Traitware, Inc.Download PDFPatent Trials and Appeals BoardFeb 8, 20222021002919 (P.T.A.B. Feb. 8, 2022) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/432,542 03/31/2015 Herbert W. Spencer III 344407.00201 1092 29880 7590 02/08/2022 Fox Rothschild LLP 997 Lenox Drive Lawrenceville, NJ 08648 EXAMINER QAYYUM, ZESHAN ART UNIT PAPER NUMBER 3685 NOTIFICATION DATE DELIVERY MODE 02/08/2022 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipdocket@foxrothschild.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte HERBERT W. SPENCER III, CHRISTOPHER M. CANFIELD, HARLAN HUTSON, VINCE CONROY, and STEVEN HICKERSON __________________ Appeal 2021-002919 Application 14/432,542 Technology Center 3600 ____________________ Before MURRIEL E. CRAWFORD, JOSEPH A. FISCHETTI, and JAMES P. CALVE, Administrative Patent Judges. CALVE, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the decision of the Examiner to reject claims 48-50, 52-54, and 56-60, which are all of the pending claims.2 We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. 1 “Appellant” refers to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies Traitware, Inc. as the real party in interest. See Appeal Br. 3. 2 Claims 1-47, 51, and 55 are cancelled. See Appeal Br. 31, 33 (Claims App.); see also Final Act. 2. Appeal 2021-002919 Application 14/432,542 2 CLAIMED SUBJECT MATTER Claim 48, the sole independent claim, recites a method as follows: 48. A method for a user to perform a transaction through a program comprising the steps of: registering a second electronic device with an authentication server, wherein registering includes: obtaining a hardware profile of the second electronic device, obtaining a user information, and storing the hardware profile and the user information at the authentication server; connecting a first electronic device with a transaction receiver, initiating a transaction with the transaction receiver from the first electronic device, wherein the transaction receiver generates transaction data during the transaction; transmitting transaction data from the transaction receiver to the first electronic device; using a biometric input into the second electronic device to allow access to the program used in performing the transaction; passing the transaction data from the first electronic device to the second electronic device; obtaining by the second electronic device an updated hardware profile of the second electronic device and an updated user information after the biometric input is received at the second electronic device; sending transaction data and the updated user information and updated hardware profile to the authentication server with the program on the second electronic device; determining by the authentication server whether the updated user information is within a first tolerance relative to the user information and whether the updated hardware profile is within a second tolerance relative to the hardware profile to authenticate a user, wherein the second tolerance corresponds to a difference of the hardware profile and updated hardware profile by at least 0.02% and corresponds to a match of the hardware profile and updated hardware profile by at least 60% and Appeal 2021-002919 Application 14/432,542 3 the first tolerance corresponds to a match of the user information and the updated user information by at least 30%; accepting information from the authentication server at the transaction receiver of whether the user is authenticated, the transaction receiver configured to permit the transaction to complete when the authentication server provides an authentication confirmation, wherein the hardware profile and the updated hardware profile comprise user generated data stored on the second electronic device. Appeal Br. 31-32 (Claims App.). REJECTIONS Claims 48-50, 52-54, and 56-60 are rejected under 35 U.S.C. § 101 as directed to a judicial exception without significantly more. Claims 48-50, 52-54, and 56-60 are rejected under 35 U.S.C. § 112(a), for failing to comply with the written description requirement. Claims 48-50, 53, 54, and 60 are rejected under 35 U.S.C. § 103 as unpatentable over Laracey3 and Zhang.4 Claim 52 is rejected under 35 U.S.C. § 103 as unpatentable over Laracey, Zhang, and Chang.5 Claims 56-59 are rejected under 35 U.S.C. § 103 as unpatentable over Laracey, Zhang, and Ashfield.6 3 US 2012/0160912 A1, published June 28, 2012. 4 US 2012/0151574 A1, published June 14, 2012. 5 US 2012/0173311 A1, published July 5, 2012. 6 US 2010/0024017 A1, published January 28, 2010. Appeal 2021-002919 Application 14/432,542 4 ANALYSIS Eligibility of Claims 48-50, 52-54, and 56-60 Appellant largely argues the claims as a group. Appeal Br. 13-19. We select claim 48 as representative and separately address Appellant’s arguments for dependent claim 59. See 37 C.F.R. § 41.37(c)(1)(iv) (2019). The Examiner determines that claim 48 recites steps for performing a transaction by using a credential for fraud prevention by registering a second electronic device with an authentication server, connecting a first electronic device with a transaction receiver, initiating a transaction, transmitting transaction data from the transaction receiver to the first electronic device, passing the transaction from the first electronic device to a second device that is accessed with biometric input to obtain an updated hardware, sending transaction data, determining by the authentication server, and accepting information from the authentication server. Final Act. 6. The Examiner determines that the claims recite certain methods of organizing human activity and fundamental economic principles or practices. Id.; Ans. 4. The Examiner determines that additional elements of a first electronic device, a second electronic device, and an authentication server are used as tools to perform the abstract idea without improving the functioning of a computer or other technology, applying the abstract idea with a