14092205 - (D) (P.T.A.B. Apr. 29, 2020)

Apple Inc.

Patent Trials and Appeals BoardApr 29, 2020

14092205 - (D) (P.T.A.B. Apr. 29, 2020)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/092,205 11/27/2013 Ahmer A. Khan 122202-6553 (P19545US1) 6567 142248 7590 04/29/2020 Morgan, Lewis & Bockius LLP (Apple) 600 Anton Boulevard Suite 1800 Costa Mesa, CA 92626 EXAMINER MAGUIRE, LINDSAY M ART UNIT PAPER NUMBER 3693 NOTIFICATION DATE DELIVERY MODE 04/29/2020 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): OCIPDocketing@morganlewis.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte AHMER A. KHAN, DAVID T. HAGGERTY, GEORGE R. DICKER, JERROLD V. HAUCK, JOAKIM LINDE, MITCHELL D. ADLER, ZACHARY A. ROSEN, YOUSUF H. VAID, and CHRISTOPHER SHARP1 ____________ Appeal 2019-005451 Application 14/092,205 Technology Center 3600 ____________ Before JEFFREY N. FREDMAN, DEBORAH KATZ, and JOHN G. NEW, Administrative Patent Judges. NEW, Administrative Patent Judge. DECISION ON APPEAL 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies Apple Inc. as the real party-in-interest. App. Br. 2. Appeal 2019-005451 Application 14/092,205 2 SUMMARY Appellant files this appeal under 35 U.S.C. § 134(a) from the Examiner’s Final Rejection of claims 11, 13–16, 19, 29–31, 33–41, 43–47, and 49–59 as unpatentable under 35 U.S.C. § 101 as being directed to nonstatutory subject matter. Claims 11, 13–16, 19, 29–31, 33–41, 43–47, and 49–59 stand further rejected as unpatentable under 35 U.S.C. § 112(a) as lacking written description. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. NATURE OF THE CLAIMED INVENTION Appellant’s claimed invention is directed to methods, systems, and computer-readable media for provisioning a credential associated with an authenticated user account on an electronic device. Abstract; Spec. ¶ 18. The method analyzes the credential for fraud risk, by running two separate fraud risk analyses: (1) by a commercial entity responsible for the authenticated user account; and (2) by a financial entity responsible for the credential. Id. Upon completing the fraud risk analysis, the method facilitates provisioning the credential on the electronic device. Id. REPRESENTATIVE CLAIM Claim 49 is representative of the claims on appeal and recites: 49. A method performed by a commercial entity subsystem comprising: receiving, at the commercial entity subsystem, user account information from an electronic device; Appeal 2019-005451 Application 14/092,205 3 authenticating, at the commercial entity subsystem, a user account with the commercial entity subsystem using the received user account information; detecting, at the commercial entity subsystem, a commerce credential associated with the authenticated user account; running, at the commercial entity subsystem, a commercial entity fraud risk analysis on the detected commerce credential using commercial entity fraud risk data, wherein: the detected commerce credential was issued by a financial institution subsystem; and at least a portion of the commercial entity fraud risk data is not available to the financial institution subsystem; instructing, with the commercial entity subsystem, the financial institution subsystem to run a financial entity fraud check analysis on the detected commerce credential; and provisioning cryptographic data for an account number of the detected commerce credential on the electronic device when the detected commerce credential passes both the commercial entity fraud risk analysis at the commercial entity subsystem and the financial entity fraud check analysis, wherein the provisioned cryptographic data is operative to be used by the electronic device for securely storing the account number in a security domain of the electronic device for later use in a transaction. Appendix A, 7–8. Appeal 2019-005451 Application 14/092,205 4 ISSUES AND ANALYSIS We agree with, and expressly adopt, the Examiner’s findings, reasoning, and conclusion that the claims are directed to nonstatutory subject matter. We further agree with the Examiner’s conclusion that the claims lack written description support under 35 U.S.C. § 112(a). We address below the arguments raised by Appellant. A. Rejection under 35 U.S.C. § 101 Issue Appellant argues that the Examiner erred because the claims: (1) are not directed to a judicially-created exception to 35 U.S.C. § 101; and (2) recite significantly more than the alleged judicial exception. App. Br. 19, 22. Analysis The Examiner finds that the claims are directed to methods and systems for “provisioning an electronic credential on