PNG
    media_image1.png
    172
    172
    media_image1.png
    Greyscale
United States Patent and Trademark Office
    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 14/957,444
Filing Date: December 2, 2015
Appellant(s): MASTERCARD INTERNATIONAL INCORPORATED



__________________
Jennifer A. Wilson (Reg. No. 62,604)
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed 05/24/2021.
(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 12/23/2020 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”


WITHDRAWN REJECTIONS

       The following grounds of rejection are not presented for review on appeal because they have been withdrawn by the examiner.
The rejection of Claims 6-8, 10, 16-18 and 20 for being rejected under 35 U.S.C. §112(a) as allegedly being indefinite are withdrawn.
The rejection of Claims 6 and 16 for being rejected under 35 U.S.C. §112(b) as allegedly being indefinite are withdrawn.
The rejection of Claims 17 and 18 from paragraph 14, on page 6 of the final Office Action, for being rejected under 35 U.S.C. §112(b) “hybrid claims” are withdrawn.


REJECTIONS UNDER 35 U.S.C. 112

Appellant argues the rejection of Claim 18 reciting the language “generation module” that the Specification discloses that the “processing device” of the validation server is configured to perform the functions. Appellant further argues that the processing device includes a plurality of engines and/or modules specially configured to perform one or more functions of the processing device, such as a querying module 314,validation module 316, generation module 318, transaction processing module 320 and as such the hardware component associated with the “generation module” is the “processing device.”
Examiner respectfully disagrees as the Specification does not describe the algorithm of the generation module in sufficient detail. Even though, paragraph [0056] of the Applicant’s Specification discloses a processing device may include a plurality of engines and/or modules specially configured to perform one or more functions of the processing device, such as a querying module 314, validation module 316, generation module and also describes that the term module may be software or hardware particularly programmed to receive an input, perform one or more processes using the input, and provide an output and paragraph [0049] of the Applicant’s Specification  describes the generation module  may apply one or more cryptogram generation algorithms (e.g., specified by the validation module 104 when issuing the key(s)) to a key to generate a token requestor validation cryptogram), however it is not clear from the Applicant’s Specification  of how the generation module is generating the COF entity validation cryptogram on a basis of the key. The cryptogram generation algorithms are not sufficiently described. Therefore the term “module” is a nonce term and is a means plus function limitation that invoke 35 U.S.C. §112, sixth paragraph. The written description fails to clearly link or associate the disclosed structure to the claimed function such that one of ordinary skill in the art would recognize what structure performs the claimed function.

REJECTIONS UNDER 35 U.S.C. §103

 	Appellant argues that Claims 6, 9, 10, 16, 19 and 20 are patentable over Dill and Bishop. Specifically, for independent Claim 6, the Appellant argues that the combination of Dill and Bishop does not disclose the limitation:
(a) storing, in a COF entity memory device of a
processing server, a plurality of COF entity
profiles, wherein each COF entity profile
includes...at least (i) a COF token identifier, (ii)
at least one token requester identifier (TRID)
associated with a COF entity server of the COF
entity, and (iii) a COF-specific payment token...