particular machine, effecting a transformation or reduction of an article to a different state or thing, or applying the abstract idea in a meaningful way beyond linking the use of the abstract idea to a particular technological environment and therefore do not integrate the abstract idea into a practical application. Final Act. 7-8; Ans. 4-5. The Examiner determines the additional elements are not significantly more than the abstract idea. Final Act. 7-8; Ans. 5-6. Appeal 2021-002919 Application 14/432,542 5 Principles of Law Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 35 U.S.C. § 101. Laws of nature, natural phenomena, and abstract ideas are not patentable. See Alice Corp. v. CLS Bank Int’l, 573 U.S. 208, 216 (2014). To distinguish patents that claim laws of nature, natural phenomena, and abstract ideas from those that claim patent-eligible applications, we first determine whether the claims are directed to a patent-ineligible concept. Id. at 217. If they are, we consider the claim elements, individually and as an ordered combination, to determine if any additional elements provide an inventive concept sufficient to ensure that the claims in practice amount to significantly more than a patent on the ineligible concept. Id. at 217-18. The USPTO has issued guidance about this framework. 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50 (Jan. 7, 2019) (“Revised Guidance”). To determine if a claim is “directed to” an abstract idea, we evaluate whether the claim recites: (1) any judicial exceptions, including certain groupings of abstract ideas listed in the Revised Guidance (i.e., mathematical concepts, certain methods of organizing human activities such as a fundamental economic practice, or mental processes); and (2) additional elements that integrate the judicial exception into a practical application.7 Id. at 52-55. 7 “A claim that integrates a judicial exception into a practical application will apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the judicial exception.” Revised Guidance, 84 Fed. Reg. at 54. Appeal 2021-002919 Application 14/432,542 6 If a claim (1) recites a judicial exception and (2) does not integrate that exception into a practical application, we consider whether the claim (3) provides an inventive concept such as by adding a limitation beyond a judicial exception that is not “well-understood, routine, conventional” in the field or (4) appends well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception. Revised Guidance, 84 Fed. Reg. at 56. Step 1 We agree with the Examiner that claim 48 recites a method, which is a statutory category of a process. See 35 U.S.C. § 101; Final Act. 5. Alice Step One Revised Guidance Step 2A, Prong One: Do the Claims Recite a Judicial Exception? We agree with the Examiner that the focus of claim 48 is on a method of authenticating a transaction to prevent fraudulent transactions and such a method falls in the enumerated category of abstract ideas of certain methods of organizing human activity--fundamental economic principles or practices and commercial interactions that manage interactions between people. Final Act. 6; Revised Guidance, 84 Fed. Reg. at 52. The Specification describes the focus as preventing fraud in credit card and other financial transactions by authenticating parties to the transactions. See Spec. ¶¶ 2-17, 34-39, 127. The application’s title, AUTHENTICATION SYSTEM, reflects this focus. A party can register their personal user information and the hardware profile of their electronic device at an authentication server and later send updated data sets of that information to authenticate their identity when they want to perform a transaction. See id. ¶¶ 5-17, 71-77, 165-171. Appeal 2021-002919 Application 14/432,542 7 A hardware profile is information generated by a user for a hardware device. Spec. ¶ 65. It may include information relating to a user’s contacts, installed applications, music added by a user, a mobile network code, pixel colors from a background screen, arrangement of applications, location of the user, carrier name, phone number, photos, device type, MAC address, and combinations of one or more of these elements. Id. ¶¶ 65, 74, 98-124. User information includes a user’s name, social security number, passport number, IP address, vehicle registration, license plate, driver’s license number, credit card or bank account information, date of birth, birthplace, residences, age, gender, marital status, schools attended, and combinations of one or more thereof. Id. ¶¶ 9, 71, 72. Biometric data can be retina, fingerprint, handwriting, appearance, and voice data. Id. ¶¶ 11, 73. A “transaction” is “a communicative action or activity involving two parties or things that reciprocally affect or influence each other.” Id. ¶ 64. It includes ATM withdrawals, financial transactions, credit card transactions, mobile banking transactions, accessing a file, logging into a website, and opening a door to a business or house. Id. ¶¶ 34-39, 127, 172, 179-212. Consistent with this description, claim 48 recites “registering a second electronic device with an authentication server” by obtaining and storing a hardware profile and user information, “connecting a first electronic device with a transaction receiver,” “initiating a transaction . . . wherein the transaction receiver generates transaction data,” “transmitting transaction data from the transaction receiver to the first electronic device,” and “using a biometric input into the second electronic device,” to obtain an “updated hardware profile” and “updated user information” to send with transaction data to the authentication server to authenticate the user’s identity. Appeal 2021-002919 Application 14/432,542 8 Appellant argues that authenticating the identity of a user is not a fundamental economic practice. Appeal Br. 2; Reply Br. 2. Yet, a user is authenticated to facilitate financial transactions. Spec. ¶¶ 2-5, 34-39, 127. Similar claims to