PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 15/203,722
Filing Date: 6 Jul 2016
Appellant(s): Kumar et al.



__________________
Spencer Thevenin, Registration No. 76,644
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed February 12, 2021 (herein after “Brief”).


(1) Grounds of Rejection to be Reviewed on Appeal

Every ground of rejection set forth in the Final Office Action filed October 10, 2020 (hereinafter “the Action”) from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”

(2) Withdrawn Rejections

Claim rejection under 35 U.S.C. §112(b), regarding the claims being directed to ambiguous limitations, is withdrawn.
Applicant’s arguments in the Brief, pages 9-10, have been fully considered. 
The claims were rejected because the claims first recited “sending a first request associated with the first transaction data to the server to perform a first authentication,” then the claims recite “wherein requesting the first authentication…”
Appellant notes that the second recited request is clearly referring to the first recited request in the claims. In other words, both requests are directed to the same request. As a result, the Examiner acknowledges the Appellant’s explanation/clear interpretation of the claims and finds the arguments persuasive. 
The rejection is withdrawn. 

(3) Response to Argument

The Appellant's arguments in regards to claim rejections under 35 U.S.C. §112(a) have been considered but are not persuasive. 
Appellant makes the following arguments, pages 6-8 in the Brief:
I. Claims 1, 8, and 21 comply with the written description requirement when reciting “responsive to generating the first dynamic key, sending a first request associated with the first transaction data to the server...generating a cryptogram, by the processing device, using the second dynamic key and second transaction data.
Applicant highlights the rejection in the Action, wherein the Examiner explicitly explained the issue. The Examiner (1) captures all of the claim limitation, then (2) identifies that the issue is based on the claims reciting the generation of the cryptogram, which is explicitly generated using the second dynamic key and second transaction data. The Action recites:
“A method comprising: generating, by a processing device of a mobile device, a first dynamic key based on a base key stored in memory of the mobile device, wherein the mobile device is communicatively coupled to a server comprising a payment processor; receiving, by the processing device, first transaction data corresponding to a first transaction associated with the mobile device, responsive to generating the first dynamic key, sending a first, request associated with the first transaction data to the server to perform a first authentication of the first transaction, wherein requesting the first authentication is based on the first dynamic key, generating, by the processing device, a second dynamic key based on a combination of the first dynamic key and the first transaction data ... generating a cryptogram, by the processing device, using the second dynamic key and second transaction data corresponding to a second transaction…” Emphasis added. It is not known how the cryptogram is generated if the first transaction is never authenticated. 
The processing device only sends a request for authentication, wherein the authentication of the first transaction never occurs and the processing device never receives any indication that the first transaction has been authenticated by the server. Therefore, it is not known how the cryptogram can be generated, wherein the cryptogram is generated based on "the second dynamic key and second transaction data” when the first transaction has not been approved or authenticated.”

Appellant then argues that the specification discloses the required support for generating the cryptogram by sighting to specific portions in the specification.

A. Claims 1, 8, 21, and all dependent claims are rejected under 35 U.S.C. §112(a). The claims fail to disclose that the processing device receives an authentication confirmation from the server. The cryptogram can only be generated if the first transaction is authenticated. 
The Examiner respectfully disagrees with all arguments. As previously states in the Action, the Examiner tried to be as clear as possible to convey that the generation of the cryptogram is not possible unless the first transaction is authenticated. In analyzing the claims at issue, the claims clearly fail to disclose the processing device receiving any indication that the server in fact authenticated the first transaction. The claims instead recite the following intended use language: “server to perform a first authentication of the first transaction…” The claims are clearly directed to a processing device and what the processing device does. As a result, the 
Appellant’s cited portions of the specification in fact support the Examiner’s point. The portions explicitly recite that the first transaction MUST be authenticated in order for the remainder of what is claimed to be carried out, wherein the cryptogram is ONLY generated if the first transaction is authenticated. See Remarks, page 7 and relied upon cited paragraphs in the specification. 
Because the claim fails to comply with the written description, one of ordinary skill in the art would not know how such cryptogram can be generated if the first transaction is never authenticated. In order to overcome the issue, Appellant could have easily amended the claims to recite for example, receiving, by the processing device, from the server a confirmation of the authentication of the first transaction. Such an amendment is merely provided by the Examiner for explanation. Such an amendment would coincide with the written description, resulting in the withdrawal of the rejection. 
	All previous responses to arguments regarding the rejection above are further incorporated in their entirety herewith. 
	The rejection is maintained and all dependent claims are further rejected for mere dependence on the rejected claims. 

