Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of the Claims
Applicant’s election without traverse of claims 1-10 in the reply filed on 1/09/2026 is acknowledged.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-10 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to a judicial exception (i.e., an abstract idea) without “significantly more.”
Claims 1-10 are directed to certain methods of organizing human activity which is considered an abstract idea. Further, the claim(s) as a whole, when examined on a limitation-by-limitation basis and in ordered combination do not include an inventive concept.
Step 1 – Statutory Categories
In regard to claims 1-10 as indicated in the preamble of the claims, the examiner finds the claims are directed to a process, machine, or article of manufacture.
Step 2A – Prong One - Abstract Idea Analysis
independent claim 1 recites the following abstract concepts, in italics below, which are found to include an “abstract idea”:
A computer-implemented method for detecting compromise of a plurality of co-located interaction cards; the method comprising: receiving, by a processor, interaction information indicating that an interaction has been processed, the interaction information indicating that one of the plurality of co-located interaction cards was used in the interaction, the one of the plurality of co-located interaction cards used in the interaction having limited authorized interaction modalities; determining, by the processor, that the interaction was processed via a modality not authorized under the limited authorized interaction modalities; based on the determination that the interaction was processed via an unauthorized modality, determining, by the processor, that all of the plurality of co-located interaction cards are potentially compromised; in response to determining that all of the plurality of co-located interaction cards are potentially compromised, performing, by the processor, at least one of: sending a first alert to a user device associated with the plurality of co-located interaction cards; sending a second alert to an issuer of at least one of the plurality of co-located interaction cards; or locking each of the plurality of co-located interaction cards from further use.
The claim features in italics above as drafted, under its broadest reasonable interpretation are certain methods of organizing human activity (fundamental economic practices and managing personal behavior or relationships or interactions between people) performed by generic computer components. That is, other than reciting “processor”, nothing in the claim element precludes the step from practically being a method of organized human activity. For example, but for the “processor”, the above italicized limitations in the context of this claim encompasses certain methods of organizing human activity. If the claim limitations, under its broadest reasonable interpretation, covers managing personal behavior or relationships or interactions between people and fundamental economic practices, but for the recitation of generic computer components, then it falls within the “certain methods of organizing human activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
Step 2A – Prong Two - Abstract Idea Analysis
This judicial exception is not integrated into a practical application. In particular, the claim only recites 1 additional elements – “processor”. They are recited at a high-level of generality (i.e., as a generic processor performing generic computer functions) such that it amounts no more than mere instructions to apply the exception using a generic computer component (MPEP 2106.05(f)), data gathering, which is a form of insignificant extra-solution activity (MPEP 2106.05(g)), and linking the use of the judicial exception to a particular technological environment or field of use (MPEP 2106.05(h)). Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
Step 2B - Significantly More Analysis
The claims do not include additional elements that are sufficient to amount to
significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of “processor” amounts to no more than mere instructions to apply the exception using a generic computer component, insignificant extra-solution activity, and linking the use of the judicial exception to a particular technological environment or field of use. Mere instructions to apply the exception using a generic computer component, insignificant extra-solution activity, and linking the use of the judicial exception to a particular technological environment or field of use, cannot provide an inventive concept. Further, the background and specification does not provide any indication that the “processor” is anything other than a generic, off-the-shelf computer components. For these reasons, there is no inventive concept.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 8, 9, and 10 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2017/0053267 A1 to Abel (“Abel”) in view of U.S. Patent No. 8,036,967 B2 to Adams (“Adams”).