verifying financial documents to reduce transactional fraud recited a fundamental business practice. See Bozeman Fin. LLC v. Fed. Reserve Bank of Atl., 955 F.3d 971, 978 (Fed. Cir. 2020). In Bozeman, the method detected fraud in a financial transaction during a payment clearing process by comparing a first record of the financial transaction to a second record of the financial transaction where each record comprised at least two of the same parameters. If at least two parameters of the second record matched the same parameters of the first record of the financial transaction, a payee bank was authorized to process the transaction. If the parameters did not match, the transaction was not authorized. Id. at 976-77. Here, the authentication server compares updated user information and an updated hardware profile received from a user’s device to stored user information and a stored hardware profile in order to authenticate the user’s identity if the difference in these values are within tolerances and advise a transaction server of the confirmation. See Spec. ¶¶ 2-17, 73-77, 125-29, 165-68. Enabling a party to register authentication information and storing and providing that information to authenticate a transaction (delivery of an item) is a fundamental business practice. See Elec. Commc’n Techs., LLC v. ShoppersChoice.com, LLC, 958 F.3d 1178, 1181-82 (Fed. Cir. 2020) (“Businesses have long been supplying customers with order numbers and recording customer information-such as the client’s name, address, credit card number, and telephone number-as well as including such information in subsequent communications with that particular customer.”). Appeal 2021-002919 Application 14/432,542 9 Recited at this level of generality without technical details, merely authenticating transactions, to include a multi-factor authentication, is an abstract idea that organizes commercial and legal interactions and business relations of people and manages their interactions to mitigate the risk that a transaction is fraudulent. See Spec. ¶¶ 2-17; see also Alice, 573 U.S. at 219 (using a third party to mitigate settlement risk is a fundamental economic practice of intermediate settlement long prevalent in our commerce system); Universal Secure Registry LLC v. Apple Inc., 10 F.4th 1342, 1352 (Fed. Cir. 2021) (claims to collecting and examining data to authenticate a user’s identity based on two factors (biometric information and secret information known to a user) and providing encrypted authenticated information to send to a secure registry through a point-of-sale device is an abstract idea); Boom! Payments, Inc. v. Stripe, Inc., 839 F. App’x 528, 532-33 (Fed. Cir. 2021) (the use of a buyer identification code known only to the buyer and a third party to verify a transaction overlays a second layer of abstraction (identity authentication) to the escrow procedure); EasyWeb Innovations, LLC v. Twitter, Inc., 689 F. App’x 969, 971 (Fed. Cir. 2017) (claim 1 merely recites familiar concepts of receiving, authenticating, and publishing data” and such data collection, analysis, and publication claims recite an abstract idea). Doing so by steps of collecting data (obtaining a hardware profile and user information), storing that data, transmitting transaction data, obtaining an updated hardware profile and an updated user information, sending data to an authentication server, determining whether updated user information and user profile data is within prescribed tolerances, and using that analysis to authenticate a user recite mental processes in the abstract idea category because they are recited without technical implementation details. Appeal 2021-002919 Application 14/432,542 10 “[S]electing information, by content or source, for collection, analysis, and display does nothing significant to differentiate a process from ordinary mental processes, whose implicit exclusion from § 101 undergirds the information-based category of abstract ideas.” Elec. Power Grp., LLC v. Alstom S.A., 830 F.3d 1350, 1355 (Fed. Cir. 2016). The Specification indicates that the authentication server compares the received user information and hardware profile to a stored user information and hardware profile, determines a difference between these data items, and permits the transaction if the differences are within tolerances such that the information is deemed authentic. Spec. ¶¶ 17, 26, 77, 125-29, 135-39. As claimed, the calculations and comparisons recite an abstract idea. See Elec. Power, 830 F.3d at 1353-54 (“[W]e have treated collecting information, including when limited to particular content . . . as within the realm of abstract ideas. . . . In a similar vein, we have treated analyzing information by steps people go through in their minds, or by mathematical algorithms, without more, as essentially mental processes within the abstract-idea category.”); CyberSource Corp. v. Retail Decisions, Inc., 654 F.3d 1366, 1372-73 (Fed. Cir. 2011) (claims to obtaining information about Internet credit card transactions by reading records of transactions from a database, writing down a list or map of credit card transactions made from a particular IP address, and using the map to determine if a transaction is valid or fraudulent by observing if the transactions use different credit cards with different user names and addresses at the same IP address can be performed as mental processes, including the logical reasoning steps). Here, claim 48 collects and compares user and device profile information to determine if they are similar (within tolerances) with no technical implementation details. Appeal 2021-002919 Application 14/432,542 11 Appellant argues that using credentials to prevent fraud is similar to Example 2 of USPTO’s Subject Matter Eligibility Examples for Abstract Ideas. Appeal Br. 14. Appellant argues that Example 2 follows DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245 (Fed. Cir. 2014), which held claims to an ecommerce