an electronic device for later use in a transaction.” Ans. 4. The Examiner finds that “[p]rovisioning an electronic credential on an electronic device for later use in a transaction recites a fundamental economic practice,” which is an abstract idea in the category of certain methods of organizing human activity. Id. The Examiner finds that the additional elements of the claim “do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.” Id. at 4–5. Moreover, the Examiner finds these additional steps are analogous to collecting and organizing information, and therefore are abstract ideas. Final Act. 6–7. Appeal 2019-005451 Application 14/092,205 5 The Examiner finds that Appellant’s Specification discloses implementing the claimed method on general-purpose computing devices. Ans. 5–6 (citing Spec. ¶¶ 30, 78, 99). Accordingly, the Examiner concludes that the additional elements of the claim do not add significantly more to the judicial exception because “[m]ere instructions to apply an exception using a generic computer component cannot provide an inventive concept.” Id. at 5. Appellant first argues that the Examiner fails to establish that the claims recite an abstract idea because “provisioning an electronic credential on an electronic device” is not a fundamental economic practice. Reply Br. 3–4. Appellant argues that the additional claim “limitations provide meaningful limitations that restrict the identified concept to a particular useful application.” App. Br. 18. Appellant argues that the claim includes “meaningful limitations placed on the provisioned data and the electronic device.” Id. at 19. For example: [T]o maintain the security of the process, once it is determined that a credential ought to be provisioned on the electronic device that initially provided the user account information used to detect the credential, very specific provisioning limitations of appellant’s independent claim 49 are required that involve very specific, highly technical elements of the electronic device to maintain the privacy and security of the process - particularly cryptographic data for an account number of the detected commerce credential must be provisioned on the electronic device, wherein the provisioned cryptographic data is operative to be used by the electronic device for securely storing the account number in a security domain of the electronic device for later use in a transaction. Id. at 18–19. Appellant argues that these additional limitations are tied to particular underlying hardware, and thus link “the use of the alleged abstract idea to a particular technological environment.” Id. at 20. Appeal 2019-005451 Application 14/092,205 6 Second, Appellant asserts that the claims recite an inventive concept. App. Br. 21. Particularly, Appellant contends that claim 49 recites an arrangement of elements resulting in an improvement in the technology of determining risk level. Id. Appellant argues the claims are similar to the claims in BASCOM, where our reviewing court found “an inventive concept can be found in the unconventional and non-generic combination of known elements.” Id. (citing BASCOM Glob. Internet Servs., Inc. v. AT&T Mobility LLC, 827 F.3d 1341, 1350 (Fed. Cir. 2016)). Appellant contends that “the limitations of appellant’s independent claim 49, like in BASCOM, ‘confine the abstract idea’ (e.g., the alleged abstract idea of determining a risk level) ‘to a particular, practical application of the [alleged] abstract idea.’” Id. at 23. Appellant next argues that the Examiner has not provided factual evidence to support the finding that the additional elements of the claims are “well-understood, routine and conventional.” App. Br. at 26. Finally, Appellant contends that “the limitations of [A]ppellant’s independent claim 49 do not pre-empt the entire field of determining a risk level.” Id. at 28. Appellant restates the same analysis for independent claims 11 and 29, and their dependent claims. See id. at 28–30. We are not persuaded by Appellant’s arguments. In performing an analysis of patentability under Section 101, we follow the framework set forth by the Supreme Court in Mayo Collaborative Servs. v. Prometheus Labs., Inc., 566 U.S. 66 (2012). We are also mindful of, and guided by, the United States Patent and Trademark Office’s 2019 Revised Patent Subject Matter Eligibility Guidance, 84(4) Fed. Reg. 50–57 (January 7, 2019) (the “2019 Guidance”). Appeal 2019-005451 Application 14/092,205 7 Appellant’s claim 49 recites: “A method performed by a commercial entity subsystem comprising.” Following the first step of