PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 14/869,869
Filing Date: 29 Sep 2015
Appellant(s): SALAMA et al.



__________________
James A. Cooke, III
Reg. No. 69,338
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed 03/22/2021.

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 10/01/2020 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
(2) Response to Argument
Claim Rejections - 35 USC § 112
 Appellant argues that the analysis of the 112 paragraph (a) rejection ignores the actual language of claims 1, 14 and 20.   Appellant argues that the claims recite a “request for the encrypted token that includes the second network address of the device”.  The appellant argues that the request includes the second network address of the devices.  Appellant argues that this interpretation is supported in para 0097-0099 of the specification.  The examiner respectfully disagrees.  
The claim limitations recites “transmit, to a computing system associated with the data repository, a request for the encrypted mobile wallet token that includes the second network address of the device”.  
The specification discloses in para 0097-0099:
[097] In some embodiments, client device 104 may be configured to execute software instructions that identify one or more sources of additional information within the obtained eligible financial product information, and that query the identified sources to obtain the additional information enabling client device 104 to fully load one or more of the eligible financial products into user 110's mobile wallet (e.g., in step 418). By way of example, client device 104 may determine the obtained information associated with an eligible credit card includes a full cardholder name and account number, but fails to include an expiration date and a card security code that would enable client device 104 to fully load the eligible credit card into user 11 O's mobile wallet. In some aspects, in step 418, client device 104 may be configured to parse the obtained information to identify a source for the missing expiration date and card security code (e.g., an IP address of a server or data repository associated with an issuer of the credit card), and may obtain the missing expiration date and card security code from the issuer server or data repository across network i 20.

[098] Client device 104 may, in some embodiments, be configured to process the information identifying the eligible financial products (e.g., as obtained from the mobile wallet token) and the additional information (e.g., as obtained from the identified sources) to provision user 11 O's mobile wallet with the one or more eligible financial products (e.g., in step 420). In some aspects, and based on the information obtained from the mobile wallet token and the additional information obtained from the identified sources, client device 104 may be configured to "fully" load one or more financial products into user 11 O's mobile wallet, and the fully loaded financial products may be ready for use by user 110 in purchase transactions of goods and/or services.  Alternatively, if client device 104 were unable to fully load a particular financial product based on the information obtained from the mobile wallet token and the identified sources, client device 104 may be configured to perform a partial load of the particular financial product into user 11 O's mobile wallet based on the available information.
Further, in some instances, client device 104 may be configured to present indications of the fully and partially loaded financial products within a graphical user interface (GUI) of mobile wallet application, as described below in reference to FIG. 5.

[099] FIG. 5 illustrates an exemplary interface 500 for a mobile wallet application, in accordance with disclosed embodiments. In one embodiment, and as described above, client device 104 may be configured to decrypt and unpack a received mobile wallet token, further, to display within interface 500 indicators (e.g., indicators 502, 522, and 542) corresponding to financial products included within the received mobile wallet token.

The paragraphs argued by the Appellant does not support a second IP address requested (as argued by the Appellant) or included in a token (as interpreted by the examiner)
The construction of the claim language can be interpreted under the broadest reasonable interpretation in the way the examiner interpreted the limitation which is that the claim tries to take possession of the token including a second IP address or the interpretation of the Appellant.  The examiner at the time of prosecution did not recognize that the claim language was so broad as have two separate interpretations.  The breadth of the claim language makes both interpretations valid.  Therefore, the interpretation of the examiner is valid based on the claim language and the specification.  Furthermore, there no support in the specification for a second IP 
The specification has support for:
[0076]… system 140 may generate the public key value based, for example, information identifying user 110 (e.g., a user name or user identifier) and/or information identifying client device 104 (e.g., a MAC address, an IP address, an International Mobile Equipment Identification (IMEI) number, and/or a Mobile Equipment ID (MEID) number).

[0157]… As described above, system 140 may be configured to encrypt the formatted information using a previously generated public key value, or generate the public key value based, for example, information identifying user 110 (e.g., a user name or user identifier) and/or information identifying client device 104 (e.g., a MAC address, an IP address, an International Mobile Equipment Identification (IMEI) number, and/or a Mobile Equipment ID (MEID) number).


