PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 14/540,032
Filing Date: 12 Nov 2014
Appellant(s): Glatt, Terry, L.



__________________
Sean L. Ingram
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed 11/09/2020.

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 01/08/2020 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”

WITHDRAWN REJECTIONS
The following grounds of rejection are not presented for review on appeal because they have been withdrawn by the Examiner.  Claims 25-31 and 39-44 rejected under 35 U.S.C. 102(a) (1) as being anticipated by Langley et al. (US 2012/0150669).

(2) Response to Argument
Claims 25-44 stand rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Appellant alleges that the claims are not directed to certain methods of organizing human activity nor to mental processes and cannot be directed to certain methods of organizing human activity nor to human mental processes since humans do not process information using binary numerals in which claim 25 recites “A point-of-sale device for a merchant, comprising:... a computer... having: a security module that uses bitwise interleave encryption to generate an empirical security key from at least one of said merchant identification data, said business identification data, and said hardware identification data” and “a network interface controller communicatively coupled to said security module, wherein said network interface controller communicates with an authentication server to obtain comparison results between a control security key generated at the authentication server and the empirical security key, said network interface controller being configured to receive payment processing authorization based on a match between the control security key and the empirical security key.”
Further, Appellant alleges that claim 25 covers a mathematical concept that is integrated into a practical application as the 2019 Guidance states that “[o]nly when a claim recites a judicial exception and fails to integrate the exception into a practical application, is the claim ‘directed to’ a judicial exception, thereby triggering the need for further analysis pursuant to the second step of the Alice/Mayo test (USPTO Step 2B).” (Page 5 of 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019) and since none of the identified features fall within the subject matter groupings of abstract ideas enumerated in Section I of the 2019 Guidance, there is no need to proceed to  Prong Two as claim 25 recites a POS device with structural features including an input and a computer that includes a network interface controller that communicates with an authentication server to obtain comparison results between a control security key generated at the authentication server and the empirical security key, a security module which is the gatekeeper that authorizes payment processing upon receiving the payment processing authorization and uses bitwise interleave encryption to generate an empirical security key from at least one of the merchant identification data, the business identification data, and the hardware identification data.  To the extent that bitwise interleave encryption is considered a mathematical concept, the bitwise interleave encryption is integrated into a practical application of generating an empirical security key.  To the extent that comparing a control security key and empirical security key is considered a mathematical concept, the comparison is integrated into a practical application of receiving payment processing authorization.  Appellant requests the Board to confirm that claims 25, 32, and 39, along with dependent claims 26-31, 33-38, and 40-44 are patent eligible as claims 32 and 39 recite features similar to independent claim 25 and are patent eligible without further analysis.
Examiner fully considers Appellant’s position, but respectfully disagree and points out that Examiner did not conclude that the claims being directed to an abstract idea of human mental processes.  However, the claims recite access authorization.  Specifically, the claims recite “receiving at least one of merchant identification data corresponding to a merchant account associated with the merchant, business identification data associated with the merchant, and hardware identification data associated with the point-of-sale device; generate a security key from at least one of said merchant identification data, said business identification data, and said hardware identification data; communicating said empirical security key to an authentication (entity); obtaining payment processing authorization from the authentication (entity) based on a match between a control security key generated at the authentication (entity)and the empirical security key; and authorizing said payment (merchant) to process payments upon receipt of the payment processing authorization.” which is an abstract idea, that is grouped within the “Certain Methods of Organizing Human Activity” and/or “mathematical concepts” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test such as “Fundamental Economics” as the claims recite act of commercial interactions/business relations between payment system users and payment system providers, (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)), because the claims involve receiving identification data and generating a key based on the received identification data and communicating the generated key for comparison to a control key and if there is a match between the generated key and the control key, providing an authorization to an entity associated with the identification data before processing transactions as well as using mathematical operation to generate key that is an identifier generated by using identification information.  Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application as Appellant alleges because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional element(s) of the claims such as “a point-of-sale device for a merchant, comprising: an input that receives at least one of a merchant identification… a computer…having:… a security module that uses bitwise interleave encryption to generate an empirical security key… a network interface controller communicatively coupled to and said security module, wherein said network interface controller communicates with an authentication server to obtain… said network interface controller being configured to receive… and a payment module communicatively coupled to said security module and said network interface controller, said payment module being authorized to process”, “a non-transitory computer-readable storage medium storing instructions which, when executed by a point-of-sale device having a processor”, “server” and “payment module” merely uses a computer as a tool to perform an abstract idea and/or generally links the use of a judicial exception to a particular technological environment.  