Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Applicant filed an amendment on March 23, 2026. Claims 1-22 were pending in the Application. Claims 1, 8-9, 11, 17-18, and 20 are amended. No new claims have been added. No new claims have been canceled, with claims 2, 5, 12, and 15 remaining canceled. Claims 1, 11, and 20 are the independent claims, the remaining claims depend on claims 1 and 11. Thus claims 1, 3-4, 6-11, 13-14, and 16-22 are currently pending. After careful and full consideration of Applicant arguments and amendments, the Examiner finds them to be moot and/or not persuasive.
Response to Arguments
In the context of 35 U.S.C. §101, Applicant respectfully disagrees and submits that the claims as originally presented are patentable eligible under 35 U.S.C. §101. Applicant is of the opinion that the claims are statutory and submits that “the current application is directed to a new technological approach for verifying the identity of a consumer that uses a payment instrument ( e.g., credit card) during a card-not-present transaction, the most common example of such a transaction involves payments for goods or services that are made over the internet; the application addresses significant problems today in e-commerce through the use of a digital trust certificate (DTC), which a consumer client device may obtain from a credential issuer that has already verified the identity of the consumer (e.g., at the time of issuing the credit card); the unique approach allows a merchant computing platform to receive information from a consumer client device that, once successfully decrypted, can either verify or reject the consumer's identity while simultaneously circumventing the inherent untrustworthiness of information that is provided by a remote, anonymous consumer during a card-not-present transaction; by receiving the credential issuer's encrypted attestation as to the consumer's identity and separately retrieving the information needed to decrypt the attestation, the merchant computing platform can verify the credential issuer's prior successful verification of the consumer's identity in an effective and cryptographically secure way; this transfer of trust between the credential issuer and the merchant is accomplished without any communication between the credential issuer and the merchant computing platform; Applicant's claims involve identity verification in a scenario that is rooted in the technology (e.g., the internet) that enables consumers to carry out completely remote and anonymous transactions; the independent claims do not "merely recite the performance of some business practice known from the pre-Internet world along with the requirement to perform it on the Internet; the claimed solution is necessarily rooted in computer technology in order to overcome a problem specifically arising in the realm of computer networks", 2019 PEG, Example 2; (quoting DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1257 (Fed. Cir. 2014)); even if the pending claims did recite a "method of organizing human activity" as the Examiner contends in the Action, the amended claims integrate any such "method of organizing human activity" into a practical application because they recite a specific, technological improvement to existing technology for identity verification in card-not-present transactions; the amended claims include several additional elements that go beyond any alleged "method of organizing human activity" to tie the claimed subject matter to a specific improvement in software technology; this specific improvement circumvents the inherent untrustworthiness of information that is provided by a remote, anonymous consumer during a card-not-present transaction and does so in a way that eliminates the additional communications between platforms that are required for other types of security challenges-all of which is undoubtedly a "practical application" under Step 2A of the Office's§ 101 Framework; the cited additional elements clearly impose "meaningful limits" on any alleged "method of organizing human activity" that is recited in the claims, such that the claims are more than a drafting effort designed to monopolize the alleged judicial exceptions; the specification describes the claimed invention as an improvement over existing software technologies for either verifying or rejecting consumer identity during a card-not-present-transaction, which further supports the conclusion that the claims integrate any alleged "method of organizing human activity" into a "practical application", (see Enfish, LLC v. Microsoft Corp., 822 F.3d 1327 (Fed. Cir.) (2016)); Applicant has previously argued that the claims of the present application are also allowable at Step 2B in view of BASCOM and Example 35 of the Office's 2019 PEG; it is clear that the pending claims integrate any alleged "method of organizing human activity" into a "practical application" and thus are not "directed to" an abstract idea under Step 2A, Prong 2 of the Office's§ 101 Framework; the additional elements discussed in connection with Step 2A, when taken as a whole, collectively amount to "significantly more" under Step 2B of the Office's § 101 Framework; the combination of at least the claim elements identified amount to "significantly more" under Step 2B of the Office's§ 101 Framework; the Examiner's conclusory argument that the claims "recite only the idea of a solution or outcome" and that "the claim fails to recite details of how a solution to a problem is accomplished," is clearly incorrect; the claims include substantial detail, involving numerous communications between various devices (see, e.g., FIG. 3) that solve a specific problem in a unique way; the claims of the present application are even more closely analogous to Example 35 than the claims in Appeal 2025-001030 mentioned; and just like eligible claims 2 and 3 of Example 35, the combination of elements in Applicant's claims "operates in a nonconventional and non-generic way to ensure that the customer's identity is verified in a secure manner that is more than the conventional verification process ... " and "set up a sequence of events that address unique problems associated with" card-not-present transactions, see 2019 PEG, Example 35 (citing BASCOM and DDR)”.