 	Appellant further argues that Bishop does not disclose or suggest that the processing server stores a plurality of COF entity profiles in which each profile includes three specific pieces of information: (1) a COF token identifier, (2) at least one token requester identifier (TRID) associated with a COF entity server of the COF entity, and (3) a COF-specific payment token. Appellant believes that the cited paragraphs of Bishop [0062], [0075] and [0078] do not disclose or suggest a COF (Card-on-File) token identifier and a COF (Card-on-File)-specific payment token.
 	Examiner respectfully disagrees as paragraph [0062] of Bishop clearly discloses that a specific registration of the purchaser and seller takes place with the transaction mechanism. During the purchaser registration, the purchaser provides suitable financial account information, such as card information and suitable purchaser identification information. The purchaser identification and/or account information includes any suitable information related to the purchaser and/or the account, such as any one or more of the following: name, address, demographic information, social security number, telephone number, account number, account expiration date, personal identification number associated with the account, date of birth, mother's maiden name, spending habit information, billing history information, credit history information, and/or any additional information which might identify the purchaser and the purchaser's financial account. Now during seller registration, the seller also provides suitable financial account information and suitable identification information relating to an account, such as an appropriate card or demand deposit account for example, at the seller's financial institution. The provided seller's identification information can be used for subsequent authentication. Examiner will further clarify and bring to notice that the Applicant’s Specification, paragraph [0030] discloses that the COF token identifier is the merchant-specific identifier.  Now the cited reference Bishop in paragraph [0078] discloses that the seller provides the transaction mechanism with registration information to identify the seller and to identify the seller's appropriate financial account. The seller's registration information may include any suitable information, such as the seller's name, location or address, social security number (if appropriate), federal employer identification number, financial account number, financial institution, and/or any other suitable information that may be pertinent to a funds transfer transaction. Therefore, based on paragraph [0078] of Bishop, the COF token identifier can be represented by either the seller’s social security number or financial account number which represents a merchant- specific identifier. 
  	Examiner will further disagree to the argument that Bishop does not disclose a COF (Card-on-File)-specific payment token. According to paragraph [0047] of the Applicant’s Specification, the COF (Card-on-File)-specific payment token may be identified based on data submitted by the consumer 108, such as account information (e.g., used for authentication, such as a username, password, e-mail address, etc.). As disclosed previously, in paragraph [0062] of Bishop, the purchaser preferably provides suitable financial account information, such as card information and the purchaser identification and/or account information includes any suitable information related to the purchaser and/or the account. The purchaser can provide name, address, demographic information, social security number, telephone number, account number, account expiration date, personal identification number associated with the account, date of birth, mother's maiden name, spending habit information, billing history information, credit history information, and/or any additional information which might identify the purchaser and the purchaser's financial account. Therefore, based on paragraph [0062] of Bishop, the COF (Card-on-File)-specific payment token can be represented by either the account number or the personal identification number associated with the account which can be used for authentication.
 	Appellant argues that the combination of Dill and Bishop does not disclose the limitation in independent Claim 6:
(b) executing, by the processing device of the
   	processing server, a query on the token memory
device and identifying...a specific token profile
where the COF-specific payment token included
in the specific token profile corresponds to the
specific COF-specific payment token stored in the
first data element included in the received
transaction message...

