ON-DEMAND SECURE DATA ENTRY FOR REPRESENTATIVE-ASSISTED TRANSACTIONS WITH LOCAL INTERACTION POINT

Detailed Action Claims 1-12 are pending and are examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-12 are rejected under 35 U.S.C. 103 as being unpatentable over Westlake et al. (US20170026516A1) (hereinafter “Westlake”) in view of Lawson et al. (US20130128882A1) (hereinafter “Lawson”). As per Claim 1 and 7, Westlake teaches: A system for on-demand secure data entry for representative-assisted calls, comprising: a computer system comprising a memory, a processor, and a non-volatile data storage device; a plurality of programming instructions stored in the memory which, when operating on the processor, causes the computer system to: (“a signaling processor configured to receive the signaling data from the first party via the second communication channel, modify the signaling data to remove or replace at least some of the sensitive data in the signaling data, and transmit the modified signaling data via the second communication channel to the second party.” (Abstract); “the control devices 303, 304 are not SBCs, as in the VoIP-based system, but are typically web browsers or similar user agents (in which the web application runs or is displayed) running on electronic devices (e.g. personal computers, laptops, tablets or smartphones).” (Para. 0058); “The system 300 may further comprise the optional processing device 309, which may be utilised as an intermediate media proxy/call recording system which records the media data that is received and transmitted between the first and second parties 301, 302.” (Para. 0059)) during an unsecured call between a customer and merchant representative via a telephony system of the merchant's telecommunications carrier occurring in non-call center environments controlled by the merchant, receive a request to establish a secured call wherein the customer and the merchant representative remain in voice communication with one another while payment information provided by customer is masked from the merchant representative; (“secure transmission of sensitive information during a call between a caller and an agent such that the agent does not receive the sensitive information.” (Para. 0003); “allow call center agents to take debit or credit card payments over the phone without the caller having to read out sensitive card details (e.g. primary account number (PAN), start date, expiry date, the card security code (e.g. CV2)) to the agent directly. These systems typically require the caller to enter the card details using a ‘touch-tone’ keypad, which encodes the details using dual-tone multi-frequency (DTMF) signaling.” (Para. 0009); “Both processes claim as a benefit the fact that continuous speech interaction between the caller and the agent is possible during the process.” (Para. 0011)) receive one or more dual-tone multi-frequency (DTMF) tones representing digits from zero to nine from the customer-to-system call; and (“DTMF has been established for decades and, as would be familiar to a skilled person, can be used to communicate some alphanumeric characters (i.e. the digits 0-9, *, #, and the characters A-D) through a telephone audio channel during a phone call. The DTMF tones used to encode the caller's card details can then be decoded by a call processor and transmitted to a payment processing system.” (Para. 0009); “the signaling processor 305 may replace the sensitive data with placeholder or random data (e.g. replacing DTMF tones representing a card number in the signaling data with non-numeric DTMF tones).” (Para. 0045); “In this case, the DTMF tones are represented in the signaling stream by metadata.” (Para. 0043)) using the first DTMF secure call space and second DTMF secure call space, block transmission of the DTMF tones to the representative-to-system call while passing through any other audio from the customer-to-system call to the representative-to- system-call; and (“The first control device 303 transmits the voice data directly to the second control device 304, for example using the Real-time Transmission Protocol (RTP), using the first communication channel 306, and transmits the signaling data to the signaling processor 305 using the second communication channel 307. The signaling processor 305 modifies the signaling data by removing the card data from the signaling data.” (Para. 0045); “Once the signaling data has been modified, the signaling processor 305 transmits the modified signaling data (i.e. the signalling data without the card data) to the second control device 304.” (Para. 0055); “blocking DTMF tones from being passed to the agent or call recording apparatus. This typically involves one of two processes: DTMF clamping, in which the DTMF tones are removed from the speech path by means of a digital signal processor, or DTMF masking, in which other tones are played to the agent at the same time as the callers DTMF. Both processes claim as a benefit the fact that continuous speech interaction between the caller and the agent is possible during the process.” (Para. 0011)). the . . . operating on the web browser of the computing device operating within the network environment, configured to: receive the one or more call controls; and send one or more API calls as instructed by the one or more call controls. (“the web application running on the first control device 303 remains in communication with the signaling server 305 at all times.” (Para. 0060); “initiate a message from the second party 302 that will command the first party's 301 web browser, running on the first control device 303, to display a secure input form.” (Para. 0060); “data to be keyed by the customer into a web application, which also drives the signaling used to control the voice data transmitted between the first party 301 and second party 302.” (Para. 0057)) Westlake does not disclose: “request and receive a phone number allocation from a DNIS pool of a dialed number identification service (DNIS)” However, as per Claim 1, Lawson in the analogous art of processing telephony-based systems, teaches: “request and receive a phone number allocation from a DNIS pool of a dialed number identification service (DNIS)”. (See “the message is preferably received from the gateway by