Specifically, the “a point-of-sale device for a merchant, comprising: an input that receives at least one of a merchant identification… a computer…having:… a security module that uses bitwise interleave encryption to generate an empirical security key… a network interface controller communicatively coupled to and said security module, wherein said network interface controller communicates with an authentication server to obtain… said network interface controller being configured to receive… and a payment module communicatively coupled to said security module and said network interface controller, said payment module being authorized to process”, “a non-transitory computer-readable storage medium storing instructions which, when executed by a point-of-sale device having a processor”, “server” and “payment module” performs the steps or functions of “receiving at least one of merchant identification data corresponding to a merchant account associated with the merchant, business identification data associated with the merchant, and hardware identification data associated with the point-of-sale device; generate a security key from at least one of said merchant identification data, said business identification data, and said hardware identification data; communicating said empirical security key to an authentication (entity); obtaining payment processing authorization from the authentication (entity) based on a match between a control security key generated at the authentication (entity)and the empirical security key; and authorizing said payment (merchant) to process payments upon receipt of the payment processing authorization."  The use of a processor/computer as a tool to implement the abstract idea and/or generally linking the use of the abstract idea to a particular technological environment does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea.  The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo).  Therefore, the claims do not, for example, purport to improve the functioning of a computer.  Nor do they effect an improvement in any other technology or technical field.  Further, the additional element of “using bitwise interleave encryption to generate an empirical security key” also does not improve a computer as it represents the mere performance of a mathematical calculation by a computer.  Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
Further, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional elements of using a “a point-of-sale device for a merchant, comprising: an input that receives at least one of a merchant identification… a computer…having:… a security module that uses bitwise interleave encryption to generate an empirical security key… a network interface controller communicatively coupled to and said security module, wherein said network interface controller communicates with an authentication server to obtain… said network interface controller being configured to receive… and a payment module communicatively coupled to said security module and said network interface controller, said payment module being authorized to process”, “a non-transitory computer-readable storage medium storing instructions which, when executed by a point-of-sale device having a processor”, “server” and “payment module” to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of access authorization.  As discussed above, taking the claim elements separately, the “a point-of-sale device for a merchant, comprising: an input that receives at least one of a merchant identification… a computer…having:… a security module that uses bitwise interleave encryption to generate an empirical security key… a network interface controller communicatively coupled to and said security module, wherein said network interface controller communicates with an authentication server to obtain… said network interface controller being configured to receive… and a payment module communicatively coupled to said security module and said network interface controller, said payment module being authorized to process”, “a non-transitory computer-readable storage medium storing instructions which, when executed by a point-of-sale device having a processor”, “server” and “payment module” perform the steps or functions of “receiving at least one of merchant identification data corresponding to a merchant account associated with the merchant, business identification data associated with the merchant, and hardware identification data associated with the point-of-sale device; generate a security key from at least one of said merchant identification data, said business identification data, and said hardware identification data; communicating said empirical security key to an authentication (entity); obtaining payment processing authorization from the authentication (entity) based on a match between a control security key generated at the authentication (entity)and the empirical security key; and authorizing said payment (merchant) to process payments upon receipt of the payment processing authorization."  These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of access authorization.  Additionally, the additional element of “using bitwise interleave encryption to generate an empirical security key” also does not improve a computer as it represents the mere performance of a mathematical calculation by a computer.  Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea.  The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I) (A) (f) & (h)). Therefore, the claim is not patent eligible and Examiner requests that the Board sustains the rejections.

Claim 25 recites “…network interface controller communicates with an authentication server to obtain comparison results between a control security key generated at the authentication server and the empirical security key… receive payment processing authorization based on a match between the control security key…”, claim 32 “…obtaining payment processing authorization from the authentication server based on a match between a control security key generated at the authentication server and the empirical security key; authorizing said payment module to process payments upon receipt of the payment processing authorization.”  Each stand rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement because the Appellant’s Specification is silent of the language.
Appellant is of the opinion  that support for these claim features may be found at least in paragraphs [0023 –first through fifth occurrences on pages 6 and 7], [0026], [0027], [0039]-[0045], and FIGs. 2 and 3 of the originally filed specification and that claims 32 and 39 recite similar language.  Appellant also adds that originally filed claim 25 recites “a network interface controller being connected to said computer and configured to check the security key on an authentication server, said network interface controller being further configured to receive device authorization from the authentication server.” The term “authentication server” was recited in claim 25 as originally filed. The originally filed specification describes the “business logic server 32” as performing the operation attributed to the claimed “authentication server.” (Specification, paragraph [0045]). Paragraphs [0039] and [0041] of the specification were amended by an Amendment submitted on February 7, 2019 to include the features recited in original claim 253.  Specifically, paragraph [0041] recites a “business logic server 32, which is also known as an application or authentication server, implements the business logic used by the payment processor.” Thus, the originally filed specification supports this feature recited in independent claim 25.  Appellant further describes sections of the Appellant’s Specification about key generation and transmission of the key to business logic server that compares it to system key stored in database before the POS device is authorized to process payment.