Please note support for the public key based on IP address.  There is no support for any of second IP address or a token that includes a second IP address (examiner interpretation) or support for transmitting a request which includes a second IP address (Appellant interpretation).
[0080]… system 140 may be configured to store the mobile wallet token and the private
key in cloud-based storage (e.g., cloud-based data repository 170), and link the stored
mobile wallet token and the public key to information identifying user 110 (e.g., a user
name, user identifier, etc.) and/or information identifying client device 104 (e.g., a MAC
address, an IP address, an IMEI number, and/or a MEID number).

[0092]…By way of example, the stored mobile wallet tokens may be linked to information identifying a user (e.g., a user name, etc.) and information identifying a corresponding client device (e.g., an IP address, a MAC address, an MElD number, or an !MEI number).
Please note support for the linking the token to an IP address.  There is no support for any of second IP address or a token that includes a second IP address (examiner interpretation) or support for transmitting a request which includes a second IP address (Appellant interpretation).
[0096]… In other instances, however, the eligible financial product information associated with a particular financial product may include only a portion of the predetermined information enabling client device 104 to "fully" load the particular financial product into user 110's mobile wallet. In certain aspects, and in addition to the portion of the predetermined information, the eligible financial product information may also specify a source (e.g., a URL or IP address) of additional information that, when retrieved by client device 104, may enable client device 104 to "fully" load the particular financial product into user 110's mobile wallet
Please note support for eligible financial product information associated with a particular financial product where the financial product information may also include an IP address.  There is no support for any of second IP address or a token that includes a second IP address (examiner interpretation) or support for transmitting a request which includes a second IP address (Appellant interpretation).
[0097]… In some aspects, in step 418, client device 104 may be configured to parse the obtained information to identify a source for the missing expiration date and card security code (e.g., an IP address of a server or data repository associated with an issuer of the credit card), and may obtain the missing expiration date and card security code from the issuer server or data repository across network i 20.
Please note support for to parse to obtain information to identify a source for missing information where the missing information can include an IP address.  There is no support for any of second IP address or a token that includes a second IP address (examiner interpretation) or support for transmitting a request which includes a second IP address (Appellant interpretation).
The examiner maintains that regardless of the broad interpretation of the claim language the specification of the original written disclosure does not support the claim limitations.  The rejection is maintained. 
Claim Rejections - 35 USC § 101
 Appellant argues that the previous Office Action fails to recite a patent ineligible abstract idea under the 2019 guidance.  Specifically Appellant argues that the step 2A prong 1 analysis is inconsistent with current Office examination procedures and mischaracterizes the language of the claims ignoring elements that extend beyond any abstract ideas recited by Appellants claims.   Appellant points out that the claims are only abstract if the concepts in the claims are directed mathematical concepts, mental processes or methods of organizing human activity.  Appellant argues that the 2019 guidance required consideration of the limitations individually or in combination to determine whether the identified limitations fall within an abstract enumerated group.  Appellant argues that the recitation of an apparatus, computer implemented method, non-transitory computer-readable medium and processor to perform the functions of the claim limitations extend beyond commercial interactions.   The examiner respectfully disagrees with the premise of Appellant’s argument.  Appellant is conflating step 2A prong 1 with 2A prong 2.  According to the 2019 guidance Prong One analysis includes:
Prong One procedure for determining whether a claim “recites” an abstract idea is:
identify the specific limitation(s) in the claim under examination that the examiner believes recites an abstract idea; and 
determine whether the identified limitation(s) falls within at least one of the groupings of abstract ideas enumerated in the 2019 PEG. 
If the identified limitation(s) falls within any of the groupings of abstract ideas enumerated in the 2019 PEG, the analysis should proceed to Prong Two.
Prong 2 analysis includes:
Identifying whether there are any additional elements recited in the claim beyond the judicial exception(s), and 
Evaluating those additional elements to determine whether they integrate the exception into a practical application of the exception.
“Integration into a practical application” 
Requires an additional element or a combination of additional elements in the claim to apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the exception.
Uses the considerations laid out by the Supreme Court and the Federal Circuit to evaluate whether the judicial exception is integrated into a practical application.
