Prosecution Insights
Last updated: July 17, 2026
Application No. 19/238,995

DECRYPTION METHOD FOR PAYMENT KEY

Final Rejection §101§103§112
Filed
Jun 16, 2025
Priority
Oct 14, 2020 — CN 202011099201.3 +2 more
Examiner
IMMANUEL, ILSE I
Art Unit
3699
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Shenzhen Pax Smart New Technology Co. Ltd.
OA Round
2 (Final)
26%
Grant Probability
At Risk
3-4
OA Rounds
3y 2m
Est. Remaining
52%
With Interview

Examiner Intelligence

Grants only 26% of cases
26%
Career Allowance Rate
81 granted / 309 resolved
-25.8% vs TC avg
Strong +26% interview lift
Without
With
+26.0%
Interview Lift
resolved cases with interview
Typical timeline
4y 3m
Avg Prosecution
31 currently pending
Career history
352
Total Applications
across all art units

Statute-Specific Performance

§101
0.3%
-39.7% vs TC avg
§103
93.3%
+53.3% vs TC avg
§102
2.7%
-37.3% vs TC avg
§112
3.3%
-36.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 309 resolved cases

Office Action

§101 §103 §112
DETAILED ACTION Acknowledgements This office action is in response to the claims filed 03/27/2026. Claims 1-2 are pending. Claims 1-2 have been examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 08/28/2025 have been fully considered but they are not persuasive. 101 Applicant argues the claims achieve “the method of amended claim 1 involves the additional elements that can achieve the purpose of greatly enhancing the protection/security strength of the payment key and thereby strengthening data security.” Examiner disagrees. First, the technology recited in the claims is the “terminal device”, the payment key acts as data, it’s existence does not change the nature of the claims, the payment key is not used as a payment key, it is passed around and decrypted, it’s “protection/security strength” is never enhanced in the claims. Additionally, the improvement is not to the strength or security of the technology used in the claims, the communication channel appears to be used to receive and send data, it is unclear whether the terminal device is capable of establishing the channel or simply using it. Additionally, it is unclear where, in the claims, “data security” is strengthened, whether this is achieved when data the read, sent, received or decrypted. The claims do not appear to recite the terminal device strengthening data security of the payment key. Applicant’s amendments provide descriptions of processes not performed by the claimed terminal device. The description of how the plaintext is encrypted is not the technology being claimed. The limitations describe “reading” the ciphertext, sending it, receiving somehow, a ciphertext of a decrypted payment key and then decrypting the ciphertext. While white box cryptography is encoded in computer base technology, the root of it is mathematical, and decrypting using keys is mathematical. Simply including the decryption of information to a claim does not automatically overcome the abstract idea. Especially, in this case, where the claims are directed to the receiving, sending and receiving information, just to decrypt it. The rejection is maintained. 112 The claims do not clearly convey the concept that there are sequential encryptions and therefore sequential decryptions. Somehow, the ciphertext of the payment key is decrypted, and there still remains, the ciphertext of a decrypted payment key without any essential information about the layers of encryption that require layers of decryption. See disclosure 66, 97. 103 Matsushima teaches wherein a SM4 white box secret key, an AES key, and a SM2 public key are used to encrypt a plaintext of the payment key issued by an electronic payment system to generate the ciphertext of the payment key (Abstract; Fig 10; ¶ 89, 149-161, 173-176) Matsushima – The encryption parameters 1201 have a data structure including six pieces of data: a master key length 1201 a, master key algorithm 1201 b, changing method 1201 c, designated secret key algorithm 1201 d, designated public key algorithm 1201 e, and changed strength level 1201 f…The master key algorithm 1201 b is data indicating the encryption algorithm when using the master key sent in S3506. The data indicates RSA, ECC, AES, or the like. (¶ 149, 151) Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-2 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Subject Matter Eligibility Standard When considering subject matter eligibility under 35 U.S.C. § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter (101 Analysis: Step 1). Even if the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) (101 Analysis: Step 2a(Prong 1), and if so, Identify whether there are any additional elements recited in the claim beyond the judicial exception(s), and evaluate those additional elements to determine whether they integrate the exception into a practical application of the exception. (101 Analysis: Step 2a (Prong 2). If additional elements does not integrate the exception