DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgment
Applicant’s preliminary amendment filed on October 29, 2021 is acknowledged. Accordingly claims 25-44 remain pending and have been examined.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 25-44, are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Subject Matter Eligibility Standard
When considering subject matter eligibility under 35 U.S.C. 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter.  If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so, it must additionally be determined whether the claim is a patent-eligible application of the exception.  If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself.    Examples of abstract ideas include fundamental economic practices; certain methods of organizing human activities; an idea itself; and mathematical relationships/formulas. (Alice Corporation Pty. Ltd. v. CLS Bank International, et al. US Supreme Court, No. 13-298, June 19, 2014). 
Analysis
Step 1: In the instant case, 
claim 1 is directed to a method of enhancing security of an electronic transaction, which is a statutory category of invention, 
Claim 30 is directed to system for enhancing security of an electronic transaction, which is a statutory category of invention and 
Claim 39 is directed to a non-transitory computer readable medium for enhancing security of an electronic transaction, which is a statutory category of invention.
Step 2a: 
While claims 25, 33 and 41 are directed towards a statutory category of invention, the claims are directed towards at least one judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) without significantly more. In the instant case, the claims are directed to abstract idea of a “conducting a transaction with merchant using tokens” as part of system of commerce- which is considered an abstract idea. Put simply the claims recites “collecting, … sensitive information pertaining to the electronic transaction…; transmitting, the encrypted sensitive information…, transmitting, the tokenized information…, receiving, the encrypted tokenized information…..” See grouping of abstract ideas in prong one of step 2A (see 2019 Revised Patent Subject Matter Eligibility Guideline). Claims 25, 33 and 41 recites: “collecting, … sensitive information pertaining to the electronic transaction…; transmitting, the encrypted sensitive information…, transmitting, the tokenized information…, receiving, the encrypted tokenized information…..”  These steps constitutes the abstract idea of certain method of organizing human activity.  Thus the claims are directed to an abstract idea of organizing human activity. The limitations that set forth this abstract idea include: 
“collecting, … sensitive information pertaining to the electronic transaction…; transmitting, the encrypted sensitive information…, transmitting, the tokenized information…, receiving, the encrypted tokenized information…..” 
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of the claim such as “Point of sale (POS) terminal system”, “tokenization and payment management system”, merely uses a computer as a tool to perform the abstract idea. The use of “Point of sale (POS) terminal system”, “tokenization and payment management system” does no more than generally link the abstract idea to a particular field of use, the use of “Point of sale (POS) terminal system”, “tokenization and payment management system” does not improve the functioning or performance of the processor/computer and the use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of “Point of sale (POS) terminal system”, “tokenization and payment management system” do not amount to significantly more than the abstract idea. As discussed above, taking the claim elements separately, the use of “Point of sale (POS) terminal system”, “tokenization and payment management system” does not improve the functioning or performance of the processor/computer and the use of a processor/computer does no more than use a processor/computer to implement the abstract idea. 
Viewed as a whole, the combination of elements recited in the claims merely recites the concept of “conducting a transaction with merchant using tokens” using a computer. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Dependent claims 26-32, 34-40 and 42-44 further recite characteristics of data or continue to perform similar actions on data to perform the abstract idea. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Dependent claims 26-32, 34-40 and 42-44 merely extend the abstract idea of claims 25, 33 and 41 by describing the use of computer device or processor to perform the steps of “collecting, … sensitive information pertaining to the electronic transaction…; transmitting, the encrypted sensitive information…, transmitting, the tokenized information…, receiving, the encrypted tokenized information…..” and only serve to add additional layers of abstraction to the abstract idea of claims 21, 30 and 39. Therefore, the dependent claims are also not patent eligible.

Conclusion
The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not effect an improvement to another technology or technical filed; the claim does not amount to an improvement to the functioning of a computer system itself; and the claim does not move beyond a general link of the use of an algorithm to a particular technological environment. 
Accordingly, the Examiner concludes that there are no meaningful limitations in the claim that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself. Thus Examiner concludes that the claims are not directed to a patent-eligible subject matter under 35 U.S.C. 101 because it does not amount to significantly more than the abstract idea.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 25-26, 28-30, 33-34, 36-38, 41-42 and 44, is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Basu et al (hereinafter “Basu”) U.S. Patent Application Publication No. 2012/0041881 A1.