The argument directed toward the computer elements (i.e. additional elements) is found in the analysis under step 2A prong 2 not prong 1.   Appellant makes a conclusory statement with respect to the concept found abstract under step 2A prong 1 in the previous Office Action.  The appellant fails to explain how generating a request for data associated with financial product, receiving first portion of data, generating a token, storing the token, transmitting a request for the token and receiving the token, requesting and receiving second portion of data, performing the loading of a financial product where the first and second data is for the purpose to facilitate a transaction using the financial product is not directed toward a commercial action since the purpose of the data transmitted and received, the token generating and financial product loaded/receive is to facilitate a transaction.  In the previous Office action the analysis under step 2A prong 1, explicitly identified the specific limitations in the claim believed to be abstract and determined and disclosed the abstract category applicable.  Simply reciting the claim limitations and making conclusory statements are not sufficient or persuasive, without explain why using financial data to generate a token in order to load a financial product.  The financial product according to the specification is provided by an issuer which could include any of credit cards, debit cards, and rewards and loyalty cards (see para 0002, 0022, 0054 “financial product may be held by or associated with user 110, and may include, but is not limited to, a credit card, a debit card, a pre-paid credit or debit card, a reward and/or loyalty card, and additional alternate financial instrument or payment product with which user 110 may initiate a financial services transaction involving a business entity”) .  The rejection is maintained.
  Appellant argues that the Office action cannot reasonably link the abstract categories the limitations emphasizing the limitations “first portion of the elements of provisioning data”…”encrypted mobile wallet token”, “second network address of device”, “application program (i.e. wallet) associated with financial product”, “private encryption key”…”computing system”, “decrypt encrypted token”, “extract …data and network address”, “second portion data” are not part of any of the abstract categories.  Appellant argues that the independent claims do not recite loading a financial instruction or facilitating a transaction.  Rather Appellant argues that the claim recites an application program loads the financial product into the wallet and the first and second data facilitates initiation of transaction.  Appellant argues that the basis of the determination of abstract concept identified in the previous Office Action is in error as analysis is inconsistent with the language of the claims and the 2019 guidance.  The examiner respectfully disagrees with the premise of Appellant’s argument as Appellant is arguing step 2A prong 2 analysis rather than step 2A prong 1.  See response above with respect to argument 1.   With respect to the argument that an application loading a financial product (i.e. card, coupon, etc…) and using financial data to initiate a transaction is not directed toward concept of sales activities, commercial interactions.  The examiner disagrees.  See response above in argument (1).  The rejection is maintained. 
Appellant argues that the previous Office Action fails to establish that the independent claims are directed toward patent ineligible subject matter.  Specifically Appellant argues that the previous Office Action under step 2A prong 2 groups the claimed limitations and applies conclusory statements failing to address the additional elements beyond the abstract idea or consider the claimed subject matter as a whole.   Appellant argues that the previous Office fails to take into account “generating encryption token…using …key”, “decrypting…extracting” but instead states such processes are a common business practice that the “storing …token…key” represents an extra solution activity and “transmitting a request”…”receiving…token” and “request…receiving data” is a common business practice and insignificant extra solution activity, ignoring the actual language.     Appellant recites the limitation and emphasizes “generating…encrypted…token…includes first portion of …data and first network address of …issuer system”; “operations store encrypted token, second network address of a device… executes an application program…associated with financial product and cryptographic key associated with device in data repository”;  “application program executed at device”…”transmit to a computing system …a request for …token that includes second network address of the device, receives encrypted …token and cryptographic key…the second network address of the device”; “using cryptographic key, decrypt encrypted…token and extract first portion of data”; “request and receive a second portion of …data”; “that load the financial product into the mobile wallet”.  Appellant applicant ignores these additional elements by applying conclusory statements that the claimed process as a whole is directed toward a transaction of providing a financial product without analysis as support.  The examiner respectfully disagrees.   The limitation “generating… an encrypted token” is not directed toward the technical process of generating an encrypted token” as the limitation is disclosed with a high level of generality to provide an expected result.   The process of generating an encrypted token for use in a financial process is a common business practice.  As evidence that the generation and use of encrypted token is a common business practice the examiner provides:

