to cause the at least one processor to route the encrypted first information to the third party in a manner accompanied by a sales transaction identifier (Schibuk: a person may use a credit card number to fraudulently purchase goods or services over a telephone in a scenario known as “card not present”.).
Regarding claim 12; Claim 12 is directed to a method which has similar scope as claim 2. Therefore, claim 12 remains un-patentable for the same reasons.
Regarding claims 13, 16-19 and 21; Claims 13, 16-19 and 21 are directed to the method of claim 12 which have similar scope as claims 3, 6-9 and 11. Therefore, claims 13, 16-19 and 21 remain un-patentable for the same reasons.

Allowable Subject Matter
Claims 4, 5, 10, 14, 15 or 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten to overcome the rejection under 35 U.S.C. 101 and to include all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087.  The examiner can normally be reached on 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KHOI V LE/
Primary Examiner, Art Unit 2436