Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
This action is in response to the remarks on 06/03/2025.
Priority
No claim for priority has been made in this application.
Claim Objections
Claims 1-20 are objected to because of the following informalities:
The examiner is unsure of the context of the claims
Is this method for the issuing or the payment of a credit card ?
Issuing meaning – the first time a credit card is physically or digitally printed to be used at a later date or
Payment meaning – when a credit card is in real time being used to purchase something.
Sorry it is unclear to the examiner.
Corrective action is required.
The applicant has ignored these question rather than just address them by saying the claims are amended and now clear. The claims amendments are just rolling dependent claims into the independent claim so the same claim content is there. It is an easy question to answer on the record to help advance case clarity for examiner. Are these claims direct to a CVC of a physically printed credit card for multiple uses or is this invention for one time use of a credit card and new CVC for every transaction? Please respond on the record for clarity.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
All claims are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
All claims including 1,3-4,6 and 9-11, 13, 15, 17-20 are directed to a system, method, or product, which are/is one of the statutory categories of invention. (Step 1: YES).
The Examiner has identified independent method Claim 1 (herein called the Primary Independent Claim) as the claim that represents the claimed invention for analysis and is similar to independent system Claim 10 and product Claim 20 (herein called Additional Independent Claims). The Primary Independent Claim recites the limitations of
A method for deriving a card verification code (CVC) of a payment card, comprising: receiving, by a server, a request of issuing a payment card to a user; determining, by the server, a personal account number (PAN) and an expiry date of the payment card; receiving, by the server, a social security number (SSN) and a zip code associated with the user; generating, by the server, a dynamic service code based on the SSN and the zip code; generating, by the server, a bitmap based on the PAN, the expiry date, and the dynamic service code; receiving, by the server, an encryption key; and generating, by the server, a CVC of the payment card based on the bitmap and the encryption key.
These limitations, under their broadest reasonable interpretation, cover performance of the limitation as “Certain Methods of Organizing Human Activity”. The limitation of at least “A method for deriving a card verification code (CVC) of a payment card, comprising: receiving, by a server, a request of issuing a payment card to a user; determining, by the server, a personal account number (PAN) and an expiry date of the payment card generating a CVC of the payment card based on the bitmap and the encryption key.” recites a fundamental economic practice. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic practice, then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
The limitation of at least “by the server from a point of sale (POS) terminal” in the Primary Independent Claim is just applying generic computer components to the recited abstract limitations. The recitation of generic computer components in a claim does not necessarily preclude that claim from reciting an abstract idea. The Additional Independent Claims are also abstract for similar reasons. (Step 2A-Prong 1: YES. The claims recite an abstract idea)
This judicial exception is not integrated into a practical application. The examiner did not find any additional elements that would cause further analysis. The computer hardware/software is/are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, all the independent claims are directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a computer hardware and software per se amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. See MPEP 2106.05(f) where applying a computer as a tool is not indicative of significantly more as well as MPEP 2106.05(d). Accordingly, these additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. Thus, all independent claims are not patent eligible. (Step 2B: NO. The claims do not provide significantly more)
Dependent claims further define the abstract idea that is present in their respective independent claims, and thus correspond to Certain Methods of Organizing Human Activity and hence are abstract for the reasons presented above. The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. Therefore, the dependent claims are directed to an abstract idea. Thus, all the claims are not patent-eligible.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1,3-4,6 and 9-11, 13, 15, 17-20 listed below are rejected under 35 U.S.C. 103 as being unpatentable over Howe (U.S. Patent Pub 20140337215) in view of Muscato (U.S. Patent Pub 20090173782) in further view of Yeager (U.S. Patent Pub 20130054474)
Re claim 1 & 10 & 20: Howe discloses:
A method for deriving a card verification code (CVC) of a payment card, comprising: (see Howe, fig. 1-2)
A system for deriving a card verification code (CVC) of a payment card, comprising: a server, the server configured to: (see Howe, fig. 1-2)
A non-transitory, computer-readable medium comprising instructions for deriving a card verification code (CVC) of a payment card that, when executed on a computer arrangement, causes the computer arrangement to perform actions comprising: (see Howe, fig. 1-2)
receiving, by a server, a request of issuing a payment card to a user; (see Howe, para 0006 + fig. 3 item 302 + Fig 2 item 202 + Fig 1)
determining, by the server, a personal account number (PAN) and an expiry date of the payment card; (see Howe para 0048)
receiving, by the server, a social security number (SSN) and a zip code associated with the user; (see Howe para 0043, 0049-0050 + Fig 2 item 202 + fig 1)
generating, by the server, a dynamic service code based on the SSN and the zip code; (see Howe para 0043, 0049-0050 + Fig 2 item 202 + fig 1)
generating, by the server, a bitmap based on the PAN, the expiry date, and the dynamic service code; (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2)
receiving, by the server, an encryption key; and (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2)
generating, by the server, a CVC of the payment card based on the bitmap and the encryption key. (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2)
storing, by the server, the bitmap and dynamic service code in the database (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2)
storing, by the server, the payment card CVC in the payment card. (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2)
receiving, by the server, from a point of sale (POS) terminal, a received PAN, a receiving expiry date, and a received CVC, wherein the received PAN, the received expiry date, and the received CVC are read directly from the payment card presented to the POS terminal; retrieving, by the server, the bitmap from the database based on the received PAN and the received expiry date and retrieving the encryption key; creating, by the server, a regenerated CVC using the bitmap and the encryption key; comparing, by the server, the received CVC and the regenerated CVC and authorizing, by the server, the payment card based on a successful comparison wherein the received CVC is the payment card CVC. (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2)
While examiner believes, Howe teaches the features of applicant, should the limitations be argued and for the sake of compact prosecution additional reference, Muscato and Yeager additionally teaches the limitations of the applicant.
