callNotice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
This action is in response to Remarks received 01/02/2026.
Claims 7-8, 12, 13, 15, 18-19, and 21-22 have been amended, claims 23-25 newly added and claims 1-6 and 16-17 previously cancelled.
The claim objection of claim 18 has been withdrawn in light of amendments received 01/02/2026.
Claims 7-15, 18-19, and 21-25 are currently pending and have been examined
Response to Arguments
Applicant's arguments filed 01/02/2026 have been fully considered but they are not persuasive.
Applicant argues claim rejections under 35 USC § 101 stating that the claims are not directed to an abstract idea, even assuming, arguendo, that the claims implicate an abstract idea, the amended claims are clearly integrated into a practical application that improves the functioning of the system and that the claims recite an ordered combination of technical steps that is neither routine nor conventional for autonomous IoT transaction processing; however, the Examiner respectfully disagrees.
Under Step 2A, Prong One, it must be determined whether the claims recite an abstract idea that falls within one or more enumerated categories of patent ineligible subject matter that amounts to a judicial exception to patentability. A claim can recite security operations and still be directed to a commercial interaction. The claim’s focus is deciding whether to authorize/forward a payment, which is a financial transaction risk concept. Labeling the gating decision “security” does not change what the claim is directed to. The substantive operations comparing transaction data to profile rules and conditionally proceeding, are the abstract idea.
Under Step 2A, Prong Two the recited additional elements are evaluated to determine whether they provide an integration of the recited abstract idea into a practical application. (i.e., whether they provide a technological solution). The claim recites the result (authenticate a flag, allow only if authorized) without a specific, non-conventional technical means of achieving it. A claimed security benefit is not the same as a claimed technological improvement. Contrast Finjan/Ancora, which claimed specific mechanisms. The claimed method preventing unauthorized or spoofed autonomous devices from injecting transactions into the payment network describes the desired outcome of applying the rule. The claim does not recite a new anti-spoofing technique, it relies on conventional cryptogram validation to authenticate an embedded value.
Embedding a transaction flag within cryptogram input data merely specifies the information being processed during conventional cryptographic validation and does not improve the operation of the cryptographic validation itself. Performing the authorization determination at an IoT server rather than another network component merely identifies the location at which the abstract idea is carried out and does not improve the functioning of the IoT server itself.
Under the Step 2B analysis, it is determined whether the recited additional elements amount to something "significantly more" than the recited abstract idea to which the claims are directed. (i.e., provide an inventive concept). The “pipeline” is an ordered recitation of conventional steps (validate cryptogram, check rules, forward). Reciting steps in order does not make the combination inventive where each step is conventional and the ordering follows the abstract idea’s own logic. Authenticating a different data field (a flag) using the same conventional cryptographic validation is a change in what is checked, not in how the technology works. This is analogous to applying a known technique to a new data input, not a technical improvement.
In additional, the claims are distinguishable from Ancora because the current claims do not recite a specific technical improvement since the claim does not identify any specific, unconventional technical structure or modification to how cryptography, memory, or the network operates; it embeds a flag in existing cryptogram input and applies a conditional rule. Ancora therefore does not control; Electric Power Group and Alice do.
Applicant’s observation that no rejection under 35 U.S.C. §§ 102 or 103 is presently maintained does not establish that the claims recite an inventive concept for purposes of §101, as the eligibility analysis under Alice Step 2B is distinct form the novelty and obviousness inquiries.
For the above reasoning, the claim rejections under 35 U.S.C. § 101 are maintained.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 7-15, 18-19, and 21-25 rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory patent ineligible subject matter. (See, Alice and MPEP §2106)
In sum, claims 7-15, 18-19, and 21-25 are rejected under 35 U.S.C. § 101 because the claimed invention recites and is directed to a judicial exception to patentability (i.e., an abstract idea) and does not provide an integration of the recited abstract idea into a practical application nor include an inventive concept that is “significantly more” than the recite abstract idea to which the claim is directed. (MPEP §2106)
In determining subject matter eligibility in an Alice rejection under 35 U.S.C. § 101, it is first determined at Step 1 whether the claims are directed to one of the four stator categories of an invention (i.e., a process, a machine, a manufacture, or a composition of matter) (MPEP§2106.03). Here, the claims are directed to the statutory category of a process (claims 7-14, 18-20 and 23-24) and a machine (claims 15, 21, 22 and 25). Therefore, we proceed to Step 2A, Prong 1. (MPEP §2106)
Under Step 2A, Prong One analysis, it must be determined whether the claims recite an abstract idea that falls within one or more enumerated categories of patent ineligible subject matter that amounts to a judicial exception to patentability. (MPEP §2106.04)
At their core, the independent claims recite the abstract idea of evaluating transaction information and authorization criteria to determine whether a payment transaction should proceed. More particularly, the claims recite receiving transaction information, evaluating authorization information associated with the transaction, and determining whether transaction information should be forwarded based upon the evaluation. These concepts fall within certain methods of organizing human activity, namely commercial interactions involving payment authorization.
