DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
The amendment filed 26 January 2026 has been entered. Applicant amended claims 1, 4, 6, 10, 15, and 21, previously cancelled claims 11-12 and 22. Accordingly, claims 1-10, 13-21, and 23 remain pending.
Response to Arguments
Applicant's arguments filed 26 January 2026 have been fully considered but they are not persuasive.
Applicant’s remarks
On pages 8-9 of the Office Action, the Examiner cited paragraphs 27, 29, 44, 47, 50, and 105 of Reid as allegedly teaching "an integrity token that verifies that the software application was installed on the client device and that the attribution token was generated by an authentic client device, the integrity token comprising payload data comprising a verdict of trustworthiness that indicates whether the client device is trustworthy and a first digital signature of the payload data generated by a trusted evaluator that assigned the verdict of trustworthiness to the client device." These portions of Reid discuss a "postback data structure" that includes "an attribution signature that attests to the validity of the attribution data included in the postback data structure"… an attribution signature is not the same as the claimed integrity token. For example, the attribution signature is only a signature and does not include the "payload data comprising a verdict of trustworthiness that indicates whether the client device is trustworthy," as required by claim 1.
Examiner’s remarks
Upon review of the prior art, the postback data in Reid is the integrity token. The integrity token/postback data comprises payload data such as an ad-network-id that identifies the ad network, a transaction-id for the postback, a campaign-id that identifies the ad campaign, the app-id that identifies the app that was advertised and purchased (App B), and an attribution signature that attests to the validity of the conversion attribution. Paragraph 105 of Reid discloses the attribution signature can be generated based on the attribution data using a signing key that is associated with the application store and/or a server of the application store. The attribution signature can be verified by the advertisement network to determine the validity of the attribution data and prevent fraudulent or counterfeit attributions from being included in the metrics generated for the advertisement campaign.
Applicant’s remarks
In addition, Reid does not disclose that the "attribution signature" is generated by a "trusted evaluator that determines the verdict of trustworthiness based on fraud signals received from the client device." Instead, paragraph 105 of Reid merely indicates that verification of the signature can prevent fraudulent attributions. There is nothing in the relied upon portions of Reid that discuss "a trusted evaluator" assigning a "verdict of trustworthiness to the client device" based on "on fraud signals received from the client device," as recited by claim 1, or a signature that is generated based on the verdict.
Examiner’s remarks
In the rejection, Deliwala was relied upon to teach trusted evaluator. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Applicant’s remarks
The Examiner cited paragraphs 44, 91, 107, 120, and 123 of Brown as allegedly teaching "obtaining (i) impression data for each of one or more provisions, at the client device, of one or more digital components that reference the software application and (ii) interaction data for each of one or more user interactions with at least one of the one or more digital components that reference the software application, wherein the one or more digital components comprise the given digital component." On page 5, the Examiner likened a "purchase price for application" to the claimed impression data. The purchase price of an application is not the same as "impression data for a presentation of a digital component" that "comprises data describing the presentation of the digital component," as recited by amended claim 1.
In view of the foregoing, reconsideration and withdrawal of this rejection of claim 1 and its dependent claims are respectfully requested.
Examiner’s remarks:
Impression data can encompass a broad range of content and purchase price for an application as taught by Brown does not prevent the teachings of impression data. In the office action, the examiner also disclosed device information as being impression data. Paragraph 44 discloses what the device information entails associated with the end user computing device when one or more events/interactions occur(s) (such as when the application is installed or executed). The tracking SDK collect the device information association with the computing device, and the collected information may include a package name value that identifies the installed application. Paragraph 107 also reveal the collected information can include IFA value and site ID value. Paragraph 120 reveals the tracking SDK collected the information whenever one or more selected application events occurs, in-app events include level-ups, in-app purchases, user interactions with interface elements, account creations. See also paragraph 123, which reveal the information includes impression data (purchase price for application).
Applicant’s arguments with respect to the amended limitation "impression data for a presentation of a digital component" that "comprises data describing the presentation of the digital component” in the independent claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-3, 5, 7-10, 13-14, 16-21, and 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brown US 20150310485 (hereinafter Brown), in view of Reid et al US 20210400023 (hereinafter Reid), in further view of Deliwala et al US 20160379208 (hereinafter Deliwala), and in further view of Wang et al US 20190340184 (hereinafter Wang).
As to claim 1, Brown teaches a computer-implemented method (Figures 3 and 8 disclose methods) comprising:
providing, at a client device, a given digital component comprising a reference to a software application (Figure 3, reference number 310 “Receive Modified Advertisement” and paragraph 80 disclose the end user computing device receives the modified advertisement pushed to the end user computing device by the advertisement providing computing device (paragraph 76 discloses the advertisement providing computing device may include one or more of the Advertisers/Merchants, Mobile Advertising Networks, and Mobile Advertising Publishers). Paragraph 73 reveals the advertisement is embedded with a tracking link to create the modified advertisement. Paragraphs 64-65 disclose the tracking link is a link that sends a user computing device to an application provider site to obtain the application relating to the advertisement . Paragraph 58 disclose the advertisement is associated with an installable application available for download on an end user computing device);
detecting, at the client device, a user interaction with the given digital component that initiates installation of the software application on the client device (Figure 3, reference number 325 “Selected”; paragraph 82 discloses the end user computing device determines whether the end user has selected/interacted with the modified advertisement, and paragraphs 83, 88-89 reveal the interaction involves selecting the embedding link in the advertisement, and the embedded link within the advertisement redirects the end user computing device to an address associated with the advertisement, where the end user may decide to install the application);
installing, at the client device, the software application (Figure 3, reference number 350 “Install” and reference number 360 “Install Application”; paragraphs 89-90 disclose the end user computing device determines whether the end user has decided to install the application, and when the decision is yes to install the application, the end user may use the user interface of the end user computing device to purchase, download, and/or install the application);
obtaining (i) impression data for each of one or more presentations, at the client device, of one or more digital components that show content related to the software application and (ii) interaction data for each of one or more user interactions with at least one of the one or more digital components that show content related to the software application, wherein the one or more digital components comprise the given digital component (paragraph 91 discloses when the install application is first used/installed, a tracking SDK causes the end user computing device to obtain device information/impression data (paragraph 44 discloses what the device information entails) associated with the end user computing device when one or more events/interactions occur(s) (such as when the application is installed or executed). The tracking SDK collect the device information association with the computing device, and the collected information may include a package name value that identifies the installed application. Paragraph 107 also reveal the collected information can include IFA value and site ID value. Paragraph 120 reveals the tracking SDK collected the information whenever one or more selected application events occurs, in-app events include level-ups, in-app purchases, user interactions with interface elements, account creations. See also paragraph 123, which reveal the information includes impression data (purchase price for application) and interaction data (an indication of whether re-engagement has been enabled for the in-app event, package name value to identify the application);
assigning, by applying an attribution model to the presentation data and the interaction data, respective attribution credits for the installation of the software application to one or more entities that provided the one or more digital components (Figure 8, reference number 465 “Assign Credits…” based on steps 440/450 of the received information from user device, see paragraph 106, information sent by the tracking SDK; paragraphs 110 and 114 reveal assigning credits to the advertisement provider/entity based on matchings the collected information of the impression data and the interaction data according to search criteria/models (see paragraphs 106-107, and 113));
for each entity, generating an attribution token comprising (paragraph 134 discloses for the ad provider, an attributed install credit (which is a token) is assigned. Paragraph 117 further reveals for each ad provider, a post-back record is provided, which is a copy of the tracking information recorded on the tracking server. This tracking information includes user click records, application installation records, and ad provider records, see paragraph 45. In computing programming a record can be considered a token when referring to a data structure that represents a collection of related data field. Therefore, the post-back record is considered the attribution token),
data identifying the software application (paragraphs 7, 44, and 162 reveal the user click record and install record include site ID value and the package name value each identifying the application),
data identifying the respective attribution credit assigned to the entity (paragraph 86 discloses the ad provider record is updated to reflect the credit earned by the ad provider), and
[a credit/integrity token that indicates via matching condition criteria] the software application was installed on the client device (paragraphs 107-108, 110, 113 further disclose matching the application installed record with information stored in the user click records using search criteria. A matching is performed using the device identifier (or device fingerprint) and the site ID/package name value between the user click record and the application installation record must match. Thus verifying the application installation record/token was generated by the client device according to the device ID and the software application as installed on the client device. When there is a match, the tracking engine assigns credit for conversion from a click to an installed. Paragraphs 115 and 117 disclose recording organic install/integrity token in the tracking information to indicate that the installation occurred on the client device without matching a user click record. The information is updated in the application installation record); and
[hash] of the data identifying the software application, the data identifying the respective attribute credits assigned to the entity and the [credit/integrity token] (paragraph 64 discloses the device information, destination address (data identifying software application), and/or the tracking link may be associated with an indicia, such as the site ID and/or the campaign ID. Any or all of these values may be hashed and the hash value included in the tracking link instead of the values themselves); and
providing the attribution token to one or more recipients (paragraph 117 further reveals for each ad provider, a post-back record is provided, which is a copy of the tracking information recorded on the tracking server. This tracking information the application installation records, see paragraph 45).
