SMART PROXY SYSTEMS AND METHODS FOR TOKENIZATION AND POINT-TO-POINT ENCRYPTION SERVICES

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the Application filed November 14, 2024. Claims 1-14 are pending in this case. Priority This application claims priority to U.S. Provisional Patent Application No. 63/548,463, entitled “Smart Proxy Systems and Methods for Tokenization and P2PE Services” and filed on November 14, 2023. Information Disclosure Statement The information disclosure statements (IDS) submitted on November 15, 2024 and January 22, 2025, are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1- 14 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. In the instant case, claims 1- 7 are directed to a method, while claims 8-14 are directed to a system. Therefore, the claims fall within the four statutory categories of invention. The claims recite or describe a process of deciding how a message is to be processed, which is an abstract idea. Specifically the claims recite receiving a message, decrypting the message, retrieving a template for the processing of the message, encrypting the message and transmitting the message. The claims are grouped within mental processes grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because they involve deciding how to process a message (identifying the proper template for each message). In addition, the claims are grouped within certain methods of organizing human activity because the steps recited describe the fundamental economic practice of mitigating risk (through, e.g., encryption)) In situations like this where a series of steps recite judicial exceptions, examiners should combine all recited judicial exceptions and treat the claim as containing a single judicial exception for purposes of further eligibility analysis. See MPEP 2106.04 and 2106.05(II). Thus, the language identified in the certain methods of organizing human activity and mental process groupings were considered as a single abstract idea. Accordingly, the claims recite an abstract idea. In situations like this where a series of steps recite judicial exceptions, examiners should combine all recited judicial exceptions and treat the claim as containing a single judicial exception for purposes of further eligibility analysis. See MPEP 2106.04 and 2106.05(II). Thus, the language identified in the certain methods of organizing human activity and mathematical concepts groupings were considered as a single abstract idea. Accordingly, the claims recite an abstract idea.. Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)). This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional elements of the claims such as the server, processor, and memory, merely implement the abstract idea. Specifically, server, processor, and memory perform the steps or functions of deciding how to process a message. The use of a server, processor, and memory as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional element(s) of using server, processor, and memory to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of deciding how to process a message. As discussed above, taking the claim elements separately, the server, processor, and memory perform the steps or functions of receiving a message, decrypting the message, retrieving a template for the processing of the message, encrypting the message and transmitting the message. These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of deciding how to process a message. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05 (f) & (h)). Therefore, the claim is not patent eligible. Dependent claims, 2-7 and 9-14 further describe the abstract idea of deciding how to process a message. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-14 are rejected under 35 U.S.C. 103 as being unpatentable over Rapolu et al (US 2022/0209952) in view of Fallah et al (US 2019/0333059). Regarding claim 1 – Rapolu discloses a tokenization method (Fig.1,par 67 “The processing network computer 106 can generate or generate a token unique to both the credential for the user device and the storage application 110 executing on the recipient computer 108.”), comprising: receiving, at a proxy server (Fig.1), a message having a token and a first template identifier (Fig.2, par 69 “At S215, the processing network computer 106 can identify the created token and send the token and the template identifier to the authorizing entity computer 104 via a transaction controls API.”); decrypting the message with the proxy server (Fig.1, par 66 “The processing network computer 106 can verify the obtained encrypted data pay load by decrypting the encrypted data payload and verifying with the authorizing entity computer 104 that the credential in the decrypted data payload matches the credential for the user device of the sender operating the sender computer 102.”); identifying, with the proxy server, the token within the message based on the first template (Fig.2, par 51 “At S202, the authorizing entity computer 104 can send selected controls to a processing network computer 106 via a transaction controls API. The processing network computer 106 can return a template identifier for the controls.”); based on the identifying, replacing the token within the message with data represented by the token (Fig.8, par 136 “The authorizing entity computer 860 can generate an authorization response message with an approval or decline. The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token.”’); encrypting the message subsequent to the replacing (Fig.2, par 61 “The authorizing entity computer 104 can request an encrypted data payload from the processing network computer 106. For instance, the authorizing entity computer 104 can provide the credential identifier to a provisioning API, and the processing network computer 106 can return the encrypted data payload (e.g., an encrypted PAN). The encrypted data payload can include the credential for the user device that is encrypted using a key known only to the processing network computer 106.”); and transmitting the message from the proxy server to a destination device for the message (Fig.8, par 136 “The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token. The processing network 850 may then transmit the authorization response message back to the access device 820.”). Rapolu does not specifically disclose storing, in memory, a plurality of templates Fallah discloses storing, in memory, a plurality of templates (par 98 “templates for the required functions are stored by the proxy system 80 (e.g., in data store 85)”); Additionally, Rapolu does not specifically teach retrieving, from the memory with the proxy server, a