DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	This is in reply to communication of “Response to Restriction Requirement filed on 08/09/2022. Claims 1-20 are pending. The applicant elected claims 1-8 and 17-20 without travers. 
	Claims 9-16 are withdrawn as been drawn to nonelected invention. 
	Claims 1-8 and 17-20 have been examined.

Claim Rejections - 35 USC § 101
	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



	Claims 1-8 and 17-20 are rejected under 35 U.S.C. 101 for the following reasons: 
Step 1:
	Claims 1-8 directed to a process. Claims 17-20 directed to a machine.

Step 2A, Prong1:
	Claims 1-8 and 17-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea of 
	Receiving a personal account number to complete a payment; 
	encrypting the personal account number; 
	sending the encrypted personal account number to a merchant; 
	sending the encrypted personal account number to a tokenization service provider for tokenization and validation; and 	
	receiving, at the merchant, an indication of whether the transaction was successful and a token from the tokenization service provider without significantly more. 	

	The independent claims of 1 and 17 recite the above limitations that represent the concept of payment processing systems and methods, see specification [0001], which directed to nothing more than abstract idea of the certain methods of organizing human activity related to fundamental economic principles or practices. See MPEP 2106.04(a)(2)(II)(A).

Step 2A, Prong 2:
	This judicial exception is not integrated into a practical application because the claims satisfy the following criteria, which indicate that the claims do not integrate the abstract idea into practical application: 
	The claimed additional limitations are: 1) a payment terminal 2) merchant server 3) a network 4) provider server 5) a payment processor that are not part of the abstract idea; however, the mere recitation to a plurality of computers for users is just a further instruction for one to practice the abstract idea using generic computers connected to each other via a network, which also do not integrate the judicial exception in a particle application. See MPEP 2106.05(f). In other words, Adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea - see MPEP 2106.05(f).

Step 2B:
	As for Step 2B analysis, knowing the consideration is overlapping with Step 2A, Prong 2. The Step 2B considerations have already been substantially addressed under Step 2A Prong 2, see Step 2A Prong 2 analysis above. The additional claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because these additional limitations are mere instructions to implement the abstract idea on a computer, or merely uses a computer as a tool to perform the abstract idea. See MPEP 2106.05 (f).

	 In addition, the dependent claims recite:
Claim 2-4, 8, and 20 reciting more of the abstract idea and reciting decrypt and re-encrypt personal account number for validation, merchant is unable to decrypt the encrypted personal account number and generating a token upon validating the payment, store unencrypted payment information for the encrypted personal account number. The claimed invention executing the recited abstract idea by claiming additional limitations of provider server, a payment processor claimed in a generic and non-limiting manner is just a further instruction for one to practice the abstract idea using generic computers connected to each other via a network. For the same reasons that are set forth for claim 1, the recitation to the generic computer technology that is being used as a tool to execute the steps that define the abstract idea do not provide for integration at the 2nd prong and do not provide for significantly more at step 2B.
Claim 5-7 and 18-19 the claims are reciting the payment terminal comprises a point-of-sale device configured to receive a card payment, point to point encryption (P2PE), user interface of a website or an application, ese limitations are considered to be additional elements that are not part of the abstract idea; however, the mere recitation to a plurality of computers for the users (claimed in a generic and non-limiting manner) is just a further instruction for one to practice the abstract idea using generic computers connected to each other via a network. For the same reasons that are set forth for claim 1, the recitation to the generic computer technology that is being used as a tool to execute the steps that define the abstract idea do not provide for integration at the 2nd prong and do not provide for significantly more at step 2B.

	Therefore, the limitations on the invention, when viewed individually and in ordered combination are directed to in-eligible subject matter.

Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Claims 1, 4-8 and 17-19 are rejected under 35 U.S.C 103 as being unpatentable over US. Pat. Pub. No. 2018/0247306 to Dowty et al. (“Dowty”) in view of US. Pat. pub. No. 2017/0149739 to Hull (“Hull”).

	Regarding claims 1 and 17. Dowty discloses a method, comprising: 
	receiving, by a payment terminal (Dowty, Fig. 1; “establishment 102” – “POS terminal 104”), a personal account number to complete a payment (Dowty, Fig. 3; “receive a second entry of a credit or debit card at PIN entry device (PED) 302” > “extract personal account number (PAN) from the credit or debit card 304”); 
	encrypting, by the payment terminal, the personal account number (Dowty, Fig. 3; “encrypt PAN and security code 306”); 
sending, via the network, the encrypted personal account number to a tokenization service provider server (Dowty, Fig. 1; “token provider server 112”) for tokenization (Dowty, Fig. 3; “transmit encrypted PAN … to token provider 308” > “generate unique token for PAN 322”) and validation by a payment processor (Dowty, Fig. 1; “application database server 108” + “acquiring bank server 114” + “card issuing bank server 116”.  Fig. 3; “verify token matches preciously issued token 326”. [0052]; “application database server 108 verifies 326 that the transaction token matches the previously issued token (i.e., the card validation token). If the transaction token matches the card validation token, application database server 108 transmits 328 the confirmation message to the POS terminal 104”); and 
	receiving an indication of whether the transaction was successful from the tokenization service provider server (Dowty, Fig. 3; “transmit confirmation message to POS”).
	Dowty substantially discloses the claimed invention; however, Dowty fails to explicitly disclose the “sending the encrypted personal account number from the payment terminal to a merchant server via a network; receiving, at the merchant server, token from the tokenization service provider server”. However, Hull teaches:
sending the encrypted personal account number from the payment terminal (Hull, Fig. 4; “POS Client”) to a merchant server via a network (Hull, Fig. 4; “POS Server”. Send payment card data to POS 412” > “send payment car data to POS server 420”. [0031-0033]; “an encrypted copy of the entire PAN are transmitted to the POS client in a message in step 412 … At step 420, the POS client transmits the card data to the POS server”); 
	receiving, at the merchant server, token from the tokenization service provider server (Hull, Fig. 4; “PCI Host Environment”: “analyze data in request for non-compliance 428” > “process request and generate payment token 436” > “ePay”: “send authorization response and payment token to POS 440”. [0036]; “The payment token is transmitted to the payment system, and the payment system authorizes payment (step 438). The authorization response and payment token are sent to the POS server (step 440)”). 
	Therefore, it would have been obvious to one of ordinary skill in the payment processing art at the time of filing to modify Dowty to include sending the encrypted personal account number from the payment terminal to a merchant server via a network; receiving, at the merchant server, token from the tokenization service provider server, as taught by Hull, where this would be performed in order to protect data receiving devices from installing unverified changes in software. See Hull [0002].    