As per claims 25, 33 and 41, Basu discloses a method for enhancing security of an electronic transaction, the method comprising: 
collecting, by a point of sale terminal system, sensitive information pertaining to the electronic transaction and encrypting the sensitive information at reader head of the point of sale terminal system (0058, which discloses that “The consumer's portable consumer device 115 can interact with an access device 125 such as a POS (point of sale) terminal communicatively coupled to the merchant computer 120. For example, the consumer 110 may swipe the credit card through a POS terminal or, in another embodiment, may take a wireless phone and may pass it near a contactless reader in a POS terminal.”); 
transmitting, by the point of sale terminal system, the encrypted sensitive information to a tokenization and payment management system, wherein the tokenization and payment management system decrypts the encrypted sensitive information, tokenizes the decrypted sensitive information, and encrypts the tokenized information (0085, which discloses that “As an example, upon receipt of the authorization request message M306, the payment processing network 140 may utilize the MVV included in the authorization request message to determine if the merchant participates in the tokenization service. If so, the payment processing network 140 can retrieve the TDK associated with the MVV (step S710 of FIG. 7) and send the card account identifier and the TDK to a tokenization module 226. This is shown as message M308. The tokenization module 226 may use the TDK to generate an account token based on the token derivation key (step S711 of FIG. 7).”); 
transmitting, by the tokenization and payment management system, the encrypted tokenized information to a payment system for authorization of the electronic transaction (0089, which discloses that “In such cases, the tokenization server 220 can send message M314 independent of when the token derivation key is selected and the account token is generated. Accordingly, the steps of generating an account token can operate in parallel with the steps of sending an authorization request message M314 to issuer computer 160 and receiving authorization response message from the issuer.”); and 
receiving, by the point of sale terminal system, the encrypted tokenized information and a transaction authorization response, wherein the encrypted tokenized information is stored in a local database (0090, which discloses that “When an authorization response message is received from the issuer computer 160 (step S714), the tokenization server 220 may embed the account token and the optional token derivation key index in the authorization response message M310.”; 0091, which discloses that “If authorized, the payment processing network 140 may return the account token and the TDK index (if utilized by the payment processing network 140) to the acquirer computer 130 and/or merchant computer 120 in specified fields of the authorization response message M312.”). 

As per claims 26, 34 and 42, Basu further discloses the method, further comprising:
determining, via the tokenization and payment management system, configuration information of a user to the electronic transaction to perform a tokenization, wherein the electronic transaction is routed to a tokenization logic upon determining a match between the configuration information of the user and a token indicator (0078; 0079; 0151; 0165).

As per claims 28, 36 and 44, Basu further discloses the method, further comprising:
generating, by a payment management system, transaction guidance for utilization by the point of sale terminal system, wherein the transaction guidance includes risk mitigating payment transaction information for altering cost related information of the electronic transaction, and wherein the transaction guidance varies based upon service selected by a user (0122; 0127; 0139; 0144).

As per claims 29 and 37, Basu further discloses the method, wherein the risk mitigating payment transaction information includes at least one of: 
primary credential information to identify account information, supplemental credential information to validate the user by providing additional information pre-associated with the account information, or a payment incidental qualifier to indicate an occurrence of a fraud by providing information on circumstances during a payment transaction (0098; 0124; 0158).

