ITS, INC.Download PDFPatent Trials and Appeals BoardFeb 10, 20212021001641 (P.T.A.B. Feb. 10, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/432,669 02/14/2017 TERRY DEAN DOOLEY 41057.268231 2061 145140 7590 02/10/2021 SHOOK, HARDY & BACON L.L.P. (ITS, INC.) INTELLECTUAL PROPERTY DEPARTMENT 2555 GRAND BOULEVARD KANSAS CITY, MO 64108-2613 EXAMINER KWONG, CHO YIU ART UNIT PAPER NUMBER 3693 NOTIFICATION DATE DELIVERY MODE 02/10/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipshookdocketing@shb.com shbdocketing@shb.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte TERRY DEAN DOOLEY, MANISH S. NATHWANI, and STEPHAN DWAYNE THOMASEE __________________ Appeal 2021-001641 Application 15/432,669 Technology Center 3600 ____________________ Before HUBERT C. LORIN, JOSEPH A. FISCHETTI, and JAMES P. CALVE, Administrative Patent Judges. CALVE, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the decision of the Examiner to reject claims 1–20, which are all of the pending claims. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. 1 “Appellant” refers to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies ITS, Inc. as the real party in interest. Appeal Br. 3. Appeal 2021-001641 Application 15/432,669 2 CLAIMED SUBJECT MATTER The claimed innovation separates tokenization functions between a token vault that tokenizes payment credentials and a token service provider that provides front-end token services. See Spec. ¶¶ 5, 6, 22, 52–60. Claims 1, 8, and 16 are independent. Claim 1 recites: 1. One or more computer storage media storing computer-useable instructions that, when executed by one or more computing devices, cause the one or more computing devices to perform operations, the operations comprising: receiving, at a first server acting as a token vault provider, a request to encrypt a payment account identifier of a payment instrument, the request to encrypt the payment account identifier being communicated to the first server acting as the token vault provider based on an enrollment request from a second server acting as a token service provider providing front-end token services separate from the first server acting as the token vault provider; at the first server acting as the token vault provider, encrypting the payment account identifier by generating a payment token for the payment account identifier; and returning the payment token from the first server acting as the token vault provider to the second server acting as the token service provider. REJECTIONS Claims 1–20 are rejected under 35 U.S.C. § 101 as directed to a judicial exception without significantly more. Claim 3 is rejected under 35 U.S.C. § 112(b) as being indefinite. Claims 1–20 are rejected under 35 U.S.C. § 103 as unpatentable over Dill (US 2015/0032627 A1, pub. Jan. 29, 2015) and Huang (US 2015/ 0371234 A1, pub. Dec. 24, 2015). Appeal 2021-001641 Application 15/432,669 3 ANALYSIS Patent Eligibility of Claims 1–20 Appellant argues the claims as a group. See Appeal Br. 8–24. We select claim 1 as representative. See 37 C.F.R. § 41.37(c)(1)(iv). The Examiner determines that claim 1 recites certain methods of organizing the human activity of commercial interactions using payment identifier encryption and generic servers. Non-Final Act. 2–8; Ans. 4–5. The Examiner determines claim 1 does not integrate the abstract idea into a practical application merely by reciting generic servers at a high level of generality to perform steps of the abstract idea. Non-Final Act. 8–9. The Examiner determines that claiming separate servers and using a payment identification encryption service does not improve computers, networks, or network security. Ans. 5. The Examiner determines claim 1 does not recite how separate servers improve the system’s security but instead applies the judicial exception without imposing any meaningful limits on practicing the abstract idea. Non-Final Act. 9; Ans. 5–6. Under Step 2B, the Examiner determines that applying the exception on generic computer components that perform generic functions to facilitate payment ID encryption does not provide an inventive concept. Final Act. 9. The Examiner also determines that the claimed “token vault provider” that “encrypt[s] the payment account identifier” and “token service provider” that “provid[es] front-end token services separate from the . . . token vault provider” recites elements of the abstract idea of facilitating payment ID encryption wherein the servers merely perform well-known, routine, and conventional computing activities to implement the exception. Ans. 7. Appeal 2021-001641 Application 15/432,669 4 Principles of Law Section 101 of the Patent Act states: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 35 U.S.C. § 101. This provision contains an implicit exception: “Laws of nature, natural phenomena, and abstract ideas are not patentable.” Alice Corp. v. CLS Bank Int’l, 573 U.S. 208, 216 (2014). To distinguish patents that claim laws of nature, natural phenomena, and abstract ideas from those that claim patent-eligible applications, we first determine whether the claims are directed to a patent-ineligible concept. Id. at 217. If they are, we consider the elements of each claim, individually and “as an ordered combination,” to determine if additional elements “‘transform the nature of the claim’ into a patent-eligible application” as an “inventive concept” sufficient to ensure the claims in practice amount to significantly more than a patent on the ineligible concept itself. Id. at 217–18. The USPTO has issued guidance about this framework. 