12233206 (P.T.A.B. Sep. 26, 2016)

Ex Parte Sheets

Patent Trial and Appeal BoardSep 26, 2016

12233206 (P.T.A.B. Sep. 26, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 12/233,206 09/18/2008 John Sheets 66945 7590 09/28/2016 KILPATRICK TOWNSEND & STOCKTONLLP/VISA Mailstop: IP Docketing - 22 1100 Peachtree Street Suite 2800 Atlanta, GA 30309 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 80083-747356 1716 EXAMINER OHBA, MELLISSA M ART UNIT PAPER NUMBER 2164 NOTIFICATION DATE DELIVERY MODE 09/28/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): ipefiling@kilpatricktownsend.com j lhice@kilpatrick.foundationip.com EDurrell@kilpatricktownsend.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte JOHN SHEETS Appeal2015-006719 Application 12/233,206 Technology Center 2100 Before CARL W. WHITEHEAD JR., ERIC B. CHEN, and AARON W. MOORE, Administrative Patent Judges. CHEN, Administrative Patent Judge. DECISION ON APPEAL Appeal2015-006719 Application 12/233,206 This is an appeal under 35 U.S.C. Â§ 134(a) from the final rejection of claims 1, 4, 5, 9, 20, 24, 28, 32-34, and 37--42. Claims 2, 3, 6-8, 10-19, 21-23, 25-27, 29-31, 35, and 36 have been cancelled. We have jurisdiction under 35 U.S.C. Â§ 6(b). We reverse. STATEMENT OF THE CASE Appellant's invention relates to data exchange in a transaction that is protected by using a hashing function to transform sensitive data into a scrambled form. (Abstract.) Claim 1 is exemplary, with disputed limitations in italics: 1. A method for securing data using a dynamic hash, the method comprising: creating a first hash input including a first set of data fields selected from a first collection of data, the first set of data fields including a first data field obtained from a consumer input device by a point of data entry device, a second data field obtained from the consumer input device by the point of data entry device and a third data field obtained from the point of data entry device, the first data field including an account identifier obtained from the consumer input device, the second data field including sensitive data obtained from the consumer input device, the third data field including data having a value determined independent of the consumer input device; performing a hash operation on the first hash input to create a first hash output; assembling a second collection of data including (i) at least a portion of said first hash output and (ii) a second set of data fields selected from the first collection of data, the second set of data fields partially incorporating the first set of data fields at least in part by including the first data field obtained from the consumer input device and the third data field obtained from the point of data entry device and being distinct with respect to the first set of data fields at least in part by excluding the second data field obtained from the consumer input device; and 2 Appeal2015-006719 Application 12/233,206 securely communicating the sensitive data obtained from the consumer input device to the remote destination at least in part by transmitting the second collection of data over a network to a remote destination; wherein the second collection of data is assembled for each of a plurality of transactions with respect to an account identified by the account identifier and contents of said at least a portion of said first hash output changes for each of the plurality of transactions. Claims 1, 9, 20, 24, 28, 32-34, and 37-39 stand rejected under 35 U.S.C. Â§ 103(a) as unpatentable over Sahota (US 2005/0043997 Al; Feb. 24, 2005) and Ross (US 2009/0006842 Al; Jan. 1, 2009). Claims 4 and 5 stand rejected under 35 U.S.C. Â§ 103(a) as unpatentable over Sahota, Ross, and Crispin (US 2005/0089160 Al; Apr. 28, 2005). Claims 40-42 stand rejected under 35 U.S.C. Â§ 103(a) as unpatentable over Sahota, Ross, and Kocher (US 2007/0033419 Al; Feb. 8, 2007). ANALYSIS Â§ 103 Rejection-Sahota and Ross We are persuaded by Appellant's arguments (Supp. App. Br. 19-20) that Ross does not teach the limitation "assembling a second collection of data ... being distinct with respect to the first set of data fields at least in part by excluding the second data field obtained from the consumer input device," as recited in independent claim 1. The Examiner found that the second sealed electronic data of Ross corresponds to the limitation "assembling a second collection of data ... being distinct with respect to the first set of data fields at least in part by excluding the second data field obtained from the consumer input device." 