US Pub No. 2008/0189214 A1 by Mueller et al. [0022]…” receive encrypted token information and to decrypt the received encrypted token information to generate decrypted token information, and a re-encryption module configured to receive decrypted token information from the decryption module and to receive a PIN or PIN block that was created or encrypted with the encrypted token information, and further configured to recreate the PIN or PIN block using the encrypted token information and to re-encrypt the PIN or PIN Block using the decrypted token information. A plurality of token readers can be included and configured to read token data and to encrypt some or all of the token data to generate the encrypted token data. The decryption module and encryption module can be communicatively coupled to a gateway configured to route the token information and the PIN information from a token reader to a transaction processor”

US Pub No. 2011/0246372 A1 by Zloth et al; 
[0031]… token request system 312 generates a token request that include encrypted credit card account number data for the token request”…

[0028]… such that token generation system 216 can decrypt the token request and provide the decrypted credit card number to transaction authorization system

[0032]…Authorization gateway 306 includes token generation system 314 and transaction authorization system 316, which receive the token request and extract the credit card data

US Pub No. 2008/0306874 A1 by White 

[0030]…” a multi-level encrypted token is generated and stored on the embedded processor that is associated with the product. In one example, the original distribution token is the same as the activation key secretly stored in the embedded processor with the product. Accordingly, when the token is decrypted through its multiple levels using the set of public keys 173, and the proper sequence of decrypting keys were used, the unencrypted token will match the activation key previously stored on the embedded processor”

[0036]… The token 4 (271) is decrypted as shown in block 279, and distributor 3 is added to the distribution list 286. In a similar manner, token 3 (263) identifies distributor 2, so that the distributor 2 public-key may be used to generate token 2 (257) as shown in block 282. Again, distributor 2 is added to the distribution list 286. Finally, token 2 (257) includes identification of distributor 1, so distributor 1's public-key may be used to decrypt to token 1 (252), as shown in block 284. Distributor 1 is added to distribution list 286. In this way, the original token 1 (252) may be extracted”

Accordingly it is a statement of fact that the generation of encrypted token, decrypting and extracting functions claimed are common business practice in transaction processes. 
With respect to the argument related to the limitations: “store …token, network address” and “load the financial product into the mobile wallet”, the token, network address and financial product with respect to the store/load function is no more than data content that in stored/loaded in a memory.  The data content does not impact the storing/loading process which is recited at a high level of generality is recited at a high level of generality without any detail of technical implementation but instead only recites the intended/expect result.  According to Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93, such processes have been found to be computer functions that are routine or an insignificant extra solution activity when claimed generically. 
With respect to the limitation “executes an application program…associated with financial product” that transmits as discussed above the claimed limitation and specification fails to provide any details related to the technical process that provides details on how the execution of an application program” is implemented.   Executing application programs associated with financial product is that transmits data is common in business practice.  The application program is no more than the environment to perform the business process. 