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50 (Jan. 7, 2019) (“Revised Guidance”). Under the Revised Guidance, to determine whether a claim is “directed to” an abstract idea, we evaluate whether the claim recites: (1) any judicial exceptions, including certain groupings of abstract ideas listed in the Revised Guidance (i.e., mathematical concepts, certain methods of organizing human activities such as a fundamental economic practice, or mental processes); and (2) additional elements that integrate the judicial exception into a practical application (see MPEP §§ 2106.05(a)–(c), (e)–(h) (9th ed. Rev. 10.2019 June 2020) (“MPEP”)). Id. at 52–55. Appeal 2021-001641 Application 15/432,669 5 Only if a claim (1) recites a judicial exception and also (2) does not integrate that exception into a practical application, do we then consider whether the claim either (3) adds a specific limitation beyond a judicial exception that is not “well-understood, routine, conventional” in the field (see MPEP § 2106.05(d)) or (4) simply appends well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception. Id. at 56. Step 1: Are the Claims Within a Statutory Category? Claim 1 recites a computer storage media, which is a statutory category of invention under 35 U.S.C. § 101, namely, a manufacture. Step 2A, Prong One: Do the Claims Recite a Judicial Exception? We agree with the Examiner that claim 1 recites certain methods of organizing human activity to facilitate commercial interactions involving the encryption of a payment identifier. Final Act. 5–6; Ans. 4–5. The Revised Guidance enumerates this abstract idea as certain methods of organizing human activity––fundamental economic principles or practices (mitigating risk), and commercial interactions (legal obligations and sales activities). See Revised Guidance, 84 Fed. Reg. at 52. Some steps can be performed as mental processes as well. Id. Claim 1 relates to security of electronic payments that use traditional payment instruments such as credit cards or bank accounts. Spec. ¶ 1. The focus of claim 1 is on separating token services from a token vault. Id. ¶ 22. As a result, the role of the token vault is managed by a party such as a token vault provider that is separate from the token service provider that provides front-end token services other than the tokenization and detokenization of payment account information provided by the token vault. Id. ¶¶ 23, 52. Appeal 2021-001641 Application 15/432,669 6 The first limitation of claim 1 recites this feature as: receiving, at a first server acting as a token vault provider, a request to encrypt a payment account identifier of a payment instrument, the request to encrypt the payment account identifier being communicated to the first server acting as the token vault provider based on an enrollment request from a second server acting as a token service provider providing front-end token services separate from the first server acting as the token vault provider Appeal Br. 32 (Claims App.). Enrollment requests seek to enroll a payment instrument and obtain a token to purchase items at e-commerce websites and point-of-sale terminals. Spec. ¶¶ 17, 36, 53. Enrollment requests are received by the token service provider, which asks the token vault provider to generate a payment token for the account based on the enrollment request. Id. ¶¶ 54, 55, Fig. 3. Tokenizing payment account identifiers of payment instruments such as credit cards and debit cards provides security to commercial transactions, financial transactions, and sales activities at e-commerce websites, point-of- sale merchant terminals by protecting this sensitive data. Id. ¶¶ 17, 36, 53. Thus, the claimed method applies to financial and commercial transactions. Tokenization of payment credentials is known. Spec. ¶2. Claim 1 separates tokenization functions from front-end token services so a token service provider provides front-end token services of receiving an encryption request, and a token vault provider generates tokens. Id. ¶¶ 1–6, 52–56. The separate token vault provider acts as an intermediary to facilitate transactions and mitigate risk by eliminating the single aggregation point of conventional token service providers that include token vaults and provide a single entity that exposes a broad vector attack. See Spec. ¶¶ 4, 5, 22–24. Appeal 2021-001641 Application 15/432,669 7 Using a third party intermediary to mitigate risk in commercial and financial transactions is a fundamental economic concept. Alice, 573 U.S. at 219. Here, a separate token vault provider acts as an intermediary to process a consumer’s enrollment request to tokenize payment credentials used in a commercial transaction to mitigate risk. See