first template of the plurality of templates identified by the first template identifier, the first template indicating a location of the token within the message (Fig.2, par 69 “At S215, the processing network computer 106 can identify the created token and send the token and the template identifier to the authorizing entity computer 104 via a transaction controls API. The processing network computer 106 can return details relating to the token, such as the token, the user device and the recipient associated with the token. The processing network computer 106 can generate a mapping for the token and corresponding control data, and can store both in a database along with the credential.”); However, Fallah does disclose retrieving, from the memory with the proxy server, a first template of the plurality of templates (par 98 “templates . . . are retrieved”). It would be obvious to one of ordinary skill in the art to combine Rapolu with the storage and retrieval of Fallah in order to more easily and conveniently obtain and use the various templates. Note that neither Rapolu nor Fallah specifically teach the first template indicating a location of the token within the message. However, Rapolu does disclose, as above, identifying, with the proxy server, the token within the message based on the first template (Fig.2, par 51 “At S202, the authorizing entity computer 104 can send selected controls to a processing network computer 106 via a transaction controls API. The processing network computer 106 can return a template identifier for the controls.”). In order to identify an item (here, a token) one must somehow figure out where it is located. Additionally, as above, Rapolu discloses based on the identifying, replacing the token within the message with data represented by the token (Fig.8, par 136 “The authorizing entity computer 860 can generate an authorization response message with an approval or decline. The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token.”’) As noted above, in order to replace an item (here, a token) one must somehow figure out where it is located and go to that location. Regarding claim 2 – Rapolu discloses wherein the first template defines a script, and wherein the method comprises executing the script by at least one processor of the proxy server causing the at least one processor to perform an action for processing the message (Fig.2, par 51). Regarding claim 3 – Rapolu discloses receiving, at the proxy server, a card-present payment request having a second template identifier (Fig.2, par 61 “At S210, the authorizing entity computer 104 can call an in-app provisioning API with the credential identifier and the template identifier to the processing network computer 106. The authorizing entity computer 104 can request an encrypted data payload from the processing network computer 106.”); decrypting the card-present payment request with the proxy server (Fig.2, par 66 “The processing network computer 106 can verify the obtained encrypted data payload by decrypting the encrypted data payload and verifying with the authorizing entity computer 104 that the credential in the decrypted data payload matches the credential for the user device of the sender operating the sender computer 102.”); retrieving, from the memory with the proxy server, a second template of the plurality of templates identified by the second template identifier (Fig.2, par 69 “At S215, the processing network computer 106 can identify the created token and send the token and the template identifier to the authorizing entity computer 104 via a transaction controls API. The processing network computer 106 can return details relating to the token, such as the token, the user device and the recipient associated with the token. The processing network computer 106 can generate a mapping for the token and corresponding control data, and can store both in a database along with the credential.”); processing, with the proxy server, the card-present payment request based on the second template (Fig.2, par 51 “At S202, the authorizing entity computer 104 can send selected controls to a processing network computer 106 via a transaction controls API. The processing network computer 106 can return a template identifier for the controls.”); encrypting the card-present payment request subsequent to the processing (Fig.2, par 61 “The authorizing entity computer 104 can request an encrypted data payload from the processing network computer 106. For instance, the authorizing entity computer 104 can provide the credential identifier to a provisioning API, and the processing network computer 106 can return the encrypted data payload (e.g., an encrypted PAN).”); and transmitting the encrypted card-present payment request from the proxy server to a destination device identified by the second template (Fig.8, par 136 “The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token. The processing network 850 may then transmit the authorization response message back to the access device 820.”). Regarding claim 4 – Rapolu discloses replacing, at the proxy server, data in the card-present payment request with a second token (Fig.8, par 136 “The authorizing entity computer 860 can generate an authorization response message with an approval or decline. The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token.”); receiving, at the proxy server, a response to the card-present payment request, the response indicating whether the card-present payment request is approved (Fig.2, par 59); and inserting into the response, at the proxy server, the second token (Fig.8, par 136 “The authorizing entity computer 860 can generate an authorization response message with an approval or decline. The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token.”). Regarding claim 5 – Rapolu discloses receiving, at the proxy server, a response to the message (Fig.2, par 58 “At S207, the recipient, via recipient computer 108, may provide a multifactor authentication response to the authorizing entity computer 104. The multifactor authentication response can provide a response to multifactor authentication request, such as a requested passcode) from the recipient.”); processing, at the proxy server, the response based on the first template (Fig.2, par 69 “At S215, the processing network computer 106 can identify the created token and send the token and the template identifier to the authorizing entity computer 104 via a transaction controls API. The processing network computer 106 can return details relating to the token, such as the token, the user device and the recipient associated with the token.’’); and transmitting the response