II. Claims 3-4,10-11, and 22-23 comply with the written description requirement when reciting “create a decrypted ephemeral keys” and “form a decrypted ephemeral key”
	Appellant specifically argues:
“[The] written description requirement is satisfied when a specification describes “the claimed invention in sufficient detail that one skilled in the art can reasonably conclude that the inventor had possession of the claimed invention” MPEP § 2163(1) (citations omitted).
Claim 3-4, 10-11, and 22-23 include the language “decrypting the encrypted ephemeral key to create a decrypted ephemeral key based on the base key that is stored at the mobile device. Further, the specification states, “[i]n another embodiment, the ephemeral key may be transmitted from the payment processor to the mobile device while encrypted and the base key stored at the mobile device may be used to decrypt the encrypted ephemeral key to retrieve the ephemeral key for use in generating the first dynamic key.” (Specification, [0046]) (Emphasis added.) Thus, the language in the specification, based on at least the examples provided, expressly supports (e.g., teaches how the decrypted keys are generated) the disputed language in the claims.”

B. The claims fail to comply with the written description, resulting in the claims being rejected under 35 U.S.C. §112(a). 
	The Examiner respectfully disagrees. In the Action, and as Appellant points out in the Brief, the rejection is based on the claims reciting “create a decrypted ephemeral key" and "form a decrypted ephemeral key.” Emphasis added. 
	Because the claim recites creating “a decrypted ephemeral key,” the claims must be analyzed based on the term “create” in conjunction with decrypt. Merriam-Webster dictionary defines “create” and “decrypt” as follows:
(1) “to bring into existence.”
(2) “to produce or bring about by a course of action or behavior.”
And
(1) “Decode”

	The specification, which Appellant relies on, supports the Examiner’s position. The specification explicitly recites: “[in] another embodiment, the ephemeral key may be transmitted from the payment processor to the mobile device while encrypted and the base key stored at the mobile device may be used to decrypt the encrypted ephemeral key to retrieve the ephemeral key for use in generating the first dynamic key;” Paragraph 0046.
	The specification does not recite creating a decrypted ephemeral key. The specification simply and clearly recites that the base key stored in the mobile device is used to decrypt the encrypted ephemeral key in order to retrieve the ephemeral key. The ephemeral key is never created. Although in encrypted form, the ephemeral key always existed and was never created. Having the ephemeral key sent in a secure format (i.e., encrypted form) prohibits anyone not entitled access to the ephemeral key. Only those with the correct key may access the ephemeral key by using the key to decrypted the encrypted ephemeral key and obtain the ephemeral key. As a result, it is clearly outlined that the limitations at issue fail to comply with the written description. 
	The Examiner recommended amending the claims to recite what the specification discloses. Specifically, the Examiner noted that if the claims are amended to recite “decrypting, by the mobile device, the encrypted ephemeral key using the base key to retrieve the ephemeral key,” then such amendment would overcome the rejection. 
	Retrieval of data based on performing a decryption operation is different than creating a decrypted ephemeral key.

	The rejection is maintained. 

The Appellant's arguments in regards to claim rejections under 35 U.S.C. §112(b) have been considered but are not persuasive. 

III. Claims 1, 8, and 21 particularly point out and distinctly claim the subject matter when reciting: “sending a second request to the server to perform a second authentication” and “sending the cryptogram to the payment processor.”
Appellant specifically argues:
“Appellant respectfully submits the scope of claims 1, 8, and 21 are reasonably ascertainable to a skilled artisan, and therefore, not indefinite. Specifically, claim 1 states “a server comprising a payment processor... sending a first authentication request associated with the first transaction data to the server... sending a second authentication request to the server requesting a second authentication of the second transaction associated with the mobile by sending the cryptogram to the payment processor.” As seen in the claim language the server comprises the payment processor. Thus, “sending the second authentication request to the server” is further defined as “sending the cryptogram to the payment process.” As noted by the relationship between the payment process and the server in the claims, sending the cryptogram to the payment process is a further clarification (i.e. more definite language) of the second authentication request.”