transaction were not a fundamental economic or commercial practice but claimed a solution to the problem of retaining website visitors. Id. at 14-15. Appellant asserts that the present claims also address a unique problem of authenticating a user’s identity in a remote transaction completed through a computer interface. Id. at 15. We are not persuaded. The claims in DDR focused on creation of a hybrid web page that merged content of products of a third-party merchant with the stored “visually perceptible elements” (look and feel) of a host’s website. DDR, 773 F.3d at 1257. Here, claim 48 does not create a hybrid webpage or a similar interface as in DDR. Nor does claim 48 recite a transaction over an Internet network. The claimed transaction includes credit card, ATM, point of sale, and online banking transactions. See Spec. ¶¶ 36-38, 127, 172. “[V]erifying the identity of a user to facilitate a transaction is a fundamental economic practice that has been performed at the point of sale well before the use of POS computers and Internet transactions.” Universal Secure, 10 F.4th at 1353; see Boom!, 839 F. App’x at 532-33 (verifying consummation of a transaction with a unique buyer identifier known only to the buyer and third party is not a technological solution that improves the functioning of a computer system but rather it authenticates the transaction as an abstraction). Accordingly, we determine that claim 48 recites the abstract idea identified above. Appeal 2021-002919 Application 14/432,542 12 Alice Step One Revised Guidance Step 2A, Prong Two: Is There an Integration into a Practical Application? We next consider whether claim 48 recites additional elements that integrate the abstract idea into a practical application. Revised Guidance, 84 Fed. Reg. at 54. We agree with the Examiner’s determination that a first electronic device, a second electronic device, and an authentication server are recited as generic computer components that are used as tools to perform the abstract idea. Final Act. 6-7; Ans. 4-5. These elements do not improve computers or other technology. Nor do they use the abstract idea with a particular machine or manufacture that is integral to the claims or transform or reduce a particular article to a different state or thing or apply the abstract idea in a meaningful way beyond generally linking it to a particular technological environment. See Revised Guidance, 84 Fed. Reg. at 55. The Specification describes these elements generically without any indication that Appellant invented or improved their capabilities. Hardware device 100 is preferably any device configured with a touchscreen and the ability to perform secure wireless communications over various networks and the Internet and capture biometric input. Spec. ¶ 66. Hardware device 100 comprises a processor, memory, an input interface, and a transmitter, with the processor programmed to process user information via the input interface, and transmit and receive the various types of information recited in the claim. Id. ¶ 67. Authentication server 102 comprises a processor, memory, input interface, and a connection for receiving and storing user information and a hardware profile in memory with the processor being programmed to perform the functions. Id. ¶ 68. Exemplary existing servers and server capabilities are identified for authentication server 102. Id. ¶ 69. Appeal 2021-002919 Application 14/432,542 13 Appellant argues that the claims provide a technological solution to a technological problem by authenticating a user in a computer environment where the user is remote to the transacting party and biometric input permits access to a program that sends an updated hardware profile and updated user information to an authentication server, which compares the data to stored values and determines whether a transaction should proceed on a different computing device (the first electronic device). Appeal Br. 16-17. We are not persuaded because claim 48 recites these features without any indication that they improve computers or computer capabilities or other technologies. As such, these elements are part of the abstract idea identified under Prong One above not additional elements that can integrate the abstract idea into a practical application. See Revised Guidance, 84 Fed. Reg. at 55 n.24 (“additional elements” are claim features, limitations, and/or steps that are recited in a claim beyond the identified judicial exception); see also Alice, 573 U.S. at 221 (a claim that recites an abstract idea must include additional features to ensure it does not monopolize the abstract idea). Nor do these features improve computers or technology even if we consider them as additional elements. We recognize that “[s]oftware can make non-abstract improvements to computer technology just as hardware improvements can, and . . . the improvements can be accomplished through either route.” Enfish, LLC v. Microsoft Corp., 822 F.3d 1327, 1335 (Fed. Cir. 2016). However, “to be directed to a patent-eligible improvement to computer functionality, the claims must be directed to an improvement to the functionality of the computer or network platform itself.” Customedia Techs., LLC v. Dish Network Corp., 951 F.3d 1359, 1365 (Fed. Cir. 2020) (citing Enfish, 822 F.3d at 1336-39). Appeal 2021-002919 Application 14/432,542 14 Here, claim 48 recites these features without technical implementation details to indicate that they improve computers or other technology. The step of “using a biometric input into the second electronic device to allow access to the program used in performing the transaction” is recited without any indication that it improves the capture or processing of biometric data to access a program on the second electronic device. The hardware device 100 is described as capable of capturing biometric input such as fingerprint, facial recognition, and voice verification. Spec. ¶ 66. The program sends an updated hardware profile