Spec. ¶¶ 21–24, 52–57, Fig. 3. The final limitations recite the steps used by the token vault provider as a third party intermediary to facilitate the commercial transaction as: at the first server acting as the token vault provider, encrypting the payment account identifier by generating a payment token for the payment account identifier; and returning the payment token from the first server acting as the token vault provider to the second server acting as the token service provider. Appeal Br. 32 (Claims App.). Using a token vault provider as a third party intermediary to provide tokenized payment account identifiers essentially verifies the account data and reduces the potential for transaction fraud and financial risk similar to other fundamental economic practices. Bozeman Fin. LLC v. Fed. Reserve Bank of Atlanta, 955 F.3d 971, 978 (Fed. Cir. 2020) (“Verifying financial documents to reduce transactional fraud is a fundamental business practice that, without more, is not eligible for patent protection.”); Clarilogic, Inc. v. FormFree Holdings Corp., 681 F. App’x 950, 954 (Fed. Cir. 2017) (claims to providing certified financial data indicating financial risk of individuals by collecting and analyzing information without limits to how collected information is analyzed or reformed is an abstract idea); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1354–55 (Fed. Cir. 2014) (claims to creating a “transaction performance guaranty” for online transactions is a long-familiar commercial transaction for contractual relationships and an abstract idea). Appeal 2021-001641 Application 15/432,669 8 Appellant argues that the Examiner erroneously identified facilitating payment identifier encryption as a commercial interaction. Appeal Br. 10– 11. Appellant asserts that even if the claims involve a financial transaction, they are not directed to a financial transaction, but rather relate to encryption methods and systems for securely processing the transaction. Id. at 11. Even if Appellant is correct, encrypting payment tokens to protect financial information, when recited at such a high level of generality without technical details, is part of the abstract idea identified above. See Inventor Holdings, LLC v. Bed Bath & Beyond, Inc., 876 F.3d 1372, 1378 (Fed. Cir. 2017) (paying for items ordered from a remote seller at a third-party’s store using an order code generated by a remote seller is a fundamental business practice that is not patent eligible when implemented on generic computers); see also Smart Sys. Innovations, LLC v. Chicago Transit Auth., 873 F.3d 1364, 1371 (Fed. Cir. 2017) (claims to using a credit card as an identifying token to pay for a subway or bus ride covers an abstract concept). Here, claim 1 recites the use of generic encryption to generate a payment token. Generic encryption that generates a payment token does not improve technology or take claim 1 outside the abstract realm. See Dropbox, Inc. v. Synchronoss Techs., Inc., 815 F. App’x 529, 532–33 (Fed. Cir. 2020) (claim to an access checker and encryption trust level associated with an encryption method to control access to information recited no technological solution); Bridge & Post, Inc. v. Verizon Commc’ns, Inc., 778 F. App’x 882, 888–90 (Fed. Cir. 2019) (generating a request identifier by encrypting a user identifier did not improve networking hardware or software, user identifiers, encryption techniques or network technology but instead improved only the monetization of tracking users with personal markings in the abstract realm). Appeal 2021-001641 Application 15/432,669 9 Combining one abstract idea (certain methods of organizing human activity for commercial transactions) with another abstract idea (encryption as a fundamental economic practice) does not make an abstract idea any less so. See RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea (math) to another abstract idea (encoding and decoding) does not render the claim non-abstract.”) (emphasis added); Apple, Inc. v. Ameranth, Inc., 842 F.3d 1229, 1240 (Fed. Cir. 2016) (“An abstract idea can generally be described at different levels of abstraction.”); Synopsys, Inc. v. Mentor Graphics Corp., 839 F.3d 1138, 1151 (Fed. Cir. 2016) (“[A] claim for a new abstract idea is still an abstract idea.”). A claim to “encrypting the payment account identifier by generating a payment token for the payment account identifier” does not recite technical details or security improvements. See Dropbox, 815 F. App’x at 532–33 (an “access checker” that controlled access by using “an encryption trust level” associated with an encryption method was not a technological solution or a technique that improved a computer; it was an abstraction of a fundamental principle for access filters). “Improving security . . . can be a non-abstract computer-functionality improvement if done by a specific technique that departs from earlier approaches to solve a specific computer problem.” Id. at 533 (citation omitted). The Specification describes the claimed tokenization as using “well- established, ubiquitous hardware encryption algorithm, such as those based on the Advanced