from the proxy server subsequent to the processing (Fig.2, par 69 “At S215, the processing network computer 106 can identify the created token and send the token and the template identifier to the authorizing entity computer 104 via a transaction controls API. The processing network computer 106 can return details relating to the token, such as the token, the user device and the recipient associated with the token.”). Regarding claim 6 - Rapolu discloses performing a sequence of actions indicated by the first template for processing the message at the proxy server (par 50 “In some embodiments, the request to share the credential can include control data. Control data can include a series of parameters specifying conditions in which the recipient can use the credential associated with the user device to initiate transactions. For example, control data can restrict transactions conducted by the recipient to certain times, transaction amounts, resource providers (e.g., merchants), transaction types, etc.”). Regarding claim 7- Rapolu discloses wherein the first template includes path expressions defining a path to a node of the message containing the token, and wherein the identifying comprises locating the token within the message based on the path expressions from the template (Figs.4B-F; par 50). Regarding claim 8- Rapolu discloses a proxy server for a tokenization system, comprising: memory for storing a plurality of templates (par 116); and at least one processor programmed with instructions that, when executed by the at least one processor (par 116), cause the at least one processor to: receive a message having a token and a first template identifier (Fig.2, par 69 “At S215, the processing network computer 106 can identify the created token and send the token and the template identifier to the authorizing entity computer 104 via a transaction controls API.”); decrypt the message (Fig.1, par 66 “The processing network computer 106 can verify the obtained encrypted data payload by decrypting the encrypted data payload and verifying with the authorizing entity computer 104 that the credential in the decrypted data payload matches the credential for the user device of the sender operating the sender computer 102.”); identify the token within the message based on the first template (Fig.2, par 51 “At S202, the authorizing entity computer 104 can send selected controls to a processing network computer 106 via a transaction controls API. The processing network computer 106 can return a template identifier for the controls.’’); replace the token within the message with data represented by the token (Fig.8, par 136 “The authorizing entity computer 860 can generate an authorization response message with an approval or decline. The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token.”); encrypt the message subsequent to replacing the token within the message (Fig.2, par 61 “The authorizing entity computer 104 can request an encrypted data payload from the processing network computer 106. For instance, the authorizing entity computer 104 can provide the credential identifier to a provisioning API, and the processing network computer 106 can return the encrypted data payload (e.g., an encrypted PAN). The encrypted data payload can include the credential for the user device that is encrypted using a key known only to the processing network computer 106.”); and transmit the message to a destination device (Fig.8, par 136 “The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token. The processing network 850 may then transmit the authorization response message back to the access device 820.”). Rapolu does not specifically disclose memory storing a plurality of templates Fallah discloses memory storing a plurality of templates (par 98 “templates for the required functions are stored by the proxy system 80 (e.g., in data store 85)”); Additionally, Rapolu does not specifically teach retrieving, from the memory with the proxy server, a first template of the plurality of templates identified by the first template identifier, the first template indicating a location of the token within the message (Fig.2, par 69 “At S215, the processing network computer 106 can identify the created token and send the token and the template identifier to the authorizing entity computer 104 via a transaction controls API. The processing network computer 106 can return details relating to the token, such as the token, the user device and the recipient associated with the token. The processing network computer 106 can generate a mapping for the token and corresponding control data, and can store both in a database along with the credential.”); However, Fallah does disclose retrieving, from the memory with the proxy server, a first template of the plurality of templates (par 98 “templates . . . are retrieved”). It would be obvious to one of ordinary skill in the art to combine Rapolu with the storage and retrieval of Fallah in order to more easily and conveniently obtain and use the various templates. Note that neither Rapolu nor Fallah specifically teach the first template indicating a location of the token within the message. However, Rapolu does disclose, as above, identifying, with the proxy server, the token within the message based on the first template (Fig.2, par 51 “At S202, the authorizing entity computer 104 can send selected controls to a processing network computer 106 via a transaction controls API. The processing network computer 106 can return a template identifier for the controls.”). In order to identify an item (here, a token) one must somehow figure out where it is located. Additionally, as above, Rapolu discloses based on the identifying, replacing the token within the message with data represented by the token (Fig.8, par 136 “The authorizing entity computer 860 can generate an authorization response message with an approval or decline. The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token.”’) As noted above, in order to replace an item (here, a token) one must somehow figure out where it is located and go to that location. Regarding claim 9- Rapolu discloses the proxy server of claim 8, wherein the first template defines a script, and wherein the instructions, when executed by the at least one processor, cause the at least one processor to execute the script for performing an action to process the message (Fig.2, par 51). Regarding claim 10- Rapolu discloses the proxy server of claim 8, wherein the instructions, when executed by the at least one processor, cause the at least one processor to: receive a card-present payment request having a second template identifier (Fig.2, par 