and updated user information to an authentication server with no technical details that improve computers, networks, or other technology. See Spec. ¶ 76. The authentication server determines whether the updated hardware profile and user information are within tolerances of stored values of those data sets without any technical details. As claimed, the comparison recites mental processes. See CyberSource, 654 F.3d at 1373 (a person can compare a list of credit card numbers to Internet credit card transactions to identify transactions that use different cards at the same IP address as potentially fraudulent through logical reasoning steps). Even if the Specification described technical improvements, no details are claimed. See Ericsson Inc. v. TCL Commc’n Tech. Holdings Ltd., 955 F.3d 1317, 1325 (Fed. Cir. 2020) (“[T]he specification may be ‘helpful in illuminating what a claim is directed to . . . [but] the specification must always yield to the claim language’ when identifying the ‘true focus of a claim.’”); Accenture Glob. Servs., GmbH v. Guidewire Software, Inc., 728 F.3d 1336, 1345 (Fed. Cir. 2013) (“[T]he complexity of the implementing software or the level of detail in the specification does not transform a claim reciting only an abstract concept into a patent-eligible system or method.”). Appeal 2021-002919 Application 14/432,542 15 “Merely claiming ‘those functions in general terms, without limiting them to technical means for performing the functions that are arguably an advance,’ does not make a claim eligible at step one.” Ericsson, 955 F.3d at 1328; SAP Am., Inc. v. InvestPic, LLC, 898 F.3d 1161, 1167-68 (Fed. Cir. 2018) (to avoid ineligibility, a claim must have the specificity to transform it from one claiming only a result to one claiming a way of achieving the result); Interval Licensing LLC v. AOL, Inc., 896 F.3d 1335, 1346 (Fed. Cir. 2016) (because content data update instructions that enable updating of displayed information are recited only at the broadest, functional level, without any explanation of how that is accomplished, let alone providing a technical means for performing that function, they are not directed to a technological improvement for performing those functions and consist only of generic and conventional information acquisition and organization steps that do not convert the abstract idea into a particular conception of how to carry out that concept); Elec. Power, 830 F.3d at 1356 (noting that the essentially result-focused, functional character of the claim language at issue is a frequent feature of claims that are held to be ineligible under § 101). Without more, claims to multi-factor authentication using two devices and biometrics are not eligible when claimed without technical improvements to computers or other technology. See Universal Secure, 10 F.4th at 1354-55, 1356-57. Dependent claim 59 recites steps of determining whether an updated hardware profile is within the second tolerance relative to the stored profile by creating statistical distributions and statistical probabilities to determine a set tolerance and whether a user’s assigned device is statistically different form another user. Appeal Br. 34 (Claims App.). Appeal 2021-002919 Application 14/432,542 16 As claimed, these steps merely recite generic mathematical concepts and calculations. The Specification’s description of these steps is even more generic, thus confirming the abstract nature of these steps and calculations. See Spec. ¶ 133. As claimed, they can be performed by any and all means to include as mental processes. See Elec. Power, 830 F.3d at 1354 (“We have treated analyzing information by steps people go through in their minds, or by mathematical algorithms, without more, as essentially mental processes within the abstract-idea category.”); see also SAP, 898 F.3d at 1168 (“Here, in contrast, the focus of the claims is not a physical-realm improvement but an improvement in wholly abstract ideas--the selection and mathematical analysis of information, followed by reporting or display of the results.”). Thus, we determine that claim 48 (and claim 59) lack any additional elements that integrate the abstract idea into a practical application. Alice, Step Two and Revised Guidance Step 2B: Do the Claims Include an Inventive Concept? We next consider whether claim 48 recites any additional elements, individually or as an ordered combination, to provide an inventive concept. Alice, 573 U.S. at 217-18. This step is satisfied when limitations involve more than well-understood, routine, and conventional activities known in the industry. See Berkheimer v. HP Inc., 881 F.3d 1360, 1367 (Fed. Cir. 2018). Individually, the additional elements are conventional devices that perform conventional functions. The first electronic device connects with a generic transaction receiver to initiate a transaction and receive transaction data. buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355 (Fed. Cir. 2014) (“That a computer receives and sends the information over a network-with no further specification-is not even arguably inventive.”). Appeal 2021-002919 Application 14/432,542 17 The second electronic device obtains and stores a hardware profile and user information with no technical implementation details and receives biometric input in an unspecified way. See Alice, 573 U.S. at 226 (“Nearly every computer will include a ‘communications controller’ and ‘data storage unit’ capable of performing the basic calculation, storage, and transmission functions required by the method claims.”). The authentication server determines whether the updated user information is within a first tolerance and whether the updated hardware profile is within a second tolerance in some unspecified manner. No details are claimed for this process. The Specification’s description of these steps indicates that they are conventional enough that further description of their operation is not necessary for an understanding