3 Appeal2015-006719 Application 12/233,206 (Ans. 3--4; see also Final Act. 5.) In particular, the Examiner found that "Ross clearly states in paragraph 29 that the 'second sealed electronic data' includes the 'second seal' and 'the first sealed electronic data' and therefore, the 'second electronic data' includes the first or 'at least a portion' as taught by the claim language." (Ans. 5 (citation omitted).) We do not agree that this disclosure satisfies the disputed limitation. Ross relates to "computer program products, associated with sealing electronic data." (i-f l.) Ross explains that "a user ... generate[s] a seal of a first electronic data, the first electronic data being associated with a second electronic data" (i-f 19) and "[a] second sealed electronic data including the second seal and the first sealed electronic data can be generated" (i-f 29). In one example of Ross, the first electronic data can be an email and the second electronic data can be an email attachment, such as an external file. (i-f 33.) Furthermore, the first electronic data of Ross may include personal information such as "a social security number, a license number, a passport, a birth sealed registration document, a credit card number, a bank account number, an email address, an identity card data, or any combination thereof." (i-f 27.) Ross also explains that "[ t ]he multiple document sealing process 750 can be used, for example, to seal an email including one or more attachment files." (i-f 141.) Even if the Examiner is correct that "the 'second electronic data' includes the first or 'at least a portion' as taught by the claim language" (Ans. 5) by citing the second sealed electronic data of Ross (Ans. 3--4; see also Final Act. 5), the Examiner has provided insufficient evidence that Ross teaches the limitation "assembling a second collection of data ... being distinct with respect to the first set of data fields at least in part by excluding 4 Appeal2015-006719 Application 12/233,206 the second data field obtained from the consumer input device," as claimed. In particular, the Examiner has not demonstrated that Ross omits any data from the second sealed electronic data. We do not agree that Ross' disclosure of including the first unique identifier in the second electronic data teaches or suggests excluding other data. Thus, on this record, the Examiner has not demonstrated that Ross teaches the limitation "assembling a second collection of data ... being distinct with respect to the first set of data fields at least in part by excluding the second data field obtained from the consumer input device," as recited in claim 1. Moreover, the Examiner's application of Sahota does not cure the above noted deficiencies of Ross. Accordingly, we are persuaded by Appellant's arguments that "[t]here is clearly no teaching or suggestion of 'assembling a second collection of data' with a 'first hash output,' 'a first data field' with an account number, 'a third data field' with information independent of a consumer input device, while excluding, a second data field with sensitive data." (Supp. App. Br. 20 (emphasis omitted).) Therefore, we do not sustain the rejection of independent claim 1 under 35 U.S.C. Â§ 103(a). Claims 9, 20, 32-34, and 37-39 depend from independent claim 1. We do not sustain the rejection of claims 9, 20, 32-34, and 37-39 under 35 U.S.C. Â§ 103(a) for the same reasons discussed with respect to independent claim 1. Independent claims 24 and 28 recite limitations similar to those discussed with respect to independent claim 1. We do not sustain the rejection of claims 24 and 28 for the same reasons discussed with respect to claim 1. 5 Appeal2015-006719 Application 12/233,206 Â§ 103 Rejection-Sahota, Ross, and Crispin Claims 4 and 5 depend from independent claim 1. Crispin was cited by the Examiner for teaching the additional features of claims 4 and 5. (Final Act. 15-16.) However, the Examiner's application of Crispin does not cure the above noted deficiencies of Ross. Â§ 103 Rejection-Sahota, Ross, and Kocher Claims 40-42 depend from independent claim 1. Kocher was cited by the Examiner for teaching the additional features of claims 40-42. (Final Act. 16-18.) However, the Examiner's application of Kocher does not cure the above noted deficiencies of Ross. DECISION The Examiner's decision rejecting claims 1, 4, 5, 9, 20, 24, 28, 32-34 and 37--42 is reversed. REVERSED 6