the Mayo analysis, we find that the claim is directed to a method, and therefore falls into one of the broad statutory categories of patent-eligible subject matter under 35 U.S.C. § 101. In the next step of the Mayo, we determine whether the claim at issue is directed to a nonstatutory, patent-ineligible concept, i.e., a law of nature, a phenomenon of nature, or an abstract idea. Mayo, 566 U.S. at 70–71. If the claim is so directed, we next consider the elements of the claim both individually and “as an ordered combination” to determine whether additional elements “transform the nature of the claim” into a patent-eligible application. Id. at 78–79; see also Ariosa Diagnostics, Inc. v. Sequenom, Inc., 788 F.3d 1371, 1375 (Fed. Cir. 2015). Specifically, the Supreme Court considered this second step as determining whether the claim recites an element or combination of elements that is “sufficient to ensure that the patent in practice amounts to significantly more than a patent upon the [ineligible concept] itself.” Mayo, 566 U.S. at 72–73. More specifically, in this second step of the Mayo analysis, we look to whether the claim recites one of the judicially-created exceptions to Section 101, i.e., an abstract idea, a law of nature, or a natural phenomenon. See 2019 Guidance 54 (Step 2A, Prong 1). If we determine that the claim recites a judicial exception, we then determine whether the limitations of the claim reciting the judicial exception are integrated into a practical application. Id. (Step 2A, Prong 2). Finally, if we determine that the claim is directed to a judicially- created exception to Section 101, we evaluate the claim under the next step Appeal 2019-005451 Application 14/092,205 8 of the Mayo analysis, considering the elements of each claim both individually and “as an ordered combination” to determine whether additional elements “transform the nature of the claim” into a patent-eligible application. Mayo, 566 U.S. at 78–79; 2019 Guidance at 56 (Step 2B). Claim 49 recites the steps of: (1) receiving user account information; (2) authenticating a user account using the received information; (3) detecting a commerce credential associated with the authenticated user account; (4) running a commercial entity fraud risk analysis on the detected commerce credential; (5) instructing a financial institution subsystem to run a financial entity fraud check analysis; (6) provisioning cryptographic data for an account number of the detected commerce credential on the electronic device for securely storing the account number for later use in a transaction. Appendix A, 7–8. We agree with the Examiner that the claims recite a series of abstract ideas, culminating in using cryptography to store an account number of an analyzed commerce credential for use in a future transaction. Storing the account number of a risk-reviewed credential for use in a future transaction is similar to creating a “safe transaction guaranty,” which is a fundamental economic practice as held by our reviewing court in buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355 (Fed. Cir. 2014) (“[t]he claims are squarely about creating a contractual relationship—a ‘transaction performance guaranty’—that is beyond question of ancient lineage”). Fundamental economic practices, including mitigating risk, fall under the abstract idea category of certain methods for organizing human activity. See 2019 Guidance 52. Appeal 2019-005451 Application 14/092,205 9 The method resulting in “storing the account number” includes several steps of receiving and processing information. Our reviewing court, in Electric Power Group, LLC v. Alstom S.A., 830 F.3d 1350 (Fed. Cir. 2016), held that “[i]nformation as such is an intangible.” 830 F.3d at 1353 (citing Microsoft Corp. v. AT & T Corp., 550 U.S. 437, 451 n.12 (2007)). Similarly, the court held that “collecting information, including when limited to particular content (which does not change its character as information), [is] within the realm of abstract ideas.” Id. at 1354. The claim further recites steps of authenticating a user account, detecting a commerce credential, and running fraud risk analysis. These steps are analogous to a method for verifying the validity of a credential by two different entities, i.e., the commercial entity and the financial entity. Our reviewing court, in CyberSource Corp. v. Retail Decisions, Inc., 654 F.3d 1366 (Fed. Cir. 2011), held that a similar method for “verifying the validity of a credit card transaction over the Internet” “simply requires one to ‘obtain and compare intangible data pertinent to business risks.’” 