Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Response to Amendment
Applicant’s “Amendment” filed on 12/23/2025 has been considered.
Claims 18, 20, 26, and 34 are amended. Claims 18-37 remain pending in this application and an action on the merits follow.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 18-37 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-16 of U.S. Patent No. 10846677. Although the claims at issue are not identical, they are not patentably distinct from each other because claims under examination anticipated by patent claims.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 18-21, 24-29, and 32-37 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2017/0163617 to Laxminarayanan et al., in view of Canadian Patent Application Publication No. CA 3,006,132 to Howe et al.
With regard to claims 18, 26, and 34, Laxminarayanan discloses a system for accessing protected data comprising:
a retriever system operating on a first processor and configured to receive a data packet of encrypted data from a device and to transmit a request including the data packet to a decryption system over a data communications medium (Fig. 1, paragraphs 7, 26-27, 45, 57, 66, 72, and 82, The detokenization module 170F may comprise code that causes the processor 170A to detokenize payment tokens. For example, the detokenization module 170F may contain logic that causes the processor 170A to identify a token record associated with a payment token in the token record database 170C. A set of payment credentials associated with the payment token (as indicated in the token record) can then be identified. In some embodiments, the detokenization module 170F may include instructions to detokenize a payment token in response to a detokenization request message (e.g., received from the transaction processing computer 150 or any other suitable entity). Examiner notes that the transaction processing computer can be considered as “a retriever system” and the detokenization module 170F may contain logic that causes the processor 170A, which can be considered as “a decryption system”);
the decryption system operating on a second processor and configured to receive the data packet and to transmit a response to the request that includes an account number associated with the data packet if the request has been received from an authorized source (Fig. 4, Paragraphs 7, 26-27, 42-43, 45, 82, 93-101, and 143-144, At step 534, the token provider computer 570 can send a detokenization response message back to the transaction processing computer 550. The verification data generation module 170G may include instructions for associating a verification value with token domain controls. As a result, when a token is used for a transaction and the corresponding verification value is being validated, domain controls associated with the verification value can be checked. As an example, a verification value can be linked to a certain token requestor ID, thereby indicating that only a certain token requestor can use the verification value and payment token. if the verification value is validated and the domain controls are met, the token provider computer 570 may proceed to detokenize the payment token); and
wherein the retriever system is configured to receive the account number (paragraphs 38, 120-123, 144, and 151, At step 534, the token provider computer 570 can send a detokenization response message back to the transaction processing computer 550. The detokenization response message may include the payment credentials, the payment token, a transaction ID, and/or any other suitable information. “Payment credentials” may include any suitable information associated with an account (e.g., a payment account and/or payment device associated with the account). Such information may be directly related to the account or may be derived from information related to the account. Examples of payment credentials may include a PAN (primary account number or “account number”), user name, and an expiration date. The transaction processing computer can utilize the received payment credentials including a payment account to process a transaction).
However, Laxminarayanan does not disclose display the account number for a predetermined period of time after which the account number is deleted/ after which it is overwritten with other data in memory, and/or deleting the account number after displaying it by purging it from a buffer.
However, Howe teaches display the account number for a predetermined period of time after which the account number is deleted/ after which it is overwritten with other data in memory, and/or deleting the account number after displaying it by purging it from a buffer (the memory 1520 may receive, store, and facilitate use of the decrypted plaintext data (e.g., by providing the decrypted data for display to a user). In an example, for both encryption and decryption systems, the memories 1505 and/or 1510 may be configured to receive an erase signal (e.g., also referred to as an overwrite signal or erase/overwrite signal) that, when enabled (e.g., set to a logic high), causes the memories 1505 and/or 1510 to erase contents of the memories 1505 and/or 1510. For example, in some cases, the memory 1510 may receive the erase signal that, when enabled, causes the memory 1510 to erase the key stored in the memory 1510. In some aspects, the erase signal is enabled nearly simultaneously with an output being generated at the logic circuit 1515, where the output is encrypted data for an encryption system or decrypted data for a decryption system. At a time t4, the memory 1520 may store the output received from the logic circuit 1515, and the memories 1505 and/or 1510 may receive an erase signal that overwrites the memories 1505 and/or 1510. The erasing of the memories 1505 and/or 1510 may occur within a duration of one clock cycle of the period T1. Fig. 15, Fig. 19, page 41, lines 11-28, page 45, lines 3-28).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Laxminarayanan to include, display the account number for a predetermined period of time after which the account number is deleted/ after which it is overwritten with other data in memory, and/or deleting the account number after displaying it by purging it from a buffer, as taught in Howe, in order to shorten the duration of time that the key and/or
associated data remain stored in their respective memories, thus enhancing security (Howe, page 12, lines 20-22).
With regard to claims 19, 27, and 35, Laxminarayanan discloses the retriever system is configured to receive an access device and to determine whether the access device is associated with an authorized user (fig. 1, paragraphs 57, 118, and 121, The payment token may only be considered valid if accompanied by an approved token requestor ID or other identifier associated with the resource provider computer 530. The payment token may be associated with a user account, a user device 520 identifier, or otherwise associated with the user. As a result, the payment token can be identified and utilized for future transactions between the user and resource provider).