As per claims 30 and 38, Basu further discloses the method, wherein the electronic transaction includes update information for the encrypted tokenized information, further comprising:
updating the encrypted tokenized information based upon a schedule, a user request, or an expiration date, wherein the update includes replacing the encrypted tokenized information with a new encrypted tokenized information, and wherein the new encrypted tokenized information accompanies the transaction authorization response (0095; 0167; 0123).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 27, 35 and 43, is/are rejected under 35 U.S.C. 103 as being unpatentable over Basu et al (hereinafter “Basu”) U.S. Patent Application Publication No. 2012/0041881 A1 as applied to claim 25 and 33 above, and further in view of Honnef et al (hereinafter “Honnef”) U.S. Patent Application Publication No. 2012/0066044 A1.
As per claims 27, 35 and 43, Basu failed to explicitly disclose the method, further comprising:
assigning a group identification information to one or more users of the electronic transaction, wherein the group identification information is assigned to accounts of the one or more users, included in identification information of each of the one or more users, or a combination thereof;
storing, by a data tier system, the group identification information and correlating the group identification information to the configuration information of the user; and
authorizing, by the tokenization and payment management system, the one or more users for utilizing the encrypted tokenized information upon determining a match between the group identification information and the configuration information of the user.
Honnef discloses the method, further comprising:
assigning a group identification information to one or more users of the electronic transaction, wherein the group identification information is assigned to accounts of the one or more users, included in identification information of each of the one or more users, or a combination thereof (0111; 0115; 0116);
storing, by a data tier system, the group identification information and correlating the group identification information to the configuration information of the user (0111; 0115; 0116); and
authorizing, by the tokenization and payment management system, the one or more users for utilizing the encrypted tokenized information upon determining a match between the group identification information and the configuration information of the user (0111; 0115; 0116).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of Basu and incorporate the method comprising: assigning a group identification information to one or more users of the electronic transaction, wherein the group identification information is assigned to accounts of the one or more users, included in identification information of each of the one or more users, or a combination thereof; storing, by a data tier system, the group identification information and correlating the group identification information to the configuration information of the user; and authorizing, by the tokenization and payment management system, the one or more users for utilizing the encrypted tokenized information upon determining a match between the group identification information and the configuration information of the user in view of the teachings of Honnef in order to facilitate and enhance security of the transaction by grouping merchant that share a common benefit.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 31-32 and 39-40, is/are rejected under 35 U.S.C. 103 as being unpatentable over Basu et al (hereinafter “Basu”) U.S. Patent Application Publication No. 2012/0041881 A1 as applied to claim 25 and 33 above, and further in view of Anderson U.S. Patent Application Publication No. 2012/0116918 A1.

As per claims 31 and 39, Basu failed to explicitly disclose the method, further comprising:
recording, by a payment management system, at least one biometric measurement of the user at the point of sale terminal system to authorize a user for the electronic transaction, wherein the at least one biometric measurement includes fingerprint scanning, retinal scanning, facial recognition, vocal recognition, speech pattern recognition, or a combination thereof; and
authenticating, by the payment management system, the user for the electronic transaction upon matching the at least one biometric measurement with stored biometric information of the user.
Anderson discloses the method, further comprising:
recording, by a payment management system, at least one biometric measurement of the user at the point of sale terminal system to authorize a user for the electronic transaction, wherein the at least one biometric measurement includes fingerprint scanning, retinal scanning, facial recognition, vocal recognition, speech pattern recognition, or a combination thereof (0010; 0012); and
authenticating, by the payment management system, the user for the electronic transaction upon matching the at least one biometric measurement with stored biometric information of the user (0010; 0012; 0029).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of Basu and incorporate the method comprising: recording, by a payment management system, at least one biometric measurement of the user at the point of sale terminal system to authorize a user for the electronic transaction, wherein the at least one biometric measurement includes fingerprint scanning, retinal scanning, facial recognition, vocal recognition, speech pattern recognition, or a combination thereof; and authenticating, by the payment management system, the user for the electronic transaction upon matching the at least one biometric measurement with stored biometric information of the user in view of the teachings of Anderson in order to facilitate and enhance security of the transaction.

As per claims 32 and 40, Basu failed to explicitly disclose the method, wherein the at least one biometric measurement is encrypted during recording at a reader head of the point of sale terminal system, and wherein an end to end encryption is utilized to securely communicate the at least one biometric measurement.
Anderson discloses the method, wherein the at least one biometric measurement is encrypted during recording at a reader head of the point of sale terminal system, and wherein an end to end encryption is utilized to securely communicate the at least one biometric measurement (0010; 0027; 0029).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the method of Basu and incorporate the method wherein the at least one biometric measurement is encrypted during recording at a reader head of the point of sale terminal system, and wherein an end to end encryption is utilized to securely communicate the at least one biometric measurement in view of the teachings of Anderson in order to facilitate and enhance security of the transaction.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Charles C. Agwumezie whose number is (571) 272-6838. The examiner can normally be reached on Monday – Friday 8:00 am – 5:00 pm.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Hayes can be reached on (571) 272 – 6708.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHINEDU C AGWUMEZIE/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        October 20, 2022