Therefore it would have been obvious to one of ordinary skill in the art at the effect filling date was made to modify Howe by adapting any features of Muscato and Yeager.
It is clear that one would be motivated by the teaching in the prior art that would have led one of ordinary skill to modify the prior art reference or to combine prior art reference teachings to arrive at the claimed invention. Specifically, both Howe teaches merchant system that is adapted in Muscato and Yeager credit card system.
Yeager specifically teaches:
A method for deriving a card verification code (CVC) of a payment card, comprising: (see Yeager, fig. 1, 5-7)
A system for deriving a card verification code (CVC) of a payment card, comprising: a server, the server configured to: (see Yeager, fig. 5-7)
A non-transitory, computer-readable medium comprising instructions for deriving a card verification code (CVC) of a payment card that, when executed on a computer arrangement, causes the computer arrangement to perform actions comprising: (see Yeager, fig. 5-7)
receiving, by a server, a request of issuing a payment card to a user; (see Yeager, para 0006-0008 + fig. 1 item 1, fig 24 item 233)
determining, by the server, a personal account number (PAN) and an expiry date of the payment card; (see Yeager, para 0155 + fig. 1 item 1, fig 24 item 233, fig 27 item 271)
receiving, by the server, a social security number (SSN) and a zip code associated with the user; (see Yeager, para 0155-0162, fig. 5-7)
generating, by the server, a dynamic service code based on the SSN and the zip code; (see Yeager, para 0166 + 0155-0162, fig. 5-7)
generating, by the server, a bitmap based on the PAN, the expiry date, and the dynamic service code; (see Yeager, para 0157, 0166, 0203 + 0155-0162, fig. 5-7)
receiving, by the server, an encryption key; and (see Yeager, para 0006, 0157, 0166, 0203 + 0155-0162, fig. 1-2, 5-7)
generating, by the server, a CVC of the payment card based on the bitmap and the encryption key. (see Yeager, para 0051, 0006, 0157, 0166, 0203 + 0155-0162, fig. 1-2, 5-7)
storing, by the server, the bitmap and dynamic service code in the database (see Yeager, para 0157, 0166, 0203 + 0155-0162, fig. 5-7)
storing, by the server, the payment card CVC in the payment card. (Yeager, para 0051, 0006, 0157, 0166, 0203 + 0155-0162, fig. 1-2, 5-7)
receiving, by the server, from a point of sale (POS) terminal, a received PAN, a receiving expiry date, and a received CVC, wherein the received PAN, the received expiry date, and the received CVC are read directly from the payment card presented to the POS terminal; retrieving, by the server, the bitmap from the database based on the received PAN and the received expiry date and retrieving the encryption key; creating, by the server, a regenerated CVC using the bitmap and the encryption key; comparing, by the server, the received CVC and the regenerated CVC and authorizing, by the server, the payment card based on a successful comparison wherein the received CVC is the payment card CVC. (Yeager, para 0051, 0006, 0157, 0166, 0203 + 0155-0162, fig. 1-2, 5-7)
Muscato specifically teaches:
A method for deriving a card verification code (CVC) of a payment card, comprising: (see Muscato, fig. 1-3)
A system for deriving a card verification code (CVC) of a payment card, comprising: a server, the server configured to: (see Muscato, fig. 1-3)
A non-transitory, computer-readable medium comprising instructions for deriving a card verification code (CVC) of a payment card that, when executed on a computer arrangement, causes the computer arrangement to perform actions comprising: (see Muscato, fig. 1-3)
receiving, by a server, a request of issuing a payment card to a user;
determining, by the server, a personal account number (PAN) and an expiry date of the payment card; (see Muscato, para 0003, 0041, fig. 1-3)
receiving, by the server, a social security number (SSN) and a zip code associated with the user; (see Muscato, para 0003, 0041, fig. 1-3)
generating, by the server, a dynamic service code based on the SSN and the zip code; (see Muscato, para 0003, 0041, fig. 1-3)
generating, by the server, a bitmap based on the PAN, the expiry date, and the dynamic service code; (see Muscato, para 0003, 0010-0013, 0041, fig. 1-3)
receiving, by the server, an encryption key; and (see Muscato, para 0004, 0073-0074, fig. 4 item 84-86)
generating, by the server, a CVC of the payment card based on the bitmap and the encryption key. (see Muscato, para 0004, 0073-0074, fig. 4 item 84-86)
storing, by the server, the bitmap and dynamic service code in the database (see Muscato, para 0003, 0010-0013, 0041, fig. 1-3)