C. Claims 1, 8, and 21 are rejected for failing to clearly point out and distinctly claim the subject matter which the appellant regards as the invention. The sentence structure results in the claim being indefinite.
The Examiner respectfully disagrees. The claim limitation at issue recites:
“sending a second request to the server to perform a second authentication of the second transaction associated with the mobile device by sending the cryptogram to the payment processor.”
Based on the claim limitation, applying the broadest reasonable interpretation, the claim can be reasonably interpreted by one of ordinary skill as being directed to sending a second request to (1) the server and (2) by sending the cryptogram to the payment processor. 
Although the claim does recite that the “server [comprises] a payment processor,” line 4, Claim 1, the limitation at issue does not recite sending the request to the server comprising the processor. The Appellant separated the server from the processor and recited a first sending and a second sending. In doing so, the claim limitation at issue becomes broader. The claim is indefinite because it is not clear whether the second request is being sent only to the server or to the server and also to the payment processor, which can be a part of the server or another device making up the server. Support for such an interpretation can be found in the specification, Paragraph 0074, which recites: “the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.” Here the term “machine” is referring to the server. 
The rejection is clearly supported because the server is defined in the specification as encompassing a plurality of devices jointly executing a set of instructions and each of the plurality of devices each having a processor/their own structure. The Examiner’s interpretation that the first sending of second request to the server and the second sending of the cryptogram to the payment processor could clearly be interpreted as sending two distinct requests each being sent to two 
In efforts to help explain the point, the Examiner asks why does the claim limitation recite a first sending request and then a second sending if the first and second sending operations are the same? If Appellant maintained the same language used to tie the processor to the server and recited sending the second request to the server comprising the processor, then the rejection would be withdrawn. As indicated in the Action, the Examiner has made attempts to help the Appellant understand the issue and how to amend the claim to overcome the issue. 
For mere reiteration and to help emphasize the issue with the claim limitation/sentence structure, the claims could be amended as such to overcome the rejection: 
“sending a second request to the server comprising the payment processor to perform a second authentication of the second transaction associated with the mobile device, wherein the second request comprises the cryptogram.”
The above claim amendment overcomes any indefiniteness issues. 
The rejection is maintained, all dependent claims are also rejected for at least mere dependence on the rejected claims. 

The Appellant's arguments in regards to claim rejections under 35 U.S.C. §101 have been considered but are not persuasive. 
 
IV. Rejection under 35 U.S.C. 101 should be withdrawn because the claims are not directed to a judicial exception.
Applicant specifically argues:
“Appellant respectfully submits that the amended claims do not fall into any of the enumerated groupings and therefore are not directed to a judicial exception. Therefore, the claims overcome the rejection under 101.”
Appellant respectfully submits that the amended claims are directed to an improvement to a technology or a technical field and are integrated into a practical application. Improvements provided by the amended claims are reflected at least in paragraph [0021] and [0024] of the current application.
Amended claim 1 is directed to a technical solution to the technical problems described and, as such, is an improvement to a technology or a technical field and is integrated into a practical application. Amended claim 1 provides decreased energy consumption, bandwidth, and processor overhead by providing a method for securing transaction data of a mobile device without requiring a constant secure communication channel. For example, by “generating, by the processing device, a second dynamic key based on a combination of the first dynamic key and the first transaction data; generating a cryptogram using the second dynamic key and second transaction data; and requesting, by the processing device, authentication of the second transaction associated with the mobile device by sending the cryptogram to a payment processor” amended claim 1 avoids the increased energy consumption, bandwidth, and processor overhead associated with maintaining a constant secure communication channel to perform a second transaction with a payment processor. Claim 8 includes similar limitations. Therefore, claims 1 and 8 and the claims that depend therefrom, are directed to a practical application and overcome the rejection under 101.
Even if a claim is directed to a judicial exception and is not integrated into a practical application, the claim is to be evaluated to determine whether the claim is well-understood, routine, conventional activity under Step 2B. (October 2019 Update, page 15.) Appellant respectfully submits that the claims, as amended, are not well-understood, routine, conventional activity. As discussed above, in conventional systems, a device must have a constant secure communication channel to perform multiple secure transactions. As discussed above, the amended claims are an improvement over conventional systems. Therefore, the amended claims are not well-understood, routine, conventional activity. Appellant respectfully submits that the claims, as amended, overcome the rejection under 35 U.S.C. 101.”