of their operation. See Spec. ¶¶ 17, 26, 125, 126; see also Universal Secure, 10 F.4th at 1355 (“There is nothing in the specification suggesting, or any other factual basis for a plausible inference . . . , that the claimed combination of these conventional authentication techniques achieves more than the expected sum of the security provided by each technique.”). As an ordered combination, the limitations recite no more than when they are considered individually. “If a claim’s only ‘inventive concept’ is the application of an abstract idea using conventional and well-understood techniques, the claim has not been transformed into a patent-eligible application of an abstract idea.” BSG Tech LLC v. Buyseasons, Inc., 899 F.3d 1281, 1290-91 (Fed. Cir. 2018). “It has been clear since Alice that a claimed invention’s use of the ineligible concept to which it is directed cannot supply the inventive concept that renders the invention ‘significantly more’ than that ineligible concept.” BSG, 899 F.3d at 1290. Appeal 2021-002919 Application 14/432,542 18 Even if the techniques are groundbreaking, innovative, or brilliant, that is not enough for eligibility. SAP, 898 F.3d at 1163 (“No matter how much of an advance in the finance field the claims recite, the advance lies entirely in the realm of abstract ideas, with no plausibly alleged innovation in the non-abstract application realm. An advance of that nature is ineligible for patenting.”). See Apple, Inc. v. Ameranth, Inc., 842 F.3d 1229, 1240 (Fed. Cir. 2016) (“An abstract idea can generally be described at different levels of abstraction.”); Synopsys, Inc. v. Mentor Graphics Corp., 839 F.3d 1138, 1151 (Fed. Cir. 2016) (“[A] claim for a new abstract idea is still an abstract idea.”). Here, the ordered combination of steps is conventional. Generic, undefined hardware profile and user information data sets are registered with an authentication server and later sent along with particular transaction data to the authentication server to authenticate the identity of the party to the transaction and user of the registered second electronic device whereupon the authentication compares stored and updated values of these data sets to determine whether they are within tolerances. See Bozeman, 955 F.3d at 980-81 (using well-known computer components to collect and analyze data, present data, and send notifications recites a logical sequence with no inventive concept); Inventor Holdings, LLC v. Bed Bath & Beyond, Inc., 876 F.3d 1372, 1378 (Fed. Cir. 2017) (sequence of data retrieval, analysis, modification, generation, display, and transmission is not inventive and amounts to instructions to apply the abstract idea using generic computer technology). Accordingly, we sustain the rejection of claims 48-50, 52-54, and 56-60 as directed to an abstract idea without significantly more. Appeal 2021-002919 Application 14/432,542 19 Claims 48-50, 52-54, and 56-60 Rejected for Lack of Written Description The Examiner determines that the Specification does not describe the step of “obtaining by the second electronic device an updated hardware profile of the second electronic device and an updated user information after the biometric input is received at the second electronic device” as recited in independent claim 48. Final Act. 9-10. The Examiner determines that the Specification describes receiving this information in paragraph 125, but does not describe obtaining by the second electronic device an updated hardware profile of the second electronic device and an updated user information after biometric input is received at the second electronic device. Id.; Ans. 7-8. Appellant asserts that paragraph 74 of the Specification states, “[t]he hardware device stores the user information and obtains a hardware profile 208 of the hardware device 210, the hardware profile 208 comprising user generated data stored on the device 100.” Appeal Br. 20. Appellant asserts that the Specification describes receiving the user information and hardware profile, comparing the received user information and received hardware profile against a stored electronic profile, and allowing the transaction if the received hardware profile and stored hardware profile match by at least 60%. Id. (citing Spec. ¶ 17). The Specification describes a stored electronic identification as a first hardware profile, and user information and hardware profiles are user generated data stored on a device. Id. (citing Spec. ¶ 125). A skilled artisan would understand that the electronic device obtains a hardware profile stored on it and sends the profile for authentication. Spec. ¶¶ 5, 17, 74, 125. The “updated” hardware profile is the hardware profile obtained by the electronic device at the time of the authentication process. Appeal 2021-002919 Application 14/432,542 20 According to the Specification, for authentication to occur, received user information and a received hardware profile are compared against a stored electronic profile comprising stored user information and a stored hardware profile. Spec. ¶ 17. The received hardware profile is obtained by the electronic device and sent to the authentication server for verification by comparing this “updated” (current) hardware profile against a hardware profile that was received earlier and stored by the authentication server for later use in an authentication procedure. Upon initiation of a transaction, the user’s electronic device obtains a current hardware profile and sends this “updated” hardware profile to an authentication server for comparison to a stored hardware profile that was sent previously to the authentication server and stored at the server. Id. ¶¶ 5, 17, 26, 68, 74-76, 128-130. Thus, we do not sustain the rejection of claims 48-50, 52-54, and 56- 60 for lack of written description on this basis. The Examiner also determines that the Specification does not describe the steps of “registering a second electronic device with an authentication