Examiner fully considers Appellant’s position, but respectfully disagree because none of the section of the Appellant’s Specification provided as evidence provide proper support for the claim language under rejection.  That is, the claims requires that “…network interface controller communicates with an authentication server to obtain comparison results between a control security key generated at the authentication server and the empirical security key… receive payment processing authorization based on a match between the control security key…”, in claim 25 and “…obtaining payment processing authorization from the authentication server based on a match between a control security key generated at the authentication server and the empirical security key; authorizing said payment module to process payments upon receipt of the payment processing authorization,” in claim 32.  However, the Specification does not disclose what the network interface controller is and how network interface controller communicates with an authentication server nor does the Specification disclose how network interface controller is being configured to receive payment processing authorization.  Further, the Specification does not disclose what is involved in performing the act of “obtaining” or the manner in which “obtaining” is performed.  Additionally, the Specification does not describe what the payment module is and how the authorizing of the payment module is performed to process payment.  Therefore, the Specification does not provide a proper support for the claim language and does not explain what hardware and/or software with specific steps or procedures, to accomplish the function in accordance with MPEP 2161.01 (I)) hence Examiner requests that the Board sustains the rejections including claim 39 that recites similar language and all the dependent claims as each depend from 25, 32 and 39.
Claims 25 and 26 recites “a security module that uses bitwise interleave encryption to generate an empirical security key…” and stand rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement because the Appellant’s Specification is silent of the language.
Appellant is of the opinion that the originally filed specification describes that the “POS device generates a system key using the same algorithm that the business logic server 32 uses to generate the software key.  The POS device 20 uses the MID, BID, and HID stored within the POS device to generate the system key.” (Specification, paragraph [0044]). With respect to using the same algorithm that the business logic server 32 uses, the originally filed specification describes that the business logic server 32 generates a software key “in a one-way hash from the MID, BID, and HID.  An example of a preferred one-way hash is bitwise interweave encryption.” (Specification, paragraph [0043]). Thus, the originally filed specification supports a POS device having “a security module that uses bitwise interleave encryption to generate an empirical security key...,” as recited in claims 25 and 26 hence claims 25, 26, 30, 32, 33, 39, and 40 find support in the original disclosure.
Examiner fully considers Appellant’s position, but respectfully disagree because none of the sections provided as evidence to rebut the rejection provide proper support for the claim language.  That is, the Specification does not disclose what a security module is and how the security module uses bitwise interleave encryption to generate an empirical security key.  Further, the Specification in Par. 26 provides only that the POS software is configured to generate an empirical security key as pointed out in the Final Office Action rejection.  Therefore, the Specification does not provide a proper support for the claim language and does not explain what hardware and/or software with specific steps or procedures, to accomplish the function in accordance with MPEP 2161.01 (I)) hence Examiner requests that the Board sustains the rejections including claims 25, 30, 32 and 39 that recites similar language and all the dependent claims as each depend from 25, 32 and 39.
Claim 28 recites “wherein said security module deactivates said device when a predefined business condition is not met,” and stand rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement because the Appellant’s Specification does not provide a proper support for claim language.
Appellant is of the opinion that the originally filed specification describes several examples of when the POS device is deactivated when a predefined business condition is not met such as when at least one of the BID-derived empirical security key, the MID-derived empirical security key, or the HID-derived empirical security key do not match the control security key. (Specification, paragraphs [0027]-[0029]) hence claim 28 is supported by the original disclosure.
Examiner fully considers Appellant’s position, but respectfully disagree because again the Specification does not disclose what the security module is and how the security module deactivates said device when a predefined business condition is not met.  That is, the Specification does not describe what is involved in performing the act of “deactivates” or the manner in which “deactivates” is performed.  Therefore, the Specification does not explain what hardware and/or software with specific steps or procedures, to accomplish the function in accordance with MPEP 2161.01 (I)).  As such, Examiner requests that the Board sustains the rejections.
Claim 32 recites “generate… communicating… obtaining… authorizing…”  and stand rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement because the claim does not recite the device or entity that performs each step in accordance with the Specification.
Appellant is of the opinion that Claim 32 recites “receiving, at a computer, at least one of merchant identification data corresponding to a merchant account associated with the merchant, business identification data associated with the merchant, and hardware identification data associated with the point-of-sale device.” hence claim 32 recites that a computer performs the steps.
Examiner fully considers Appellant’s position, but respectfully disagree because the limitations under rejection is not “receiving, at a computer, at least one of merchant identification data corresponding to a merchant account associated with the merchant, business identification data associated with the merchant, and hardware identification data associated with the point-of-sale device,” but the “generate… communicating… obtaining… authorizing…” steps as the Specification only provide the POS software that generates the empirical security key, it is the software that communicates with the web site service, etc. However, the claim does not recite the device or entity that performs these functions. That is, the claim is broader than the Applicant’s Specification as the Specification does not provide support for the full breadth of the claim since the claims are broad enough to read on any entity performing the recited functions while the Specification only provides a specific entities performing the recited function in accordance with Lizard Tech… 76 USPQ2d 1724 (Fed. Cir 2005).  As such, Examiner requests that the Board sustains the rejections including claims 33-35 and 37 based on the same rational as each recites similarly and claims 33-38 as each depend on claim 25, 32 and 39 respectively.