Here, the recited abstract idea falls within one or more of the three enumerated categories of patent ineligible subject matter (MPEP §2106.04), to wit: certain methods of organizing human activity, which includes the sub-category of commercial interactions involving sales activities or behaviors (e.g., in the claims: facilitating and/or processing a (sales/payment) transaction with a merchant by use of a payment device that may be an internet of things (IoT) device, including determining whether transaction information satisfies authorization criteria prior to transmission (See, Spec. as filed Pg. 3 regarding facilitating or processing a payment transaction including determining whether transaction information satisfies authorization criteria prior to transmission) via use of a device identifier, a transaction cryptogram and a transaction flag associated with the transaction data which are analyzed and the cryptogram is validated, and where a merchant is autonomously selected and the transaction is initiated based on certain IoT device profile data, where the IoT device profile data (consisting of various rules) is stored and retrieved to determine a valid transaction, and where the transaction data is sent to the issuer for payment of the transaction only when the transaction data meets the IoT device profile rules by comparing the transaction data thereto.
Automatically controlling transmission based upon whether predetermined authorization criteria are satisfied merely limits when a transaction proceeds. Such conditional execution of a business rule does not constitute an improvement to computer technology but instead applies the abstract idea using generic computer functionality. The claimed transmission control merely determines whether information is sent after the business-rule evaluation has been completed and therefore does not improve the manner in which the computer, communication network, or cryptographic functions themselves operate.
Under Step 2A, Prong Two the recited additional elements are evaluated to determine whether they provide an integration of the recited abstract idea into a practical application. (i.e., whether they provide a technological solution). (MPEP §2106.04) Here, the recited additional elements, such as: a "processor," an "input circuit", an "output circuit", an "IoT (internet of things server) server", a "token service provider" of the " IoT server", an " IoT device", a "payment device," a "mobile device," a "token issuing entity," and an "issuer entity" to accomplish various functions, do not amount to an inventive concept since the claims are simply using each of these additional elements, which are recited in the claims at a high degree of generality, as a tool to carry out the recited abstract idea (i.e., "apply it") on a computer, using a memory device and/or a database, on a data or a payment or a communication network or exchange, on a display device or user interface, or on another computing device listed above, and/or via software programming, where the additional elements are not being technologically improved but simply perform generic computer data receipt and processing/analysis steps, data storage and communication steps, and/or data outputting/displaying steps such as those typically used in a general purpose computer, a computing system, a display or user interface, and/or a computer or a payment or a communication network.
Although the claims now recite cryptographically authenticating a transaction flag during validation of a transaction cryptogram, this authentication is performed solely for the purpose of determining whether the transaction should proceed. The cryptographic operation is used as a tool in carrying out the abstract commercial interaction and is not itself claimed as an improvement to cryptographic technology, cryptogram generation, authentication algorithms, computer security architecture, or another technology. Rather, the claims merely use conventional cryptographic techniques in their ordinary capacity to verify transaction information before making authorization decision.
The claims do not recite any improvement to the cryptographic authentication process itself, but merely invoke cryptographic authentication as an input to the claimed authorization decision.
Thus, the claims do not provide an integration into a practical application. (See e.g., applicant's Specification at least Pgs. 3 and 8-11, where these "additional elements" described in this paragraph are simply recited in the claims at a high degree of generality, are discussed).
Under the Step 2B analysis, it is determined whether the recited additional elements amount to something "significantly more" than the recited abstract idea to which the claims are directed. (i.e., provide an inventive concept). (MPEP §2106.05) Here, the recited additional elements, identified above in the Step 2A, Prong 2 analysis, do not amount to an inventive concept since, as stated above in the Step 2A, Prong 2 analysis, where the additional elements are not being technologically improved, but rather, the claims are simply using the additional elements as a tool to carry out the abstract idea (i.e., "apply it") on a computer, using a memory device and/or a database, on a data or communication network, or on another computing device listed above, and/or via software programming, where the additional elements are specified at a high level of generality as simply facilitating and/or performing generic computer data receipt and processing/analysis steps, data inputting steps, data storage and communication steps, and/or data outputting/displaying steps such as those typically used in a general purpose computer, a computing or a payment or a communication system or network or exchange, a display or user interface, where the additional elements are being used in the claims to simply implement the abstract idea and are not themselves being technologically improved, and therefore do not provide something "significantly more." (See e.g., MPEP §2106.05 I.A.)
The dependent claims simply further refine and limit the abstract idea recited by the independent claims, from which these claims respectively directly or indirectly depend, where the abstract idea is described above.
Claims 8, 9, 11 and 21 further refine the abstract idea by specifying additional information used in making the authorization determination. For example, the claims require a device identifier that may include a transaction flag or device ID, specify that the transaction flag is included in the transaction cryptogram input data used to calculate the transaction cryptogram, and further define the categories of transaction rules (e.g., approved merchants, transaction amount ranges, transaction frequency, and token domain controls) used to authorize the transaction. These limitations merely define the content of the information and business rules used to evaluate whether a transaction should proceed and therefore do not integrate the judicial exception into a practical application or provide significantly more than the abstract idea.