Brown does not teach wherein the impression data for a presentation of a digital component comprises data describing the presentation of the digital component; an integrity token that verifies that the software application was installed on the client device and that the attribution token was generated by an authentic client device, the integrity token comprising payload data comprising a verdict of trustworthiness that indicates whether the client device is trustworthy and a first digital signature of the payload data generated by a trusted evaluator that assigned the verdict of trustworthiness to the client device, wherein the integrity token is generated by the trusted evaluator that determines the verdict of trustworthiness based on fraud signals received from the client device; and a second digital signature of the data identifying the software application, the data identifying the respective attribution credits assigned to the entity, and the integrity token.
Reid teaches an integrity token that verifies that the software application was installed on the client device and that the attribution token was generated by an authentic client device, the integrity token comprising payload data comprising a verdict of trustworthiness that indicates whether the client device is trustworthy and a first digital signature of the payload data generated by a trusted evaluator that assigned the verdict of trustworthiness to the client device (paragraphs 29 and 105 disclose post-back data which is the integrity token. The post-back comprises the app-id, which is the data identifying the software application, a campaign id that identifies the ad campaign and transaction id, which are data identifying the respective attribution credits, and an attribution signature which is the integrity token. Paragraph 105 further reveals the attribution signature is generated based on attribution data (payload data) using a signing key of the App Store server/trusted evaluator that attests to the validity of the attributed data from the electronic device, thus, attests to the trustworthiness of the client device and the post-back data . The attribution data is determine based on the post-back logic made by the App Store server (paragraphs 44 and 47). The attribution signature can be verified by the advertisement network to determine the validity of the attribution data and prevent fraudulent or counterfeit attributions from being included in the metrics generated for the advertisement campaign. Paragraph 58 discloses the specific set of data that is included in the post-back data is adjusted to limit the likelihood that the data will leak user information. Paragraph 50 further reveals performing operations to verify the post-back data using signatures (integrity tokens) to ensure that the post-back data contains legitimate post-back data from the user device); a second digital signature of the data identifying the software application(paragraph 27 reveals an ad signature is applied to an ad, wherein the ad includes an app id/data identifying the software application).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify Brown’s post-back record/attribution token with Reid’s post-back record which includes digital signature data for verification of the installation of the software application and the legitimacy of the post-back data to prevent fraudulent or counterfeit attributions and ensure that the post-back data has not been fabricated or altered (paragraphs 50 and 105 of Reid).
The combination of Brown in view of Reid does not teach wherein the impression data for a presentation of a digital component comprises data describing the presentation of the digital component and wherein the integrity token is generated by the trusted evaluator that determines the verdict of trustworthiness based on fraud signals received from the client device
Deliwala teaches wherein the integrity token is generated by the trusted evaluator that determines the verdict of trustworthiness based on fraud signals received from the client device (paragraph 31 disclose wallet provider cloud/trusted evaluator generates the integrity token/payload data. Paragraphs 25-26 disclose the wallet provider attest whether the client device is secure by executing a function call to a security library installed on the user device to detect irregularities that may indicate the user device has been comprised. The irregularities are the fraud signals from the client device) ; and a second digital signature of the data identifying the software application, the data identifying the respective attribution credits assigned to the entity, and the integrity token (paragraph 32 reveals wallet provider cloud compute a signature on the payment payload, wherein the payment payload per paragraph 31 comprises appending the token, token expiry, unpredictable number, MUN, and/or ATC to the in-app payment cryptogram).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the second signature and integrity token in Brown’s teaching of the attribution token in view of Reid’s post-back record with Deliwala’s teachings of the integrity token/payload data and second signature to minimize the security risks of theft and fraud for in-application or in-browser purchases (paragraph 4 of Deliwala).
The combination of Brown in view of Reid and Deliwala does not teach, but Wang teaches wherein the impression data for a presentation of a digital component comprises data describing the presentation of the digital component (paragraphs 25-36 disclose a presentation data database that includes information related to the digital content presentation on the client devices such as copies of digital content (e.g., images, videos, audio, computer games, text, messages, and/or offers) and records of the digital content presentations and user interactions with the digital content presentations. The records can include, for example, a client device identifier (also referred to as device ID), an IP address (e.g., for a client device), a device geographical location (e.g., city, state, and/or country), a user agent identifier (e.g., a browser identifier), a timestamp (e.g., corresponding to a time at which the installation occurred), a publisher identifier (e.g., identifying the publisher that presented content related to the installation, such as content that the user selected to initiate the installation), a content identifier (e.g., an identification of a specific video or image), a content type (e.g., image, video, audio, computer game, etc.), a website identifier (e.g., identifying an app store or other website), a history of user interactions with content presentations (e.g., a record of clicks or other user selections on the client device), and any combination thereof). Digital content (e.g., from the presentation data database) can be presented on the client devices using a plurality of publishers. Paragraph 9 discloses calculate the weight for each content presentation which involves determining a type of content associated with the content presentation wherein the type of content includes one of image content, video content, or playable content).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the second signature and integrity token in Brown’s teaching of the attribution token in view of Reid’s post-back record and Deliwala’s teachings of the integrity token/payload data and second signature with Wang’s impression data to provide improved management of content presentations on a plurality of client devices (paragraph 5 of Wang).
As to claim 2, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein the attribution token for each entity includes data identifying a particular digital component provided by the entity (Brown: paragraph 44 discloses the application installation records includes site ID value and package name each identify the application for which advertising performance is being tracked. Paragraph 66 reveals the tracking link includes the site ID, wherein paragraph 80, 76, and 73 reveal the modified advertisement which includes the embedded link (and thus the site ID) is provided by the entity/customer computing device (paragraphs 56 and 76 reveal the customer or advertisement providing computing device may be one or more of the Advertisers/Merchants, Mobile Advertising Networks, and Mobile Advertising Publishers).