Claim 25 recites “an input that receives, security module that…generate, network interface controller communicates, payment module…to process” which are limitations that invoke 35 U.S.C. 112, sixth paragraph and stand rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Appellant is of the opinion that this language is not means plus function language that invokes 35 U.S.C. 112, sixth paragraph because independent claim 25 recites “...a computer...having: a security module that uses bitwise interleave encryption to generate an empirical security key...” as the specification recites that the computer includes an embedded algorithm for encrypting and decrypting the software key. (Specification, paragraph [0023-first occurrence]).  Furthermore, independent claim 25 recites that the computer includes a security module that uses bitwise interleave encryption to generate an empirical security key.
Still further, independent claim 25 recites “... a computer... having: ... a network interface controller [that] communicates with an authentication server. Applicant respectfully submits that this language is not means plus function language that invokes 35 U.S.C. 112, sixth paragraph.  Still further, independent claim 25 recites “... a computer... having: ... a payment module being authorized to process payments. Applicant respectfully submits that this language is not means plus function language that invokes 35 U.S.C. 112, sixth paragraph.  Again, applicant respectfully submits that none of the language recited in claim 25 invokes 35 U.S.C. 112, sixth paragraph. The examiner appears to improperly assert a rejection under 35 U.S.C. § 112, 2nd paragraph, alleging that “the written description fails to disclose the corresponding structure, material, or acts for the claimed invention.” (final Office Action, page 33).  Additionally, Appellant insist that claim 25 recites a point-of-sale terminal that includes structure that includes (1) an input and (2) a computer having an algorithm.  (Specification, paragraph [0023 -first occurrence]). One of ordinary skill in the art will readily appreciate that the “input” recited in independent claim 25 includes an electrical connector and the computer recited in independent claim 25 includes a processor that communicates with a memory to store software having an algorithm that implements the security module, the network interface controller, and the payment module to encrypt and decrypt the software key, as described in paragraph [0023 -first occurrence] of the Specification. Independent claims 32 and 39 are enabled for similar reasons discussed above with respect to independent claim 25.
Examiner fully considers Appellant’s position, but respectfully disagree because the Specification fails to disclose the corresponding structure, material, or acts for the claimed function.  That is, the specification does not describe the algorithm for performing the recited function since these limitations invoke 112(f), the Specification must clearly link the recited functions to the corresponding structure and for computer-implemented means-plus-function limitations, the corresponding structure includes both the computer and the algorithm that performs the recited functions.  Further, the specification does not recite that the “input, security module, network interface controller, nor payment module” are associated with any computer, microprocessor, or other structure, where the computer performs the algorithms necessary to carry out the functions of that receives at least one of merchant identification data corresponding to a merchant account associated with the merchant, business identification data associated with the merchant, and hardware identification data…, that uses bitwise interleave encryption to generate an empirical security key…, communicates with an authentication server…, being authorized to process payments…”, respectively.  The terms “input,” “module,” and “interface controller,” are non-structural term which are place holders without any modifiers.  Therefore, the limitations “an input that receives, security module that…generate, network interface controller communicates, payment module…to process,” invokes 35 U.S.C. 112, sixth paragraph and are properly rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite hence Examiner requests that the Board sustains the rejections including claims 26-31 which depend from claim 25.
Claims 25 and 39 stand rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention because each are hybrid claims in accordance with MPEP § 2173.05(p) II since the claims are directed to neither a “process” nor a “machine” but rather embrace or overlap two different statutory classes of invention.
Appellant is of the opinion that claim 25 recites a “point-of-sale device” that includes a computer having a network interface controller that is communicatively coupled to an authentication server to obtain comparison results between the empirical security key and a control security key generated at the authentication server which is clearly directed to a point-of-sale device that obtains comparison results from an authentication server as the same analysis applies to the non-transitory computer-readable storage medium of claim 39 that stores instructions executed by a point-of-sale device having a processor.
Examiner fully considers Appellants position, but respectfully disagree because claims 25 and 39 are drawn to a product as claim 25 recite “A point-of-sale device for a merchant” and claim 39 recites “A non-transitory computer-readable storage medium”.  However, claims 25 and 39 each recite “…generated at the authentication server,” which is an act (method step) performed that is not attributed to the claimed “A point-of-sale device for a merchant” in claim 25 and “A non-transitory computer-readable storage medium” in claim 39.  This causes confusion regarding when infringement occurs, either through limitations that are not attributed to any of the claimed structure or through limitations in which it is unclear whether infringement depends on use of the claimed structure or on its functionality.  Therefore, claims 25 and 39 are attempting to claim both an apparatus and the method steps of using the apparatus.  It has been held that a claim that recites both an apparatus and the method steps of using said apparatus and/or method steps is indefinite under section 112, paragraph 2, as it does not sufficiently provide competitors with an accurate determination of the 'metes and bounds' of the protection involved as found in In re Katz Interactive Call Processing Patent Litigation, 97 USPQ2d 1737 (Fed. Cir. 2011)) hence Examiner requests that the Board sustains the rejections including claims 26-31 and 40-44 as each depend on claim 25 and 39 respectively.
Claims 25, 32 and 39 stand rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention as each recite “…generated at the authentication server,” which is outside the scope of the invention.