Initially, the Examiner would like to point out that the basis of the rejection is Alice, by applying the subject matter eligibility analysis and flowchart according to MPEP § 2106, which applies a two-step framework, earlier set out in Mayo Collaborative Services v. Prometheus Laboratories, Inc., 566 U.S. 66 (2012), "for distinguishing patents that claim laws of nature, natural phenomena, and abstract ideas from those that claim patent-eligible applications of those concepts." Alice, 573 U.S. at 217.
Under the two-step framework, it must first be determined if "the claims at issue are directed to a patent-ineligible concept." If the claims are determined to be directed to a patent-ineligible concept, e.g., an abstract idea, then the second step of the framework is applied to determine if "the elements of the claim ... contain an "inventive concept" sufficient to 'transform' the claimed abstract idea into a patent-eligible application." (citing Mayo, 566 U.S. at 72-73, 79).
With regard to step one of the Alice framework, we apply a "directed to" two-prong test: 1) evaluate whether the claim recites a judicial exception, and 2) if the claim recites a judicial exception, evaluate whether the claim "applies, relies on, or uses the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the judicial exception," i.e., whether the claim integrates the judicial exception into a practical application. (MPEP §2106.04 II.A.1. and II.B.2.).
The Specification, (PG Pub US 20240086917 A1, para 2), provides evidence as to what the claimed invention is directed. In this case, the specification, (‘917 A1, para 2), discloses that the invention generally relates to facilitating applying pre-authorization authentication and consumer identity verification measures to payment transactions, and is grouped under “Certain Methods of Organizing Human Activity, commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations)”, in prong one of step 2A. (MPEP §2106.04 II.A.1.).
Claim 20 provides additional evidence, and recites the method limitations “transmitting, via a network interface of the merchant computing platform to a first client device associated with a user, information that indicates a selectable option to accept an authentication challenge for a card-not-present payment transaction utilizing a payment instrument, wherein the first client device displays the selectable option to accept the authentication challenge in association with the card-not-present payment transaction; receiving, via the network interface from the first client device, an indication that the authentication challenge has been accepted; based on receiving the indication, transmitting, via the network interface to the first client device, information that indicates the authentication challenge for display by the first client device, wherein the authentication challenge comprises a request for credential information indicating an identity of the user of the payment instrument; receiving, via the network interface from a second client device associated with the user, a response to the authentication challenge displayed by the first client device, the response comprising a digital trust credential (DTC) comprising (i) an identifier for a credential issuer that (a) previously verified the identity of the user of the payment instrument and (b) issued the payment instrument to the user, and (ii) encrypted credential information indicating the identity of the user, wherein the encrypted credential information was encrypted by the credential issuer utilizing a private key of the credential issuer; based on receiving the DTC, and without communicating with the credential issuer: utilizing the identifier for the credential issuer to retrieve both (i) a public key of the credential issuer and (ii) a DTC credential schema that comprises an arrangement of data fields for credential information indicating identity of a user; utilizing the public key of the credential issuer to decrypt the encrypted credential information; based on utilizing the public key of the credential issuer to decrypt the encrypted credential information, verifying that the credential information originated from the credential issuer rather than from the first client device or the second client device; performing a verification process that comprises verifying whether or not: the decrypted credential information comprises data fields that are arranged according to the retrieved DTC credential schema; and the decrypted credential information indicates the identity of the user of the payment instrument; and based on the verification process, either: allowing the card-not-present payment transaction to proceed utilizing the payment instrument because both (i) the decrypted credential information is arranged according to the retrieved DTC credential schema and (ii) the decrypted credential information indicates the identity of the user of the payment instrument; or disallowing the card-not-present payment transaction to proceed because either (i) the decrypted credential information does not comprise data fields that are arranged according to the retrieved DTC credential schema or (ii) the decrypted credential information does not indicate the identity of the user of the payment instrument”, which represent the abstract idea of an “authentication and identity verification protocol”. The abstract idea is in italics, and the additional elements are in bold. (MPEP §2106.04 II.A.1.).