As to claim 3, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein the attribution token (Brown in view of Reid teaches the attribution token as disclosed above) for each entity comprises a digital signature of the data identifying the software application (Reid: paragraph 29 discloses the post-back data includes attribution signature/signing key that identify/associates the conversion/installation with an actual application install), the data identifying the respective attribution credits assigned to the entity (Brown: paragraph 86 discloses the ad provider record is updated to reflect the credit earned by the ad provider), and the integrity token that verifies that the software application was installed on the client device and that the attribution token was generated by an authentic client device (Reid: paragraph 29 discloses the post-back data includes attribution signature/signing key that identify/associates the conversion/installation with an actual application install. Paragraphs 29 and 105 disclose post-back data includes attribution data/token includes attribution signature(integrity token) that attests to the validity of the conversion(installation) and generated attribution data). Paragraph 58 discloses the specific set of data that is included in the post-back data is adjusted to limit the likelihood that the data will leak user information. Paragraph 50 further reveals performing operations to verify the post-back data by verifying signatures to ensure that the post-back data contains legitimate post-back data from the user device)). The motivation is similar to the motivation presented in claim 1.
As to claim 5, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein at least one of the one or more user interactions comprises displaying a given digital component for at least a specified period of time (Brown: Figure 3, reference number 325 “Selected”; paragraph 82 discloses the end user computing device determines whether the end user has selected/interacted with the modified advertisement, and paragraphs 83, 88-89 reveal the interaction involves selecting the embedding link in the advertisement, and the embedded link within the advertisement redirects the end user computing device to an address associated with the advertisement, where the end user may decide to install the application. Once the embedded link is selected, the digital component is displayed for a specified period of time, before the embedded link redirects the ends user to an address associated with the advertisement).
As to claim 7, the combination of Brown in view of Reid, Deliwala, and Wang teaches for each provision of a digital component, providing the impression data for the digital component to the entity that provided the digital component (Brown: paragraph 91 discloses when the install application is first used/installed, a tracking SDK causes the end user computing device to obtain device information/impression data (paragraph 44 discloses what the device information entails) associated with the end user computing device when one or more events/interactions occur(s) (such as when the application is installed or executed). The collected information is sent to the tracking server. The tracking SDK collect the device information association with the computing device, and the collected information may include a package name value that identifies the installed application. Paragraph 107 also reveal the collected information can include IFA value and site ID value. Paragraph 120 reveals the tracking SDK collected the information whenever one or more selected application events occurs, in-app events include level-ups, in-app purchases, user interactions with interface elements, account creations. See also paragraph 123, which reveal the information includes impression data (purchase price for application) and interaction data (an indication of whether re-engagement has been enabled for the in-app event, package name value to identify the application. Paragraphs 95-96 reveals the advertisement providing computing device collects the information stored in the tracking link and query the tracking data store of the tracking server).
As to claim 8, the combination of Brown in view of Reid, Deliwala, and Wang teaches further comprising, for each interaction with a digital component, a user interaction token for the digital component is sent to the entity that provided the given digital component (Brown: paragraph 91 discloses when the install application is first used/installed, a tracking SDK causes the end user computing device to obtain device information/impression data (paragraph 44 discloses what the device information entails such as IMEI which is a token) associated with the end user computing device when one or more events/interactions occur(s) (such as when the application is installed or executed). The collected information is sent to the tracking server. The tracking SDK collect the device information association with the computing device, and the collected information may include a package name value that identifies the installed application. Paragraph 107 also reveal the collected information can include IFA value and site ID value. Paragraph 120 reveals the tracking SDK collected the information whenever one or more selected application events occurs, in-app events include level-ups, in-app purchases, user interactions with interface elements, account creations. See also paragraph 123, which reveal the information includes impression data (purchase price for application) and interaction data (an indication of whether re-engagement has been enabled for the in-app event, package name value to identify the application. This information can be stored as user click records and indexes, see paragraph 118. Paragraphs 95-96 reveals the once the end user computing device visits the destination address, the advertisement providing computing device obtains the stored tracking information records and query the tracking data store of the tracking server to determine whether the application (associated with the embedded link) is already installed on the end user computing device).
As to claim 9, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein the attribution token comprises one or more of the identity of the software application installed or, an application provider from which the software application was downloaded (Brown: paragraph 134 discloses for the ad provider, an attributed install credit (which is a token) is assigned. Paragraph 117 further reveals for each ad provider, a post-back record is provided, which is a copy of the tracking information recorded on the tracking server. This tracking information includes user click records, application installation records, and ad provider records, see paragraph 45. In computing programming a record can be considered a token when referring to a data structure that represents a collection of related data field. Therefore, the post-back record can be considered the attribution token; paragraphs 7, 44, and 162 reveals the user click record and install record include site ID value and the package name value each identifying the application).
As to claim 10, Brown teaches a system comprising:
one or more processors; and one or more storage devices storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations (paragraphs 9 and 23 disclose computer readable medium having computer executable instructions stored thereon, wherein the instructions in response to execution by one or more processors cause a tracking service to perform actions for attributing an installation of an application on an end user computing device) comprising:
providing, at a client device, a given digital component comprising a reference to a software application (Figure 3, reference number 310 “Receive Modified Advertisement” and paragraph 80 discloses the end user computing device receives the modified advertisement pushed to the end user computing device by the advertisement providing computing device (paragraph 76 discloses the advertisement providing computing device may include one or more of the Advertisers/Merchants, Mobile Advertising Networks, and Mobile Advertising Publishers). Paragraph 73 reveals the advertisement is embedded with a tracking link to create the modified advertisement. Paragraphs 64-65 discloses the tracking link is a link that sends a user computing device to an application provider site to obtain the application relating to the advertisement . Paragraph 58 disclose the advertisement is associated with an installable application available for download on an end user computing device);
detecting, at the client device, a user interaction with the given digital component that initiates installation of the software application on the client device (Figure 3, reference number 325 “Selected”; paragraph 82 discloses the end user computing device determines whether the end user has selected/interacted with the modified advertisement, and paragraphs 83, 88-89 reveal the interaction involves selecting the embedding link in the advertisement, and the embedded link within the advertisement redirects the end user computing device to an address associated with the advertisement, where the end user may decide to install the application);
installing, at the client device, the software application (Figure 3, reference number 350 “Install” and reference number 360 “Install Application”; paragraphs 89-90 disclose the end user computing device determines whether the end user has decided to install the application, and when the decision is yes to install the application, the end user may use the user interface of the end user computing device to purchase, download, and/or install the application);
obtaining (i) impression data for each of one or more presentations, at the client device, of one or more digital components that show content related to the software application and (ii)interaction data for each of one or more user interactions with at least one of the one or more digital components that show content related to the software application, wherein the one or more digital components comprise the given digital component (paragraph 91 discloses when the install application is first used/installed, a tracking SDK causes the end user computing device to obtain device information/impression data (paragraph 44 discloses what the device information entails) associated with the end user computing device when one or more events/interactions occur(s) (such as when the application is installed or executed). The tracking SDK collect the device information association with the computing device, and the collected information may include a package name value that identifies the installed application. Paragraph 107 also reveal the collected information can include IFA value and site ID value. Paragraph 120 reveals the tracking SDK collected the information whenever one or more selected application events occurs, in-app events include level-ups, in-app purchases, user interactions with interface elements, account creations. See also paragraph 123, which reveal the information includes impression data (purchase price for application) and interaction data (an indication of whether re-engagement has been enabled for the in-app event, package name value to identify the application);