	Regarding claim 4. The combination of Dowty in view of Hull discloses the method of claim 1, wherein the token is generated by the tokenization service provider server after the payment processor validates the payment at the payment processor server (Dowty, Fig. 3; “confirm PAN, security code, transaction amount, and account status 316” > “generate unique token for PAN”. [0050-0051]; “ard issuing bank server 116 confirms 316 that the PAN and security code are valid, the customer's account is in good standing, and that sufficient funds or credit is available for the transaction amount … token provider server 112 generates 322 a token 118 that is unique to the PAN”).  

	Regarding claims 5 and 18. The combination discloses the method of claim 1, wherein the payment terminal comprises a point-of-sale device (Dowty, Fig.1, [0024]; “system 100 includes an establishment 102 including one or more point of sale (POS) terminals 104 with an attached pin entry device (PED) 106”).  

	Regarding claim 6. The combination discloses the method of claim 5, wherein the encrypting comprises point-to-point encryption (P2PE) (Dowty, [0039]; “ED 106 may use point-to-point encryption (P2PE) to encrypt and transmit the PAN and security code to the token provider server 112”). 

	Regarding claims 7 and 19. The combination discloses the method of claim 1, wherein 
	Dowty substantially discloses the claimed invention; however, Dowty fails to explicitly disclose the “the payment terminal comprises a user interface of a website or an application”. However, Hull teaches: the payment terminal comprises a user interface of a website or an application (Hull, [0054]; “A user may interact with the computing device 800 through a visual display device 818, such as a computer monitor, which may display one or more graphical user interfaces 822 that may be provided”).  

	Therefore, it would have been obvious to one of ordinary skill in the payment processing art at the time of filing to modify Dowty to include the payment terminal comprises a user interface of a website or an application, as taught by Hull, where this would be performed in order to protect data receiving devices from installing unverified changes in software. See Hull [0002].    

	Regarding claim 8. The combination discloses the method of claim 1, wherein the tokenization service provider server stores unencrypted payment information for the encrypted personal account number (Dowty, Fig. 1; “[0031] Token provider server 112 is a server computer that includes a processor and a computer-readable memory device that stores computer-executable instructions …  Each token 118 may be stored and associated with the respective PAN in a card data vault”).


	Claim 2 is rejected under 35 U.S.C 103 as being unpatentable over Dowty in view of Hull further in view of US. Pat. Pub. No. 2017/0076291 to Cairns et al (“Cairns”). 

	Regarding claim 2. The combination of Dowty in view of Hull discloses the method of claim 1, wherein the encrypted personal account number is decrypted by the tokenization service provider server (Dowty, Fig. 3; “decrypt PAN and secure code 310”)
	The combination substantially discloses the claimed invention; however, the combination fails to explicitly disclose the “re-encrypted prior to being provided for validation by the payment processor”. However, Cairns teaches:
re-encrypted prior to being provided for validation by the payment processor (Cairns, Fig. 10, [0092-0094]; “The encrypted message is received by a merchant acquirer 134, which may be configured to decrypt the message and re-encrypt the message for a payment switch 136 … validate rules to allow, deny or otherwise act upon a presented transaction”).  
	Therefore, it would have been obvious to one of ordinary skill in the payment processing art at the time of filing to modify Dowty to include re-encrypted prior to being provided for validation by the payment processor, as taught by Cairns, where this would be performed in order to eliminate the risk of counterfeit card could be produced by misappropriation of account data. See Cairns [0006].    

	Claims 3 and 20 are rejected under 35 U.S.C 103 as being unpatentable over Dowty in view of Hull further in view of US. Pat. Pub. No. 2017/0293913 to GULAK et al. (“GULAK”).

	Regarding claims 3 and 20. The combination of Dowty in view of Hull discloses the method of claim 1, wherein 
	The combination substantially discloses the claimed invention; however, the combination fails to explicitly disclose the “the merchant server is unable to decrypt the encrypted personal account number”. However, GULAK teaches the merchant server is unable to decrypt the encrypted personal account number (GULAK, [0127]; “It is contemplated that a large number of remote devices 20 may share the same public key and thus form a large and continuous source of data for homomorphic calculations that do not require the decryption of the data. Rather, the private key may only be needed for the decryption of calculation results”).  
	Therefore, it would have been obvious to one of ordinary skill in the payment processing art at the time of filing to modify Dowty to include the merchant server is unable to decrypt the encrypted personal account number, as taught by GULAK where this would be performed in order to prevent the misuse of any sensitive information. See GULAK [0002].    


Conclusion
1.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to AVIA SALMAN whose telephone number is (313)446-4901.  The examiner can normally be reached on Monday thru Friday; 9:00 AM to 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FAHD OBEID can be reached on (571)270-3324.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/AVIA SALMAN/Examiner, Art Unit 3687                                                                                                                                                                                                        
/PETER LUDWIG/Primary Examiner, Art Unit 3687