the call router and translated into a format (such as a URI) that can be sent over the public Internet such as HTTP, based on the recipient address of the SMS, such as a short code, or Direct Inward Dialing (DID), or other suitable unique recipient identifier.” (Para. 0016); “More preferably, the initial URI is assigned to the call via a unique identifier for the call destination, such as a DID (Direct Inbound Dial) phone number, or a VOIP SIP address.” (Para. 0018); “In this variation, the application running on the server preferably specifies an initial URI for the call router to use for telephony session in step S3, as well as the phone number (or other addressable destination) to dial and the source phone number (caller id).” (Para. 0017)). It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of Westlake, which secures representative-assisted payment entry by separating voice media from signaling so that sensitive card-entry information is not received by the agent, with the technique of Lawson, which assigns calls using DID/unique recipient identifiers and supports real-time provisioning/assignment of inbound DID numbers as routable call destinations, to include requesting and receiving an allocated dialed-number identifier (DNIS/DID) from a managed inventory/pool for use in routing a secured call segment. Therefore, the incentives of enabling scalable, on-demand secure routing using dynamically assigned dialable identifiers provided a reason to make an adaptation, and the invention resulted from application of the prior knowledge in a predictable manner. Westlake does not disclose: “transmit one or more call controls to a hypertext markup language (HTML) custom element operating on a web browser of a computing device operating within a network environment, the one or more call controls comprising instructions to the HTML custom element to make one or more API calls to the telephony system of the merchant's telecommunications carrier instructing the telephony system to: park/hold the customer-to-representative call; place a representative-to-system call to the allocated DNIS phone number through the softswitch”. However, as per Claim 1, Lawson in the analogous art of processing telephony-based systems, teaches: “transmit one or more call controls to a hypertext markup language (HTML) custom element operating on a web browser of a computing device operating within a network environment, the one or more call controls comprising instructions to the HTML custom element to make one or more API calls to the telephony system of the merchant's telecommunications carrier instructing the telephony system to: park/hold the customer-to-representative call; place a representative-to-system call to the allocated DNIS phone number through the softswitch”. (See “creating call router resources accessible through an Application Programming Interface (API).” (Para. 0004); “The telephony actions may include, for example, playing a pre-recorded sound file at a server-specified URI (such as a static mp3 file located at http://demo.twilio.com/myapp/1234.mp3), reading text to the caller using text-to-speech technology, calling another number (such as creating a new voice connection through the PSTN, SIP/VoIP, or other IP technology system), collecting digits via DTMF input.” (Para. 0024); “call waiting may be implemented by an application sending a Call Router API request to the call resource that POSTs a new URI for the call. The caller is then directed to the new URI for instructions. A second Call Router API request is sent to the call resource that POSTs the original URI for the call, and thus brings the caller back to the first call session. The call resource may alternatively be used in any suitable application.” (Para. 0024, see also Fig. 15)). It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of Westlake, which uses a web application to drive signaling that controls the voice channel during a secure caller-agent interaction, with the technique of Lawson, which exposes a REST/HTTP call-router API that be invoked by an HTTP client to control live call state, to include transmitting call controls to a browser-resident component that issues telephony API calls to a softswitch-call router to hold/park, transfer, and connect call legs using allocated numbers. Therefore, the incentives of improving deployability and integration with existing carrier/softswitch infrastructure while reducing operational friction provided a reason to make an adaptation, and the invention resulted from application of the prior knowledge in a predictable manner Westlake does not disclose: “transfer the held customer-to-representative call to the allocated DNIS phone number to connect the customer-to-system; and connect the representative-to-system call and the customer-to-system call via the allocated phone numbers; secure the representative-to-system call after receipt of validation of the system-to- representative call using a first DTMF secure call space; secure the customer-to-system call after receipt of validation of the system-to- customer call using a second DTMF secure call space” (claim 1). However, as per Claim 1, Lawson in the analogous art of processing telephony-based systems, teaches: “transfer the held customer-to-representative call to the allocated DNIS phone number to connect the customer-to-system; and connect the representative-to-system call and the customer-to-system call via the allocated phone numbers; secure the representative-to-system call after receipt of validation of the system-to- representative call using a first DTMF secure call space; secure the customer-to-system call after receipt of validation of the system-to- customer call using a second DTMF secure call space”. (See “the call router cryptographically signs outbound requests to customer web applications using an account-specific key. More specifically, the step of communicating with the application server includes the additional steps of digitally signing the request parameters S4 and verifying the digital signature of the request parameters S6.” (Para. 0015); “The server side cryptographic hash is preferably compared to the hash included with the request and if the hashes do not match, the request is preferably determined to be