With respect to the “transmit…request for token that include network address” the “for token that includes network address is no more than data content and the “receives …token and key…network address” and “request and receive …data”, as discussed above the token, key and network address and data is no more than the description of the data content.  The “transmit” and “receive” functions are recited at a high level of generality without any detail of technical implementation but instead only recites the intended result of the transmit function.  According to Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network); but see DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1258, 113 USPQ2d 1097, 1106 (Fed. Cir. 2014) ("Unlike the claims in Ultramercial, the claims at issue here specify how interactions with the Internet are manipulated to yield a desired result‐‐a result that overrides the routine and conventional sequence of events ordinarily triggered by the click of a hyperlink." (emphasis added)), process which merely recite generic functions such as transmit have been found to be computer functions that are routine or an insignificant extra solution activity when claimed generically. 
Although the previous Office action when considering the limitations individually did not provide such explicit details with respect to case on the analysis of the individual functions, the analysis provided the result of the analysis for each step and was not conclusory but rather simply truncated in the light of case law and the 2019 guidance. 
With respect to the argument that the statements in the previous Office action that the claimed subject matter when considered as a combination of parts or as a whole is conclusory, the examiner respectfully disagrees.  The previous Office Action on at least page 16-17 considered explicitly the combination of parts in light of the specification, claim language and case law.  The examiner notes that the appellant does not refute the analysis of pages 16-17 and explain how this analysis is in error.  The rejection is maintained.
 Appellant argues that the data stored and received are essential to the operation of the claimed invention pointing to para 0080-0086 of the specification.  Accordingly the “data” imposes meaningful limitations that link the claimed subject matter directly to the claimed invention that goes beyond gathering and outputting data.   The examiner respectfully disagrees.  The data disclosed in the specification is essential as it relates to the abstract idea identified but with respect to the technology or technical process to perform the functions recited the data content and subject matter is insignificant.  As discussed above, the data does not impact or impose limitations upon the technology used to perform the abstract idea.  Applicant’s argument is not persuasive.  The rejection is maintained. 
Appellant argues that the claimed subject matter integrates the judicial exception into a practical application.  Specifically Appellant argues that the claimed invention addresses the problems related to protection of sensitive data within wallet technologies such as providing cryptographic secure mechanism that generates and stores tokenized data linked to network address of a device. The appellant argues that the independent claim recite specific technological process to solve the problem is wallet technologies.  The examiner respectfully disagrees.  The solution to the problem of secure transaction of the current application is to manipulate data.  Unless the claimed subject matter provides a particular technical process as it relates to encrypting data and tokenizing data at a high level the data manipulation is not sufficient.  The application is not directed toward or encompasses a new or different function or use for encrypting or tokenizing data that is transformative or particular or an improvement upon such encryption and tokenized process, the claimed limitations are insufficient.  For encrypted and/or tokenized data, the process claimed is no more than mere manipulation.  The courts have held that mere data manipulation such as basic mathematical constructs [i.e.,] the paradigmatic ‘abstract idea,’" has not been deemed a transformation. CyberSource v. Retail Decisions, 654 F.3d 1366, 1372 n.2, 99 USPQ2d 1690, 1695 n.2 (Fed. Cir. 2011) (quoting In re Warmerdam, 33 F.3d 1354, 1355, 1360 (Fed. Cir. 1994)).  Accordingly the encrypting and tokenizing of the claimed limitations as recited is not persuasive, as the argued elements are recited at a high level of generality operating their functions in its ordinary capacity and does not use the judicial exception in a manner that imposes meaningful limits upon the judicial exception, such that the claim is more than a drafting effort designed to monopolize the exception.   The rejection is maintained. 
 Appellant makes the conclusory statement that the claimed limitations when considered as a whole represents meaningful limitations by integrating the judicial exception into a practical application which improves upon technology.  However, appellant fails to points to the technology that is improved upon.  Conclusory statements are not persuasive. The rejection is maintained.
Appellant argues that the claimed invention amounts to significantly more than any identified abstract idea under step 2B.  Appellant argues that the previous Office action concentrates on the generic high level recitation of certain elements and fails to properly analyze the elements recited in the independent claims as a combination.  Appellant argues that when considered as a whole the processed claim recites a specific technical solution to problems existing for sensitive confidential computer.  The appellant argues that the claim limitations recite four computing systems or devices (apparatus, issuer system, device and application program, communications unit, memory storing instructions and a processor) configured to exchange data in a specific manner to achieve the technical solution.  Appellant argues that the apparatus executes instructions to request and receive data from the issuer system, generate encrypted token that include data and IP address, store token, second IP address.  The apparatus performs the operation of executing the application program associated with financial product and crypto key associated with the device in a data repository where the execution of the application program performs the operation transmit to a computing system associated with the data repository, a request for the token that includes an IP address where the computing device authenticates the device based on IP address.   Appellant argues that none of the recited elements of the claim are insignificant extra solution activity or data gathering or outputting when analyzed as a combination.   The examiner respectfully disagrees.  The issuer system is not part of the functions of the claim limitations, merely the issuer system is the source of first data received.  The computing system is also not part of the claimed function as the application program performs the processes of transmitting and receiving.  The computing system is simply the source from which data is received or transmitted too.   With respect of the claimed elements beyond the abstract idea including the Apparatus comprising memory storing instructions, a processor executing instructions, the communication unit receiving data, and the application program that transmits and receives data.  The specification discloses that these computer elements are conventional.
The only description the specification discloses with respect to the apparatus is:
[0004] In some embodiments, an apparatus includes at least one processor and a memory storing executable instructions that, when executed by the at least one processor, cause the at least one processor to perform the step of identifying one or more financial products of potential interest to a user. In some aspects, the identification may be based on transaction data associated with the user, and the financial products may be eligible for inclusion within a mobile wallet administered by an application program executed by a device of user. The executed instructions may further cause the at least one processor to perform the steps of determining whether the user holds a corresponding one of the financial products, and when the user fails to hold the corresponding financial product, transmitting, to a system associated with an issuer of the corresponding financial product, a request to acquire the corresponding financial product on behalf of the user. The executed instructions may also cause the at least one processor to perform the steps of receiving, from the issuer system, information associated with the corresponding financial product acquired on behalf the user, generating a mobile wallet token based at least the information identifying the corresponding financial product, and transmitting the generated mobile wallet token to the user device.