server . . . ;” “connecting . . . ;” “initiating a transaction . . . ;” “transmitting . . . ;” “using a biometric input . . . ;” “passing . . . ;” and “sending . . . ;” because the claim is silent as to who performs these steps and the Specification does not support the full breadth of the claim of all possible entities performing these steps. Final Act. 10; Ans. 9. Appellant responds that the claims recite components for receiving and handling the data to achieve a claimed function, and the Specification describes various examples for receiving and handling data to achieve the claimed functions of connecting, initiating, transmitting, passing, sending. Appeal Br. 22-23; Reply Br. 7-8. Appeal 2021-002919 Application 14/432,542 21 Claim 48 recites a method for a user to perform a transaction through a program comprising steps of: registering a second electronic device with an authentication server, connecting, initiating a transaction, transmitting, using a biometric input, passing, and sending. The Specification describes such a method in paragraph 142 as Appellant explains. Appeal Br. 22-23; Reply Br. 7-8. Specifically, the user performs a transaction using a first electronic communication device to connect with a transaction receiver, receive from the transaction receiver electronic data for a second electronic device that has an associated user and hardware profile that can be sent by the second electronic device with the received electronic data. Spec. ¶ 142. The second device can capture biometric data of the user. Id. ¶¶ 66, 72, 73. A user provides user information to a hardware device, which sends the information along with its hardware profile to an authentication server. Id. ¶¶ 71-76. The disclosures related to Figures 4A-4F and 6 also describe this subject matter as Appellant asserts. Appeal Br. 23. Thus, we do not sustain the rejection of claims 48-50, 52-54, and 56- 60 for lack of written description on this basis. Claims 48-50, 53, 54, and 60 Rejected Over Laracey and Zhang The Examiner finds that Laracey teaches the method of claim 48 as claimed with a second electronic device that obtains transaction data from a first electronic device and sends that data with an updated hardware profile and updated user information to an authentication server that determines if the user is an authorized user based on the received information and sends authentication information to the transaction, which permits a transaction to complete when authentication confirmation is provided. Final Act. 11-12. Appeal 2021-002919 Application 14/432,542 22 The Examiner finds that Laracey’s authentication server does not determine whether the received first information is within a first tolerance related to stored first information or whether received second information is within a second tolerance relative to stored second information but Zhang teaches these features. Id. at 12-13. The Examiner determines that it would have been obvious to modify Laracey with these teachings of Zhang to prevent fraud as Zhang teaches. Id. at 13 (citing Zhang ¶ 2). The Examiner interprets the following limitations as nonfunctional descriptive material because they only describe the data that is contained in the hardware profile, updated hardware profile, first tolerance, and second tolerance and this data is not used to perform any of the recited steps. Id. These limitations are: (1) “wherein the second tolerance corresponds to a difference of the hardware profile and updated hardware profile by at least 0.02%” (2) “and corresponds to a match of the hardware profile and updated hardware profile by at least 60% and” (3) “the first tolerance corresponds to a match of the user information and the updated user information by at least 30%,” (4) “wherein the hardware profile and the updated hardware profile comprise user generated data stored on the second electronic device.” Id. Appellant asserts that the claims rely on and use these limitations in a structurally distinguishable manner by reciting that the authentication server performs a comparison of whether the updated hardware profile is within a second tolerance relative to the hardware profile to authenticate a user, and the hardware profile that is compared comprises user generated data stored on the second electronic device. Appeal Br. 25. Appellant argues that the transaction server receives information from the authentication server about whether the user is authenticated based on the hardware profile. Id. Appeal 2021-002919 Application 14/432,542 23 Nonetheless, even if we give patentable weight to these limitations as Appellant urges us to do, the Examiner’s rejection addresses the limitations. See Final Act. 11-13; Ans. 10-11. Specifically, Laracey teaches to obtain a hardware profile that comprises a stored set of attributes collected from the mobile device 102 during registration to uniquely identify the device and user information that comprises a user identifier, password, and credentials to authenticate a customer in two ways with transaction information. See Laracey ¶¶ 24-26; Final Act. 11-12. Laracey essentially teaches, or at least very strongly suggests, that the hardware profile and user information must match stored values for this data in order for a user to be authenticated, i.e., they must correspond to stored values by 100%. Therefore, Laracey teaches tolerances of at or near 100% that fall within the claimed ranges of at least 60% for the hardware profile and at least 30% for the user information and render those ranges obvious. It is well-settled that prior art ranges that overlap claimed ranges also render those claimed ranges obvious absent evidence that the claimed ranges produce unexpected results that differ qualitatively from the properties of the prior art ranges. See In re Peterson, 315 F.3d 1325, 1329-1332 (Fed. Cir. 2003). Such overlap also provides motivation to optimize the ranges. See In re Applied Materials, Inc., 692 F.3d 