DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-13 and 19-22 is/are rejected under 35 U.S.C. 102[a][1] as being anticipated by Ang et al. (US-20120278504).
a.	Referring to claims 1, 12 and 22:
	Regarding claims 1, 12 and 22, Ang teaches a system comprising: a node comprising a processor, a computer-readable storage medium, and a tokenization service, the computer-readable storage medium comprising instructions that upon execution by the processor cause the system to perform operations, the operations comprising: receiving, by the node, a set of index-key pairs generated by a randomization service external to the node, each index-key pair defining a particular index value mapped to a particular random key value (Para 112-115…. randomization service which generates index value mapped to a random value); creating, by the node, a mapping structure using the set of index-key pairs (Para 113…. mapping structure or look-up table); receiving data-in-transit comprising sensitive data (Para 119-120 and 100…... data-in-transit having sensitive data); and generating, by the tokenization service, a token for the sensitive data using the mapping structure (Para 112-113… tokenization using the look-up table).  
a.	Referring to claim 2:
	Regarding claim 2, Ang teaches the system of claim 1, wherein the mapping structure includes a plurality of index values, and wherein generating the token comprises: randomly selecting an index value from among the plurality of index values (Para 62 and 113…. index value in look-up table); and performing an invertible operation on the sensitive data and a random key value mapped to the index value in the mapping structure to generate the token (Para 116 and 119…. tokenization).  
a.	Referring to claim 3:
	Regarding claim 3, Ang teaches the system of claim 1, wherein the node is a first node, wherein the system further comprises the randomization service and a second node, and wherein the randomization service is configured to periodically push updated sets of index-key pairs to the first node and the second node (Para 100 and 112-115…. randomization service which generates index value mapped to a random value for the clients).  
a.	Referring to claim 4:
	Regarding claim 4, Ang teaches the system of claim 1, wherein the instructions, when executed, further cause the system to perform additional operations, the additional operations comprising: forwarding the token to an application interface of a process executing using a first set of computing resources that are isolated from a second set of computing resources that the node allocates to the tokenization service (Para 100… transmission of token to a communicating node).  
a.	Referring to claim 5:
	Regarding claim 5, Ang teaches the system of claim 4, wherein the node is a first node, wherein the system further comprises a second node, and wherein the first set of computing resources are allocated to the process by the second node (See Fig 1… node 108 and node 110).  
a.	Referring to claim 6:
	Regarding claim 6, Ang teaches the system of claim 4, wherein the first set of computing resources are allocated to the process by the node (Para 96… node 110).  
a.	Referring to claims 7 and 8:
	Regarding claims 7 and 8, Ang teaches the system of claim 4, wherein the token is forwarded to the application interface without storing data mapping the sensitive data to the token (Para 187 and 191…. encrypted token not requiring look-up table).  
a.	Referring to claim 9:
	Regarding claim 9, Ang teaches the system of claim 1, wherein the token and the sensitive data are each composed of an equivalent number of bytes, and wherein the token comprises a first number of bits and the sensitive data comprises a second number of bits that is different from the first number of bits (Para 183 and 185…. token equals sensitive data but different when obfuscated).  
a.	Referring to claim 10:
	Regarding claim 10, Ang teaches the system of claim 1, wherein the randomization service is blocked from accessing transaction data (Para 79 and 112…. random token generator does not access the sensitive data).  
a.	Referring to claim 11:
	Regarding claim 11, Ang teaches the system of claim 1, wherein receiving the data-in-transit comprises: detecting, by a data flow processing unit of the node processing the data-in-transit, the sensitive data within the data-in-transit (Para 100 and 155…. sensitive data in-transit).  
a.	Referring to claim 13:
	Regarding claim 13, Ang teaches the method of claim 12, wherein the mapping structure includes a plurality of index values, and wherein generating the token comprises: randomly selecting an index value from among the plurality of index values; and querying a blacklist structure of the node associated with the mapping structure to identify a status of the index value (Para 34, 183-185…. status of look-up table for random index mapping).  
a.	Referring to claim 19:
	Regarding claim 19, Ang teaches the method of claim 12, further comprising: detokenizing, by a detokenization service, the token using the mapping structure and an index value extracted from the token (Para 191-203… detokenizaton).  
a.	Referring to claim 20:
	Regarding claim 20, Ang teaches the method of claim 12, wherein the token is a first token, the method further comprising: receiving a second token generated by a remote tokenization service using the mapping structure, the remote tokenization service executing on computing resources external to the node; decrypting the second token to obtain a decrypted second token; extracting a version identifier associated with the mapping structure from the decrypted second token; and detokenizing the decrypted second token using an index value extracted from the decrypted second token and a random value mapped to the index value in the mapping structure (See the rejection in claims 12 and 19…. detokenization to retrieve the tokenized sensitive data).  
a.	Referring to claim 21:
	Regarding claim 21, Ang teaches the method of claim 12, wherein the node comprises memory resources storing data-at- rest, and wherein the sensitive data is absent from the data-at-rest Para 100 and 101…. stored tokenized data).  
Allowable Subject Matter
Claims 14-18 are objected to as being dependent upon a rejected base claim, but would be allowable if moved into the independent claims including all of the limitations of the base claim and any intervening claims.
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to IZUNNA OKEKE whose telephone number is (571)270-3854. The examiner can normally be reached Mon - Fri 8 - 4 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/IZUNNA OKEKE/Primary Examiner, Art Unit 2497