With regard to claims 20, 28, and 36, Laxminarayanan discloses the decryption system further comprises a limit system configured to limit a number of decryption procedures from the retriever system and associated deletion procedures within a predetermined period of time (Laxminarayanan, paragraphs 141-143, Howe, Fig. 15, Fig. 19, page 41, lines 11-28, page 45, lines 3-28).
With regard to claims 21, 29, and 37, Laxminarayanan discloses the decryption system further comprises a terminal management system configured to interface with the retriever system and to authenticate the retriever system (paragraphs 47 and 99, A “verification value” may include information for authentication. The verification data validation module 170H may then, in conjunction with the processor 170A, regenerate the verification value based on the identified dynamic data element and the received token, the received token expiration date, the received token requestor ID, and/or any other suitable information. The regenerated verification value can be compared with the received verification value. If the values match, the received verification value may be considered authentic and validated).
With regard to claims 24 and 32, Laxminarayanan discloses the decryption system further comprises a security access system configured to interface with the retriever system and an access device and to determine whether the access device is associated with an authorized user (paragraphs 22, 57-58, and 96).
With regard to claims 25 and 33, Laxminarayanan discloses the retriever system further comprises a first security access system configured to interface with an access device and to determine whether the access device is associated with an authorized user, and the decryption system further comprises a second security access system configured to interface with the first security access system and the access device and to determine whether the access device is associated with an authorized user (paragraphs 22, 28, 57-58, and 96).
Claims 22-23 and 30-31 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2017/0163617 to Laxminarayanan et al., in view of Canadian Patent Application Publication No. CA 3,006,132 to Howe et al., and further in view of China Patent Application Publication No. CN 101477661 to Liu.
With regard to claims 22 and 30, the combination of references substantially disclose the claimed invention, however, the combination of references does not disclose a terminal management system configured to interface with the retriever system and to replace a security certificate at the retriever system.
However, Liu teaches a terminal management system configured to interface with the retriever system and to replace a security certificate at the retriever system (Meanwhile, in the certificate state table, the digital certificate corresponding to the contents of the update status field is set to "yes". Correspondingly, one can by periodically scanning the certificate state table checking whether digital certificate is in the updating state, for example, can be a timer every 5 minutes the certificate state table is scanned once, according to the certificate state table " is the content of the update status field, determining whether the corresponding digital certificate is in the updating state. Examiner notes that a certificate updating testing is scanned/tested periodically and when the digital certificate is in the updating state, a digital certificate can be updated, which is considered as “the decryption system further comprises a terminal management system configured to interface with the retriever system and to replace a security certificate at the retriever system”, Fig. 1, claim 7, page 3, lines 32-page 4, 11).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of references to include, a terminal management system configured to interface with the retriever system and to replace a security certificate at the retriever system, as taught in Liu, in order to apply to improve the security of managing the digital certificate. (Liu, abstract).
With regard to claims 23 and 31, the combination of references substantially disclose the claimed invention, however, the combination of references does not disclose a terminal management system configured to interface with the retriever system and to determine a state of operation of the retriever system.
However, Liu teaches a terminal management system configured to interface with the retriever system and to determine a state of operation of the retriever system (Meanwhile, in the certificate state table, the digital certificate corresponding to the contents of the update status field is set to "yes". Correspondingly, one can by periodically scanning the certificate state table checking whether digital certificate is in the updating state, for example, can be a timer every 5 minutes the certificate state table is scanned once, according to the certificate state table " is the content of the update status field, determining whether the corresponding digital certificate is in the updating state. Examiner notes that a certificate updating testing is scanned/tested periodically to determine whether the digital certificate is in the updating state, which is considered as “he decryption system further comprises a terminal management system configured to interface with the retriever system and to determine a state of operation of the retriever system”, Fig. 1, claim 7, page 3, lines 32-page 4, 11).
Therefore, it would have been obvious to one of ordinary skill in the before the effective filing date of the claimed invention to modify the combination of references to include, a terminal management system configured to interface with the retriever system and to determine a state of operation of the retriever system, as taught in Liu, in order to apply to improve the security of managing the digital certificate. (Liu, abstract).
Response to Arguments
Applicants' arguments filed on 12/23/2025 have been fully considered but they are not fully persuasive especially in light of the new art used in the rejections.
Applicants remark that “the combination of references does not disclose display the account number for a predetermined period of time after which the account number is deleted/ after which it is overwritten with other data in memory/ deleting the account number after displaying it by purging it from a buffer”.
Examiner directs Applicants' attention to the office action above.
Conclusion
Please refer to form 892 for cited references.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication from the examiner should be directed to Ariel Yu whose telephone number is 571-270-3312. The examiner can normally be reached on Monday-Friday 9:00am-5:00pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Obeid Fahd A can be reached on 571-270-3324. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ARIEL J YU/Primary Examiner, Art Unit 3627