DETAILED ACTION

Status of Claims

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. § 102 and § 103 (or as subject to pre-AIA  35 U.S.C. § 102 and § 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This action is in reply to the response and/or arguments filed for Application 16/842,283 filed on 7 April 2020.
Claims 1-20 are currently pending and have been examined.

Claim Rejections – 35 USC § 112

The following is a quotation of 35 U.S.C. § 112, second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 10-18 are rejected under 35 U.S.C. § 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention. 

With regard to independent claim 10, the claim is directed to a system (“A server system, the server system comprising…”). However, the system is also used to describe a limitation (“A processor communicably coupled to the communication interface, the memory and the HSM, the processor configured to execute the instructions to cause the server system to …”). This is improper as the “(server) system” is not fully defined.  In other words, by being directed to the “system” (preamble) and also referring to itself in the body of the claim, the claim violates a most basic rule of logic - it is 

The claim further recites “A processor communicably coupled to the communication interface, the memory and the HSM, the processor configured to execute the instructions to cause the server system to …”. However, it is unclear where in any of the preceding claims, a server system is recited. As such the claim is rejected for lack of sufficient antecedent basis. 

A preamble is generally not accorded any patentable weight where it merely recites the purpose of a process or the intended use of a structure, and where the body of the claim does not depend on the preamble for completeness but, instead, the process steps or structural limitations are able to stand alone. See In re Hirao, 535 F.2d 67, 190 USPQ 15 (CCPA 1976) and Kropa v. Robie, 187 F.2d 150, 152, 88 USPQ 478, 481 (CCPA 1951). Lack of recitation of a machine in the preamble with an absence of a machine also in the body of the claim fails to make the claim statutory under 35 USC 101. Note the Board of Patent Appeals Informative Opinion Ex parte Langemyer et al. (Appeal 2008-1495). As such the claim lacks proper antecedent basis.

Dependent claims 11-18 are rejected based upon their dependency upon rejected independent claim 10. 

Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 

In the instant case, claim 1 is directed towards facilitating providing microservices for cryptographic operations to a plurality of customer applications. Claim 1 is directed to the abstract idea of using rules and/or instructions to facilitate performing computer-related activities (e.g., verification, validation, updating, configurating, etc.) while merely transmitting data/information in an automatic manner, which is grouped under the certain methods of organizing human activity – fundamental economic principles, practices or concepts; (including following rules or instructions) grouping, in prong one of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance). Claim 1 recites: “… receiving, … , a cryptographic service request from at least one application of a plurality of applications …, the cryptographic service request at least comprising a cryptographic operation to be performed and a cryptographic keys index, wherein the cryptographic keys index is an identifier of the at least one application of the plurality of applications; generating, … , a cryptographic operation command for the cryptographic operation; sending, … , the cryptographic operation command to a Hardware Security Module (HSM) communicatively connected …, the HSM configured to perform the cryptographic operation; receiving, …, a response from the HSM for the performed cryptographic operation; and, sending, … , the response for the performed cryptographic operation to the at least one application of the plurality of applications …”. Accordingly, the claim recites an abstract idea (See 2019 Revised Patent Subject Matter Eligibility Guidance).

This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of the claim such as a “server system”, “network communication channel”, represent the use of a computer as a tool to perform an abstract idea and/or does no more than generally link the abstract idea to a particular field of use. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to (i.e. automate) implement the acts of using rules and/or instructions to facilitate performing computer-related activities (e.g., verification, validation, updating, configurating, etc.) while merely transmitting data/information in an automatic manner.

When analyzed under step 2B (See 2019 Revised Patent Subject Matter Eligibility Guidance), the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception itself.  Viewed as a whole, the combination of elements recited in the claims merely describe the concept of using rules and/or instructions to facilitate performing computer-related activities (e.g., verification, validation, updating, configurating, etc.) while merely transmitting data/information in an automatic manner using computer technology. Therefore, the use of these additional elements does no more than employ a computer as a tool to automate and/or implement the abstract idea, which cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). 

Hence, claim 1 is not patent eligible.

Independent claim 10 recites substantially the same limitations as claim 1 above and are ineligible for the same reasons. The subject matter of claim 10 corresponds to the subject matter of claim 1 in terms of a system (e.g., machine). Therefore the reasoning provided for claim 10 applies to claim 1 accordingly.