In regards to claim 1, Abel discloses the following limitations:
A computer-implemented method for detecting compromise of a plurality of co-located interaction cards; the method comprising: (see at least Abel ¶¶ 0036–0040,0063-0068 where the account correlating device 24 manages a plurality of payment cards and substitute accounts associated with a cardholder)
receiving, by a processor, interaction information indicating that an interaction has been processed, the interaction information indicating that one of the plurality of co-located interaction cards was used in the interaction, (see at least Abel ¶¶ 0037, 0039, where transaction information is received from merchant terminals 16 by the account correlating device 24)
the one of the plurality of co-located interaction cards used in the interaction having limited authorized interaction modalities; (see at least Abel ¶¶ 0065, 0066–0068, where enabling module 90 allows the cardholder to enable or disable certain modes/modalities of conducting transactions, such that fewer than all available modalities are authorized)
determining, by the processor, that the interaction was processed via a modality not authorized under the limited authorized interaction modalities; (see at least Abel ¶¶ 0064–0068, and claim 9, where the transaction authentication module 82 determines if received substitute account details correspond to expected substitute account details for the mode that was used and rejects unauthorized-mode transactions)
in response to determining that all of the plurality of co-located interaction cards are potentially compromised, performing, by the processor, at least one of: sending a first alert to a user device associated with the plurality of co-located interaction cards; sending a second alert to an issuer of at least one of the plurality of co-located interaction cards; (see at least Abel ¶¶ 0068, where reporting module 92 reports potentially fraudulent activity to the user mobile device 20 and to financial institution 28)
or locking each of the plurality of co-located interaction cards from further use. (see at least Abel ¶¶ 0067-0068 and 0071, where the user account module instantly blocks transactions and the rules can prevent transactions from any and all different modes)
Abel does not appear to specifically disclose the following limitation:
based on the determination that the interaction was processed via an unauthorized modality, determining, by the processor, that all of the plurality of co-located interaction cards are potentially compromised;
The Examiner provides Adams to teach the following limitation:
based on the determination that the interaction was processed via an unauthorized modality, determining, by the processor, that all of the plurality of co-located interaction cards are potentially compromised. (see at least Adams Col. 2, ln. 30–55, teaching the identification of "other potentially compromised bank cards" upon detection of a fraudulent or suspicious transaction at a common point of compromise, and Col. 2, ln. 41–48, where the other potentially compromised bank cards are deactivated)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include in the system and method as taught by Abel the teachings of Adams in order to provide enhanced fraud protection for cardholders who carry multiple cards together, where compromise of one card is likely to indicate compromise of the others (e.g., upon physical theft of a wallet), and since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
In regards to claim 2, Abel discloses the following limitations:
wherein the one of the plurality of co-located interaction cards used in the interaction is usable via a plurality of interaction modalities, the plurality of interaction modalities including: an online interaction; (see at least Abel ¶¶ 0030, electronic commerce/online transaction mode)
a point-of-sale (POS) interaction involving activation of an onboard near-field communication device; (see at least Abel ¶¶ 0030, NFC mode)
a POS interaction involving swiping of a magnetic strip; (see at least Abel ¶¶ 0030, magnetic stripe swiping mode)
a POS interaction involving insertion of an EMV chip; (see at least Abel ¶¶ 0030 EMV/microchip mode)
or a POS interaction involving communication with an electronic wallet via a user device; (see at least Abel ¶¶ 0012, 0043, 0073, mobile device 20 functioning as electronic wallet)
wherein the one of the plurality of co-located interaction cards used in the limited authorized interaction modalities is based on an authorizing of less than all of the plurality of interaction modalities, such that one or more of the plurality of interaction modalities is the unauthorized modality. (see at least Abel ¶¶ 0046, 0065–0068, where the enabling module 90 selectively disables modes such that the authorized set is less than the full set of available modalities)
In regards to claim 8, Abel in view of Adams teaches the following limitations:
sending the first alert to the user device associated with the plurality of co-located interaction cards, wherein the sending of the first alert to the user associated with the plurality of co-located interaction cards includes notifying the user that each of the plurality of co-located interaction cards is potentially compromised. (see at least Abel ¶ 0064, where the reporting module 92 reports fraudulent activity to the user via the mobile device 20, in combination with Adams Col. 2, ln. 30–55, teaching that the notification encompasses all of the linked, potentially compromised cards)
In regards to claim 9, Abel discloses the following limitation:
wherein the sending of the first alert to the user associated with the plurality of co-located interaction cards further includes causing a user device associated with the user to output an option to authenticate the interaction. (see at least Abel ¶¶ 0067–0068, 0071, where rules require transactions to be unlocked/authenticated each time by the cardholder via the mobile application running on user device 20)
In regards to claim 10, Abel in view of Adams teaches the following limitations:
sending the second alert to the issuer of at least one of the plurality of co-located interaction cards, wherein the sending of the second alert to the issuer of at least one of the plurality of co-located interaction cards includes notifying the issuer that each of the plurality of co-located interaction cards is potentially compromised. (see at least Abel ¶ 0064, 0068, reporting potentially fraudulent activity to the financial institution 28, in combination with Adams Col. 2, ln. 30–55, teaching that the notification encompasses all of the linked, potentially compromised cards)
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2017/0053267 A1 to Abel (“Abel”) in view of U.S. Patent No. 8,036,967 B2 to Adams (“Adams”), in further view of U.S. Patent No. 9,953,321 B2 to Zoldi (“Zoldi”) and U.S. Payments Forum – Velocity (NPL).
