Prosecution Insights
Last updated: July 17, 2026
Application No. 19/084,489

SYSTEM AND METHOD FOR EPHEMERAL COMPUTE WITH PAYMENT CARD PROCESSING

Final Rejection §103
Filed
Mar 19, 2025
Priority
Sep 09, 2020 — provisional 63/076,220 +1 more
Examiner
LEE, CLAY C
Art Unit
3699
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Aven Holdings Inc.
OA Round
2 (Final)
55%
Grant Probability
Moderate
3-4
OA Rounds
2y 0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 55% of resolved cases
55%
Career Allowance Rate
125 granted / 229 resolved
+2.6% vs TC avg
Strong +58% interview lift
Without
With
+57.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
36 currently pending
Career history
278
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
92.3%
+52.3% vs TC avg
§102
4.2%
-35.8% vs TC avg
§112
0.5%
-39.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 229 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Terminal Disclaimer The terminal disclaimer filed on 3/20/2026 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Patent No. 12,282,912 has been reviewed and is accepted. The terminal disclaimer has been recorded. Response to Amendment The amendment filed March 20, 2026 has been entered. Claims 21-40 remain pending in the application. Applicant's amendments to the Claims have overcome each and every Double Patenting rejections previously set forth in the Non-Final Office Action mailed January 16, 2026. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 21-40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Iozzia (US 20120089481 A1) in view of Benkreira (US 20200013037 A1). Regarding Claims 21, 30, and 39, Iozzia teaches A method comprising (Iozzia: Abstract; Paragraph(s) 0061-0063): A system for payment card processing, the system comprising: a processor of a cloud server; a client application server; and a memory, coupled to the processor and configured to store executable instructions that, when executed by the processor, cause the processor to (Iozzia: Abstract; Paragraph(s) 0015, 0061-0063): A computer program product comprising a non-transitory computer-readable medium having computer readable program code stored thereon, the computer read program code configured to (Iozzia: Paragraph(s) 0015, 0061-0062, 0083, 0196-0198): receiving, at a cloud server, a request from a client application server for transmitting sensitive data and non-sensitive data to a service system, the request having compute code that is executed to transmit the sensitive data (Iozzia: Paragraph(s) 0083-0084, 0121-0123, 0132 teach(es) a Payment Processor is a company that routes credit card transactions from merchant locations to credit card issuers for complete authorization and eventual settlement (i.e., a request); the system provides a method to capture End User Sensitive Information (“Third-Party Data Processing Information”) (i.e., for transmitting sensitive information) via the Trusted Proxy Frame interface. Exemplary Third-Party Data Processing Information includes credit card numbers, card expiration dates and Card Validation Codes (CVC2) (i.e., associated with the payment card)); generating, by the cloud server, an [ephemeral] compute instance by loading the compute code included in the request to the [ephemeral] compute instance (Iozzia: Paragraph(s) 0121, 0132, 0263-0264, 0155, 0194, 0197 teach(es) the system provides a method to capture End User Sensitive Information (“Third-Party Data Processing Information”) (i.e., for transmitting sensitive information) via the Trusted Proxy Frame interface (i.e., an ephemeral compute instance). Exemplary Third-Party Data Processing Information includes credit card numbers, card expiration dates and Card Validation Codes (CVC2) (i.e., associated with the payment card); the system provides a method to create a hidden Authentication Key field within the Trusted Proxy Frame; after a predetermined time the Trusted Relationship between Authentication Keys expires (i.e., ephemeral); FIG. 1 also includes WAN120 a, WAN 320 and WAN 820. These elements are communications conduit that carry electronic data communications between and within computing resources (i.e., computer resources allocated to process the request); Embodiments are operational with numerous other general purpose or special purpose computing system environments or configurations, in the general context of computer-executable instructions (i.e., executes code for transmitting); each computers or server includes an operating system (i.e., OS), application programs, other program modules, and program data); triggering, by the cloud server, the [ephemeral] compute instance to execute the compute code to transmit the sensitive data to the service system; transmitting, by the cloud server, the sensitive data from the client application server to the service system via the [ephemeral] compute instance executing the compute code (Iozzia: Paragraph(s) 0105-0106, 0113-0115, 0130, 0194 teach(es) an act or event that meets predetermined conditions for initiating a process (i.e., triggering); the system uses methods deployed within the Publisher Application that retrieve and insert the Trusted Proxy Frame during a sensitive data exchange process (i.e., for transmitting the sensitive information); Embodiments are operational with numerous other general purpose