Independent claim 19 recites substantially the same limitations as claim 1 above and are ineligible for the same reasons. The subject matter of claim 19 corresponds to the subject matter of claim 1 in terms of a method (e.g., process. Therefore the reasoning provided for claim 19 applies to claim 1 accordingly.

Dependent claims 2-9, 11-18 and 20 add further details and contain limitations that narrow the scope of the invention. However, these details do not result in significantly more than the abstract idea itself. As explained in the December 16, 2014 Interim Eligibility Guidance from the USPTO (in reference to the BuySAFE, Inc. v. Google, Inc. decision), further narrowing the details of an abstract idea does not change the § 101 analysis since a more narrow abstract idea does not make it any less abstract. 

Viewed individually and in combination, these additional elements do not provide meaningful limitations to transform the abstract idea such that the claims amount to significantly more than the abstraction itself.

Accordingly, the present pending claims are not patent eligible and are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.

Claim Rejections – 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office Action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over French, US ,530,011 (“French”), in view of Kancharla et al., US 2016/0149877 (“Kancharla”).

Re Claim 1: French discloses a computer-implemented method, comprising: 

receiving, by a server system, a cryptographic service request from at least one application of a plurality of applications over a network communication channel,  (Abstract; FIG. 4; C2 L57-60)

the cryptographic service request at least comprising a cryptographic operation to be performed and a cryptographic keys index, wherein the cryptographic keys index is an identifier of the at least one application of the plurality of applications;  (C2 L50-57; C34 L37-43)

Regarding the limitation(s) comprising:

generating, by the server system, a cryptographic operation command for the cryptographic operation; 

sending, by the server system, the cryptographic operation command to a Hardware Security Module (HSM) communicatively connected to the server system, the HSM configured to perform the cryptographic operation; 

Kancharla makes these teachings in a related endeavor (Abstract; ¶¶[0002, 0012, 0015]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kancharla with the invention of French as disclosed above for the motivation of supporting accessible secured key management services.  

French further discloses:

receiving, by the server system, a response from the HSM for the performed cryptographic operation; (C4 L38-57; C22 L4-21) 

sending, by the server system, the response for the performed cryptographic operation to the at least one application of the plurality of applications over the network communication channel. (Abstract; C4 L38-50; C22 L4-21)
Re Claim 2: French in view of Kancharla discloses the method as claimed in claim 1. French further discloses:

maintaining one or more cryptographic keys of the at least one application of the plurality of applications in a database, the one or more cryptographic keys identified using the cryptographic keys index received in the cryptographic service request; 

fetching the one or more cryptographic keys based on the cryptographic operation to be performed; 

sending the fetched one or more cryptographic keys along with the cryptographic operation command to the HSM; and 

receiving the response from the HSM for the performed cryptographic operation, the cryptographic operation performed by the HSM the using the one or more cryptographic keys. 

(¶¶[C4 L1-5; C20 L11-35, L49-57])
Re Claim 3: French in view of Kancharla discloses the method as claimed in claim 2. French further discloses:

wherein for the cryptographic operation being a translation of the one or more cryptographic keys from encrypted under an old Local Master Key (LMK) to be encrypted under a new Local Master Key (LMK), further comprising: 

fetching the one or more cryptographic keys from the database; 

sending the one or more cryptographic keys to the HSM for encrypting under the new LMK; and 

sending the one or more cryptographic keys encrypted under the new LMK to the at least one application. 

(¶¶[C3 L18-21; C4 L23-24, L31-34])
Re Claim 4: French in view of Kancharla discloses the method as claimed in claim 1. French further discloses:

receiving one or more cryptographic keys of the at least one application of the plurality of applications along with the cryptographic service request; 

sending the one or more cryptographic keys along with the cryptographic operation command to the HSM; and 

receiving the response from the HSM for the performed cryptographic operation, the cryptographic operation performed by the HSM the using the one or more cryptographic keys. 
(¶¶[C4 L1-5; C20 L11-35, L49-57])
Re Claim 5: French in view of Kancharla discloses the method as claimed in claim 4. French further discloses:

wherein for the cryptographic operation being a translation of the one or more cryptographic keys from encrypted under an old Local Master Key (LMK) to be encrypted under a new Local Master Key (LMK), further comprising: 

receiving the one or more cryptographic keys encrypted under the old LMK along with the cryptographic service request; 

sending the one or more cryptographic keys encrypted under the old LMK to the HSM for encrypting under the new LMK; and 

sending the one or more cryptographic keys encrypted under the new LMK to the at least one application. 
(¶¶[C15 L10-40; C17 L15-25])