Similarly, the limitations of “wherein the encrypted credential information was encrypted by the credential issuer utilizing a private key of the credential issuer”; “utilizing the public key of the credential issuer to decrypt the encrypted credential information”; and “based on utilizing the public key of the credential issuer to decrypt the encrypted credential information”; are a series of mathematical operations and/or concepts. The mathematical operations and/or concepts are in italics, and the additional elements are in bold. And, therefore, the claim continues to recite an abstract idea as it has been held that a combination of abstract ideas is still abstract, “Adding one abstract idea (mathematical operations and/or concepts) to another abstract idea (an authentication and identity verification protocol) … does not render the claim non-abstract.” (RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327, 122 USPQ2d 1377 (Fed. Cir. 2017)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (MPEP §2106.04 II.A.2.), the additional elements of the claim, such as “a network interface of the merchant computing platform to a first client device associated with a user”, “first client device displays the selectable option to accept the authentication challenge in association with the card-not-present payment transaction”, “the authentication challenge for display by the first client device”, “the network interface from a second client device associated with the user”, “the credential issuer utilizing a private key of the credential issuer”, and “a public key of the credential issuer”, amount to merely “apply it”, as they represent the use of a computer as a tool to perform an abstract idea. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to implementing the acts of an “authentication and identity verification protocol”.
Examiner notes the basis of the rejection was, and is not as any mental process covering performance in the mind, but classified as an abstract idea, an “authentication and identity verification protocol”, grouped under “Certain Methods of Organizing Human Activity, commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations)” and grouped under “Mathematical Concepts”.
With respect to the additional elements operating in a non-conventional and non-generic way and reflecting an improvement to a particular technological environment, the cited additional elements represent the use of a computer as a tool to perform an abstract idea. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to implementing the acts of an “authentication and identity verification protocol”. The claim is not directed to improving computer functionality nor improving another technology or technical field, but improving the method for an “authentication and identity verification protocol”. For potential improvement in an abstract idea of an “authentication and identity verification protocol”, it is important to keep in mind that an improvement in the abstract idea itself (e.g. an authentication and identity verification protocol concept) is not an improvement in technology. (MPEP § 2106.04(d)(1)). Therefore, claim 20 is non-statutory.
Claim 1 also recites the abstract idea of an “authentication and identity verification protocol”, as well as the additional elements of “a merchant computing platform comprising: a network interface for communicating over at least one data network; at least one processor; at least one non-transitory computer-readable medium; and program instructions stored on the at least one non-transitory computer-readable medium that, when executed by the at least one processor, cause the at least one processor to perform operations comprising: …”, “the network interface to a first client device associated with a user”, “the first client device displays the selectable option to accept the authentication challenge in association with the card-not-present payment transaction”, “display by the first client device”, “the network interface from a second client device associated with the user”, “the credential issuer utilizing a private key of the credential issuer”, and “a public key of the credential issuer”, which amount to merely “apply it”, as they represent the use of a computer as a tool to perform an abstract idea. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to implementing the acts of an “authentication and identity verification protocol”.
Similarly, the limitations of “wherein the encrypted credential information was encrypted by the credential issuer utilizing a private key of the credential issuer”; “utilizing the public key of the credential issuer to decrypt the encrypted credential information”; and “based on utilizing the public key of the credential issuer to decrypt the encrypted credential information”; are a series of mathematical operations and/or concepts. The mathematical operations and/or concepts are in italics, and the additional elements are in bold. And, therefore, the claim continues to recite an abstract idea as it has been held that a combination of abstract ideas is still abstract, “Adding one abstract idea (mathematical operations and/or concepts) to another abstract idea (an authentication and identity verification protocol) … does not render the claim non-abstract.” (RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327, 122 USPQ2d 1377 (Fed. Cir. 2017)).
When analyzed under step 2B (MPEP 2106.05 I.A.), the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. Viewed as a whole, the combination of elements recited in the claim merely describes the concept of an “authentication and identity verification protocol” using computer technology (e.g., “at least one processor” and “at least one non-transitory computer-readable medium”). Therefore, the use of these additional elements do no more than employ a computer as a tool to implement the abstract idea. And as the computer does no more than serve as a tool to implement the abstract idea, they do not improve computer functionality nor improve another technology or technical field. Therefore, claim 1 is non-statutory.