Encryption Standard (‘AES’) or the Triple Data Encryption Standard (‘3DES’)” that already support services in a payment ecosystem. Spec. ¶ 20. Tokenization also may use known cryptographic standards and algorithms that rely on known public/private key pairs. Id. ¶¶ 21, 26, 33. Appeal 2021-001641 Application 15/432,669 10 Appellant argues that the Examiner did not consider the first server acting as a token vault provider being “separate from” the second server providing front-end services. Appeal Br. 12–13. Appellant asserts that the Examiner errs by identifying the arrangement of servers and their functions as abstract without giving the arrangement any weight. Id. at 13. Appellant argues that technological advances come from generic computer components as in Amdocs (Israel) Ltd. v. Openet Telecom, Inc., 841 F.3d 1288, 1291 (Fed. Cir. 2016) and BASCOM Global Internet Servs., Inc. v. AT&T Mobility LLC, 827 F.3d 1341, 1350–51 (Fed. Cir. 2016). The Specification makes clear that the separation of tokenization steps between two generic servers is part of the abstract idea of mitigating risk. Separating the token vault and token services roles further eliminates a single aggregation point of payment tokens and payment account identifiers associated with conventional token service providers, thereby mitigating certain risks of the issuers that are otherwise outside the issuers’ control. Such implementations also permit the issuer to choose the entities to which it designates the responsibilities of a token vault provider (e.g., the issuer itself, issuer processor, and/or another party). Spec. ¶ 24 (emphasis added). Performing generic tokenization steps such as front-end token services and tokenization of payment account identifiers using generic servers and encryption described as conventional in the Specification does not claim a specific improvement in tokenization or encryption or network technology. “The patent has to describe how to solve the problem in a manner that encompasses something more than the ‘principle in the abstract.’” Dropbox, 815 F. App’x at 533 (citation omitted). Without more, claiming payment transactions that use tokens and encryption is abstract as discussed above. Appeal 2021-001641 Application 15/432,669 11 Simply arranging generic token services across two generic servers is not a technological innovation. No technical improvement is claimed for the encryption, security, computers, networks, or other technology. Instead, the separate servers mitigate risk at a high level of abstraction. See Spec. ¶ 24. In Innovation Sciences, an online shopping method claimed a separate payment server to support Internet buying by receiving credit card payment information and encrypting credit card payment information using a security protocol of at least 128 bit encryption. Innovation Sciences, LLC v. Amazon.com, Inc., 778 F. App’x 859, 861 (Fed. Cir. 2019). Although the payment server was separate from the server that hosted the website, the court held that the claim recited “the abstract idea of securely processing a credit card transaction with a payment server.” Id. at 863. Because the payment server had an IP address different from the IP address of the merchant server, Appellant argued “by switching the online communication between the buyer and merchant to a secure communication channel for transmission of payment information, the invention implements a new technological solution” of “a novel dedicated payment server logically and physically separated from a conventional merchant server for increased security during online transactions.” Innovation Sci., 778 F. App’x at 863. Notwithstanding this argument, the court nonetheless held: The claim recites, in merely functional, result-oriented terms, receiving credit card payment information at a server different from the server on which the item for purchase is listed, sending the payment information “to an established financial channel,” receiving a “processing decision” from that channel, sending payment confirmation, and updating the server supporting the website listing the item that the item was purchased. Id. at 863. Appeal 2021-001641 Application 15/432,669 12 Here, the token vault provider similarly encrypts a payment account identifier to generate a payment token based on an enrollment request from a token service provider at a high level of generality. Appeal Br. 32 (Claims App.). The separate token vault server does not perform different functions than a token vault that is part of a token service provider as known in the art. It simply allows the role of a token vault to be performed by an issuer, issuer processor, or third party separate from a token service provider to provide more flexibility and open access to issuers who want to provide the services, and it mitigates risk of attacks. Spec. ¶¶ 22–24, 58. Essentially, the asserted innovation is the concept that two servers are more difficult to attack than a single server that consolidates all front-end token processes and tokenization steps. See Appeal Br. 12–14; Spec. ¶¶ 4, 5, 19–24. By dividing tokenization between separate servers, no single entity is