Appellant is of the opinion that claim 25 is clearly directed to a point-of-sale device that obtains comparison results from an authentication server and the same analysis applies to the non-transitory computer-readable storage medium of claim 39 that stores instructions executed by a point-of-sale device having a processor.
Examiner fully considers Appellant’s position, but respectfully disagree because claim 25 and 32 are directed to “A point-of-sale device for a merchant” and claim 39 is directed to “A non-transitory computer-readable storage medium.”  However, claims 25, 32 and 39 each recite “…generated at the authentication server” which is limitation directed to authentication server that is outside the scope of “A point-of-sale device for a merchant” and “A non-transitory computer-readable storage medium.”  Therefore, it is unclear if the claims are directed to a POS,  non-transitory computer-readable storage medium or in combination with authentication server hence Examiner requests that the Board sustains the rejections in accordance with In re Zletz, 893 F.2d 319, 13 USPQ2d 1320 (Fed. Cir. 1989) including claims 26-31, 33-38 and 40-44 as each depend on claim 25, 32 and 39 respectively.

Claims 25, 27-29, 31-32, 34-39 and 41-44 stand rejected under 35 U.S.C. 103 as being unpatentable over Rabin et al. (US 6,697,948), Langley et al. (US 2012/0150669), Miller et al. (US 2012/0201381) in view of Von Mueller et al. (US 2013/0254117).
Appellant is of the opinion that Rabin fails to teach or suggest features of independent claim 25 directed to the “network interface controller communicat[ing] with an authentication server to obtain comparison results between a control security key generated at the authentication server and the empirical security key,” and states that Rabin is cited for describing “[e]ssentially, however, during call-up processing, the supervising program (SP) 209 in a user device 104 securely transfers a copy of the tag table 210 and the fingerprint table 126 to the guardian center 103 (FIG. 2). After verification, the guardian center 103 (FIG. 2) compares each TAG INSTSWn in the tag table 210 against a list of compromised tags. The guardian center 103 (FIG. 2) can detect tags that are invalid or compromised in some manner.” (Emphasis in original, final Office Action, page 41, citing to Rabin, col. 48, lines 9-18), however, Appellant admits, that “Rabin describes that the tag table storing the tag associated with the instance of software is transmitted from the user device,” whereas independent claim 25 recites “network interface controller [that] communicates with an authentication server to obtain comparison results between a control security key generated at the authentication server.”  Further, Appellant alleges that Rabin fails to describe that the tags associated with the software instances are compared to the fingerprints associated with untagged instances of software while admitting that “Rabin describes that the tags associated with the software instances are compared to a tag table. (Rabin, col. 15, lines 49-57, col. 38, lines 36-52, and col. 40, lines 14-28) as well as Rabin describes that the fingerprints associated with untagged instances of software are compared to a fingerprint table. (Rabin, col. 15, lines 49-57, col. 38, lines 36-52, and col. 40, lines 14-28).”
Examiner fully considers Appellant’s position while recognizing Appellant’s admitting that “Rabin describes that the tag table storing the tag associated with the instance of software is transmitted from the user device,” “Rabin describes that the tags associated with the software instances are compared to a tag table. (Rabin, col. 15, lines 49-57, col. 38, lines 36-52, and col. 40, lines 14-28) as well as Rabin describes that the fingerprints associated with untagged instances of software are compared to a fingerprint table. (Rabin, col. 15, lines 49-57, col. 38, lines 36-52, and col. 40, lines 14-28).”  However, Rabin also discloses,
“To determine whether a tag associated with an instance INST of Software is authentic, the Supervising program of the device on which INST is to be installed or used, extracts the instance number NUM INST of INST and the name NAME SW of SW from the tag.   The Supervising program computes a hash function value on Some Specified portions of the contents of the software instance INST. The Supervising program then computes a hash function value combining the instance number NUM INST, the name NAME SW, and the previously computed hash function value. The Supervising program compares the hash function values it computed with hash function values found in the tag. It must also verify any digital Signature which is a component of a signed tag. The authenticity of an unsigned tag is further checked by the Supervising program before allowing the first or Some Subsequent use of the associated instance of Software by Securely Sending the tag to the tag Server or to a guardian center described next, for authentic cation of the tag.
If the verification program detects a match between a fingerprint in the fingerprint database and a fingerprint within all fingerprints received from the user device, the verification program specifies punitive action to be performed, and the verification program returns a continuation message to the user device. In this case, the continuation message indicates the punitive action to be performed on the user device. As such, a user device can be disabled, for example, if caught using untagged infringing software.
Once an instance of software and the tag associated with that instance of software are installed on a user device 104 through 107, a user (not shown) of that device or the device itself can attempt to use the software. However, before use of the instance of software is allowed, the supervising program (not shown) in the user device 104 through 107 that contains the software verifies that a valid tag exists within the user device for the instance of software requested by the user or by the device. Periodically, each user device communicates with the guardian center 103 via communication network 100 to ensure that all tags associated with the instances of software on that user device are valid and are being used in compliance with a usage supervision policy.