or special purpose computing system environments or configurations, in the general context of computer-executable instructions (i.e., executes code for transmitting via the instance executing the compute code)); and releasing, by the cloud server, computer resources allocated to the [ephemeral] compute instance in response to the sensitive data being transmitted to the service system (Iozzia: Paragraph(s) 0125, 0263-0264, 0268-0269, 0004 teach(es) control return to the Publisher Application when transactions are complete; after a predetermined time the Trusted Relationship between Authentication Keys expires (i.e., turning down the ephemeral compute instance); the original Authentication Key a completely expires and is moved into Discard Area where it is destroyed; The Authentication Key must be used before being destroyed. Thus the Authentication Key is destroyed or released after its usage; a customer (an “End User”) of an online merchant provides sensitive personal information (“Primary Information”) such as a payment information to complete a purchase transaction with an online merchant). However, Iozzia does not explicitly teach ephemeral compute instance. Benkreira from same or similar field of endeavor teaches ...ephemeral compute instance (Benkreira: Paragraph(s) 0048, 0063-0064, 0006-0007 teach(es) the triggering event is generated by a messaging queue service or data streaming platform. Advantageously, container instances are ephemeral (i.e., ephemeral compute instance), with their provisioning based on a triggering event and their terminating based on completion of one or more jobs; Container instances are ephemeral and may run for a single job or a series of jobs, and data stored by container instance (i.e., ephemeral compute instance) may be destroyed upon termination, providing security advantages (i.e., for transmitting the sensitive information); A container instance may be configured to execute functions written in one or more programming languages, including JAVASCRIPT, C, C++, JAVA, PHP, PYTHON, RUBY, PERL, BASH, or other programming or scripting languages). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Iozzia to incorporate the teachings of Benkreira for ...ephemeral compute instance. There is motivation to combine Benkreira into Iozzia because the messaging queue service or data streaming platform may use ephemeral container instance, to provide security advantages in sending or receiving sensitive information such as credentials (Benkreira: Paragraph(s) 0098, 0077). Regarding Claims 22, 31, and 40, the combination of Iozzia and Benkreira teaches all the limitations of claims 21, 30, and 39 above; and Iozzia further teaches further comprising transmitting the non-sensitive data to the service system through persistent backend service (Iozzia: Paragraph(s) 0107, 0020 teach(es) the shipping address may be provided in an e-commerce transaction as unrestricted Information: Electronic data which can be publicly disclosed without compromising its sensitivity, legality, commercial value or other attributes; the opposite of Primary Information). Regarding Claims 23 and 32, the combination of Iozzia and Benkreira teaches all the limitations of claims 21 and 30 above; and Iozzia further teaches further comprising: verifying the request based on determining that an authorization token associated with the request is valid, wherein generating the ephemeral compute instance is based on verifying the request (Iozzia: Paragraph(s) 0226, 0103, 0243 teach(es) the system creates a logical trusted relationship between Trusted Proxy Frame and Trusted Frame Process that persists for the duration of the Primary Information exchange process). Regarding Claims 24 and 33, the combination of Iozzia and Benkreira teaches all the limitations of claims 21 and 30 above; and Iozzia further teaches further comprising: determining whether to retain the ephemeral compute instance after the compute code is executed, wherein releasing the computer resources allocated to the ephemeral compute instance to turn down the ephemeral compute instance is based on determining not to retain the ephemeral compute instance (Iozzia: Paragraph(s) 0125, 0263-0264, 0268-0269, 0004 teach(es) control return to the Publisher Application when transactions are complete; after a predetermined time the Trusted Relationship between Authentication Keys expires (i.e., turning down the ephemeral compute instance); the original Authentication Key a completely expires and is moved into Discard Area where it is destroyed; The Authentication Key must be used before being destroyed. Thus the Authentication Key is destroyed or released after its usage; a customer (an “End User”) of an online merchant provides sensitive personal information (“Primary Information”) such as a payment information to complete a purchase transaction with an online merchant). Regarding Claims 25 and 34, the combination of Iozzia and Benkreira teaches all the limitations of claims 24 and 33 above; and Iozzia further teaches further comprising: receiving, at the cloud server, a second request having the same compute code; and retaining the ephemeral compute instance by assigning the ephemeral compute instance to the second request without creating a new compute instance (Iozzia: Paragraph(s) 0125, 0263-0264, 