The specification makes clear that the apparatus is no more than the environment and tool to perform the abstract idea identified. 
The specification provides that the encryption process as “software instructions that tokenize and encrypt the outputted information" (see para 0070)…obtain… information to generate an encrypted...token... may encrypt the formatted information using a public key value..." (see para 0075); “to encrypt the formatted information...using a previously generated ...key value” (see para 0076); “the symmetric key encryption schemes.. .may encrypt the formatted information... any additional or alternate encryption scheme appropriate" (see para 0070-0077). 
In other words, conventional encryption software and processes can be used to implement any of the extraction steps. According based on the claimed limitations, in light of the specification the recited encryption/extraction components merely amount to using any technical means capable of performing the claimed functions. See MPEP 2106.5 (use of a computer or other machinery in its ordinary capacity for economic or other task).
Accordingly the specification is clear that the computer elements recited in the claim beyond the abstract idea are tools to perform the idea.  As for the processes performed by these tools the combination of parts and as a whole is collect and transmit data, generate encrypted tokens and identifying data in order to load a financial product on a wallet/application program to facilitate a transaction.  The rejection is maintained. 
Appellant argues that the analysis focuses on the tokenization and encryption processed claimed as well known and conventional providing a plurality of evidence.   Appellant does not concede that tokenization and encryption is well known but argues that the generation of the token including first data and IP address of the issuer system is unconventional.  The examiner disagrees with the premise of appellant’s argument.  Appellant is arguing the data used in the token generation is unconventional but fail to point out any technical process to generate the token.  For needed significantly more the unconventional and non-routine process is not found in whatever data one want to apply but rather the technical process.  Depending on the users preference any financial or identifying data could be applied in the generation of a token.  The data itself is arbitrary does not impose any technical limitations on the actual technical process to perform the generation token process.  
As further evidence that generation of token using IP address is known and conventional the examine provides 
US Patent No. 5,907,621 by Bachman et al Col 5 lines 30-67
…The token is generated by first combining the values of the variables in the parentheses into a multi-byte field with is then encrypted using an algorithm such as the DES algorithm. In addition, the values of the variables used to generate the token and the then current time T, are stored in the session table at the index location. In one alternate embodiment, an internet protocol (IP) address is also included in the session table entry. The inclusion of the IP address allows a valid token coming from a different address to be recognized as possibly being used by an un-authorized user…

US Pub No. 2011/0047566 A1 by Matuechniak et al-[0044]… The merchant portal then creates or generates an encrypted token step 4) which is returned to the media player client with a URl link for the channel request.