subject to “a broad attack vector.” Spec. ¶¶ 4, 5, 19–24. Whether we denominate this concept as certain methods of organizing human activities of sales activities and commercial transactions or as a fundamental economic practice of risk mitigation and intermediated settlement, claim 1 recites an abstract idea implemented on generic servers that perform generic steps of tokenization and front-end token services. The decisions in Amdocs, 841 F.3d at 1302 and BASCOM do not undermine our analysis under Prong One. To the contrary, those decisions illustrate why claim 1 here recites an abstract idea devoid of technological innovations or advances to take it out of the abstract realm. The claims in those decisions improved computers and networks functions unlike claim 1 here. Appeal 2021-001641 Application 15/432,669 13 In Amdocs, the distributed architecture and networked devices worked in a distributed manner to enhance data records and therefore were not an abstract idea. Amdocs, 841 F.3d at 1301. The enhancing limitation required generic components to operate in an unconventional manner to improve the functionality of computers to enhance data in a distributed fashion. Id. at 1300–01. Here, the claimed token vault and token service provider servers perform generic functions of tokenizing payment account identifiers and front-end token steps without enhancements. These generic functions that were performed by a single entity now are performed by separate, generic servers with no improvements to the servers, network, or tokenizing steps beyond the abstract idea identified above. In BASCOM, the claims recited an inventive concept that installed a filtering tool at a specific location of an ISP server remote from end-users but also included a customizable filtering feature specific to each end user. BASCOM, 827 F.3d at 1350. The arrangement provided a filtering tool with the benefits of a filter on a local computer of an end user and the benefits of a filter on the ISP server. Id. It associated individual accounts with their own filtering scheme while locating the filtering system on an ISP server where it can be performed more efficiently. Id. Here, the improvement is in the mitigation of risk and intermediated settlement functions in commercial transactions using generic servers to perform generic tokenization processes. Claim 1 does not recite a technical improvement to token processing or load distribution over a network or between the two servers. Accordingly, we determine claim 1 recites the abstract idea identified above as do claims 2–20, which fall with claim 1. Appeal 2021-001641 Application 15/432,669 14 Step 2A, Prong Two: Integration into a Practical Application We next consider whether the claims recite additional elements that integrate the abstract idea into a practical application. Revised Guidance, 84 Fed. Reg. at 54. We determine claim 1 lacks additional elements that improve a computer or other technology or implement the abstract idea in conjunction with a particular machine or manufacture that is integral to the claim. They do not transform or reduce a particular article to a different state or thing. They do not apply the abstract idea in a meaningful way beyond linking it to a particular technological environment. See Revised Guidance, 84 Fed. Reg. at 55; Final Act. 8–10; Ans. 5–6. Appellant argues that additional elements of “a first server acting as a token vault provider” and “a second server acting as a token service provider providing front-end token services separate from the first server acting as the token vault provider” improve the functioning of a computer and a computer network. Appeal Br. 15. Appellant asserts that improvements to computer and network security are patent eligible. Id. at 15–16 (citing Ancora Techs., Inc. v. HTC Am., Inc., 908 F.3d 1343 (Fed. Cir. 2018) and SRI Int’l, Inc. v. Cisco Sys., Inc., 918 F.3d 1368 (Fed. Cir. 2019). Id. at 15–16. The claimed separation of the first and second servers is recited at such a high level of generality in claim 1 that it is part of the abstract idea identified in Prong One and therefore cannot be an additional element that integrates that same abstract idea into a practical application. See Revised Guidance, 84 Fed. Reg. at 55 n.24; Alice, 573 U.S. at 221 (a claim to an abstract idea must include “additional features” to ensure it does not monopolize the abstract idea) (citing Mayo Collaborative Servs. v. Prometheus Labs., Inc., 566 U.S. 66, 77 (2012)). Appeal 2021-001641 Application 15/432,669 15 The patent eligible improvements to computer security in Ancora and SRI illustrate why claim 1 is not patent eligible in this appeal. In Ancora, the claims recited a specific improvement in computer functionality by using a particular structure containing a license record that was stored in a particular modifiable, non-volatile part of the computer’s BIOS. The structure in that location was used for verification by interacting with the distinct portion of a computer memory that contained the program to be verified to address the technological problem of vulnerability of license-authorization software