into a practical application of the exception, claim still requires an evaluation of whether the claim recites additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception. If the claim as a whole amounts to significantly more than the exception itself (there is an inventive concept in the claim), the claim is eligible. If the claim as a whole does not amount to significantly more (there is no inventive concept in the claim), the claim is ineligible. (101 Analysis: Step 2b). The 2019 PEG explains that the abstract idea exception includes the following groupings of subject matter: a) Mathematical concepts b) Certain methods of organizing human activity and c) Mental processes Analysis In the instant case, claim 1 is directed to a method. Step 2a.1– Identifying an Abstract Idea The claims recite the steps of “reading…ciphertext… sending… and decrypting… receiving… and decrypting ….” The recited limitations fall within the certain methods of organizing human activity grouping of abstract ideas, specifically, fundamental economic principles, for example, mitigating risk on information being exposed for a transaction. Accordingly, the claims recites an abstract idea. See MPEP 2106. Step 2a.2 – Identifying a Practical Application The claim does not currently recite any additional elements or combination of additional elements that integrate the judicial exception into a practical application. According to the disclosure(¶ 88-91) , “the saved ciphertext of the payment key is read out… it is necessary to read the ciphertext of the payment key from the private file”. It is unclear from the disclosure but the “reading” appears to be directed as data retrieval of data from a file, an insignificant extra-solution activity of a generic computing device. Additionally, decrypting data is a mathematical formulation and therefore abstract. Accordingly, even in combination, these elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Mere instructions to apply the exception using generic computer components and limitations to a particular field of use or technological environment do not amount to practical applications. The claim in directed to an abstract idea. Step 2b The claim limitations recite “reading…ciphertext… sending… and decrypting… receiving… and decrypting ….” are not additional elements and they amount to no more than mere instructions to apply the exception using a generic computer component. For the same reason these elements are not sufficient to provide an inventive concept. This is also determined to be well-understood, routine and conventional activity in the field. The Symantec, TLI, and OIP Techs, court decision cited in MPEP 2106.05(d)(II) indicates that mere receipt or transmission of data over a network is a well-understood, routine and conventional function when it is claimed in a merely generic manner, as it is here. Therefore, when considering the additional elements alone, and in combination, there is no inventive concept in the claim and thus the claim is not eligible. Viewed as a whole, instructions/method claims recite the concept of a fundamental economic practice as performed by a generic computer. The claims do not currently recite any additional elements or combination of additional elements that amount to significantly more than the judicial exception. The elements used to perform the claimed judicial exception amount to no more than mere instructions to implement the abstract idea in a network, and/or merely uses a network as a tool to perform an abstract idea and/or generally linking the use of the judicial exception to a particular environment. Dependent claim 2 describes functions in more descriptive detail of the steps geared toward the abstract idea. As such, these elements do not provide the significantly more to the underlying abstract idea necessary to render the invention patentable. The claims do not, for example, purport to improve the functioning of the computer itself. Nor do they effect an improvement in any other technology or technical field. Therefore, based on case law precedent, the claims are claiming subject matter similar to concepts already identified by the courts as dealing with abstract ideas. See Alice Corp. Pty. Ltd., 573 U.S. 208 (citing Bilski v. Kappos, 561, U.S. 593, 611 (2010)). The claims at issue amount to nothing significantly more than an instruction to apply the abstract idea using some unspecified, generic computer. See Alice Corp. Pty. Ltd., 573 U.S. 208. Mere instructions to apply the exception using a generic computer component and limitations to a particular field of use or technological environment cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible. Conclusion The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not affect an improvement to another technology or technical filed; the claim does not amount to an improvement to the functioning of a computer system itself; and the claim does not move beyond a general link of the use of an abstract idea to a particular technological environment. Accordingly, the Examiner concludes that there are no meaningful limitations in the claim that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself. Dependent claims do not resolve the deficiency of independent claims and accordingly stand rejected under 35 USC 101 based on the same rationale. Dependent claim 2 is also rejected. