Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The following Non-Final office action is in response to application filed on 12/18/2024.
Priority Date: CON of PATENT (US 12,217,262)-(#17/299,468)>PCT(US 2018/063572)>(12/03/2018).
Claim Status:
Pending claims : 1-20
Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
In particular, claims are directed to a judicial exception (Abstract idea) without significantly more.
When considering subject matter eligibility under 35 U.S.C. 101, (Step-1) it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. (Step-2A) If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so, (Step-2B) it must additionally be determined whether the claim is a patent-eligible application of the exception. If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself.
Examples of abstract ideas grouping include: (a) Mental processes; (b) Certain methods of organizing human activities [ i. Fundamental Economic Practice; ii. Commercial or Legal Interaction; iii. Managing Personal behavior or Relations between People]; and (c) Mathematical relationships/formulas. Alice Corporation Pty. Ltd. v. CLS Bank International, et al., 573 U.S. (2014).
Analysis is based on the 2019 Revised Patent Eligibility Guidance (2019 PEG)-(see MPEP § 2106.04(II) and 2106.04(d). )-[see MPEP § 2106.04(II), and § 2106.04(d) & MPEP § 2106.05(a),(b),(c),(e )…].
[Step-1] The claims are directed to a method/system/machine, which are a statutory category of invention.
Claim 1 (exemplary) recites a series of steps for Time based Risk Management with Smart Card Chip Authentication Plan.
[Step-2A]-Prong 1:The claim 1 is then analyzed to determine whether it is directed to a judicial exception:
The claim 1 recites the limitations of:
maintaining, by a smart card comprising an authentication chip communicatively coupled to a clock chip, time stamp information provided by an external clock and time units generated by the clock chip;
in response to conducting an interaction with an access device, receiving, by the smart card, first time information from the access device;
determining, by the smart card, second time information based at least in part on the time units from the clock chip and the time stamp information;
comparing, by the smart card, the second time information to the first time information from the access device;
maintaining, by the smart card, one or more time limit policies that are associated with potentially fraudulent interactions;
determining, by the authentication chip of the smart card, an authentication plan for the interaction based at least in part on: (1) a comparison of the second time information to the first time information, and (2) the one or more time limit policies; and
implementing, by the authentication chip of the smart card, the authentication plan by instructing communication with the access device or another entity when the authentication plan requires user authentication, and
declining the interaction based at least in part on a difference between the second time information and the first time information from the access device exceeding a threshold.
The claimed method/system/machine simply describes series of steps for Time based Fraud Risk Management with Smart Card Chip Authentication Plan.
These limitations, as drafted, are processes that, under its broadest reasonable interpretation, covers performance of the limitations via human commercial or business or transactional activities/interactions, but for the recitation of generic computer components. That is, other than reciting one or more servers/processors, devices and computer network nothing in the claim precludes the limitations from practically being performed by organizing human business activity. For example, without the structure elements language, the claim encompasses the activities that can be performed manually between the users and a third party. These limitations are directed to an abstract idea because they are business interaction/sale activity that falls within the enumerated group of “certain methods of organizing human activity” in the 2019 PEG.
[Step-2A]-Prong 2:
Next, the claim is analyzed to determine if it is integrated into a practical application. The claim recites additional limitation of using one or more servers/processors, devices and computer network to perform the steps. The processor in the steps is recited at a high level of generality, i.e., as a generic processor performing a generic computer function of processing data. This generic processor limitation is no more than mere instructions to apply the exception using generic computer component. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to the abstract idea.
[Step-2B]
Next, the claim is analyzed to determine if there are additional claim limitations that individually, or as an ordered combination, ensure that the claim amounts to significantly more than the abstract ideas (whether claim provides inventive concept).
As discussed above, the recitation of the claimed limitations amounts to mere instructions to implement the abstract idea on a processor (using the processor as a tool to implement the abstract idea). Taking the additional elements individually and in combination, the processor at each step of the process performs purely generic computer functions. As such, there is no inventive concept sufficient to transform the claimed subject matter into a patent-eligible application. The same analysis applies here, i.e., mere instructions to apply an exception using a generic computer component cannot integrate a judicial exception into a practical application at or provide an inventive concept.