Appellant argues that paragraphs [0055], [0063], [0064], [0092], [0104] and [0105] of Dill do not disclose or suggest that upon receiving an authorization request message, the entity executes a query on a COF entity memory device and identifies a specific COF entity profile based on a correspondence between the COF token identifier included in the specific COF entity profile and the specific COF token identifier included in the authorization request message. 
Examiner respectfully disagrees that Dill discloses in paragraphs [0055], [0063], [0064], [0092], [0104] that a process of authentication will take place where credentials of an endpoint can be verified to ensure that the end point is who they are declared to be by the AVS and CAVV data presented for identity and verification process may only be used for authentication. Dill further discloses that the network token system may authenticate the consumer and/or the PAN before generating and supplying a token to the consumer. Specifically, paragraph [0063] of Dill discloses that an authorization request message may comprise identification information such as a CVV (card verification value) and transaction information such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, etc., as well as any other information that may be utilized in determining whether to identify and/or authorize a transaction. Now additionally, Examiner had cited paragraphs [0063] and [0064] of Bishop to disclose “executing, by the processing device of the processing server, a query on the token memory device and identifying, as a result of said query execution on the token memory device, a specific token profile where the COF-specific payment token included in the specific token profile corresponds to the specific COF-specific payment token stored in the first data element included in the received transaction message”. According to paragraph [0063] of Bishop, the purchaser or seller will initate the transfer of funds by providing transaction information such as identification information regarding one or both of the purchaser and the seller, terms of the transaction, which can include suitable account information, the date and time of the transaction, the amount of the funds transfer, a description of the goods, services, or other value, any escrow terms to the transaction mechanism. Then according to paragraph [0064] of Bishop, the transaction mechanism authenticates the seller or purchaser to ensure that they are the appropriate owners of their respective accounts. The purchaser’s financial institution provides the transaction mechanism which financial institution is able to perform suitable risk management functions, such as suitable credit risk and/or fraud risk analyses. The transaction mechanism is able to perform credit risk and fraud risk analyses via the financial institution. Now when the transaction mechanism is provided by the purchaser’s financial institution, the information such as historical transactional records, account records, and/or the like easily can be reviewed to determine whether a credit or fraud risk exists. Examiner believes that these cited paragraphs of Dill and Bishop are sufficient and present an ample amount evidence to conclude that a query is being conducted on the token memory device and COF memory device. 
 	However, Examiner will further clarify and present further evidence from Bishop of how the transaction mechanism is able to perform credit risk and fraud risk analyses via the financial institution. Paragraph [0083] of Bishop discloses that the transaction mechanism determines whether a transaction is acceptable by utilizing the transaction information and the purchaser and/or seller registration information to execute a fraud analysis. Since the transaction mechanism is maintained by the card issuer, the card issuer maintains a history of the purchaser's card transactions and the card transaction history is stored along with the purchaser registration information in the customer information records. Now using this historical information, the risk management module of the transaction mechanism can perform a fraud analysis by executing a fraud detection program or mechanism to determine whether the current transaction, or current transaction in view of recent transactions, is indicative of fraud.  Secondly, Bishop further discloses in paragraph [0084] that the determination regarding the acceptability of the transaction involves credit analysis which consists a comparison of the user identifiers of either/both the purchaser and the seller with the user identifiers stored in the storage device to determine whether the transaction is acceptable. After identifying the parties entering the transaction. Paragraph [0089] of Bishop also discloses that the transaction mechanism may then suitably perform to compare the user identifiers of either/both the purchaser and the seller to the user identifiers stored in the storage device in an additional effort to determine whether the transaction is acceptable. Additionally, Examiner will reference paragraph [0077] of Bishop that a user identifier can comprise any number or combination of letters, digits, or other characters. Therefore, the Examiner believes that these cited paragraphs of Dill and Bishop are sufficient and present an ample amount evidence to conclude that a query is being conducted on the token memory device and COF memory device. 
 	Appellant argues that the combination of Dill and Bishop does not disclose the limitation in independent Claim 6:
c) 	validating, by the processing device of the
processing server, the specific COF entity related
to the identified specific COF entity profile, from
which the transaction message is received, as
genuine based on a correspondence between (i)
the at least one TRID included in the identified
specific COF entity profile and the specific TRID
stored in the third data element included in the
received transaction message or (ii) the COFspecific
payment token included in the specific
token profile and the specific COF-specific
payment token stored in the first data element
included in the received transaction message...


Appellant argues that paragraphs [0064] and [0075] of Bishop do not disclose validating a specific COF entity as genuine “based on a correspondence between (1) the at least one TRID included in the identified specific COF entity profile and the specific TRID...included in the received transaction message or (ii) the COF-specific payment token included in the specific token profile and the specific COF-specific payment token...included in the received transaction message,”.
Examiner respectfully disagrees as based on paragraph [0064] of Bishop, transaction mechanism through a suitable financial institution which preferably maintains and operates the transaction mechanism, to perform credit risk and fraud risk analyses by using information such as historical transactional records, account records, and/ or the like easily can be reviewed to determine whether a credit or fraud risk exists and to eventually authenticate the seller and/or the purchaser. Paragraph [0075] further discloses that by performing authentication, credit risk, and/or fraud risk analyses, and determining whether the transaction is acceptable, funds can be debited from a purchaser's financial account if the transaction is acceptable, or the funds can be held in an escrow account or the funds can be released from the escrow account and disburse the funds to the seller's financial account and credit the funds to a seller's financial account. Examiner concludes that Bishop is sufficient to disclose “validating a specific COF entity as genuine…”.

It is believed that the rejections should be sustained.

/ZEHRA RAZA/Examiner, Art Unit 3685


Conferees:

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685

/Mohammad A. Nilforoush/Primary Examiner, Art Unit 3685                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     
                                                                                                                                                                                                                                  
Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.