61 “At S210, the authorizing entity computer 104 can call an in-app provisioning API with the credential identifier and the template identifier to the processing network computer 106. The authorizing entity computer 104 can request an encrypted data payload from the processing network computer 106.”); decrypt the card-present payment request (Fig.2, par 66 “The processing network computer 106 can verify the obtained encrypted data payload by decrypting the encrypted data payload and verifying with the authorizing entity computer 104 that the credential in the decrypted data payload matches the credential for the user device of the sender operating the sender computer 102.”’); retrieve, from the memory, a second template of the plurality of templates identified by the second template identifier (Fig.2, par 69 “At S215, the processing network computer 106 can identify the created token and send the token and the template identifier to the authorizing entity computer 104 via a transaction controls API. The processing network computer 106 can return details relating to the token, such as the token, the user device and the recipient associated with the token. The processing network computer 106 can generate a mapping for the token and corresponding control data, and can store both in a database along with the credential.”); process the card-present payment request based on the second template (Fig.2,par 51 “At S202, the authorizing entity computer 104 can send selected controls to a processing network computer 106 via a transaction controls API. The processing network computer 106 can return a template identifier for the controls.’’); encrypt the card-present payment request subsequent to processing the card present payment request (Fig.2, par 61 “The authorizing entity computer 104 can request an encrypted data payload from the processing network computer 106. For instance, the authorizing entity computer 104 can provide the credential identifier to a provisioning API, and the processing network computer 106 can return the encrypted data payload (e.g., an encrypted PAN).”) and transmit the encrypted card-present payment request to a destination device identified by the second template (Fig.8, par 136 “The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token. The processing network 850 may then transmit the authorization response message back to the access device 820.”). Regarding claim 11 – Rapolu discloses the proxy server of claim 10, wherein the instructions, when executed by the at least one processor, cause the at least one processor to: replace data in the card-present payment request with a second token (Fig.8, par 136 “The authorizing entity computer 860 can generate an authorization response message with an approval or decline. The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token.”); receive a response to the card-present payment request, the response indicating whether the card-present payment request is approved (Fig.2, par 59); and insert into the response the second token (Fig.8,par “The authorizing entity computer 860 can generate an authorization response message with an approval or decline. The authorization response message can be transmitted to the processing network 850, and the processing network 850 may replace the credential with the token.’’). Regarding claim 12 – Rapolu discloses the proxy server of claim 8, wherein the instructions, when executed by the at least one processor, cause the at least one processor to: receive a response to the message (Fig.2, par 58 “At S207, the recipient, via recipient computer 108, may provide a multifactor authentication response to the authorizing entity computer 104. The multifactor authentication response can provide a response to multifactor authentication request, (such as a requested passcode) from the recipient.”); process the response based on the first template (Fig.2, par 69 “At S215, the processing network computer 106 can identify the created token and send the token and the template identifier to the authorizing entity computer 104 via a transaction controls API. The processing network computer 106 can return details relating to the token, such as the token, the user device and the recipient associated with the token.’’); and transmit the response from the proxy server subsequent to processing the response (Fig.2, par 69 “At S215, the processing network computer 106 can identify the created token and send the token and the template identifier to the authorizing entity computer 104 via a transaction controls API. The processing network computer 106 can return details relating to the token, such as the token, the user device and the recipient associated with the token.”). Regarding claim 13- Rapolu discloses the proxy server of claim 8, wherein the instructions, when executed by the at least one processor, cause the at least one processor to perform a sequence of actions indicated by the first template for processing the message (par 50 “In some embodiments, the request to share the credential can include control data. Control data can include a series of parameters specifying conditions in which the recipient can use the credential associated with the user device to initiate transactions. For example, control data can restrict transactions conducted by the recipient to certain times, transaction amounts, resource providers (e.g., merchants), transaction types, etc.”’). Regarding claim 14- Rapolu discloses the proxy server of claim 8, wherein the first template includes path expressions defining a path to a node of the message containing the token, and wherein the instructions, when executed by the at least one processor, cause the at least one processor to identify the token by locating the token within the message based on the path expressions from the template (Figs.4B-F; par 50). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Doney (US 2023/0359604) discloses a METHOD AND APPARATUS FOR CREATING AND MANAGING USER CONFIGURABLE OBJECTS AND FUNCTIONS ON DISTRIBUTED LEDGER NETWORKS. Moore et al (US 2023/0177490) disclose CRYPTOGRAPHIC ASSET GENERATION USING SHORT RANGE WIRELESS COMMUNICATION. Kumar (US 2021/0342850) discloses VERIFYING USER IDENTITIES DURING TRANSACTIONS USING IDENTIFICATION TOKENS THAT INCLUDE USER FACE DATA. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CRISTINA OWEN SHERR whose telephone number is (571)272-6711. The examiner can normally be reached 8:30 - 5:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached at 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Cristina Owen Sherr/Examiner, Art Unit 3697 /JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3697