Viewing the limitations as an ordered combination does not add anything further than looking at the limitations individually. When viewed either individually, or as an ordered combination, the additional limitations do not amount to a claim as a whole that is significantly more than the abstract idea itself. Therefore, the claim does not amount to significantly more than the recited abstract idea, and the claim is not patent eligible.
The analysis above applies to all statutory categories of invention including independent claim 12.
Furthermore, the dependent claims 2-11 and 13-20 do not resolve the issues raised in the independent claims.
The dependent claims 2-11 and 13-20 are directed towards:
Using, wherein the smart card is free of a display; a battery coupled to the clock chip and configured to store a charge and provide a current to the clock chip; calculating and adding second time information; authentication information of a user associated with the smart card via the access device; wherein the one or more time limit policies are specified by an authorizing computer; wherein the interactions comprise presenting, by the smart card, authentication data to log into an account with a merchant website; the authentication plan and the second time information for the interaction; the time units from the clock chip and associating the time units with information about the interaction; and converting, by the smart card and via the authentication chip, the time units generated by the clock chip in the non-standard time format to time units in a standard time format using a conversion ratio unique to the smart card prior to determining the second time information in the standard time format.
These limitations are also part of the abstract idea identified in claim 1, and are similarly rejected under same rationale.
Accordingly, the dependent claims 2-11 and 13-20 are rejected as ineligible for patenting under 35 U.S.C. 101 based upon the same analysis.
The instant claims are rejected under 35 USC 101 in view of The Decision in Alice Corporation Ply. Ltd. v. CLS Bank International, et al. in a unanimous decision, the Supreme Court held that the patent claims in Alice Corporation Pty. Ltd. v. CLS Bank International, et al. ("Alice Corp. ") are not patent-eligible under 35 U.S.C. § 101.
Double Patenting
35 U.S.C. § 101 reads as follows:
"Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter or any new and useful improvement thereof, may obtain a patent therefore, subject to the conditions and requirements of this title".
The following non-statutory double patenting rejection is based on a judicially created doctrine grounded in the public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time wise extension of the right to exclude granted by a patent. In re Sarett, 327 F.2d 1005, 140 USPQ 474 (CCPA 1964); In re Schneller, 397 F.2d 350, 158 USPQ 210 (CCPA 1968); In re White, 405 F.2d 904, 160 USPQ 644 (CCPA 1969); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Van Ornam, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 985); and In re Goodman, 29 USPQ 2d 2010 (Fed. Cir. 1993).
Claims 1-20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-9 of U.S. Patent No. 12,217,262.
Although the conflicting claims are not identical, they are not patentably distinct from each other because they recite means or steps that are substantially the same and that would have been obvious to one of ordinary skill in the art.
Furthermore, the omission of an element with a corresponding loss of function is an obvious expedient. See In re Karlson, 136 USPQ 184 and Ex parte Rainu, 168 USPQ 375.
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(b) would overcome an actual or provisional rejection on a non-statutory double patenting ground provided the conflicting patent is shown to be commonly owned with this application. See 37 CFR 1.78(d).
Claim Rejections - 35 USC § 103
The following is a quotation of AIA 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Everhart et al (US 2009/0271853-A1) in views of Hamilton et al (US 2008/0271117-A1).