D. All claims are analyzed under the latest 2019 PEG guidance and are determined to amount to nothing more than an abstract idea without significantly more.
The Examiner respectfully disagrees. Under the latest 2019 Revised Guidance (“Update”) the claims are analyzed to determine whether they recite: 
(1)    any judicial exceptions, including certain groupings of abstract ideas (i.e., mathematical concepts, certain methods of organizing human activity such as a fundamental economic practice, or mental processes) (“Step 2A, Prong One”).
Under the first step, the claims are determined to be directed to merely an abstract idea of sending multiple authentication requests in order to authenticate a transaction based on generated data without significantly more. 
The abstract idea is characterized under certain methods of organizing human activity. The generation of the first dynamic key, second dynamic key, and the cryptogram based on the recited data, results in merely a generation of data based on the combination of stored and received data. The generation of the data is carried out in order to authenticate a first and a 
Utilizing the stored key to generate data, sending requests to authenticate the generated data multiple times to ultimately settle a transaction summarizes mitigating risk and agreements in the form of contracts. The key that is stored and used to generated the data and all of the claim limitations summarize ways to try and mitigate the risk of conducting a transaction. Equally, the claim limitations as a whole summarize a contract between the individual in possession of the stored key and initiating the transaction and the entity involved in the transaction. The transaction can only occur if the contract terms, i.e., key used and data generated, are met/authenticated by the entity involved in the transaction. 
Finally, the claim limitations as whole capture a clear flow of following rules and instructions in order to advance a transaction. 
Thus the claims are directed to an abstract idea.

Continuing with the analysis of the claims under the Update, the claims are now analyzed to determine the following:
(2)    additional elements that integrate the judicial exception into a practical application (see MPEP § 2106.05(a)-(c), (e)-(h) (9th ed. Rev. 08.2017, Jan. 2018)) (“Step 2A, Prong Two”); and
(3)    adds a specific limitation beyond the judicial exception that is not “well-understood, routine, conventional” in the field (see MPEP §2106.05(d)); or
(4)    simply appends well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception.

A method comprising:
generating… a first dynamic key based on a base key… 
receiving… first transaction data corresponding to a first transaction…
responsive to generating the first dynamic key, sending a first request associated with the first transaction data… to perform a first authentication of the first transaction, wherein requesting the first authentication is based on the first dynamic key;
generating… a second dynamic key based on a combination of the first dynamic key and the first transaction data;
responsive to generating the second dynamic key, generating a cryptogram… using the second dynamic key and second transaction data corresponding to a second transaction; and 
sending a second request… to perform a second authentication of the second transaction… by sending the cryptogram…
Analyzing the claims as a whole, it is determined that the judicial exception is not integrated into a practical application. The claims recite the following additional elements: a mobile device, payment processor, processing device, instructions, a memory, server, and non-transitory computer readable medium. The additional elements merely automate or process the abstract idea and are recited at a high level of generality. The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer component. Accordingly, even in combination, the additional elements do not integrate the abstract idea into a practical application. 

The claims are not found to include the significance of any additional element(s) that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply the exception using a generic computer component. The claim limitations do not improve another technology or technical field, improve the functioning of a computer itself, apply the abstract idea with, or by use of, a particular machine (not a generic computer, not adding the words "apply it" or words equivalent to "apply the abstract idea", not mere instructions to implement an abstract idea on a computer, adding insignificant extra solution activity to the judicial exception, generally linking the user of the judicial exception to a particular technological environment or field of use), effects a transformation or reduction of a particular article to a different state or thing, or adds meaningful limitations that amount to more than generally linking the use of the abstract idea to a particular technological environment. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. 
The dependent claims further describe the abstract idea.
The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea.
The claims are not patent eligible. The rejection is maintained. 





/EL MEHDI OUSSIR/            Primary Examiner, Art Unit 3685                                                                                                                                                                                            

Conferees:


/OLUSEYE IWARERE/            Primary Examiner, Art Unit 3687                                                                                                                                                                                            

/NEHA PATEL/            Supervisory Patent Examiner, Art Unit 3685                                                                                                                                                                                            



Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.