PTAB Reverses 101 Rejection on Authentication Invention for MasterCard

In a recent PTAB appeal, Ex parte MICHAEL C. WARD, PATRIK SMETS, and PAUL VANNESTE (Appeal 2017-000625/Application 12/833,059) the Board reversed a 101 rejection against a patent application owned by MasterCard International, Inc.  Claim 1 is recited below.

Instead of getting into the two-step Alice test, I thought it might be instructive to look at this invention from the simplistic point of view of whether the invention was functional in nature, like a music player, or only like music, the former being technology that should be patentable, and the latter not.

One way to analogize the claim in question here is to say that the data processed and used by the system is analogous to “music”  – in particular the first and second cryptograms, and the extra data.   This data is processed using a method that can be analogized to the operation of an software-implemented music player – music data is the input, and sound is the output.   The question is then whether there is an innovative aspect to this method (i.e., the music player), or is only the data (i.e., the music) innovative.

In the instant case, the method in essence requires the following:

  • obtaining, at a terminal from a payment device reader, a first and a second crytogram
  • transmitting, from the terminal, the first and second cryptograms in a first message, and the extra data, through a payment network
  • obtaining, at the terminal, a second message corresponding to authentication of the payment device
  • wherein the authentication is issued upon a first cryptographic calculation upon determining that the first message and extra data have been obtained by the issuer
  • wherein the cryptographic calculation comprises:
    • running a first message authentication code calculation using said extra data
    • running a second message authentication code calculation using said extra data; and determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram

By analogy to the music and music player, the method as claimed specifies that the data in question is input into a system, processed in a non-obvious way, and to generate an authentication output for the payment device.  So, in this instance, while there is music and a music player by analogy, and even assuming the cryptograms and second data are unpatentable data, like unpatentable music, there is still novelty in the methodology used to process this data, to achieve the authentication of a physical payment device.  Therefore, this is not an attempt to predicate patentability on abstract data alone, but provides a mechanism to authenticate a physical device using a novel processing methodology.

Claim 1 of U.S. Application No. 12/833,059:

1. A method comprising the steps of:

obtaining, by a terminal component from a payment device reader component, at least a first cryptogram and a second cryptogram;

transmitting, from said terminal component to an issuer of a payment device presented to said payment device reader component, through a payment network, said first cryptogram, said second cryptogram, and extra data, wherein at least said first cryptogram and said second cryptogram are transmitted in a first message;

and obtaining, by said terminal, a second message from said issuer, said second message corresponding to authentication, by said issuer, of said payment device presented to said payment device reader component, said authentication being issued upon a first cryptographic calculation, wherein said first cryptographic calculation is selected from among a plurality of cryptographic calculations upon determining that said first message and said extra data have been obtained by said issuer, wherein said first cryptographic calculation comprises:

running a first message authentication code calculation using said extra data;

running a second message authentication code calculation using said extra data; and determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram.

Comments are closed.