Ref claim 1, Everhart discloses a, method comprising: maintaining, by a smart card comprising an authentication chip communicatively coupled to a clock chip, time stamp information provided by an external clock and time units generated by the clock chip (para [0029], Figs.1-10; via the authenticating authority receives the card number, timestamp of the transaction, the token value and any data ...checks/uses the timestamp to derive the expected on-card clock value. ...then encrypts this clock value with the diversified key and compare with the value supplied by the customer...);
in response to conducting an interaction with an access device, receiving, by the smart card, first time information from the access device; determining, by the smart card, second time information based at least in part on the time units from the clock chip and the time stamp information (para [0021]; via a display on a consumer device/a known base time/a particular transaction time…[0023]; via…The token includes a token clock or token counter that can maintain synchronization with a reference clock [i.e., a base counter]…[0025]; via the card …with a small processor and battery…);
comparing, by the smart card, the second time information to the first time information from the access device (para [0029]; via the authenticating authority receives the card number, timestamp of the transaction, the token value and any data .../uses the timestamp to derive the expected on-card clock value. ...then encrypts this clock value with the diversified key and compare with the value supplied by the customer...);
maintaining, by the smart card, one or more time limit policies that are associated with potentially fraudulent interactions (para [0024]; via the token also includes a device or mechanism for a secret transform on the clock value ...[0026]; via a clock computes a value/displayed on the token... .[0032], via …to gain the added protection against fraud.);
determining, by the authentication chip of the smart card, an authentication plan for the interaction based at least in part on: (1) a comparison of the second time information to the first time information, and (2) the one or more time limit policies (para [0029]; via the authenticating authority receives the card number, timestamp of the transaction, the token value and any data. ...uses the timestamp to derive the expected on-card clock value. ...then encrypts this clock value with the diversified key and compare with the value supplied by the customer…); and
[[implementing, by the authentication chip of the smart card, the authentication plan by instructing communication with the access device or another entity when the authentication plan requires user authentication]], and
declining the interaction based at least in part on a difference between the second time information and the first time information from the access device exceeding a threshold (para [0054]; via in step 699, the process…The authentication authority might want to decline this transaction even….[0055], Figs.7/6; via “calculate verification sequence based on device’…and time… [0056], Fig. 8, relates to the situation where clock drift/compared with the clock in the token 100…).
Everhart does not explicitly disclose the step of implementing, by the authentication component of the smart card, the authentication plan by instructing communication with the access device when the authentication plan requires user authentication, or communication with the authorizing computer when the authentication plan requires including requesting authentication of the user associated with the smart card via the authorizing computer.
However, Hamilton being in the same field of invention discloses the step of implementing, by the authentication component of the smart card, the authentication plan by instructing communication with the access device when the authentication plan requires user authentication, or communication with the authorizing computer when the authentication plan requires including requesting authentication of the user associated with the smart card via the authorizing computer (para [0007]; via system. methods and media for authenticating a user to a server on previous authentication...authentication plan...[0042]; via the authentication event monitor 408 may monitor a user’s performed authentication steps [e.g., entering a password, using a smart card, etc. [implied no display on smart card]...).
Therefore, it would have been obvious to one of ordinary skill in the art before the filing date of the claimed invention was made to modify the features mentioned by Everhart to include the disclosures as taught by Hamilton to facilitate authentication with no display on smart card..
Ref claim 2, Everhart discloses the method of claim 1, wherein the smart card is free of a display (para [0026]; via a clock computes a value/displayed on the token... .[0032], via …to gain the added protection against fraud.).
Ref claim 3, Everhart discloses the method of claim 1, wherein the smart card comprises a battery coupled to the clock chip and configured to store a charge and provide a current to the clock chip (para [0025]; via the card …with a small processor and battery…).
Ref claim 4, Everhart discloses the method of claim 1, wherein determining the second time information further comprises: calculating a difference between a first set of the time units from the clock chip that were generated during initialization of the smart card and a second set of the time units from the clock chip that corresponds to a time period associated with the interaction; converting the difference to a standard time format; and adding the second time information to the time stamp information of the smart card to obtain the second time information (para [0021]; via a display on a consumer device/a known base time/a particular transaction time…[0023]; via…The token includes a token clock or token counter that can maintain synchronization with a reference clock [i.e., a base counter]…).
Ref claim 5, Everhart discloses the method of claim 1, wherein the authentication plan includes requesting authentication information of a user associated with the smart card via the access device (para [0029]; via the authenticating authority receives the card number, timestamp of the transaction, the token value and any data. ...uses the timestamp to derive the expected on-card clock value. ...then encrypts this clock value with the diversified key and compare with the value supplied by the customer…).