654 F.3d at 1370. The court found the claims were not limited to any particular fraud detection algorithm, and no algorithms were disclosed in the patent. Id. at 1372. “Rather, the broad scope of [the claim] extends to essentially any method of detecting credit card fraud based on information relating past transactions … even methods that can be performed in the human mind.” Id. The instant claims recite similar steps of authenticating, detecting, and analyzing that are mental processes, and also lack limitations to particular algorithms, and are therefore judicial exceptions of the abstract idea category. Appeal 2019-005451 Application 14/092,205 10 Having identified the judicial exceptions recited by the claims, we determine whether the limitations of the claims reciting the judicial exceptions are integrated into a practical application. 2019 Guidance 54 (Step 2A, Prong 2). The Guidance provides additional context for this analysis, stating that: “A claim that integrates a judicial exception into a practical application will apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the judicial exception.” Id. at 53. Appellant contends that the claims recite meaningful limitations that “provide at least one additional layer of security” and “maintain the privacy and security of the process.” App. Br. 18–19. Appellant contends “[t]hese meaningful limitations placed on the provisioned data and the electronic device show that the claim is not directed to performing any alleged abstract idea on a general purpose computer.” Id. at 19. Appellant argues the claimed limitations “result[ ] in an improvement in the technology of determining a risk level.” Id. at 21. We disagree. Providing additional layers of security by including a second credit risk analysis, and maintaining security by using cryptographic data are simply additional abstract ideas, implemented on a generic computer using generic software. Nothing in the recited limitations speaks to improving the functioning of a computer or other technology. As such, we find that the claims do not impose meaningful limits upon the abstract ideas recited in the claims, and are therefore directed to a judicial exception. Claims directed to a judicial exception may be patent eligible if they recite additional elements that provide “significantly more” than the judicial Appeal 2019-005451 Application 14/092,205 11 exception. 2019 Guidance 56 (Step 2B). Appellant contends that “when viewed as an ordered combination, the claim limitations of [] independent claim 49 amount to significantly more than the alleged abstract idea of determining a risk level.” App. Br. 22. Appellant contends that the combination of “running two different fraud analyses with two different subsystems using two different sets of data in order to determine whether to provision data for the commerce credential on the electronic device … is not well-understood, routine, or conventional activity.” Id. at 23. We disagree. “The inventive concept necessary at step two of the Mayo/Alice analysis cannot be furnished by the [abstract idea] itself.… [I]nstead, the application must provide something inventive, beyond mere ‘well-understood, routine, conventional activity.’” Genetic Techs. Ltd. v. Merial L.L.C., 818 F.3d 1369, 1376 (Fed. Cir. 2016) (citing Mayo, 566 U.S. at 71–72). Accordingly, we review the claims for additional elements, other than the abstract idea itself, for an inventive concept. Appellant’s claims include an electronic device, a commercial entity subsystem, a financial institution subsystem, and cryptographic data. The Specification describes the claimed electronic device and subsystems as conventional, general-purpose computing devices, programmed to perform the claimed method. See Spec. ¶¶ 73–107. The Specification further describes the cryptographic data configured “in accordance with rules and security requirements that may be set forth by a set of well-identified trusted authorities (e.g., an authority of financial institution subsystem and/or an industry standard, such as GlobalPlatform).” Spec. ¶ 23. The Specification does not describe and the claims do not recite an unconventional form of cryptographic data, but, to the contrary, is drawn to those forms that are Appeal 2019-005451 Application 14/092,205 12 conventional and well known in the art. See id. Accordingly, we agree with the Examiner that there is ample evidence in the Specification for finding that the additional elements are well-understood, routine, and conventional. Finally, Appellant argues