1289, 1295 (Fed. Cir. 2012). Zhang teaches the use of different tolerances for authentication. An authentication server determines whether proof-of-purchase data sent from a user’s computer matches proof-of-purchase data sent by a manufacturer of the product to within a first tolerance and whether a customer’s system identifier matches a system identifier reported by the OEM to within a second tolerance to authenticate the user. Zhang ¶¶ 68-72. Appeal 2021-002919 Application 14/432,542 24 Zhang also teaches that these two tolerances account for different variations that may arise for numerous reasons in the proof-of-purchase information matched to a first tolerance and due to possible modification in a computer system’s hardware configuration between the time of original reporting and the activation transaction request. Id. Both tolerances may be pre-specified or dynamically determined. Id. ¶¶ 68, 70. These teachings also teach or at least strongly suggest tolerances that fall within the claimed ranges and/or provide motivation to optimize the tolerances to fall within the claimed tolerances.8 The Examiner determines that it would have been obvious to apply Zhang’s teachings to Laracey to prevent fraud. Final Act. 12-13. Appellant has not apprised us of error in the Examiner’s findings and determination of obviousness in this regard. See Appeal Br. 24-26; Reply Br. 9-10. Accordingly, we sustain the rejection of claim 48 and claims 49, 50, 53, and 54, which are not argued separately by Appellant. Claim 60 Dependent claim 60 recites that the hardware profile and the updated hardware profile include “user contacts, song names, photo names, pixel color of a background screen, combinations thereof, and portions thereof.” Appeal Br. 34 (Claims App.). We agree with the Examiner that these features of the hardware profiles are nonfunctional descriptive material because they refer to the particular content of those profiles without any functional relationship to the claimed process or a substrate. Final Act. 15. 8 The Specification assigns no criticality to the claimed ranges. Spec. ¶¶ 17, 26, 125, 126. The Specification indicates that other tolerance ranges may be used. Id. ¶¶ 128, 129, 137, 138. Appeal 2021-002919 Application 14/432,542 25 Appellant argues that claim 60 provides specific requirements for the hardware profile and the updated profile and Appellant disagrees with the Examiner’s determination that the data is nonfunctional descriptive material. Appeal Br. 26. This conclusory argument does not apprise us of Examiner error, particularly where the Examiner already cited Laracey to teach the claimed hardware profile that comprises attributes stored in a mobile device. See Laracey ¶ 25 (cited in Final Act. 11). Accordingly, we sustain the rejection of claim 60. Claim 52 Rejected Over Laracey, Zhang, and Chang Appellant argues that claim 52 is patentable based on its dependency from claim 48 and Chang does not remedy the deficiencies in the rejection of claim 48. See Appeal Br. 29-30. Because we sustain the rejection of claim 48, there are no deficiencies for Chang to cure and we also sustain the rejection of claim 52. Claims 56-59 Rejected Over Laracey, Zhang, and Ashfield Appellant argues that claim 56 is patentable because the rejection of claim 48 is unsupported, and Ashfield does not cure this defect. See Appeal Br. 28. Because we sustain the rejection of claim 48, there are no defects for Ashfield to cure so we sustain the rejection of claim 56. We also sustain the rejection of claims 57 and 58, which are not argued separately by Appellant. Claim 59 recites steps of determining whether an updated hardware profile is within a second tolerance by determining a statistical distribution to create statistical probabilities to determine a set tolerance and whether a particular device belongs to a particular individual. Appeal Br. 34 (Claims App.). Appeal 2021-002919 Application 14/432,542 26 The Examiner finds that Zhang does not teach a specific way to determine a second tolerance such as the method recited in claim 59, but the Examiner takes the position that the claimed steps are an obvious matter of design choice because the way of determining tolerances will not modify the operation of the computer. Final Act. 17-18. We agree with Appellant that these claimed steps of determining a statistical distribution and statistical probability are more than a design choice. Appeal Br. 28-29. The Specification indicates that this method is a different way of causing the authentication server to determine a second tolerance than other methods such as the Levenshtein Distance comparison. See Spec. ¶¶ 133-137. Therefore, it cannot be said that the claimed steps are merely a matter of design choice that have no effect on the operation or the function of the authentication server or authentication process to determine whether a particular device belongs to a particular individual based on whether the device is statistically different from another user’s device. The Examiner’s finding that a particular method of determining a tolerance will not modify the operation of the computer is inconsistent with the evidence in the Specification that different methods of determining a tolerance can yield different determinations regarding authenticating a second electronic device and ultimately a user to a transaction by the authentication server. Accordingly, we do not sustain the rejection of claim 59. Appeal 2021-002919 Application 14/432,542 27 DECISION In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 48-50, 52- 54, 56-60 101 Eligibility 48-50, 52- 54, 56-60 48-50, 52- 54, 56-60 112(a) Written Description 48-50, 52- 54, 56-60 48-50, 53, 54, 60 103 Laracey, Zhang 48-50, 53, 54, 60 52 103 Laracey, Zhang, Chang 52 56-59 103 Laracey, Zhang, Ashfield 56-58 59 Overall Outcome 48-50, 52- 54, 56-60 TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED Copy with citationCopy as parenthetical citation