assigning, by applying an attribution model to the presentation data and the interaction data, respective attribution credits for the installation of the software application to one or more entities that provided the one or more digital components (Figure 8, reference number 465 “Assign Credits…” based on steps 440/450 of the received information from user device, see paragraph 106, information sent by the tracking SDK; paragraphs 110 and 114 reveal assigning credits to the advertisement provider/entity based on matchings the collected information of the impression data and the interaction data according to search criteria/models (see paragraphs 106-107, and 113));
for each entity, generating an attribution token (paragraph 134 discloses for the ad provider, an attributed install credit (which is a token) is assigned. Paragraph 117 further reveals for each ad provider, a post-back record is provided, which is a copy of the tracking information recorded on the tracking server. This tracking information includes user click records, application installation records, and ad provider records, see paragraph 45. In computing programming a record can be considered a token when referring to a data structure that represents a collection of related data field. Therefore, the post-back record is considered the attribution token) comprising,
data identifying the software application (paragraphs 7, 44, and 162 reveal the user click record and install record include site ID value and the package name value each identifying the application),
data identifying the respective attribution credit assigned to the entity (paragraph 86 discloses the ad provider record is updated to reflect the credit earned by the ad provider), and
[a credit that indicates via matching condition criteria] the software application was installed on the client device (paragraphs 107-108, 110, 113 further disclose matching the application installed record with information stored in the user click records using search criteria. A matching is performed using the device identifier (or device fingerprint) and the site ID/package name value between the user click record and the application installation record must match. Thus verifying the application installation record/token was generated by the client device according to the device ID and the software application as installed on the client device. When there is a match, the tracking engine assigns credit for conversion from a click to an installed. Paragraphs 115 and 117 disclose recording organic install/integrity token in the tracking information to indicate that the installation occurred on the client device without matching a user click record. The information is updated in the application installation record); and
[hash] of the data identifying the software application, the data identifying the respective attribute credits assigned to the entity and the [credit/integrity token] (paragraph 64 discloses the device information, destination address (data identifying software application), and/or the tracking link may be associated with an indicia, such as the site ID and/or the campaign ID. Any or all of these values may be hashed and the hash value included in the tracking link instead of the values themselves); and
providing the attribution token to one or more recipients (paragraph 117 further reveals for each ad provider, a post-back record is provided, which is a copy of the tracking information recorded on the tracking server. This tracking information the application installation records, see paragraph 45).
Brown does not teach wherein the impression data for a presentation of a digital component comprises data describing the presentation of the digital component; an integrity token that verifies that the software application was installed on the client device and that the attribution token was generated by an authentic client device, the integrity token comprising payload data comprising a verdict of trustworthiness that indicates whether the client device is trustworthy and a first digital signature of the payload data generated by a trusted evaluator that assigned the verdict of trustworthiness to the client device, wherein the integrity token is generated by the trusted evaluator that determines the verdict of trustworthiness based on fraud signals received from the client device; and a second digital signature of the data identifying the software application, the data identifying the respective attribution credits assigned to the entity, and the integrity token.
Reid teaches an integrity token that verifies that the software application was installed on the client device and that the attribution token was generated by an authentic client device, the integrity token comprising payload data comprising a verdict of trustworthiness that indicates whether the client device is trustworthy and a first digital signature of the payload data generated by a trusted evaluator that assigned the verdict of trustworthiness to the client device (paragraphs 29 and 105 disclose post-back data which is the integrity token. The post-back comprises the app-id, which is the data identifying the software application, a campaign id that identifies the ad campaign and transaction id, which are data identifying the respective attribution credits, and an attribution signature which is the integrity token. Paragraph 105 further reveals the attribution signature is generated based on attribution data (payload data) using a signing key of the App Store server/trusted evaluator that attests to the validity of the attributed data from the electronic device, thus, attests to the trustworthiness of the client device and the post-back data . The attribution data is determine based on the post-back logic made by the App Store server (paragraphs 44 and 47). The attribution signature can be verified by the advertisement network to determine the validity of the attribution data and prevent fraudulent or counterfeit attributions from being included in the metrics generated for the advertisement campaign. Paragraph 58 discloses the specific set of data that is included in the post-back data is adjusted to limit the likelihood that the data will leak user information. Paragraph 50 further reveals performing operations to verify the post-back data using signatures (integrity tokens) to ensure that the post-back data contains legitimate post-back data from the user device); a second digital signature of the data identifying the software application(paragraph 27 reveals an ad signature is applied to an ad, wherein the ad includes an app id/data identifying the software application).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify Brown’s post-back record/attribution token with Reid’s post-back record which includes digital signature data for verification of the installation of the software application and the legitimacy of the post-back data to prevent fraudulent or counterfeit attributions and ensure that the post-back data has not been fabricated or altered (paragraphs 50 and 105 of Reid).
The combination of Brown in view of Reid does not teach wherein the impression data for a presentation of a digital component comprises data describing the presentation of the digital component and wherein the integrity token is generated by the trusted evaluator that determines the verdict of trustworthiness based on fraud signals received from the client device
Deliwala teaches wherein the integrity token is generated by the trusted evaluator that determines the verdict of trustworthiness based on fraud signals received from the client device (paragraph 31 disclose wallet provider cloud/trusted evaluator generates the integrity token/payload data. Paragraphs 25-26 disclose the wallet provider attest whether the client device is secure by executing a function call to a security library installed on the user device to detect irregularities that may indicate the user device has been comprised. The irregularities are the fraud signals from the client device) ; and a second digital signature of the data identifying the software application, the data identifying the respective attribution credits assigned to the entity, and the integrity token (paragraph 32 reveals wallet provider cloud compute a signature on the payment payload, wherein the payment payload per paragraph 31 comprises appending the token, token expiry, unpredictable number, MUN, and/or ATC to the in-app payment cryptogram).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the second signature and integrity token in Brown’s teaching of the attribution token in view of Reid’s post-back record with Deliwala’s teachings of the integrity token/payload data and second signature to minimize the security risks of theft and fraud for in-application or in-browser purchases (paragraph 4 of Deliwala).
The combination of Brown in view of Reid and Deliwala does not teach, but Wang teaches wherein the impression data for a presentation of a digital component comprises data describing the presentation of the digital component (paragraphs 25-36 disclose a presentation data database that includes information related to the digital content presentation on the client devices such as copies of digital content (e.g., images, videos, audio, computer games, text, messages, and/or offers) and records of the digital content presentations and user interactions with the digital content presentations. The records can include, for example, a client device identifier (also referred to as device ID), an IP address (e.g., for a client device), a device geographical location (e.g., city, state, and/or country), a user agent identifier (e.g., a browser identifier), a timestamp (e.g., corresponding to a time at which the installation occurred), a publisher identifier (e.g., identifying the publisher that presented content related to the installation, such as content that the user selected to initiate the installation), a content identifier (e.g., an identification of a specific video or image), a content type (e.g., image, video, audio, computer game, etc.), a website identifier (e.g., identifying an app store or other website), a history of user interactions with content presentations (e.g., a record of clicks or other user selections on the client device), and any combination thereof). Digital content (e.g., from the presentation data database) can be presented on the client devices using a plurality of publishers. Paragraph 9 discloses calculate the weight for each content presentation which involves determining a type of content associated with the content presentation wherein the type of content includes one of image content, video content, or playable content).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the second signature and integrity token in Brown’s teaching of the attribution token in view of Reid’s post-back record and Deliwala’s teachings of the integrity token/payload data and second signature with Wang’s impression data to provide improved management of content presentations on a plurality of client devices (paragraph 5 of Wang).