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1 and 2 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites “A decryption method for a payment key implemented by a terminal device, comprising:… decrypting, by the back-end system, the ciphertext of the payment key for a first time by using a SM2 private key stored in a host security module thereof….” The claim is unclear and indefinite. The scope of the claims are implemented by the terminal device but the claim recites the function of a “back-end system” that uses a private key “stored in a host security module thereof”. The scope of the claims are unclear and indefinite. Dependent claim 2 is also rejected. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1 and 2 are rejected under 35 U.S.C. 103 as being unpatentable over Abdalla et al. (US 20180295114) (“Abdalla”), in view of Collinge et al. (US 20180025353) (“Collinge”) and further in view of Matsushima et al. (US 20110081017) (“Matsushima”). Regarding claim 1, Abdalla discloses reading a conserved ciphertext of a payment key by an electronic payment application of the terminal device (Abstract; ¶ 45-51) Abdalla – initiator (e.g., client) device, may generate an ephemeral public key via, for example, a canonical key exchange protocol (e.g., a canonical 2-party key exchange protocol) and transmit the ephemeral public key to device B, which in this example is the responder (e.g., server) device. (¶ 49) sending, by the electronic payment application of the terminal device, the ciphertext of the payment key to a back-end system through a secure encryption channel established between the electronic payment application of the terminal device and the back-end system, and (Abstract; ¶ 13, 21-24, 42, 49-52, 95) Abdalla – and transmit the ephemeral public key to device B, which in this example is the responder (e.g., server) device... In particular, some private mutually authenticated key exchange protocols (e.g., affiliation-hiding authenticated key exchange (AH-AKE), credential-based authenticated key exchange (CAKE), and language-based authenticated key exchange (LAKE)) may allow for implementation of different types of policies for device attributes, without revealing these attributes to unauthorized users. (Abstract; ¶ 13, 49) decrypting, by the back-end system, the ciphertext of the payment key for a first time by using a SM2 private key stored in a host security module thereof (Abstract; ¶ 21-24, 52-61) Abdalla – receiving, at the first device, a message transmitted from a second device and including a hierarchical inner-product encryption (HIPE) ciphertext… a HIPE scheme may include various probabilistic polynomial-time algorithms, such as a setup algorithm (Setup), a derive algorithm (Derive), an encryption algorithm (Enc), and a decryption algorithm (Dec)… The decryption algorithm (Dec) may receive the public parameters (e.g., a master public key (mpk)), the ciphertext (e.g., ciphertext C) and secret key (e.g., secret key dw) as inputs…. if ciphertext C=Enc(mpk, p, M) for vector p, and secret decryption key dw=Derive(msk, w) for vector w, a secure HIPE scheme may guarantee that a decrypting device in possession of the secret decryption key (e.g., secret decryption key dw) may recover the message (e.g., message M) from ciphertext C… At block 216, a HIPE ciphertext may be generated, and method 200 may proceed to block 218. For example, a function (e.g., HIPE.Enc function) may generate the HIPE ciphertext HCB based on master public key (mpk), a policy vector TEB for device B, and authenticated encrypted ciphertext AECB. More specifically, HIPE.Enc(mpk, πB, AECB) may generate HIPE ciphertext HCB. For example, HIPE ciphertext HCB may be generated at device B (e.g., via processor 106). (Abstract; ¶ 21, 22, 59) receiving, by the electronic payment application of the terminal device, a ciphertext of a first decrypted payment key, which is sent by the back-end system through the secure encryption channel established between the electronic payment application of the terminal device and the back-end system; and (Abstract; ¶ 13, 21-24, 42, 52-64, 95) Abdalla – At block 218, data including the HIPE ciphertext may be transmitted, and method 200 may proceed to block 220. For example, in addition to including the HIPE ciphertext HCB, the data may also include the session identifier sid, and message MB. More specifically, for example, the data including the HIPE ciphertext may be transmitted from device B to device A. (¶ 60) decrypting, by the electronic payment application of