Claim 11 also recites the abstract idea of an “authentication and identity verification protocol”, as well as the additional elements of “a non-transitory computer-readable medium, wherein the non-transitory computer-readable medium is provisioned with program instructions that, when executed by at least one processor of a merchant computing platform, cause the at least one processor to perform operations comprising: …”, “a network interface of the merchant computing platform to a first client device associated with a user”, “the first client device displays the selectable option to accept the authentication challenge in association with the card-not-present payment transaction”, “for display by the first client device”, “the network interface from a second client device associated with the user”, “the credential issuer utilizing a private key of the credential issuer”, and “a public key of the credential issuer”, which amount to merely “apply it”, as they represent the use of a computer as a tool to perform an abstract idea. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to implementing the acts of an “authentication and identity verification protocol”.
Similarly, the limitations of “wherein the encrypted credential information was encrypted by the credential issuer utilizing a private key of the credential issuer”; “utilizing the public key of the credential issuer to decrypt the encrypted credential information”; and “based on utilizing the public key of the credential issuer to decrypt the encrypted credential information”; are a series of mathematical operations and/or concepts. The mathematical operations and/or concepts are in italics, and the additional elements are in bold. And, therefore, the claim continues to recite an abstract idea as it has been held that a combination of abstract ideas is still abstract, “Adding one abstract idea (mathematical operations and/or concepts) to another abstract idea (an authentication and identity verification protocol) … does not render the claim non-abstract.” (RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327, 122 USPQ2d 1377 (Fed. Cir. 2017)).
When analyzed under step 2B (MPEP 2106.05 I.A.), the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. Viewed as a whole, the combination of elements recited in the claim merely describes the concept of an “authentication and identity verification protocol” using computer technology (e.g., “a merchant computing platform” and “a non-transitory computer-readable medium”). Therefore, the use of these additional elements do no more than employ a computer as a tool to implement the abstract idea. And as the computer does no more than serve as a tool to implement the abstract idea, they do not improve computer functionality nor improve another technology or technical field. Therefore, claim 11 is non-statutory.
Finally, Examiner notes the basis of the rejection is Alice, by applying the subject matter eligibility analysis and flowchart according to MPEP § 2106. And, based on this standard, the claims are non-statutory, and correctly rejected under 35 U.S.C. § 101.
Claim Rejections - 35 USC § 101
35 U.S.C. § 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 3-4, 6-11, 13-14, and 16-22 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 1, 3-4, 6-10, and 21 are directed to “a platform”; claims 11, 13-14, 16-19, and 22 are directed to “a non-transitory computer-readable medium”; and claim 20 is directed to “a method”. Therefore, these claims are directed to one of the four statutory categories of invention.
Claim 20 recites an “authentication and identity verification protocol”, which is a form of commercial or legal interactions (i.e., organizing human activity), and therefore, an abstract idea. Specifically, the claim recites the method limitations “transmitting, via a network interface of the merchant computing platform to a first client device associated with a user, information that indicates a selectable option to accept an authentication challenge for a card-not-present payment transaction utilizing a payment instrument, wherein the first client device displays the selectable option to accept the authentication challenge in association with the card-not-present payment transaction; receiving, via the network interface from the first client device, an indication that the authentication challenge has been accepted; based on receiving the indication, transmitting, via the network interface to the first client device, information that indicates the authentication challenge for display by the first client device, wherein the authentication challenge comprises a request for credential information indicating an identity of the user of the payment instrument; receiving, via the network interface from a second client device associated with the user, a response to the authentication challenge displayed by the first client device, the response comprising a digital trust credential (DTC) comprising (i) an identifier for a credential issuer that (a) previously verified the identity of the user of the payment instrument and (b) issued the payment instrument to the user, and (ii) encrypted credential information indicating the identity of the user, wherein the encrypted credential information was encrypted by the credential issuer utilizing a private key of the credential issuer; based on receiving the DTC, and without communicating with the credential issuer: utilizing the identifier for the credential issuer to retrieve both (i) a public key of the credential issuer and (ii) a DTC credential schema that comprises an arrangement of data fields for credential information indicating identity of a user; utilizing the public key of the credential issuer to decrypt the encrypted credential information; based on utilizing the public key of the credential issuer to decrypt the encrypted credential information, verifying that the credential information originated from the credential issuer rather than from the first client device or the second client device; performing a verification process that comprises verifying whether or not: the decrypted credential information comprises data fields that are arranged according to the retrieved DTC credential schema; and the decrypted credential information indicates the identity of the user of the payment instrument; and based on the verification process, either: allowing the card-not-present payment transaction to proceed utilizing the payment instrument because both (i) the decrypted credential information is arranged according to the retrieved DTC credential schema and (ii) the decrypted credential information indicates the identity of the user of the payment instrument; or disallowing the card-not-present payment transaction to proceed because either (i) the decrypted credential information does not comprise data fields that are arranged according to the retrieved DTC credential schema or (ii) the decrypted credential information does not indicate the identity of the user of the payment instrument”, which represent the abstract idea of an “authentication and identity verification protocol”. The abstract idea is in italics, and the additional elements are in bold. (MPEP §2106.04 II.A.1.).