As to claim 13, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein the attribution token for each entity includes data identifying a particular digital component provided by the entity (Brown: paragraph 44 discloses the application installation records includes site ID value and package name each identify the application for which advertising performance is being tracked. Paragraph 66 reveals the tracking link includes the site ID, wherein paragraph 80, 76, and 73 reveal the modified advertisement which includes the embedded link (and thus the site ID) is provided by the entity/customer computing device (paragraphs 56 and 76 reveal the customer or advertisement providing computing device may be one or more of the Advertisers/Merchants, Mobile Advertising Networks, and Mobile Advertising Publishers).
As to claim 14, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein the attribution token (Brown in view of Reid teaches the attribution token as disclosed above) for each entity comprises a digital signature of the data identifying the software application (Reid: paragraph 29 discloses the post-back data includes attribution signature/signing key that identify/associates the conversion/installation with an actual application install), the data identifying the respective attribution credit assigned to the entity (Brown: paragraph 86 discloses the ad provider record is updated to reflect the credit earned by the ad provider), and the integrity token that verifies that the software application was installed on the client device and that the attribution token was generated by an authentic client device (Reid: paragraph 29 discloses the post-back data includes attribution signature/signing key that identify/associates the conversion/installation with an actual application install. Paragraphs 29 and 105 disclose post-back data includes attribution data/token includes attribution signature(integrity token) that attests to the validity of the conversion(installation) and generated attribution data). Paragraph 58 discloses the specific set of data that is included in the post-back data is adjusted to limit the likelihood that the data will leak user information. Paragraph 50 further reveals performing operations to verify the post-back data by verifying signatures to ensure that the post-back data contains legitimate post-back data from the user device)). The motivation is similar to the motivation presented in claim 10.
As to claim 16, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein at least one of the one or more user interactions comprises displaying a given digital component for at least a specified period of time (Brown: Figure 3, reference number 325 “Selected”; paragraph 82 discloses the end user computing device determines whether the end user has selected/interacted with the modified advertisement, and paragraphs 83, 88-89 reveal the interaction involves selecting the embedding link in the advertisement, and the embedded link within the advertisement redirects the end user computing device to an address associated with the advertisement, where the end user may decide to install the application. Once the embedded link is selected, the digital component is displayed for a specified period of time, before the embedded link redirects the ends user to an address associated with the advertisement).
As to claim 17, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein the operations (Brown: paragraph 9) comprise: storing, by the client device, at least one of the impression data or the interaction data in secure storage of a trusted program running on the client device (Brown: paragraphs 121-123 disclose the tracking SDK of the end user computing device store impression/interaction data such as tracking identifier. The SDK can be considered secure storage).
As to claim 18, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein for the operations (Brown: paragraph 9) comprise, for each provision of a digital component, providing the impression data for the digital component to the entity that provided the digital component (Brown: paragraph 91 discloses when the install application is first used/installed, a tracking SDK causes the end user computing device to obtain device information/impression data (paragraph 44 discloses what the device information entails) associated with the end user computing device when one or more events/interactions occur(s) (such as when the application is installed or executed). The collected information is sent to the tracking server. The tracking SDK collect the device information association with the computing device, and the collected information may include a package name value that identifies the installed application. Paragraph 107 also reveal the collected information can include IFA value and site ID value. Paragraph 120 reveals the tracking SDK collected the information whenever one or more selected application events occurs, in-app events include level-ups, in-app purchases, user interactions with interface elements, account creations. See also paragraph 123, which reveal the information includes impression data (purchase price for application) and interaction data (an indication of whether re-engagement has been enabled for the in-app event, package name value to identify the application. Paragraphs 95-96 reveals the advertisement providing computing device collects the information stored in the tracking link and query the tracking data store of the tracking server).
As to claim 19, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein for the operations (Brown: paragraph 9) comprise, for each interaction with a digital component, a user interaction token for the digital component is sent to the entity that provided the given digital component (Brown: paragraph 91 discloses when the install application is first used/installed, a tracking SDK causes the end user computing device to obtain device information/impression data (paragraph 44 discloses what the device information entails such as IMEI which is a token) associated with the end user computing device when one or more events/interactions occur(s) (such as when the application is installed or executed). The collected information is sent to the tracking server. The tracking SDK collect the device information association with the computing device, and the collected information may include a package name value that identifies the installed application. Paragraph 107 also reveals the collected information can include IFA value and site ID value. Paragraph 120 reveals the tracking SDK collected the information whenever one or more selected application events occurs, in-app events include level-ups, in-app purchases, user interactions with interface elements, account creations. See also paragraph 123, which reveal the information includes impression data (purchase price for application) and interaction data (an indication of whether re-engagement has been enabled for the in-app event, package name value to identify the application. This information can be stored as user click records and indexes, see paragraph 118. Paragraphs 95-96 reveal the once the end user computing device visits the destination address, the advertisement providing computing device obtains the stored tracking information records and query the tracking data store of the tracking server to determine whether the application (associated with the embedded link) is already installed on the end user computing device).
As to claim 20, the combination of Brown in view of Reid, Deliwala, and Wang teaches wherein the attribution token comprises one or more of the identity of the software application installed or, an application provider from which the software application was downloaded (Brown: paragraph 134 discloses for the ad provider, an attributed install credit (which is a token) is assigned. Paragraph 117 further reveals for each ad provider, a post-back record is provided, which is a copy of the tracking information recorded on the tracking server. This tracking information includes user click records, application installation records, and ad provider records, see paragraph 45. In computing programming a record can be considered a token when referring to a data structure that represents a collection of related data field. Therefore, the post-back record can be considered the attribution token; paragraphs 7, 44, and 162 reveals the user click record and install record include site ID value and the package name value each identifying the application).