storing, by the server, the payment card CVC in the payment card. (see Muscato, para 0003, 0010-0013, 0041, fig. 1-3)
receiving, by the server, from a point of sale (POS) terminal, a received PAN, a receiving expiry date, and a received CVC, wherein the received PAN, the received expiry date, and the received CVC are read directly from the payment card presented to the POS terminal; retrieving, by the server, the bitmap from the database based on the received PAN and the received expiry date and retrieving the encryption key; creating, by the server, a regenerated CVC using the bitmap and the encryption key; comparing, by the server, the received CVC and the regenerated CVC and authorizing, by the server, the payment card based on a successful comparison wherein the received CVC is the payment card CVC. (see Muscato, para 0003, 0010-0013, 0041, fig. 1-3)
Re claim 2 & 16: see claim 1 +
Cancelled
Re claim 3 & 11: see claim 1 +
further comprising: receiving, by the server, a customer reference number associated with the user; and generating, by the server, the CVC of the payment card based on the customer reference number. (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2 + Yeager, para 0051, 0006, 0157, 0166, 0203 + 0155-0162, fig. 1-2, 5-7 + see Muscato, para 0003, 0010-0013, 0041, fig. 1-3)
Re claim 4: see claim 1 +
further comprising: receiving, by the server, a PAN sequence number associated with the user; and generating, by the server, the CVC of the payment card based on the PAN sequence number. (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2 + Yeager, para 0051, 0006, 0157, 0166, 0203 + 0155-0162, fig. 1-2, 5-7 + see Muscato, para 0003, 0010-0013, 0041, fig. 1-3)
Re claim 5 & 12: see claim 1 +
cancelled
Re claim 6: see claim 1 +
wherein the dynamic service code comprises one digit from a data field of the SSN and two digits from a data field of the zip code. (see Howe para 0043, 0049-0050 + Fig 2 item 202 + fig 1 + see Yeager, para 0155-0162, fig. 5-7 + see Muscato, para 0003, 0041, fig. 1-3)
Re claim 7: see claim 1 +
cancelled
Re claim 8 & 13: see claim 1 +
cancelled
Re claim 9: see claim 1 +
wherein the CVC is generated by the server using triple-DES encryption with double length keys. (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2 + Yeager, para 0051, 0006, 0157, 0166, 0203 + 0155-0162, fig. 1-2, 5-7 + see Muscato, para 0003, 0010-0013, 0041, fig. 1-3)
Re claim 15: see claims above +
wherein the server is further configured to: receive a personal identification number (PIN) associated with the user; and generate the CVC of the payment card based on the PIN. (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2 + Yeager, para 0051, 0006, 0157, 0166, 0203 + 0155-0162, fig. 1-2, 5-7 + see Muscato, para 0003, 0010-0013, 0041, fig. 1-3)
Re claim 17: see claims above +
wherein the server comprises a hardware secure module (HSM) configured to generate the CVC. (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2 + Yeager, para 0051, 0006, 0157, 0166, 0203 + 0155-0162, fig. 1-2, 5-7 + see Muscato, para 0003, 0010-0013, 0041, fig. 1-3)
Re claim 18: see claims above +
wherein the server is further configured to: receive a taxpayer identification number (TIN) associated with the user; and generate the dynamic service code based on the TIN. (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2 + Yeager, para 0051, 0006, 0157, 0166, 0203 + 0155-0162, fig. 1-2, 5-7 + see Muscato, para 0036, 0003, 0010-0013, 0041, fig. 1-3)
Re claim 19: see claims above +
wherein the server comprises a key management system configured to store the encryption key. (see Howe para 0043, 0049-0050, 0070 + Fig 2 item 202 + fig 1-2 + see Yeager, para 0157, 0166, 0203 + 0155-0162, fig. 5-7 + see Muscato, para 0003, 0010-0013, 0041, fig. 1-3)
Response to Arguments
Applicant’s arguments have been fully considered and are not persuasive. Answers to the arguments on the amended limitations which change the scope of the claims, will be addressed in the action above. Applicant's art arguments are considered moot due to new grounds of rejection.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Wall et al., U.S. Patent Pub 20180109508, discloses a method for encrypting sensitive information are disclosed comprising hashing sensitive information by a hash function and selecting a salt or key salt based, at least in part, on the hashed sensitive information.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kirsten Apple whose telephone number is (571)272-5588. The examiner can normally be reached on M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael Anderson can be reached on (571) 270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KIRSTEN S APPLE/Primary Examiner, Art Unit 3693