In a preferred embodiment of the invention the tag is created by the tag server 102 according to the steps in FIGS. 3A, 3B or 3C and has the contents produced by step 154A (FIG.3A) for a signed tag and 154B (FIGS. 3B and 3C) for an unsigned tag. If the tag TAG INST SW is a signed tag, step (FIG. 5, 253) invokes a part of the Supervising program (SP) 209 to compute the hash function value V=HASH (INST SW) and a hash function value U=HASH(NAME SW, NUM INST SW, V). The supervising program 209 then compares the value U with the value HASH INST SW found in the tag TAG INST SW. If the two compared values do not agree then the tag is invalid. If the values U and V agree then the Supervising 209 program further verifies, by use of the tag server's 102 public key PUBLIC KEY TS (FIG. 2, 116), the digital signature on SIGN TS (HASH INST SW) that exists within the tag TAG INST SW. If the tag server's signature in SIGN TS (HASH INST SW) is not validated, then the tag TAG INST SW is not valid. When the instance of named software (NAME SW, SW) obtained in step 250 is found in step 253 to be associated with an invalid tag TAG INST SW obtained in step 251, the instance of software is rejected in step 254.
As will be explained, a continuation message CM (FIG. 2, 212; FIG. 13B, 423) is preferably also stored in the LAST_GC_CM field of the tag table header (top row of table 210 in FIG. 6). The CM 212 is a message prepared by the guardian center 103 (FIG. 2) during a call-up procedure with the user device 104 and is preferably securely transmitted by the guardian center 103 (FIG. 2) to the device 104-107 performing the call-up. A continuation message CM 212 includes information so that the supervising program (SP) 209 on the user device 104 can determine which instances of software 111-114 are allowed to continue to be used or should be disabled because of improper use, and can also define other actions or punitive actions to be executed by the device's supervising program 209.” (In at least Col. 15, Line 49-57; Col. 27, Line 66-Col. 28, Line 22; Col. 40, Lines 43-65; Col. 44, Line 63-Col. 45, Line 9)
Given the broadest reasonable interpretation of the claim in light of the Appellant’s Specification discloses “the software key is generated in a one-way hash” (Par. 0050), but does not disclose a proper structure of the network interface controller [that] communicates nor the Specification disclose what security module is hence Rabin is sufficient in terms art as Robin discloses a security module (supervising program) that generate empirical security key (tag); a network interface controller communicatively coupled to and said security module (interconnection mechanism 203 is used to interface to the communication network 100 and may be a device such as a modem, network interface card, wireless transceiver, or other device used for communications (Fig. 4)), wherein said network interface controller communicates with an authentication server to obtain comparison results between a control security key generated at the authentication server and the empirical security key, said network interface controller being configured to receive processing authorization based on a match between the control security key and the empirical security key.
Additionally, Appellant alleges that Langley fails to overcome the above deficiency of Rabin and are deficient, both alone and in combination, for failing to teach or suggest at least “a network interface controller communicatively coupled to said security module, wherein said network interface controller communicates with an authentication server to obtain comparison results between a control security key generated at the authentication server and the empirical security key, said network interface controller being configured to receive payment processing authorization based on a match between the control security key and the empirical security key,” including “a security module that uses bitwise interleave encryption to generate an empirical security key from at least one of said merchant identification data, said business identification data, and said hardware identification data,” and that the final Office Action acknowledges that neither “Rabin nor Langley specifically disclose uses [sic] bitwise interleave encryption to generate an empirical security key” and relies on Miller for allegedly describing using “bitwise interleave encryption to generate an empirical security key (Par. 74).” (final Office Action, page 42).  Further Appellant alleges that Rabin, Langley, and Miller fail to teach or suggest “a security module that uses bitwise interleave encryption to generate an empirical security key from at least one of said merchant identification data, said business identification data, and said hardware identification data,” as recited in independent claim 25 because Miller describes using dynamic key cryptography to validate mobile device users to cloud services by uniquely identifying the user’s electronic device using a wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. (Miller, Abstract) while admitting that the final Office Action relies on Miller’s description of creating a custom code that includes different encryption algorithms, different hashing algorithms, message digest, unique system encryption keys, unique look up table routines and orderings, different hashing methods for combining minutia values into dynamic crypto keys, and minutia definitions and classes uniquely available to a particular service provider as allegedly supporting “bitwise interleave encryption to generate an empirical security key”. (Miller, paragraph [0074] and final Office Action, page 42) as well as Miller describes that all “the customizations when compiled form a dynamic key crypto library 56 unique to the service provider 14 such that a breach of a dynamic key crypto library 56 for one service provider 14 may not affect the dynamic key crypto library 56 of another service provider 14.” (Miller, paragraph [0074]).