In regards to claim 3, Abel discloses the following limitations in part:
upon determining that the interaction was performed using the unauthorized modality, the processor is configured to determine whether the interaction is a first interaction using the unauthorized modality or a subsequent interaction using the unauthorized modality; and the processor is further configured such that the interaction is allowed to be completed upon determining that the interaction is the first interaction using the unauthorized modality, and the interaction is voided upon determining that the interaction is the subsequent interaction using the unauthorized modality. (see at least Abel Claim 9, where the transaction authentication module is configured to "reject, process, or suspend the transaction if needed" providing the general framework for differential handling of unauthorized-modality transactions)
Abel and Adams do not appear to specifically disclose the following limitation:
the differential treatment of a first unauthorized-modality interaction (allowed) versus a subsequent unauthorized-modality interaction (voided).
The Examiner provides Zoldi and Velocity to teach the following limitation:
the differential treatment of a first unauthorized-modality interaction (allowed) versus a subsequent unauthorized-modality interaction (voided).
Zoldi teaches that upon determining a card has been involved in a suspect or "probed" event, the card is monitored for a fixed number of subsequent transactions during which subsequent fraudulent activity triggers escalating responses up to and including blocking the card. (see at least Zoldi Col. 2, ln. 13–31, teaching that "monitoring can occur for a specific period of time, for a fixed number of transactions based on the card's involvement in the test event… If a probed card is subsequently used in a transaction that appears fraudulent, then a model tailored for probed, high-risk customers can be invoked. This model can adjust the existing fraud score associated with the card or block and remove the card from use before a fraudulent transaction occurs.")
The Examiner further provides U.S. Payments Forum – Velocity https://www.uspaymentsforum.org/wp-content/uploads/2022/05/Velocity-Checks-2022_legal.pdf.
U.S. Payments Forum – Velocity describes velocity-check fraud-mitigation techniques as a long-established industry-standard practice in which an initial transaction is processed and counted by the system, and subsequent transactions exceeding a defined threshold within a defined time window are then declined or routed for further review. (see at least U.S. Payments Forum – Velocity at p. 2, "How the Technique Works," teaching: "The database containing selected data elements is accessed or 'called' twice. The first time adds to the count of a data element, and the next counts the total number. The rule for that data element will have a count and time interval component. The total number is compared to the rule for that element (e.g., 'if orders placed with the same card number within 24 hours exceed five'); if the total number exceeds what the rule indicates, the transaction is reviewed further." See also p. 1, listing as an example use case: "Looking at the number of transactions (velocity) by a card within a specified period of time (e.g., five transactions in 15 minutes)." And see p. 3, "Maturity," teaching that "The velocity check technique has been in use since the early days of ecommerce. Rules-based fraud and risk platforms were utilizing velocity checks at the POS and ATM even before ecommerce.")
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include in the system and method as taught by Abel and Adams the teachings of Zoldi and U.S. Payments Forum – Velocity in order to processes a first unauthorized-modality interaction (treating it as a count-incrementing detection event and allowing it to complete) and voids subsequent unauthorized-modality interactions when the threshold is exceeded, and since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Claims 4, 5, and 6 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2017/0053267 A1 to Abel (“Abel”) in view of U.S. Patent No. 8,036,967 B2 to Adams (“Adams”), in further view of https://blog.thinkst.com/2023/01/swipe-right-on-our-new-credit-card-tokens.html (“Torrey”).
In regards to claim 4, Abel and Adams do not appear to specifically disclose the following limitations:
wherein the plurality of interaction cards includes at least one decoy interaction card having zero authorized modalities, wherein the determining that the interaction was processed via an unauthorized modality comprises determining that the interaction was processed using the at least one decoy interaction card.