US Pub No. 2005/0120211 A1 by Yokoyama –[0081] … initially the access token is decrypted by using an own private key. Then, the access ticket is extracted from the decrypted access token and the extracted access ticket is encrypted by using the own private key and then the non-encrypted access token is generated by combining the offset 1002 with the access URl 1003. Thereafter, the non-encrypted access token 1001 is encrypted by using a public key of the third party (other party to whom the operation authority is transferred) and then the operation authority is transferred to the third party by using an E-mail or the like.

Applicant’s argument is not persuasive.   The rejection is maintained.

Appellant repeats argument above with respect to the previous Office Action failing to consider the language of the claims recited in combination. Appellant repeats the argument that the claimed invention as a combination improves technology and fails to point out what specifically as it related to technology rather than a business process is improved.  Appellant repeats the argument that the claimed subject matter when considered as a combination is unconventional citing Berhkheimer and Alice.  Specifically appellant argues that the provision of cryptographically secure mechanism where an apparatus generates and stores tokenized data linked to a network address of a device where an application program executed on the device obtains the tokenized data represents a technical improvement.  This argument is repeated above.  See response above. 

Appellant argues that the dependent claims are patent eligible.  Specifically Appellant argues that analysis applied to the dependent is similar to the analysis applied to the independent claims where the analysis of the independent claims is flawed as set forth in the arguments above.  Appellant argues that the conclusory analysis of the independent claims without regard to the language of the dependent claims is inconsistent with the Office guidelines.  The examiner respectfully disagrees that the analysis applied to the independent claims or dependent claims is in conflict with case law or the office requirements.  See response above.   The rejection is maintained.

Appellant argues that dependent claims 3, 21 and 22 recite additional elements that when considered as a whole are statutory.  Appellant points to the “obtaining information identifying financial products available and financial products loaded”, the “candidate financial product comprising one of a plurality of financial product” types and “filtering candidate products to exclude financial products loaded.  The examiner respectfully disagrees.  Claim 3 is directed toward gathering and filtering data related to financial products – and therefore, is directed toward a business practice and insignificant extra solution activity.  

Appellant points to the limitations of claim 21 which “generating tokenized data based on first …data and encrypting tokenized data using public cryptographic key associated with the device, the wallet token comprising portion of encrypted tokenized data.  The examiner disagrees that the generating and encrypting tokenized data and the data content applied in the tokenization is significant.  As discussed above in the independent claims encryption and tokenization of data is a well-known process applied in finance and according to case law manipulation of data without significantly than the stated function and result is insufficient.  Furthermore as discussed above, the data content itself does not impose limits on the technical process of token generation or encryption thereof.  See response above 
Appellant points to claim 22 limitations of “encrypting first portion and network address using cryptographic key, generating encrypted wallet token based on encrypted first data and first network address, decrypting wallet token so that when the device performs request and receive functions is significantly more.  The examiner disagrees that the generating token based on data and decrypting data is sufficient to transform a claim into patent eligibility.  As discussed above in the independent claims encryption and tokenization of data is a well-known process applied in finance and according to case law manipulation of data without significantly than the stated function and result is insufficient.  Furthermore as discussed above, the data content itself does not impose limits on the technical process of token generation or encryption or decryption thereof.  See response above.  The rejection is maintained. 
Appellant repeats the argument above that providing cryptographically secure mechanisms  where an apparatus generates, stores tokenized data linked to IRL of a device and an application the obtains and provide tokenized data based on network address as claimed represent a technical improvement.  See response above.  
Conclusion
For the above reasons, it is believed that the rejections should be sustained.
Respectfully submitted,
/MARY M GREGG/Examiner, Art Unit 3697                                                                                                                                                                                                        
Conferees:
/CHRISTINE M BEHNCKE/Supervisory Patent Examiner, Art Unit 3697       

/SUE LAO/
Primary Examiner                                                                                                                                                                                                 
Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.