Examiner fully considers Appellant’s position while recognizing Appellant’s admitting that “Miller describes using dynamic key cryptography to validate mobile device users to cloud services by uniquely identifying the user’s electronic device using a wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. (Miller, Abstract) while admitting that the final Office Action relies on Miller’s description of creating a custom code that includes different encryption algorithms, different hashing algorithms, message digest, unique system encryption keys, unique look up table routines and orderings, different hashing methods for combining minutia values into dynamic crypto keys, and minutia definitions and classes uniquely available to a particular service provider as allegedly supporting “bitwise interleave encryption to generate an empirical security key”. (Miller, paragraph [0074] and final Office Action, page 42) as well as Miller describes that all “the customizations when compiled form a dynamic key crypto library 56 unique to the service provider 14 such that a breach of a dynamic key crypto library 56 for one service provider 14 may not affect the dynamic key crypto library 56 of another service provider 14.” (Miller, paragraph [0074]), agree that Rabin nor Langley specifically disclose uses bitwise interleave encryption to generate an empirical security key.  Miller discloses,
“The SP info and IDs 32 data unique to a service provider 14 may be used in a custom library creation 34 process to make a dynamic key crypto library 56 which contains data elements of the SP info and IDs 32 database. In addition to data unique to the service provider 14, the custom library creation 34 process can create code custom to a particular service provider 14. Such custom code can include different encryption algorithms (e.g., AES, RSA, Elliptical curve), different hashing algorithms (e.g., secure hash algorithm (SHA-1), message digest (MDM)), unique system encryption keys, unique look up table routines and orderings, different hashing methods for combining minutia values into dynamic crypto keys (e.g., interleaved bit transformations, reverse-ordering, bit inverse, bit shifting), and minutia definitions and classes uniquely available to a particular service provider 14. All of the customizations when compiled form a dynamic key crypto library 56 unique to the service provider 14 such that a breach of a dynamic key crypto library 56 for one service provider 14 may not affect the dynamic key crypto library 56 of another service provider 14. In addition, even if the exact same minutia values are used to form a dynamic crypto key on the exact same computer 18, the resultant dynamic crypto key for one service provider 14 may be different than the resultant dynamic crypto key for another service provider 14; thus the responses for different instances of service provider 14 would be different even if the exact same challenge was sent.” (In at least Par. 74)
Given the broadest reasonable interpretation of the claim in light of the Appellant’s Specification, Miller discloses uses bitwise interleave encryption to generate an empirical security key.  Therefore, it would have been obvious for a person of ordinary skill in the art before the effective filing date of the claimed invention to substitute the use of locations values to compute a function for fingerprint (Col. 30, Line 55-67) of Rabin, Langley in view of uses bitwise interleave encryption to generate an empirical security key (Pars. 74) of Miller in order to allow owners and vendors of software products to protect the property right of their software (Rabin, Abstract) and to provide unique dynamic key to a service provider (merchant) such that a breach of the unique dynamic key for one service provider (merchant) may not affect other keys in a database (Miller, Par. 74).  ("Express suggestion to substitute one equivalent technique for another need not be present to reader such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (BD. Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007))
Additionally, Appellant is of the opinion that Rabin, Miller, von Mueller, and Langley are deficient, both alone and in combination, for failing to teach “a security module that uses bitwise interleave encryption to generate an empirical security key from at least one of said merchant identification data, said business identification data, and said hardware identification data,” as recited in independent claim 25 and follows that Rabin, Miller, von Mueller, and Langley are deficient both alone and in combination for failing to teach “a network interface controller communicatively coupled to said security module, wherein said network interface controller communicates with an authentication server to obtain comparison results between a control security key generated at the authentication server and the empirical security key, said network interface controller being configured to receive payment processing authorization based on a match between the control security key and the empirical security key,” as recited in independent claim 25 because von Mueller describes in “step 920, transactional data is encrypted with a key generated with the unique POS or retailer identification. In this way, the transactional data can have an encrypted code that is specific to a particular POS or retailer. In step 925, the encrypted transactional data is transmitted to a bank or other financial institution.” (emphasis added, von Mueller, paragraph [0173]). In other words, von Mueller describes encrypting transactional data with a key rather than generating a key based on selected data.
Examiner fully considers Appellant’s position, but respectfully disagree with Appellant’s characterization of von Mueller because Von Mueller disclose,
“In step 915, a unique identification of the POS or the retailer is received. Alternatively, this step is optional because the unique identification of the POS or the retailer can be pre-programmed into security module 210 memory. In one embodiment, a unique identification of the HSM can be used in place of the POS. In step 920, the transactional data is encrypted with a key generated with the unique POS or retailer identification. In this way, the transactional data can have an encrypted code that is specific to a particular POS or retailer. In step 925, the encrypted transactional data is transmitted to bank or other financial institution.” (In at least Par. 173)
Given the broadest reasonable interpretation of the claim in light of the Appellant’s Specification, Von Mueller discloses key from said at least one of a merchant identification, said business identification, and said hardware identification (Par. 173).  Therefore, it would have been obvious for a person of ordinary skill in the art before the effective filing date of the claimed invention to substitute the use of any of the identifiers such as the instance number NUM INST, the name NAME SW to generate the tag or locations values to compute a function for fingerprint (Col. 14, Lines 41-59; Col. 30, Line 55-67) of Robin, Langley, Miller in view of key from said at least one of a merchant identification, said business identification, and said hardware identification (Par. 0173) of Von Mueller in order to allow owners and vendors of software products to protect the property right of their software (Robin, Abstract) and to allow owners and vendors of software products to protect the property right of their software (Robin, Abstract) and to uniquely identify each key with specific POS and business (Von Mueller, Par. 173).  ("Express suggestion to substitute one equivalent technique for another need not be present to reader such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (BD. Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007))

The rationale to support a conclusion that the claim would have been obvious is that all the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination yielded nothing more than predictable results to one of ordinary skill in the art. (KSR. 550 U.S. at 416, 82 USPQ2d at 1395; Sakraida v. AG Pro, Inc., 425 U.S. 273, 282, 189 USPQ 449, 453 (1876); See MPEP 2143 I A)  Therefore, Examiner requests that the Board sustains the rejections as provided hereon and the Office Action.