the terminal device, the ciphertext of the first decrypted payment key again by using the key and the secret key to obtain the plaintext of the payment key (Abstract; ¶ 55-78) Abdalla – device A, which in this example is the initiator, may attempt to decrypt the HIPE ciphertext, compute the corresponding session key, and decrypt the ciphertext for the AE scheme… At block 226, the HIPE ciphertext HCB may be decrypted, and method 200 may proceed to block 228…. At block 232, the ciphertext AECB may be decrypted, and method 200 may proceed to block 234. For example, a function (e.g., AE.Dec function) may be used to decrypt the HIPE ciphertext HCB based on authenticated encryption key htk. More specifically, AE.Dec(htk, AECB) may generate AEMB. For example, the ciphertext AECB may be decrypted at device A (e.g., via processor 104). (¶ 61, 65, 68) Abdalla does not disclose wherein a SM4 white box secret key, an AES key, and a SM2 public key are used to encrypt a plaintext of the payment key issued by an electronic payment system to generate the ciphertext of the payment key. Collinge teaches an AES key and a SM4 white box (¶ 35, 41, 42, 53) Collinge – In some example, the mobile payment application 210 may also include a white-box cryptography (WBC) component that operates in the user domain 200… For example, each entry in the keystore 310 may be associated with a key (and its alias) and parameters such as an encryption algorithm (such as AES, RSA, ECC . . . ), access rules, and cryptographic functions permitted in the system domain 300 (such as encrypt, decrypt, sign, and the like). (¶ 35) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Abdalla and Collinge in order to enhance transaction security through cryptographic keys (Collinge; ¶ 1). Matsushima teaches wherein a SM4 white box secret key, an AES key, and a SM2 public key are used to encrypt a plaintext of the payment key issued by an electronic payment system to generate the ciphertext of the payment key (Abstract; Fig 10; ¶ 89, 149-161, 173-176) Matsushima – The encryption parameters 1201 have a data structure including six pieces of data: a master key length 1201 a, master key algorithm 1201 b, changing method 1201 c, designated secret key algorithm 1201 d, designated public key algorithm 1201 e, and changed strength level 1201 f…The master key algorithm 1201 b is data indicating the encryption algorithm when using the master key sent in S3506. The data indicates RSA, ECC, AES, or the like. (¶ 149, 151) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Abdalla, Collinge and Matsushima in order to migrate private information between terminals (Matsushima; ¶ 1-9). Regarding claim 2, Collinge teaches wherein said decrypting, by the electronic payment application of the terminal device, the ciphertext of the first decrypted payment key again by using the AES key and the SM4 white box secret key to obtain the plaintext of the payment key comprises: decrypting, by the electronic payment application of the terminal device, the ciphertext of the payment key for a second time by using the AES key, and decrypting, by the electronic payment application of the terminal device, the ciphertext of the payment key for a third time by using the SM4 white box secret key to obtain the plaintext of the payment key (¶ 48-53, 61-64). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Simu et al., (US 20220210061) teaches combined double decryption. Bieber (US 20200275142) teaches combined double decryption and ciphertexts. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ILSE I IMMANUEL whose telephone number is (469)295-9094. The examiner can normally be reached Monday-Friday 9:00 am to 5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA H PATEL can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ILSE I IMMANUEL/Primary Examiner, Art Unit 3699
Read full office action

Prosecution Timeline

Jun 16, 2025
Application Filed
Jan 29, 2026
Non-Final Rejection mailed — §101, §103, §112
Mar 27, 2026
Response Filed
Jun 16, 2026
Final Rejection mailed — §101, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670237
DYNAMIC REALLOCATION OF COMPUTING RESOURCES BASED ON MONITORED USAGE ACTIVITIES OF CLIENT SYSTEMS
8y 2m to grant Granted Jun 30, 2026
Patent 12670493
PRIVACY PRESERVING ASSET TRANSFER BETWEEN NETWORKS
4y 4m to grant Granted Jun 30, 2026
Patent 12651254
MULTI-TOKEN PROVISIONING, ONLINE PURCHASE TRANSACTION PROCESSING, AND CARD LIFE CYCLE MANAGEMENT SYSTEMS AND METHODS
2y 0m to grant Granted Jun 09, 2026
Patent 12646057
Communications Device, Point Of Sale Device, Payment Device and Methods
2y 5m to grant Granted Jun 02, 2026
Patent 12639713
UTILIZING A CONTINGENT ASSET SECURE TOKEN
1y 5m to grant Granted May 26, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
26%
Grant Probability
52%
With Interview (+26.0%)
4y 3m (~3y 2m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 309 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month