to hacking. Ancora, 908 F.3d at 1348–49. Here, claim 1 recites one generic server acting as a token vault to encrypt a payment account identifier as a token and another server acting as a token service provider to provide front- end token services. The improvement is the concept of splitting tokenization functions over two servers (rather than combining them in a single server) to mitigate a risk of hackers concentrating their efforts against a single entity. See Spec. ¶¶ 4, 5, 19–24. No technical improvement is recited for servers or encryption to tie the abstract idea to a machine that is integral to the claim. In SRI, a specific claimed technique used plural network monitors to analyze specific types of network data, detect suspicious network activity based on the network traffic data, generate reports of that suspicious activity, and integrate the reports using hierarchical monitors. SRI Int’l, Inc. v. Cisco Sys., Inc., 930 F.3d 1295, 1303 (Fed. Cir. 2019). Here, no technical details are recited. Generic servers perform generic tokenization functions––front- end services and encryption—at a high level of generality without improving computers or technology. The alleged security improvement is the concept that it may be more difficult to attack two separate servers versus a single prior art server that consolidates token functions. See Spec. ¶¶ 4, 5, 19–24. Appeal 2021-001641 Application 15/432,669 16 As the Specification makes clear, “[s]eparating the token vault and token services roles further eliminates a single aggregation point of payment tokens and payment account identifiers associated with conventional token service providers, thereby mitigating certain risks of the issuers that are otherwise outside the issuers.” Spec. ¶ 24 (quoted in Appeal Br. 17). Thus, the asserted security improvement is the abstract idea of mitigating risk. Accordingly, we determine that claim 1 lacks additional elements that are sufficient to integrate the abstract idea into a practical application. Step 2B: Do the Claims Include an Inventive Concept? We next consider whether claim 1 recites any additional elements, individually, or as an ordered combination, to provide an inventive concept. Alice, 573 U.S. at 217–18. This step is satisfied when the claim limitations involve more than well-understood, routine, and conventional activities. Berkheimer v. HP Inc., 881 F.3d 1360, 1367 (Fed. Cir. 2018); see Revised Guidance, 84 Fed. Reg. at 56. Individually, the limitations of claim 1 implement the abstract idea on a generic processor. See BSG Tech LLC v. Buyseasons, Inc., 899 F.3d 1281, 1290–91 (Fed. Cir. 2018) (“If a claim’s only ‘inventive concept’ is the application of an abstract idea using conventional and well-understood techniques, the claim has not been transformed into a patent-eligible application of an abstract idea.”); Bancorp Servs., L.L.C. v. Sun Life Assur. Co of Can. (U.S.), 687 F.3d 1266, 1280 (Fed. Cir. 2012) (“The district court correctly held that without the computer limitations nothing remains in the claims but the abstract idea of managing a stable value protected life insurance policy by performing calculations and manipulating the results.”). Appeal 2021-001641 Application 15/432,669 17 The servers are computing devices 500 with bus 510, memory 512, processors 514, and input/output parts 520. Spec. ¶¶ 67–69. “Distinction is not made between such categories as ‘workstation’, ‘server’, ‘laptop’, ‘hand- held device’, etc.” Id. The computing devices may include known volatile and nonvolatile media. Id. ¶ 70. Conventional memory 512 elements are used. Id. ¶ 71. As discussed above, the claimed generic encryption uses known, conventional techniques in the art. See id. ¶¶ 20, 21, 26, 33. As an ordered combination, the limitations recite no more than they do individually. See BSG, 899 F.3d at 1291 (“[N]arrowing or reformulating an abstract idea does not add ‘significantly more’ to it.”) (citation omitted); Ultramercial, Inc. v. Hulu, LLC, 772 F.3d 709, 715 (Fed. Cir. 2014) (steps of receiving media, selecting an ad, offering media in exchange for watching an ad, displaying the ad, and receiving payment recites an abstraction). Groundbreaking, innovative, or even brilliant steps are insufficient. See Ass’n for Molecular Pathology v. Myriad Genetics, Inc., 569 U.S. 576, 591 (2013); accord SAP Am., Inc. v. InvestPic, LLC, 898 F.3d 1161, 1163 (Fed. Cir. 2018) (“No matter how much of an advance in the finance field the claims recite, the advance lies entirely in the realm of abstract ideas, with no plausibly alleged innovation in the non-abstract application realm. An advance of that nature is ineligible for patenting.”); Solutran, Inc. v. Elavon, Inc., 931 F.3d 1161, 1169 (Fed. Cir. 2019) (“[M]erely reciting an abstract idea by itself in a claim––even if the idea is novel and non-obvious––is not enough to save it from ineligibility.”). Accordingly, we determine that claim 1 lacks an inventive concept sufficient to transform the abstract idea into patent-eligible subject matter. We sustain the rejection of claim 1 and claims 2–20, which fall therewith. Appeal 2021-001641 Application 