As to claim 21, Brown teaches a non-transitory computer readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations (paragraphs 9 and 23 disclose computer readable medium having computer executable instructions stored thereon, wherein the instructions in response to execution by one or more processors cause a tracking service to perform actions for attributing an installation of an application on an end user computing device) comprising:
providing, at a client device, a given digital component comprising a reference to a software application (Figure 3, reference number 310 “Receive Modified Advertisement” and paragraph 80 discloses the end user computing device receives the modified advertisement pushed to the end user computing device by the advertisement providing computing device (paragraph 76 discloses the advertisement providing computing device may include one or more of the Advertisers/Merchants, Mobile Advertising Networks, and Mobile Advertising Publishers). Paragraph 73 reveals the advertisement is embedded with a tracking link to create the modified advertisement. Paragraphs 64-65 discloses the tracking link is a link that sends a user computing device to an application provider site to obtain the application relating to the advertisement . Paragraph 58 disclose the advertisement is associated with an installable application available for download on an end user computing device);
detecting, at the client device, a user interaction with the given digital component that initiates installation of the software application on the client device (Figure 3, reference number 325 “Selected”; paragraph 82 discloses the end user computing device determines whether the end user has selected/interacted with the modified advertisement, and paragraphs 83, 88-89 reveal the interaction involves selecting the embedding link in the advertisement, and the embedded link within the advertisement redirects the end user computing device to an address associated with the advertisement, where the end user may decide to install the application);
installing, at the client device, the software application (Figure 3, reference number 350 “Install” and reference number 360 “Install Application”; paragraphs 89-90 disclose the end user computing device determines whether the end user has decided to install the application, and when the decision is yes to install the application, the end user may use the user interface of the end user computing device to purchase, download, and/or install the application);
obtaining (i) impression data for each of one or more presentations, at the client device, of one or more digital components that show content related to the software application and (ii) interaction data for each of one or more user interactions with at least one of the one or more digital components that show content related to the software application, wherein the one or more digital components comprise the given digital component (paragraph 91 discloses when the install application is first used/installed, a tracking SDK causes the end user computing device to obtain device information/impression data (paragraph 44 discloses what the device information entails) associated with the end user computing device when one or more events/interactions occur(s) (such as when the application is installed or executed). The tracking SDK collect the device information association with the computing device, and the collected information may include a package name value that identifies the installed application. Paragraph 107 also reveal the collected information can include IFA value and site ID value. Paragraph 120 reveals the tracking SDK collected the information whenever one or more selected application events occurs, in-app events include level-ups, in-app purchases, user interactions with interface elements, account creations. See also paragraph 123, which reveal the information includes impression data (purchase price for application) and interaction data (an indication of whether re-engagement has been enabled for the in-app event, package name value to identify the application);
assigning, by applying an attribution model to the presentation data and the interaction data, respective attribution credits for the installation of the software application to one or more entities that provided the one or more digital components (Figure 8, reference number 465 “Assign Credits…” based on steps 440/450 of the received information from user device, see paragraph 106, information sent by the tracking SDK; paragraphs 110 and 114 reveal assigning credits to the advertisement provider/entity based on matchings the collected information of the impression data and the interaction data according to search criteria/models (see paragraphs 106-107, and 113));
for each entity, generating an attribution token (paragraph 134 discloses for the ad provider, an attributed install credit (which is a token) is assigned. Paragraph 117 further reveals for each ad provider, a post-back record is provided, which is a copy of the tracking information recorded on the tracking server. This tracking information includes user click records, application installation records, and ad provider records, see paragraph 45. In computing programming a record can be considered a token when referring to a data structure that represents a collection of related data field. Therefore, the post-back record is considered the attribution token) comprising,
data identifying the software application (paragraphs 7, 44, and 162 reveal the user click record and install record include site ID value and the package name value each identifying the application),
data identifying the respective attribution credit assigned to the entity (paragraph 86 discloses the ad provider record is updated to reflect the credit earned by the ad provider), and
[a credit that indicates via matching condition criteria] the software application was installed on the client device (paragraphs 107-108, 110, 113 further disclose matching the application installed record with information stored in the user click records using search criteria. A matching is performed using the device identifier (or device fingerprint) and the site ID/package name value between the user click record and the application installation record must match. Thus verifying the application installation record/token was generated by the client device according to the device ID and the software application as installed on the client device. When there is a match, the tracking engine assigns credit for conversion from a click to an installed. Paragraphs 115 and 117 disclose recording organic install/integrity token in the tracking information to indicate that the installation occurred on the client device without matching a user click record. The information is updated in the application installation record); and
[hash] of the data identifying the software application, the data identifying the respective attribute credits assigned to the entity and the [credit/integrity token] (paragraph 64 discloses the device information, destination address (data identifying software application), and/or the tracking link may be associated with an indicia, such as the site ID and/or the campaign ID. Any or all of these values may be hashed and the hash value included in the tracking link instead of the values themselves);
providing the attribution token to one or more recipients (paragraph 117 further reveals for each ad provider, a post-back record is provided, which is a copy of the tracking information recorded on the tracking server. This tracking information the application installation records, see paragraph 45).
Brown does not teach wherein the impression data for a presentation of a digital component comprises data describing the presentation of the digital component; an integrity token that verifies that the software application was installed on the client device and that the attribution token was generated by an authentic client device, the integrity token comprising payload data comprising a verdict of trustworthiness that indicates whether the client device is trustworthy and a first digital signature of the payload data generated by a trusted evaluator that assigned the verdict of trustworthiness to the client device, wherein the integrity token is generated by the trusted evaluator that determines the verdict of trustworthiness based on fraud signals received from the client device; and a second digital signature of the data identifying the software application, the data identifying the respective attribution credits assigned to the entity, and the integrity token.
Reid teaches an integrity token that verifies that the software application was installed on the client device and that the attribution token was generated by an authentic client device, the integrity token comprising payload data comprising a verdict of trustworthiness that indicates whether the client device is trustworthy and a first digital signature of the payload data generated by a trusted evaluator that assigned the verdict of trustworthiness to the client device (paragraphs 29 and 105 disclose post-back data which is the attribution token. The post-back comprises the app-id, which is the data identifying the software application, a campaign id that identifies the ad campaign and transaction id, which are data identifying the respective attribution credits, and an attribution signature which is the integrity token. Paragraph 105 further reveals the attribution signature is generated based on attribution data (payload data) using a signing key of the App Store server/trusted evaluator that attests to the validity of the attributed data from the electronic device, thus, attests to the trustworthiness of the client device and the post-back data . The attribution data is determine based on the post-back logic made by the App Store server (paragraphs 44 and 47). The attribution signature can be verified by the advertisement network to determine the validity of the attribution data and prevent fraudulent or counterfeit attributions from being included in the metrics generated for the advertisement campaign. Paragraph 58 discloses the specific set of data that is included in the post-back data is adjusted to limit the likelihood that the data will leak user information. Paragraph 50 further reveals performing operations to verify the post-back data using signatures (integrity tokens) to ensure that the post-back data contains legitimate post-back data from the user device); a second digital signature of the data identifying the software application(paragraph 27 reveals an ad signature is applied to an ad, wherein the ad includes an app id/data identifying the software application).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify Brown’s post-back record/attribution token with Reid’s post-back record which includes digital signature data for verification of the installation of the software application and the legitimacy of the post-back data to prevent fraudulent or counterfeit attributions and ensure that the post-back data has not been fabricated or altered (paragraphs 50 and 105 of Reid).
The combination of Brown in view of Reid does not teach wherein the impression data for a presentation of a digital component comprises data describing the presentation of the digital component and wherein the integrity token is generated by the trusted evaluator that determines the verdict of trustworthiness based on fraud signals received from the client device
Deliwala teaches wherein the integrity token is generated by the trusted evaluator that determines the verdict of trustworthiness based on fraud signals received from the client device (paragraph 31 disclose wallet provider cloud/trusted evaluator generates the integrity token/payload data. Paragraphs 25-26 disclose the wallet provider attest whether the client device is secure by executing a function call to a security library installed on the user device to detect irregularities that may indicate the user device has been comprised. The irregularities are the fraud signals from the client device) ; and a second digital signature of the data identifying the software application, the data identifying the respective attribution credits assigned to the entity, and the integrity token (paragraph 32 reveals wallet provider cloud compute a signature on the payment payload, wherein the payment payload per paragraph 31 comprises appending the token, token expiry, unpredictable number, MUN, and/or ATC to the in-app payment cryptogram).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the second signature and integrity token in Brown’s teaching of the attribution token in view of Reid’s post-back record with Deliwala’s teachings of the integrity token/payload data and second signature to minimize the security risks of theft and fraud for in-application or in-browser purchases (paragraph 4 of Deliwala).
