DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA 

Acknowledgements
This Office Action is in response to the response filed on February 14, 2022.
Claims 1-5, 7-11, and 13-17 are currently pending and have been examined. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-11, and 13-17 are rejected under 35 U.S.C. 103 as being unpatentable over Barnett et al. (US 2015/0271150 A1)(“Barnett”) in view of Spies et al. (US 8,571,995 B2)(“Spies”).
As to Claim 7 (representative of Claims 1 and 13), Barnett discloses a system, comprising: 
a perimeter zone system (Authentication Web Server 224, within P2PE Management system 500, see [0130]) of a transaction service provider system (P2PE Management system 500) configured to receive encrypted transaction data (“payload,” [0092]) associated with a transaction from a first transaction terminal of a merchant system (POI device 104, [0072])([0091]-[0093]), the encrypted transaction data encrypted using a first public key of the transaction service provider system (“encryption key injected…” [0091], “HSM…as part of P2PE system 160…creates a based derivation key,” [0084]), the encrypted transaction data comprising a transaction type identifier (“the payload includes an indication of the particular encryption (cypher) algorithm…” [0180]) associated with a type of the transaction and a device identifier (“POI Device serial number,” [0054]) associated with the first transaction terminal associated with the transaction ([0054]), the perimeter zone system configured to communicate the encrypted transaction data to an enterprise zone system of the transaction service provider system (“224 may transmit…to Decryption Web Server 234.” [0152]); 
the enterprise zone system (Decryption Web Server 234, within P2PE Management system 500, see [0130]) configured to: 
select a first decryption technique from a plurality of decryption techniques based on the type of the transaction associated with the transaction type identifier ([0097], [0153], and [0180]); 
retrieve a first private key identifier (“key index,” [0241]) from a database of private key identifiers based on the first decryption technique and the device identifier ([0083], [0097], [0152], “stores HSM key indexes in POI database (as shown in FIG. 9) and QSAPI 602 retrieves various base keys by device serial number and transmits the HSM key index (which indicates the base key to use to decrypt the particular device payload) to the HSM Device 608” [0241]); 
communicate the first private key identifier and the encrypted transaction data to a key vault (HSM 238)([0152]-[0153]); 
receive decrypted transaction data associated with the transaction from the key vault ([0153]); 
encrypt the decrypted transaction data using a second public key of the first transaction terminal to form first transaction data (“re-encrypting at least a portion of a payload, including the payment information,” [0153], “a key index indicates a base key (e.g., algorithm) used as the basis for encrypting a pay load of the particular device” [0152]), the second public key associated with the first transaction terminal associated with the device identifier (“the HSM 238 may receive the request, key index, and corresponding payload from the Decryption Web Server 234.” [0153], “P2PE Management System 500 includes one or more databases and one or more processors for receiving identification data associated with various POI devices (e.g., POI device 350), such as a device serial number, a device (encryption) key serial number, key sequence number, a device version number, a device firmware number/indicator, etc.” [0123]); and 
communicate the first transaction data to the perimeter zone system ([0253], [0256]), wherein the perimeter zone system is further configured to communicate the first transaction data to the first transaction terminal ([0253], [0256]), wherein the first transaction terminal stores a second private key associated with second public key (“(e.g., symmetric or asymmetric keys)” [0051], “split into two parts, BDK 164A and BDK 164B” [0084], “the decryption server is configured to receive the payload from any suitable source… third party partner (e.g., payment processor,” [0253], “the decryption server transmits the payload to the third party partner” [0256], “Once the payload is re-encrypted, it is transmitted to a payment network 190 where the swipe data (e.g., credit card information) is processed and sent on to an issuing bank 192 (money is debited from the consumer's account associated with the swiped card), acquiring bank 194, and finally to a depository bank 144 where money is deposited to the merchant (e.g., merchant's bank account).” [0097], since POI device 104 is located at the merchant, second key of merchant is associated with the POI 104, “re-encrypting at least a portion of a payload, including the payment information, and transmitting the re-encrypted portion of the payload to a card network (e.g., card network 202) via the Internet 209 and/or a private network (PN).” [0153]). 
Barnett does not directly disclose that certain keys are either public or private. 
Spies teaches public and private keys (“With public key cryptographic systems, two types of keys are used-public keys and private keys. Senders may encrypt messages using the public keys of recipients. Each recipient has a private key that is used to decrypt the messages for that recipient.” C.2, L.58-62). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Barnett by the features of Spies and in particular to modify the key that encrypts the transaction data in Barnett to be a public key, as taught by Spies, and to modify the key of first key identifier in Barnett, to be a private key, as taught by Spies. 
A person having ordinary skill in the art would have been motivated to combine these features because it would help “to ensure that payment card data is not inadvertently revealed to unauthorized parties.” (Spies, C.2, L.47-49). 

As to Claims 2, 8, and 14, Barnett further discloses wherein a group of transaction terminals comprises the first transaction terminal (POI device 104, [0072], “POI device 104 may include any suitable components for receiving payment information ( e.g., credit card magnetic strip information, payment information received from a mobile device, such as a smartphone, tablet, PDA, etc., chip information (e.g., from cards with embedded chips), payment information received from a check-out station, other sensitive information, such as medical records received from an electronic medical records system, etc.).” [0074]). 

As to Claims 3, 9, and 15, Barnett further discloses wherein the key vault comprises at least one hardware security module (HSM)(HSM 238, see [0050] and [0153]). 

As to Claims 4, 10, and 16, Barnett further discloses wherein the HSM is configured to: receive the first private key identifier and the encrypted transaction data from the enterprise zone system (“the HSM 238 may receive the request, key index, and corresponding payload from the Decryption Web Server 234.” [0153], and [0253]); determine a first private key based on the first private key identifier ([0153]); decrypt the encrypted transaction data using the first private key to form the decrypted transaction data ([0153]); and communicate the decrypted transaction data to the enterprise zone system (“the decryption server is configured to receive the payload from any suitable source… third party partner (e.g., payment processor,” [0253], “the decryption server transmits the payload to the third party partner” [0256]). 

As to Claims 5, 11, and 17, Barnett further discloses wherein the first transaction data comprises the second encrypted transaction data based on the decrypted transaction data (“the decryption server is configured to receive the payload from any suitable source… third party partner (e.g., payment processor,” [0253], “the decryption server transmits the payload to the third party partner” [0256]).

Response to Arguments
Applicant's arguments filed on February 14, 2022 have been fully considered and addressed below.
Applicant addresses that the claims are amended and generally states that the cited art would not teach the current amendments without giving specific reasons why.  The Examiner respectfully disagrees for the reasons given in the respective rejections above.

Conclusion
Applicant's amendment filed on February 14, 2022 necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONICA A MANDEL whose telephone number is (571)270-7046.  The examiner can normally be reached on Monday-Friday 10:00 AM-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Abhishek Vyas can be reached at (571) 270-1836.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.A.M/Examiner, Art Unit 3621                       
May 21, 2022          


/ABHISHEK VYAS/Supervisory Patent Examiner, Art Unit 3621