Similarly, the limitations of “wherein the encrypted credential information was encrypted by the credential issuer utilizing a private key of the credential issuer”; “utilizing the public key of the credential issuer to decrypt the encrypted credential information”; and “based on utilizing the public key of the credential issuer to decrypt the encrypted credential information”; are a series of mathematical operations and/or concepts. The mathematical operations and/or concepts are in italics, and the additional elements are in bold. And, therefore, the claim continues to recite an abstract idea as it has been held that a combination of abstract ideas is still abstract, “Adding one abstract idea (mathematical operations and/or concepts) to another abstract idea (an authentication and identity verification protocol) … does not render the claim non-abstract.” (RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327, 122 USPQ2d 1377 (Fed. Cir. 2017)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (MPEP §2106.04 II.A.2.), the additional elements of the claim, such as “a network interface of the merchant computing platform to a first client device associated with a user”, “first client device displays the selectable option to accept the authentication challenge in association with the card-not-present payment transaction”, “the authentication challenge for display by the first client device”, “the network interface from a second client device associated with the user”, “the credential issuer utilizing a private key of the credential issuer”, and “a public key of the credential issuer”, amount to merely “apply it”, as it represents the use of a computer as a tool to perform an abstract idea. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to implementing the acts of an “authentication and identity verification protocol”.
When analyzed under step 2B (MPEP 2106.05 I.A.), the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. Viewed as a whole, the combination of elements recited in the claim merely describes the concept of an “authentication and identity verification protocol” using computer technology (e.g., “a merchant computing platform” and “a network interface”). Therefore, the use of these additional elements do no more than employ a computer as a tool to implement the abstract idea. And as the computer does no more than serve as a tool to implement the abstract idea, they do not improve computer functionality nor improve another technology or technical field. Therefore, claim 20 is non-statutory.
Claim 1 also recites the abstract idea of an “authentication and identity verification protocol”, as well as the additional elements of “a merchant computing platform comprising: a network interface for communicating over at least one data network; at least one processor; at least one non-transitory computer-readable medium; and program instructions stored on the at least one non-transitory computer-readable medium that, when executed by the at least one processor, cause the at least one processor to perform operations comprising: …”, “the network interface to a first client device associated with a user”, “the first client device displays the selectable option to accept the authentication challenge in association with the card-not-present payment transaction”, “display by the first client device”, “the network interface from a second client device associated with the user”, “the credential issuer utilizing a private key of the credential issuer”, and “a public key of the credential issuer”, which amount to merely “apply it”, as they represent the use of a computer as a tool to perform an abstract idea. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to implementing the acts of an “authentication and identity verification protocol”.
Similarly, the limitations of “wherein the encrypted credential information was encrypted by the credential issuer utilizing a private key of the credential issuer”; “utilizing the public key of the credential issuer to decrypt the encrypted credential information”; and “based on utilizing the public key of the credential issuer to decrypt the encrypted credential information”; are a series of mathematical operations and/or concepts. The mathematical operations and/or concepts are in italics, and the additional elements are in bold. And, therefore, the claim continues to recite an abstract idea as it has been held that a combination of abstract ideas is still abstract, “Adding one abstract idea (mathematical operations and/or concepts) to another abstract idea (an authentication and identity verification protocol) … does not render the claim non-abstract.” (RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327, 122 USPQ2d 1377 (Fed. Cir. 2017)).
When analyzed under step 2B (MPEP 2106.05 I.A.), the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. Viewed as a whole, the combination of elements recited in the claim merely describes the concept of an “authentication and identity verification protocol” using computer technology (e.g., “at least one processor” and “at least one non-transitory computer-readable medium”). Therefore, the use of these additional elements do no more than employ a computer as a tool to implement the abstract idea. And as the computer does no more than serve as a tool to implement the abstract idea, they do not improve computer functionality nor improve another technology or technical field. Therefore, claim 1 is non-statutory.