that “the limitations of … independent claim 49 do not [preempt] the entire field of determining a risk level,” and therefore the claims are patent eligible. App. Br. 28. We disagree. That the claims do not preempt all methods of determining risk level for a credential does not make them any less abstract. See OIP Techs., Inc. v. Amazon.com, Inc., 788 F.3d 1359, 1363 (Fed. Cir. 2015). We therefore conclude that the claims are directed to nonstatutory subject matter, and we affirm the Examiner’s rejection of the claims. B. Rejection under 35 U.S.C. § 112(a) Issue Appellant argues that the Examiner erred in finding that the claimed limitation of “risk data is not available to the financial institution subsystem” lacks written description support. App. Br. 12. Analysis The Examiner finds that the Specification does not describe the claimed limitation that “at least a portion of the [risk] data is not available to the financial institution [subsystem].” Final Act. 3. The Examiner finds that the limitation is a negative limitation or exclusionary proviso that does not have basis in the original disclosure. Id. Appeal 2019-005451 Application 14/092,205 13 Appellant contends the Specification “clearly discusses that certain data is not available to a financial institution subsystem.” App. Br. 13. Particularly, Appellant refers to paragraph [0034] that states: [C]ommercial entity fraud system component 450 of [secure mobile platform subsystem] SMP 400 may be configured to run a commercial entity fraud check on a commerce credential based on data known to the commercial entity about the commerce credential and/or the user (e.g., based on data associated with a user account with the commercial entity and/or any other suitable data that may be under the control of the commercial entity and/or any other suitable data that may not be under the control of financial institution subsystem 350). Id. Appellant further cites paragraph [0044] for describing various types of “suitable data that may be under the control of the commercial entity and/or that may not be under the control of financial institution subsystem.” Id. at 13–14. We are not persuaded by Appellant’s argument. We do not agree with the Examiner’s interpretation of the limitation as a negative limitation. Rather, the claim limitation positively defines a different set of data. However, we do agree with the Examiner that the Specification does not describe the claimed limitation. “[W]hile the description requirement does not demand any particular form of disclosure, or that the specification recite the claimed invention in haec verba, a description that merely renders the invention obvious does not satisfy the requirement.” Ariad Pharms., Inc. v. Eli Lilly & Co., 598 F.3d 1336, 1352 (Fed. Cir. 2010) (en banc) (citation omitted). The claimed limitation refers to data that is “not available” to the financial institution subsystem. In contrast, the Specification describes data that is “not under the control” of the commercial entity. As applied to data, Appeal 2019-005451 Application 14/092,205 14 we find that the terms “availability” and “control” refer to different and partially non-overlapping concepts. Availability refers to accessibility, i.e., the ability to view, whereas control refers to regulation, i.e., the ability to create, delete, alter, or manage. For example, data may be available to both the commercial entity and financial institution, but under the control of neither. Therefore, describing data as being available to an entity does not necessarily also describe data that is under the control of that entity, even if one would have been obvious in view of the other. We therefore conclude that the claims do not have written support in the Specification and we affirm the Examiner’s rejection for lack of written description. CONCLUSION The rejection of claims 11, 13–16, 19, 29–31, 33–41, 43–47, and 49– 59 as unpatentable under 35 U.S.C. § 101, is affirmed. The rejection of claims 11, 13–16, 19, 29–31, 33–41, 43–47, and 49– 59 as unpatentable under 35 U.S.C. § 112(a) is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1). AFFIRMED Claims Rejected 35 U.S.C. § Basis Affirmed Reversed 11, 13–16, 19, 29–31, 33–41, 43–47, 49–59 101 Nonstatutory subject matter 11, 13–16, 19, 29–31, Appeal 2019-005451 Application 14/092,205 15 Claims Rejected 35 U.S.C. § Basis Affirmed Reversed 33–41, 43– 47, 49–59 11, 13–16, 19, 29–31, 33–41, 43–47, 49–59 112(a) Written Description 11, 13–16, 19, 29–31, 33–41, 43– 47, 49–59 Overall Outcome 11, 13–16, 19, 29–31, 33–41, 43– 47, 49–59