The Examiner provides Torrey to teach the following limitations:
wherein the plurality of interaction cards includes at least one decoy interaction card having zero authorized modalities, wherein the determining that the interaction was processed via an unauthorized modality comprises determining that the interaction was processed using the at least one decoy interaction card.
Torrey discloses the use of a deliberately-deployed payment card credential — referred to as a "credit card Canarytoken" — that is functionally equivalent to a payment card having zero authorized modalities, in that any attempted use of the card is, by design, indicative of compromise. (see at least Torrey at the section "Detect breaches with Canary credit cards," teaching: "We give you a perfectly valid credit card (number, expiration, and CVC). If anyone ever attempts to use that card you'll be notified" and at "Using the token," teaching: "If someone does try to use the card, the transaction will fail, and you'll get an alert." Torrey further teaches deploying these decoy cards alongside legitimate payment information at "Some places we recommend putting these include: 1. Databases where you store customer payment information." See also the companion Canarytokens documentation at https://docs.canarytokens.org/guide/credit-card-token.html, teaching: "This Canarytoken will alert whenever a transaction is made using the credit card. We recommend placing one anywhere you store payment information. If you ever get an alert from it, you know that the datastore has been compromised.")
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include in the multi-card, multi-modality system of Abel and Adams the at least one card whose authorized modality count has been set to zero (or, equivalently, a Torrey-style decoy card credential issued in card form) as taught by Torrey in order to function as a tripwire among the plurality of co-located cards, and since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
In regards to claim 5, Abel and Adams do not appear to specifically disclose the following limitations:
wherein upon determining that the interaction was processed using the at least one decoy interaction card, the processor is configured to capture information describing the interaction.
The Examiner provides Torrey to teach the following limitations:
wherein upon determining that the interaction was processed using the at least one decoy interaction card, the processor is configured to capture information describing the interaction. (Torrey teaches that upon detection of any attempted use of the decoy card credential, the system captures and reports identifying information describing the interaction, including merchant identity, transaction amount, and an associated identifier set when the decoy was deployed. see at least Torrey at "Using the token," teaching: "If someone does try to use the card, the transaction will fail, and you'll get an alert like this in your email with the merchant name, the amount of the transaction, and the note you put in when you created the account." Torrey further teaches the forensic value of this captured information at "Conspicuous deception," noting that the alert provides the user "near instantaneous identification of a breach" and enables the response team to determine "where to start investigating.")
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include in the system and method as taught by Abel and Adams the teachings of Torrey since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
In regards to claim 6, Abel discloses the following limitations in part:
wherein the plurality of co-located interaction cards includes at least one interaction card. (see at least Abel Abstract and ¶¶ 0036–0040, where the system manages a plurality of payment cards owned by the cardholder)
Abel and Adams do not appear to specifically disclose the following limitations:
wherein the plurality of co-located interaction cards includes at least one decoy interaction card and at least one legitimate interaction card, wherein the determining that the interaction was processed via an unauthorized modality comprises determining that the interaction was processed using the at least one decoy interaction card; and upon determining that the interaction was processed using the at least one decoy interaction card, the processor is configured to capture information describing the interaction.
The Examiner provides Torrey (NPL) to teach the following limitations:
wherein the plurality of co-located interaction cards includes at least one decoy interaction card and at least one legitimate interaction card, wherein the determining that the interaction was processed via an unauthorized modality comprises determining that the interaction was processed using the at least one decoy interaction card; and upon determining that the interaction was processed using the at least one decoy interaction card, the processor is configured to capture information describing the interaction. (Torrey teaches the deployment of one or more decoy payment card credentials co-located with legitimate payment information. see at least Torrey at "Using the token," teaching: "Mix it in with your store of saved card data or on payment gateways. An attacker who plans to test the cards (as they normally do when obtaining them) or attackers who try to use them will immediately advertise their presence, and your response team can spring into action." Torrey further teaches at "Some places we recommend putting these include: 1. Databases where you store customer payment information.")
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include in the system and method as taught by Abel and Adams the teachings of Torrey since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH M MUTSCHLER whose telephone number is (313)446-6603. The examiner can normally be reached 0600-1430.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Florian Zeender can be reached at (571)272-6790. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JOSEPH M MUTSCHLER/Examiner, Art Unit 3627
/A. Hunter Wilder/Primary Examiner, Art Unit 3627