Ref claim 6, Everhart discloses the method of claim 1, wherein the one or more time limit policies are specified by an authorizing computer (para [0021]; via a display on a consumer device/a known base time/a particular transaction time…[0023]; via…The token includes a token clock or token counter that can maintain synchronization with a reference clock [i.e., a base counter]…).
Ref claim 7, Everhart discloses the method of claim 1, wherein the one or more time limit policies include identifying a first time period between interactions for the smart card, identifying a second time period corresponding to a user verification of a user associated with the smart card, wherein the interactions comprise presenting, by the smart card, authentication data to log into an account with a merchant website (para [0021]; via a display on a consumer device/a known base time/a particular transaction time…[0023]; via…The token includes a token clock or token counter that can maintain synchronization with a reference clock [i.e., a base counter]…).
Ref claim 8, Everhart discloses the method of claim 1, further comprising: storing, on the smart card, the authentication plan and the second time information for the interaction (para [0029]; via the authenticating authority receives the card number, timestamp of the transaction, the token value and any data. ...uses the timestamp to derive the expected on-card clock value. ...then encrypts this clock value with the diversified key and compare with the value supplied by the customer…).
Ref claim 9, Everhart discloses the method of claim 1, further comprising: storing, on the smart card, the time units from the clock chip and associating the time units with information about the interaction (para [0029]; via the authenticating authority receives the card number, timestamp of the transaction, the token value and any data. ...uses the timestamp to derive the expected on-card clock value. ...then encrypts this clock value with the diversified key and compare with the value supplied by the customer…).
Ref claim 10, Everhart discloses the method of claim 1, wherein communication with another entity comprises communication with an authorizing computer when the authentication plan requires authentication of a user associated with the smart card via the authorizing computer (para [0029]; via the authenticating authority receives the card number, timestamp of the transaction, the token value and any data. ...uses the timestamp to derive the expected on-card clock value. ...then encrypts this clock value with the diversified key and compare with the value supplied by the customer…).
Ref claim 11, Everhart discloses the method of claim 1, wherein the time units generated by the clock chip are in a non-standard time format, the method further comprising: converting, by the smart card and via the authentication chip, the time units generated by the clock chip in the non-standard time format to time units in a standard time format using a conversion ratio unique to the smart card prior to determining the second time information in the standard time format (para [0021]; via a display on a consumer device/a known base time/a particular transaction time…[0023]; via…The token includes a token clock or token counter that can maintain synchronization with a reference clock [i.e., a base counter]…).
Claim 12 recites similar limitations to claim 1 and thus rejected using the same art and rationale in the rejection of claim 1 as set forth above.
Claims 13-14 are rejected as per the reasons set forth in claim 3.
Claim 15 is rejected as per the reasons set forth in claim 7.
Claim 16 is rejected as per the reasons set forth in claim 2.
Claim 17 is rejected as per the reasons set forth in claim 5.
Ref claim 18, Everhart discloses the smart card of claim 12, wherein the smart card does not have long range communication capabilities or a microphone (para [0028]; via the credit card holder of the token makes a phone purchase…the fixed CVV code[card validation value] on the back of the credit card…The merchant then sends the information to the issuer…, for validation [implied smart card-no long range communication]…).
Claim 19 is rejected as per the reasons set forth in claim 4.
Claim 20 is rejected as per the reasons set forth in claim 10.
CONCLUSION
The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure.
Roskind (US 8,820,637-B1) discloses Time-varying Security Code For Enabling Authorizations And Other Uses Of Financial Accounts.
Ali (US 7,926,096 B2) discloses Enforcing Time-Based Transaction Policies On Devices Lacking Independent Clocks.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HATEM M. ALI whose telephone number is (571) 270-3021, E-mail: Hatem.Ali@USPTO.Gov and FAX (571)270-4021. The examiner can normally be reached Monday-Friday from 8:00 AM to 6:00 PM ET.
Examiner interviews are available via telephone, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ABHISHEK VYAS can be reached on (571) 270-1836. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HATEM M ALI/
Examiner, Art Unit 3691