fraudulent. However, if the server side cryptographic hash matches the request hash, the request is preferably determined to be authentic and ready for further processing at the application server.” (Para. 0021); “the results of a telephony action, including Dual Tone Multi Frequency (DTMF) digit processing.” (Para. 0020)). It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of Westlake, which prevents the agent from receiving sensitive DTMF/card data while allowing continuous conversation, with the technique of Lawson, which cryptographicaly signs and verifies requests between a call router and web applications and supports DTMF digit processing as part of telephony actions/state, to include securing the representative-to-system and customer-to-system interactions only after validating control requests and then handling DTMF digit capture in a secured mode/channel that blocks disclosure to the agent. Therefore, the incentives of preventing unauthorized call control and ensuring only authenticated transitions into secure-payment handling provided a reason to make an adaptation, and the invention resulted from application of the prior knowledge in a predictable manner. As per Claim 2 and 8, Westlake teaches: The system of claim 1, wherein the computer system is further programmed to: decrypt the received DTMF tones into the digits they represent; add the digits to a field; and transmit the field to a payment worker for processing by a secure payment application. (“Telephone calls are delivered to a call center (i.e. the second party) over an IP-based network using Session Initiation Protocol (SIP). Card data is input to a touch tone keypad of a telephone by the first party 301 and is encoded as DTMF tones.” (Para. 0043, see also Para. 45 and 48); “display a secure input form into which credit/debit card data, or other sensitive data, is input.” (Para. 0060, see also Para. 41); “transmitting the data to a payment service provider.” (Para. 0041, see also Para. 60)) As per Claim 3 and 9, Westlake teaches: The system of claim 2, wherein the computer system is further programmed to: mask one or more of the digits in the field; and transmit the field with the masked digits to a representative interface via the representative - to-system call. (“capable of replacing, removing or otherwise obfuscating sensitive data.” (Para. 0040, see also Para. 45 and 49); “before it is transmitted to the second control device 304 and, ultimately, the second party 302.” (Para. 0040, see also Para. 42 and 45). As per Claim 4 and 10, Westlake teaches: The system of claim 2, further comprising the representative interface operating on the representative computing device which is configured to receive and display the field with the masked digits. (“modify the sensitive data before it is transmitted via the second channel 308 to the second party 302 in response to detection of the sensitive data.” (Para. 0042); “the signaling processor 305 may replace the sensitive data with placeholder or random data (e.g. replacing DTMF tones representing a card number in the signaling data with non-numeric DTMF tones).” (Para. 0045); “command the first party's 301 web browser, running on the first control device 303, to display a secure input form into which credit/debit card data, or other sensitive data, is input by the first party 301.” (Para. 0060)) As per Claim 5 and 11, Westlake teaches: The system of claim 2, wherein the computer system is further programmed to use a secure border controller (SBC) microservice to act as a call gateway securing a payment card industry (PCI) compliant zone. (“the control devices 303, 304 are typically session border controllers (SBCs): devices responsible for controlling the signaling and media streams involved in setting up, conducting, and tearing down telephone calls or other interactive media communications such as video calls.” (Para. 0037); “Separation may be before receipt of the voice and signaling channels by the first control device 303, which is, for example, a SBC. Alternatively, separation may be carried out in the first control device 303 itself.” (Para. 0044); “the signaling processor 305 is capable of replacing, removing or otherwise obfuscating sensitive data that is transmitted between the first control device 303 and second control device 304 before it is transmitted to the second control device 304 and, ultimately, the second party 302.” (Para. 0040)) As per Claim 6 and 12, Westlake teaches: The system of claim 1, wherein the computing device operating within a network environment is a computer operated by the merchant representative. (“Telephone calls are delivered to a call center (i.e. the second party) over an IP-based network using Session Initiation Protocol (SIP).” (Para. 0043); “the control devices 303, 304 are not SBCs, as in the VoIP-based system, but are typically web browsers or similar user agents (in which the web application runs or is displayed) running on electronic devices (e.g. personal computers, laptops, tablets or smartphones).” (Para. 0058); “the first party 301 interacts with a web application which, in turn, starts a WebRTC session.” (Para. 0058)) Conclusion The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure: US8275115B1 (Everingham), discussing “A system and method for receiving information from a caller without the information being accessed by an agent handling the call. A call is received and routed to an agent, who may be remote. When predetermined information (e.g., credit card number, social security number) is to be provided by the caller, an IVR (Interactive Voice Response) unit or media server is bridged into the call. The caller's input is received by the IVR unit, but not by the agent. If the information is entered as DTMF tones, those tones may be muted or altered for the agent.” (Abstract). Any inquiry concerning this communication or earlier communications from the examiner should be directed to Justin A. Jimenez whose telephone number is (571) 270-3080. The examiner can normally be reached on 8:30 AM - 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W. Hayes can be reached on 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Justin Jimenez/ Patent Examiner, Art Unit 3697 /JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3697