The combination of Brown in view of Reid and Deliwala does not teach, but Wang teaches wherein the impression data for a presentation of a digital component comprises data describing the presentation of the digital component (paragraphs 25-36 disclose a presentation data database that includes information related to the digital content presentation on the client devices such as copies of digital content (e.g., images, videos, audio, computer games, text, messages, and/or offers) and records of the digital content presentations and user interactions with the digital content presentations. The records can include, for example, a client device identifier (also referred to as device ID), an IP address (e.g., for a client device), a device geographical location (e.g., city, state, and/or country), a user agent identifier (e.g., a browser identifier), a timestamp (e.g., corresponding to a time at which the installation occurred), a publisher identifier (e.g., identifying the publisher that presented content related to the installation, such as content that the user selected to initiate the installation), a content identifier (e.g., an identification of a specific video or image), a content type (e.g., image, video, audio, computer game, etc.), a website identifier (e.g., identifying an app store or other website), a history of user interactions with content presentations (e.g., a record of clicks or other user selections on the client device), and any combination thereof). Digital content (e.g., from the presentation data database) can be presented on the client devices using a plurality of publishers. Paragraph 9 discloses calculate the weight for each content presentation which involves determining a type of content associated with the content presentation wherein the type of content includes one of image content, video content, or playable content).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the second signature and integrity token in Brown’s teaching of the attribution token in view of Reid’s post-back record and Deliwala’s teachings of the integrity token/payload data and second signature with Wang’s impression data to provide improved management of content presentations on a plurality of client devices (paragraph 5 of Wang).
As to claim 23, the combination of Brown in view of Reid, Deliwala, and Wang teaches comprising: for each of the one or more provisions, at the client device, of one or more digital components that reference the software application (see claim 1 above and Deliwala: paragraphs 5, 41-42, and 22 reveal the token data blocks reference the merchant application, further more application transaction number also reference the application, wherein a request transaction request is performed that involves obtaining in-app cryptogram):
storing, in secure storage of the client device, an impression token comprising information related to presentation of the one or more digital components at the client device and a digital signature of the information related to the presentation of the one or more digital components at the client device (Deliwala: paragraph 22 reveals network SDK is integrated into a security chip located on the user/client device. The TEE may secure sensitive information such as encryption keys and session keys to enhance security of user device . Network SDK may provide interface tools with decryption and/or encryption services to securely store LUPCs/impression token on user device. Paragraphs 5 and 41 disclose the LUPC is a limited use payment credential that comprises of a unpredictable number (digital component), an application transaction counter (ATC)/digital component, a card verification result (CVR), a token data block such as a cryptogram reference ID, the in-app cryptogram, and a derivation key index (DKI). The LUPC may be a one-time use key used to authorize purchases, wherein the one-time use key is the signature. These components of the LUPC are digital components and interaction tokens/elements that are part the impression token);
sending the impression token to an entity that provided the digital component to the client device (Deliwala: paragraph 27 discloses wallet provider/entity may get the ATC (portion of the impression token) from the next limited use purchase credential (LUPC). The wallet provider may get an ATC by invoking a function on the network SDK. Network SDK may comprise an application programming interface (API) with a function (e.g., getTransactionCounter) that, when called by wallet provider client layer of the client device, and returns an ATC. The wallet provider is the entity that provided the unpredictable number, for updating/refreshing the LUPC, see paragraph 27);
for each of the one or more user interactions with at least one of the one or more digital components that reference the software application (see claim 1 above and Deliwala: paragraphs 5, 41-42, and 22 reveal the token data blocks reference the merchant application, further more application transaction number also reference the application, wherein a request transaction request is performed that involves obtaining in-app cryptogram which includes transaction counter/ATC):
storing, in the secure storage of the client device, an interaction token comprising information related to user interaction with the one or more digital components at the client device and a digital signature of the information related to the interaction with the one or more digital components at the client device (Deliwala: paragraph 22 reveals network SDK is integrated into a security chip located on the user/client device. The TEE may secure sensitive information such as encryption keys and session keys to enhance security of user device . Network SDK may provide interface tools with decryption and/or encryption services to securely store LUPCs/impression token on user device. Paragraphs 5 and 41 disclose the LUPC is a limited use payment credential that comprises of a unpredictable number (digital component), an application transaction counter (ATC)/digital component/interaction token, a card verification result (CVR)/interaction token, a token data block such as a cryptogram reference ID, the in-app cryptogram, and a derivation key index (DKI). The LUPC may be a one-time use key used to authorize purchases, wherein the one-time use key is the signature. These components of the LUPC are digital components and interaction tokens/elements that are part the impression token);
sending the interaction token to an entity that provided the one or more digital components to the client device (Deliwala: paragraph 27 discloses wallet provider/entity may get the ATC (portion of the impression token and the ATC is also a digital component and interaction token) from the next limited use purchase credential (LUPC). The wallet provider may get an ATC by invoking a function on the network SDK. Network SDK may comprise an application programming interface (API) with a function (e.g., getTransactionCounter-interaction token) that, when called by wallet provider client layer of the client device, and returns an ATC. The wallet provider is the entity that provided the unpredictable number, for updating/refreshing the LUPC, see paragraph 27). Brown: paragraph 91 discloses when the install application is first used/installed, a tracking SDK causes the end user computing device to obtain device information/impression data (paragraph 44 discloses what the device information entails such as IMEI which is a token) associated with the end user computing device when one or more events/interactions occur(s) (such as when the application is installed or executed). The collected information is sent to the tracking server. The tracking SDK collect the device information association with the computing device, and the collected information may include a package name value that identifies the installed application. Paragraph 107 also reveals the collected information can include IFA value and site ID value. Paragraph 120 reveals the tracking SDK collected the information whenever one or more selected application events occurs, in-app events include level-ups, in-app purchases, user interactions with interface elements, account creations. See also paragraph 123, which reveal the information includes impression data (purchase price for application) and interaction data (an indication of whether re-engagement has been enabled for the in-app event, package name value to identify the application. This information can be stored as user click records and indexes, see paragraph 118. Paragraphs 95-96 reveal the once the end user computing device visits the destination address, the advertisement providing computing device obtains the stored tracking information records and query the tracking data store of the tracking server to determine whether the application (associated with the embedded link) is already installed on the end user computing device);),
wherein obtaining the impression data and the interaction data comprises obtaining each impression token and each interaction token from the secure storage of the client device (Deliwala: paragraph 22 reveals network SDK is integrated into a security chip located on the user/client device. The TEE may secure sensitive information such as encryption keys and session keys to enhance security of user device . Network SDK may provide interface tools with decryption and/or encryption services to securely store LUPCs/impression token on user device. Paragraphs 5 and 41 disclose the LUPC is a limited use payment credential that comprises of a unpredictable number (digital component), an application transaction counter (ATC)/digital component, a card verification result (CVR), a token data block such as a cryptogram reference ID, the in-app cryptogram, and a derivation key index (DKI). The LUPC may be a one-time use key used to authorize purchases, wherein the one-time use key is the signature. These components of the LUPC are digital components that are part of the impression token). Motivation similar to the motivation presented in claim 1.