0268-0269, 0004, as stated above with respect to claims 24 and 33). Regarding Claims 26 and 35, the combination of Iozzia and Benkreira teaches all the limitations of claims 24 and 34 above; and Iozzia further teaches wherein retaining the ephemeral compute instance is based on a type of an entity that submitted the request through the client application server (Iozzia: Paragraph(s) 0206-0208, 0226, 0103, 0243 teach(es) the Secure Application of the system displaying a trusted credit card data form (Trusted Proxy Frame) within the distrusted branded interface; the system creates a logical trusted relationship between Trusted Proxy Frame and Trusted Frame Process that persists for the duration of the Primary Information exchange process). Regarding Claims 27 and 36, the combination of Iozzia and Benkreira teaches all the limitations of claims 21 and 30 above; and Iozzia further teaches wherein triggering the ephemeral compute instance is based on at least one criterion, the criterion including a security policy or a type of an application programming interface (API) call (Iozzia: Paragraph(s) 0027 teach(es) Examples of policy for sensitive user data include those defined under The Health Insurance Portability and Accountability Act (HIPAA) and the PCI Data Security Standard (PCI DSS) protocol developed by the PCI Security Standards Council). Regarding Claims 28 and 37, the combination of Iozzia and Benkreira teaches all the limitations of claims 21 and 30 above; and Iozzia further teaches wherein outbound network activity associated with the ephemeral compute instance is restricted to whitelisted services (Iozzia: Paragraph(s) 0056 teach(es) a transaction is approved by an issuing bank, authorized agent, or Visa/MasterCard on behalf of that issuer). Regarding Claims 29 and 38, the combination of Iozzia and Benkreira teaches all the limitations of claims 21 and 30 above; and Iozzia further teaches wherein the sensitive data transmitted through the ephemeral compute instance and the non-sensitive data transmitted by persistent backend service are combined to authorize a transaction (Iozzia: Paragraph(s) 0337, 0020, 0032 further teach(es), in addition with respect to claim 9 above, an unauthorized user can see non-sensitive elements of Primary Function, but they have no visibility or access to sensitive Primary Information). Response to Arguments Applicant's arguments filed March 20, 2026 have been fully considered but they are not persuasive. Regarding applicant’s argument under Claim Rejections - 35 USC § 103 that “Iozzia, however, does not disclose or suggest a transaction request "having compute code that is executed to transmit the sensitive data," as recited in amended claim 21. Iozzia also fails to disclose or suggest "generating an ephemeral compute instance by loading the compute code included in the request into the ephemeral compute instance," as claimed,” examiner respectfully argues that the features are taught by the combination of the cited references as stated above with respect to the 103 rejections (Iozzia: Paragraph(s) 0083-0084, 0121-0123, 0132, 0263-0264, 0155, 0194, 0197; and Benkreira: Paragraph(s) 0048, 0063-0064, 0006-0007). It is recommended for the applicant to amend the claims further with more technical details and contexts of servers, service system, ephemeral compute instance, compute code, computer resources, etc. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Susanto (US 20140207736 A1) teaches Replication Of Assets Across Data Centers, including computing resources, cloud computing, and that shared pool of configurable computing resources can be rapidly provisioned via virtualization and released. Fenichel (US 20230119385 A1) teaches Adaptive Artificial Intelligence Systems And Methods For Token Verification, including ephemeral container instances, and protecting sensitive data. Trim (US 11082283 B2) teaches Contextual Generation Of Ephemeral Networks, including configurable computing resources (e.g., networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAY LEE whose telephone number is (571)272-3309. The examiner can normally be reached Monday-Friday 8-5pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571)270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CLAY C LEE/Primary Examiner, Art Unit 3699
Read full office action

Prosecution Timeline

Mar 19, 2025
Application Filed
Jan 16, 2026
Non-Final Rejection mailed — §103
Mar 20, 2026
Response Filed
May 28, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12651255
TRANSACTION MESSAGING
1y 11m to grant Granted Jun 09, 2026
Patent 12647352
VERIFICATION OF DATA PROCESSES IN A NETWORK OF COMPUTING RESOURCES
2y 7m to grant Granted Jun 02, 2026
Patent 12639734
System, Device, and Method of Protected Electronic Commerce and Electronic Financial Transactions
6y 0m to grant Granted May 26, 2026
Patent 12632853
PAYMENT AUTHENTICATION SYSTEM FOR ELECTRONIC COMMERCE TRANSACTIONS
2y 1m to grant Granted May 19, 2026
Patent 12626245
SYSTEMS AND METHODS FOR DISTRIBUTED LEDGER-BASED IDENTITY MANAGEMENT
1y 5m to grant Granted May 12, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
55%
Grant Probability
99%
With Interview (+57.8%)
3y 4m (~2y 0m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 229 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month