15/432,669 18 Rejection of Claims 1–20 Over Dill and Huang Appellant argues the claims as a group. Appeal Br. 24–30. We select claim 1 as representative. See 37 C.F.R. § 41.37(c)(1)(iv). Independent claims 1, 8, and 16 each recite “a first server acting as a token vault provider” and “a second server acting as a token service provider providing front-end token services separate from the first server acting as the token vault provider.”2 See Appeal Br. 32 (Claims App.). The Examiner cites Dill to teach a token service provider as a token requestor and a token vault provider as the network token system, which is separate from the token requestor and receives tokenization requests from the token requestors, encrypts the payment account identifier by generating a payment token for the payment account identifier, and returns the payment token to the token requester acting as the token service provider as claimed. Non-Final Act. 11–12; Ans. 7. The Examiner finds that Dill does not teach a server acting as the token service provider so the Examiner cites Huang to teach the use of a server acting as a token service provider to communicate with a token vault as claimed. Non-Final Act. 12. The Examiner determines that it would have been obvious to modify Dill with the teachings of Huang to use a server acting as the token requestor because a server provides faster, more centralized communication than do individual devices. Id. 2 Independent Claim 8 recites “a second server acting as a token service provider providing front-end token services” and “a first server acting as a token vault provider separate from the second server acting as the token service provider.” Appeal Br. 33 (Claims App.). Independent claim 16 recites “the first server acting as the token vault provider being separate from a second server acting as a token service provider providing front-end token services.” Id. at 35. Appeal 2021-001641 Application 15/432,669 19 Appellant argues that Dill teaches a token requestor as a mobile phone or wallet that communicates with Dill’s token vault. Appeal Br. 25. This argument is not persuasive as Dill also teaches token requestors as including issuers, merchants, acquirers, payment providers, network systems, and OS provider entities that process enrollment requests from users as claimed. See Dill ¶ 34, Fig. 2. The only function claimed for the token service provider is forwarding an enrollment request to the token vault. Dill’s token requestors perform such front-end services. They receive and forward token enrollment requests of users to enroll a payment card/account to make a purchase from a merchant. Dill ¶¶ 34–36, 42, 108, Fig. 2. Claim 1 recites no details of front- end token services. The Specification provides little description of the scope of the front-end token services. See Spec. ¶¶ 6, 7, 22–24, 52, 73. Appellant also argues that Dill’s token vault provides front-end token services and therefore cannot be a token vault. Appellant asserts that “the examiner cannot ignore that Dill expressly provides for a token vault that is offering front-end services from the perspective of the token requestor because the token vault is providing the interface for the token requester [and] Dill is unambiguously clear that its token vault is offering front-end services for the token requestor . . . since it is providing the interfaces for the token requestor to request a token from the token vault.” Appeal Br. 25–26. Appellant also asserts that Dill’s token vault is part of the network token system that provides front-end services so that “[t]here is nothing about Dill’s network token system that separates front-end services, and token generation and storage [because] Dill’s token vault and network token system both offer front-end services to the token requestor in addition to generating and storing a token.” Id. at 26–27. Appeal 2021-001641 Application 15/432,669 20 These arguments are not commensurate with claim 1, which requires a token service provider to provide front-end token services and a token vault provider to encrypt a payment account identifier/generate a payment token. Claim 1 does not preclude the token vault from providing front-end token services. Thus, Dill’s token requestor that performs front-end token services and Dill’s network token system that generates tokens satisfy claim 1 even if the network token system also performs front-end services. Accordingly, we sustain the rejection of claim 1 and claims 2–20, which fall with claim 1. Rejection of Claim 3 for Indefiniteness The Examiner determines that claim 3 is indefinite because it recites a “first server acting as the token vault provider” and “first server acting as the token service provider.” Non-Final Act. 10–11. Appellant does not traverse this rejection. Appeal Br. 7. Therefore, we summarily sustain this rejection. CONCLUSION In summary: Claims Rejected 35 U.S.C. § Reference(s)/ Basis Affirmed Reversed 1–20 101 Eligibility 1–20 3 112(b) Indefiniteness 3 1–20 103 Dill, Huang 1–20 Overall Outcome 1–20 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED Copy with citationCopy as parenthetical citation