Claim(s) 4 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brown US 20150310485 (hereinafter Brown), in view of Reid et al US 20210400023 (hereinafter Reid), in further view of Deliwala et al US 20160379208 (hereinafter Deliwala), in further view of Wang et al US 20190340184 (hereinafter Wang), in further view of Knox US 20220141035 (hereinafter Knox).
As to claim 4, the combination of Brown in view of Reid, Deliwala, and Wang teaches all the limitations presented in claim 1 above and further teaches wherein the attribution token for each entity comprises a publisher specific public key of an application that initiated a request for the digital component provided by the entity (Reid: paragraph 47 discloses using StoreKit framework to communicate to the App Store client that the user has launched App B. App B may provide conversion data to the App Store client. Apple StoreKit framework utilizes public keys. The App Store client can then send a post-back message to the ad network that indicates that App B has been installed and launched (request) after someone tapped on an ad for campaign. If a sufficient number of clicks (requests) have been received for the campaign, the post-back can also indicate that App A presented the ad that was tapped. The data sent in the post-back includes attribution data signed by the App Store server), that provided the digital component provided by the entity (Reid: paragraph 27 reveals Ad network provides embedded ad/digital component to user device. Brown: Figure 3, reference number 310 “Receive Modified Advertisement” and paragraph 80 disclose the end user computing device receives the modified advertisement pushed to the end user computing device by the advertisement providing computing device (paragraph 76 discloses the advertisement providing computing device may include one or more of the Advertisers/Merchants, Mobile Advertising Networks, and Mobile Advertising Publishers). Paragraph 73 reveals the advertisement is embedded with a tracking link to create the modified advertisement. Paragraphs 64-65 discloses the tracking link is a link that sends a user computing device to an application provider site to obtain the application relating to the advertisement . Paragraph 58 disclose the advertisement is associated with an installable application available for download on an end user computing device), and at which a user interacted with the digital component provided by the entity (Brown: Figure 3, reference number 325 “Selected”; paragraph 82 discloses the end user computing device determines whether the end user has selected/interacted with the modified advertisement, and paragraphs 83, 88-89 reveal the interaction involves selecting the embedding link in the advertisement, and the embedded link within the advertisement redirects the end user computing device to an address associated with the advertisement, where the end user may decide to install the application. Reid: paragraph 27 reveals user interacting with the digital component/ad). Motivation is similar to the motivation present in claim 1.
The combination of Brown in view of Reid, Deliwala, and Wang does not teach, but Knox teaches wherein the publisher specific key is different from the publisher specific pubic key for each other entity, thereby preventing cross-entity tracking of the client device (paragraph 17 reveals master public keys for the various entity and each entity may use a private key to sign content to prove they created or endorsed the content, see also paragraph 33) .
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the second signature and integrity token in Brown’s teaching of the attribution token in view of Reid’s post-back record, Deliwala’s teachings of the integrity token/payload data and second signature, and Wang’s impression data with Knox’s teachings of different publisher specific public key for each entity to prevent colluding advertisers from cross-site tracking of user data and maintain sufficient user privacy (paragraphs 4 and 33 of Knox).
As to claim 15, the combination of Brown in view of Reid, Deliwala, and Wang teaches all the limitations presented in claim 10 above and further teaches wherein the attribution token for each entity comprises a publisher specific public key of an application that initiated a request for the digital component provided by the entity (Reid: paragraph 47 discloses using StoreKit framework to communicate to the App Store client that the user has launched App B. App B may provide conversion data to the App Store client. Apple StoreKit framework utilizes public keys. The App Store client can then send a post-back message to the ad network that indicates that App B has been installed and launched (request) after someone tapped on an ad for campaign. If a sufficient number of clicks (requests) have been received for the campaign, the post-back can also indicate that App A presented the ad that was tapped. The data sent in the post-back includes attribution data signed by the App Store server), that provided the digital component provided by the entity (Reid: paragraph 27 reveals Ad network provides embedded ad/digital component to user device. Brown: Figure 3, reference number 310 “Receive Modified Advertisement” and paragraph 80 disclose the end user computing device receives the modified advertisement pushed to the end user computing device by the advertisement providing computing device (paragraph 76 discloses the advertisement providing computing device may include one or more of the Advertisers/Merchants, Mobile Advertising Networks, and Mobile Advertising Publishers). Paragraph 73 reveals the advertisement is embedded with a tracking link to create the modified advertisement. Paragraphs 64-65 discloses the tracking link is a link that sends a user computing device to an application provider site to obtain the application relating to the advertisement . Paragraph 58 disclose the advertisement is associated with an installable application available for download on an end user computing device), and at which a user interacted with the digital component provided by the entity (Brown: Figure 3, reference number 325 “Selected”; paragraph 82 discloses the end user computing device determines whether the end user has selected/interacted with the modified advertisement, and paragraphs 83, 88-89 reveal the interaction involves selecting the embedding link in the advertisement, and the embedded link within the advertisement redirects the end user computing device to an address associated with the advertisement, where the end user may decide to install the application. Reid: paragraph 27 reveals user interacting with the digital component/ad). Motivation is similar to the motivation present in claim 1.
The combination of Brown in view of Reid, Deliwala, and Wang does not teach, but Knox teaches wherein the publisher specific key is different from the publisher specific pubic key for each other entity, thereby preventing cross-entity tracking of the client device (paragraph 17 reveals master public keys for the various entity and each entity may use a private key to sign content to prove they created or endorsed the content, see also paragraph 33) .
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the second signature and integrity token in Brown’s teaching of the attribution token in view of Reid’s post-back record, Deliwala’s teachings of the integrity token/payload data and second signature, and Wang’s impression data with Knox’s teachings of different publisher specific public key for each entity to prevent colluding advertisers from cross-site tracking of user data and maintain sufficient user privacy (paragraphs 4 and 33 of Knox).
Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brown US 20150310485 (hereinafter Brown), in view of Reid et al US 20210400023 (hereinafter Reid), in further view of Deliwala et al US 20160379208 (hereinafter Deliwala), in further view of Wang et al US 20190340184 (hereinafter Wang), in further view of Wang et al US 20200366754 (hereinafter Wang’ 754).
As to claim 6, the combination of Brown in view of Reid, Deliwala, and Wang teaches all the limitations presented in clam 1 above and further teaches storing, by the client device, at least one of the impression data or the interaction data in secure storage of a trusted program running on the client device (Brown: paragraphs 121-123 disclose the tracking SDK of the end user computing device store impression/interaction data such as tracking identifier. The SDK can be considered secure storage).
The combination of Brown in view of Reid, Deliwala, and Wang does not teach but Wang’754 teaches wherein the secure storage is separated from the software application and the given digital component (paragraph 46 and Figure 2 reveal secure storage 206 is separate from the applications 208 and digital component 210), and wherein the trusted program comprises at least one of an operation system component or a secure web browser component (paragraph 56 and 83 reveals data processing apparatus/client device/trusted program include an operating system).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the second signature and integrity token in Brown’s teaching of the attribution token in view of Reid’s post-back record, Deliwala’s teachings of the integrity token/payload data and second signature, and Wang’s impression data with Wang’ 754 teachings of secure storage such that the applications running on the client device cannot fraudulently access or modify the private key from the secure storage (paragraph 46 of Wang’ 754).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30am-4:00pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at (571)270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/F.F/ Examiner, Art Unit 2437
/ALI S ABYANEH/ Primary Examiner, Art Unit 2437