Claims 25, 26, 28, 32 and 39 of the present application are not supported by the disclosure of prior-filed Provisional Application 61/903,352, the current claims 25-44 of present application do not receive priority to the filing dates of Provisional Application 61/903,352.
Appellant is of the opinion that the originally filed provisional application supports the feature of “a security module that uses bitwise interleave encryption to generate an empirical security key,” “network interface controller [that] communicates with an authentication server to obtain comparison results between a control security key and the empirical security key, said network interface controller being configured to receive payment processing authorization based on a match between the control security key and the empirical security key,” recited in independent claim 25 of the present application finds support for this claim feature may be found at least in paragraphs [0016], [0017], and [0020] and claim 21 of the originally filed provisional application.  Further, Appellant states that Independent claims 32 and 39 of the present application recite “obtaining payment processing authorization from the authentication server based on a match between a control security key generated at the authentication server and the empirical security key; and authorizing said payment module to process payments upon receipt of the payment processing authorization.” Support for these claim features may be found at least in paragraphs [0016], [0017], and [0020] and claims 17, 18 and 21 of the originally filed provisional application hence U.S. Provisional Application No. 61/903,352 filed on November 12, 2013 enables claims 25, 26, 28, 32, and 39 of the present application since Specifically, the originally filed provisional application states at paragraph [0016] that “[a]t configurable intervals, the software checks a web site service and if there is a match between the empirical security key (i.e. the information that the payment module is currently programmed with) and a control security key, the device is enabled, if not, credit card transactions, or the entire POS device is locked down.” And paragraph [0020] that “[w]hen the MID-derived empirical security key and the control key match, the device is authorized or the processing module is authorized to processing payments in the POS device. When the MID-derived empirical security key and the control security key do not match, as when a different MID is entered, the device is de-authorized or the processing module is de-authorized to process payments. The security keys can be checked periodically: for example, at startup, after a given amount of time, after a given number of transactions, or upon some other software or configuration event.”
Examiner fully considers Appellant’s position, but respectfully disagree because The respective Provisional Application 61/903,352 at least do not disclose the at least “…network interface controller communicates with an authentication server to obtain comparison results between a control security key generated at the authentication server and the empirical security key… receive payment processing authorization based on a match between the control security key…” (Claim 25), “a security module that uses bitwise interleave encryption to generate an empirical security key…” (Claims 25 and 26), “wherein said security module deactivates said device when a predefined business condition is not met.” (Claim 28), “…obtaining payment processing authorization from the authentication server based on a match between a control security key generated at the authentication server and the empirical security key; authorizing said payment module to process payments upon receipt of the payment processing authorization.” (Claim 32 similarly in Claim 39) fails to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph for one or more claims of this application.  That is, the Specification does not disclose nor the Specification describe in sufficient detail in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention as to what a network interface controller, a security module and how each of the network interface controller and the security module performed the recited steps.  Therefore, Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 120 as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA  35 U.S.C. 112, except for the best mode requirement.  (See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994)).

The respective Provisional Application 61/903,352, fail to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph for one or more claims of this application and as claims 25, 26, 28, 32 and 39 of the present application are not supported by the disclosure of prior-filed Provisional Application 61/903,352, the current claims 25-44 of present application do not receive priority to the filing dates of Provisional Application 61/903,352 hence Examiner requests that the Board sustains the rejections.

Any potential arguments related to dependent claims were waived
All dependent claims, (26-31, 33-38 and 40-44), were discussed only to refer to the arguments in the independent claim.
Per 37 CFR 41,37(c)(l)(iv) the failure of appellant to separately argue claims which Appellant has grouped together shall constitute a waiver of any argument that the Board must consider the patentability of any grouped claim separately.

For the above reasons, it is believed that the rejections should be sustained.
Respectfully submitted,
/WODAJO GETACHEW/
Examiner, Art Unit 3685
Conferees:
/Mohammad A. Nilforoush/Primary Examiner, Art Unit 3685  
                                                                                                                                                                                                      /JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685                                                                                                                                                                                                        

Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.