Claim 11 also recites the abstract idea of an “authentication and identity verification protocol”, as well as the additional elements of “a non-transitory computer-readable medium, wherein the non-transitory computer-readable medium is provisioned with program instructions that, when executed by at least one processor of a merchant computing platform, cause the at least one processor to perform operations comprising: …”, “a network interface of the merchant computing platform to a first client device associated with a user”, “the first client device displays the selectable option to accept the authentication challenge in association with the card-not-present payment transaction”, “for display by the first client device”, “the network interface from a second client device associated with the user”, “the credential issuer utilizing a private key of the credential issuer”, and “a public key of the credential issuer”, which amount to merely “apply it”, as they represent the use of a computer as a tool to perform an abstract idea. Therefore, the additional elements do not integrate the abstract idea into a practical application as they do no more than represent a computer performing functions that correspond to implementing the acts of an “authentication and identity verification protocol”.
Similarly, the limitations of “wherein the encrypted credential information was encrypted by the credential issuer utilizing a private key of the credential issuer”; “utilizing the public key of the credential issuer to decrypt the encrypted credential information”; and “based on utilizing the public key of the credential issuer to decrypt the encrypted credential information”; are a series of mathematical operations and/or concepts. The mathematical operations and/or concepts are in italics, and the additional elements are in bold. And, therefore, the claim continues to recite an abstract idea as it has been held that a combination of abstract ideas is still abstract, “Adding one abstract idea (mathematical operations and/or concepts) to another abstract idea (an authentication and identity verification protocol) … does not render the claim non-abstract.” (RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327, 122 USPQ2d 1377 (Fed. Cir. 2017)).
When analyzed under step 2B (MPEP 2106.05 I.A.), the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception itself. Viewed as a whole, the combination of elements recited in the claim merely describes the concept of an “authentication and identity verification protocol” using computer technology (e.g., “a merchant computing platform” and “a non-transitory computer-readable medium”). Therefore, the use of these additional elements do no more than employ a computer as a tool to implement the abstract idea. And as the computer does no more than serve as a tool to implement the abstract idea, they do not improve computer functionality nor improve another technology or technical field. Therefore, claim 11 is non-statutory.
Dependent claims 3-4, 6-10, 13-14, and 16-22 further describe the abstract idea of an “authentication and identity verification protocol”, which is insufficient to overcome the rejections of claims 1, 11, and 20.
Dependent claims 4, 7-10, 14, and 17-22 do not recite any new additional elements that integrate the abstract idea into a practical application, and that do no more than represent a computer performing functions that correspond to implementing the acts of an “authentication and identity verification protocol”, when analyzed under Step 2A, Prong Two. And, as they do no more than employ a computer as a tool to implement the abstract idea, they do not improve computer functionality nor improve another technology or a technical field, when analyzed under Step 2B.
Dependent claims 3 and 13 recite new additional elements of “a decentralized public registry” and “a private key of the credential verifier”, which do no more than employ a computer as a tool to implement the abstract idea. And, as they do no more than employ a computer as a tool to implement the abstract idea, they do not improve computer functionality nor improve another technology or a technical field.
Dependent claims 6 and 16 recite a new additional element of “a QR code”, which does no more than employ a computer as a tool to implement the abstract idea. And, as it does no more than employ a computer as a tool to implement the abstract idea, it does not improve computer functionality nor improve another technology or a technical field.
Hence, claims 1, 3-4, 6-11, 13-14, and 16-22 are not patent eligible.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Dominguez (U. S. Patent No. 10089683 B2) – Fraud Reduction System For Transactions
Dominguez discloses a system, apparatus, and method for reducing fraud in payment or other transactions by providing issuers with a warning that a transaction being processed for authorization is potentially fraudulent. In some embodiments, the present invention processes data obtained from a consumer authentication process that is used in card not present (CNP) transactions to determine characteristics or indicia of fraud from previous transactions. The characteristics or indicia of fraud can be used to generate a set of fraud detection rules or another form of fraud assessment model. A proposed transaction can then be evaluated for potential fraud using the fraud assessment model.
Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN CHISM whose telephone number is (571) 272-5915. The examiner can normally be reached during 9:00 AM – 3:00 PM Monday – Thursday, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ryan D. Donlon can be reached (571) 270-3602. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/STEVEN R CHISM/Examiner, Art Unit 3692
/DAVID P SHARVIN/Primary Examiner, Art Unit 3692