Claim 10 simply further refines the abstract idea by requiring that the transaction data is a certain type of transaction payment data, and this claim does not add any element or feature that provides an integration into a practical application by providing a technological solution to a technological problem or by technologically improving any recited additional element (which is simply being used to carry out the abstract idea as a "tool" under Step 2A, Prong 2), or include any element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). (See MPEP §§2106.04, 2106.05)
Claim 12 simply further refines the abstract idea by requiring that the IoT device profile is retrieved based on the device identifier data, which is simply data receipt, and this claim does not add any element or feature that provides an integration into a practical application by providing a technological solution to a technological problem or by technologically improving any recited additional element (which is simply being used to carry out the abstract idea as a "tool" under Step 2A, Prong 2), or include any element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). (See MPEP §§2106.04, 2106.05)
Claims 13 and 22 simply further refine the abstract idea by requiring that various transaction conditions and limits for the authenticated IoT device profile to be determined authorized based on the IoT device profile by checking one or more of: checking that the merchant is an approved merchant for the IoT device, checking if a transaction amount of the transaction is within an approved transaction limit, or token usage or device communication conditions, which are simply rules used to determine whether to allow the transaction, and these claims do not add any element or feature that provides an integration into a practical application by providing a technological solution to a technological problem or by technologically improving any recited additional element (which is simply being used to carry out the abstract idea as a "tool" under Step 2A, Prong 2), or include any element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). (See MPEP §§2106.04, 2106.05)
Claim 14 simply further refines the abstract idea by requiring that a transaction notification is sent to an additional element of a mobile device associated with the IoT device additional element, which is simply data transmission to a device, and this claim does not add any element or feature that provides an integration into a practical application by providing a technological solution to a technological problem or by technologically improving any recited additional element (which is simply being used to carry out the abstract idea as a "tool" under Step 2A, Prong 2), or include any element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). (See MPEP §§2106.04, 2106.05)
Claim 18 simply further refines the abstract idea by requiring that the transaction cryptogram is validated such that it is determined that the transaction flag was used to calculate the transaction cryptogram, to validate the transaction, which is simply validating transaction data by analyzing flag and cryptogram data, which is simply transaction data analysis, and this claim does not add any element or feature that provides an integration into a practical application by providing a technological solution to a technological problem or by technologically improving any recited additional element (which is simply being used to carry out the abstract idea as a "tool" under Step 2A, Prong 2), or include any element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). (See MPEP §§2106.04, 2106.05)
Claim 19 simply further refines the abstract idea by requiring that the transaction data is used to identify a token under certain circumstances to validate the transaction, which is simply data analysis using various validation rules, and this claim does not add any element or feature that provides an integration into a practical application by providing a technological solution to a technological problem or by technologically improving any recited additional element (which is simply being used to carry out the abstract idea as a "tool" under Step 2A, Prong 2), or include any element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). (See MPEP §§2106.04, 2106.05)
Claim 20 simply further refines the abstract idea by requiring that the device ID data is used to look up a device type, which is simply data analysis and comparison, and this claim does not add any element or feature that provides an integration into a practical application by providing a technological solution to a technological problem or by technologically improving any recited additional element (which is simply being used to carry out the abstract idea as a "tool" under Step 2A, Prong 2), or include any element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). (See MPEP §§2106.04, 2106.05)
Claim 21 further limits the claimed authorization rules by specifying categories of transaction rules (approved merchants, transaction amount ranges, transaction frequency, and token domain controls). These merely specify the content of the authorization rules used to make the business determination and therefore do not integrate the judicial exception into a practical application.
Claim 23 merely adds detokenizing tokenized payment card data using a token vault prior to transmission. Detokenization is merely another form of data conversion or retrieval that prepares payment information for subsequent processing and does not improve the functioning of the computer or another technology.
Claim 24 further refines the abstract idea by automatically controlling transmission of the transaction data comprises preventing transmission of the transaction data when the authenticated IoT device is not authorized, which is simply a conditional outcome of the rule-based evaluation and does not impose a meaningful limit on the exception. Adding the word “automatically” reflects generic computer automation.
Claim 25 merely performs detokenization before transmitting payment information, which is an additional data processing operation and does not improve computer functionality or network technology.
Thus, neither the independent claims nor the dependent claims, viewed individually and as a whole, including consideration of all the limitations of each claim viewed both individually and in combination, add any additional element or provide any subject matter that provides a technological improvement (i.e., an integration into a practical application) that results in the claims being directed to patent eligible subject matter, nor do the claims provide something significantly more than the recited abstract idea to which the claims are directed.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONY P KANAAN whose telephone number is (571)272-2481. The examiner can normally be reached Monday- Friday 7:30am - 3:30 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matthew Gart can be reached at 5712723955. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/T.P.K./Examiner, Art Unit 3696