Re Claim 6: French in view of Kancharla discloses the method as claimed in claim 1. French further discloses:

wherein the cryptographic operation is one of a Personal Identification Number (PIN) verification, a Card Verification Value (CVV) verification, an Authorization Response Code (ARC) verification, an Authorization Response Cryptogram (ARPC) generation, an Authorization Request Cryptogram (ARQC) validation and a PIN translation. 
(¶¶[C2 L23-27; C17 L39-47])

Re Claim 7: French in view of Kancharla discloses the method as claimed in claim 1. French further discloses:

wherein the cryptographic operation comprises testing one or more complex cryptographic functionalities of the HSM as a tester tool and wherein the one or more complex cryptographic functionalities of the HSM are one of an AKDS, an HSM Key block, an EMV issuing script, a Payment Card Industry (PCI) Mandate, a Terminal Line Encryption (TLE), a Secure Sockets Layer (SSL) protocol, and a Derived Unique Key per Transaction (DUKPT). 
(¶¶[C4 L11-16; C5 L38-47; C16 L25])

Re Claim 8: French in view of Kancharla discloses the method as claimed in claim 1. French further discloses:

authenticating the at least one application prior to processing the cryptographic service request. 
(¶¶[C5 L21-24; C6 L41-46])

Re Claim 9: French in view of Kancharla discloses the method as claimed in claim 1. French further discloses:

wherein the cryptographic service request further comprises an HSM LMK identifier, the HSM LMK identifier initially shared by the server system with the at least one application of the plurality of applications for facilitating a corresponding HSM to the at least one application for performing the cryptographic operation. 

(¶¶[C11 L53-54; C12 L14-19])

Re Claim 10: Claim 10, as best understood by the Examiner, encompasses the same or substantially the same scope as claim 1. Accordingly, claim 10 is rejected in the same or substantially the same manner as claim 1.

Re Claim 11: Claim 11, as best understood by the Examiner, encompasses the same or substantially the same scope as claim 2. Accordingly, claim 11 is rejected in the same or substantially the same manner as claim 2.

Re Claim 12: Claim 12, as best understood by the Examiner, encompasses the same or substantially the same scope as claim 3. Accordingly, claim 12 is rejected in the same or substantially the same manner as claim 3.

Re Claim 13: Claim 13, as best understood by the Examiner, encompasses the same or substantially the same scope as claim 4. Accordingly, claim 13 is rejected in the same or substantially the same manner as claim 4.

Re Claim 14: Claim 14, as best understood by the Examiner, encompasses the same or substantially the same scope as claim 5. Accordingly, claim 14 is rejected in the same or substantially the same manner as claim 5.

Re Claim 15: Claim 15, as best understood by the Examiner, encompasses the same or substantially the same scope as claim 6. Accordingly, claim 15 is rejected in the same or substantially the same manner as claim 6.

Re Claim 16: Claim 16, as best understood by the Examiner, encompasses the same or substantially the same scope as claim 7. Accordingly, claim 16 is rejected in the same or substantially the same manner as claim 7.

Re Claim 17: Claim 17, as best understood by the Examiner, encompasses the same or substantially the same scope as claim 8. Accordingly, claim 17 is rejected in the same or substantially the same manner as claim 8.

Re Claim 18: Claim 18, as best understood by the Examiner, encompasses the same or substantially the same scope as claim 9. Accordingly, claim 18 is rejected in the same or substantially the same manner as claim 9.

Re Claim 19: Claim 19, as best understood by the Examiner, encompasses the same or substantially the same scope as claim 1. Accordingly, claim 19 is rejected in the same or substantially the same manner as claim 1.

Re Claim 20: French in view of Kancharla discloses the method as claimed in claim 19. French further discloses:

wherein the network communication channel established between the payment server and the application is through a web service call using a Hyper Text Transfer Protocol Secure (HTTPS). 

(¶[C6 L41-46])


Conclusion

Claims 1-20 are rejected.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Clifford Madamba whose telephone number is 571-270-1239. The examiner can normally be reached on Mon-Thu 7:30-5:00 EST Alternate Fridays.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II, can be reached at 571-272-6709. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/CLIFFORD B MADAMBA/Primary Examiner, Art Unit 3692