Aissi, SelimDownload PDFPatent Trials and Appeals BoardJan 10, 202014012597 - (D) (P.T.A.B. Jan. 10, 2020) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/012,597 08/28/2013 Selim Aissi 79900-883554-029000USNP 6464 66945 7590 01/10/2020 KILPATRICK TOWNSEND & STOCKTON LLP/VISA Mailstop: IP Docketing - 22 1100 Peachtree Street Suite 2800 Atlanta, GA 30309 EXAMINER BEHESHTI SHIRAZI, SAYED ARESH ART UNIT PAPER NUMBER 2435 NOTIFICATION DATE DELIVERY MODE 01/10/2020 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): KTSDocketing2@kilpatrick.foundationip.com ipefiling@kilpatricktownsend.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte SELIM AISSI ____________________ Appeal 2019-000224 Application 14/012,597 Technology Center 2400 ____________________ Before JENNIFER S. BISK, SCOTT E. BAIN, and JULIET MITCHELL DIRBA, Administrative Patent Judges. DIRBA, Administrative Patent Judge. DECISION ON APPEAL1 Pursuant to 35 U.S.C. § 134(a), Appellant2 seeks review of the Examiner’s rejection of claims 1, 3–7, 9, 10, and 12–20, which are all claims pending in the application. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. 1 This Decision uses the following abbreviations: “Spec.” for the original Specification, filed Aug. 28, 2013, claiming the benefit of a provisional application; “Final Act.” for the Final Office Action, mailed Feb. 8, 2018; “Appeal Br.” for Appellant’s Appeal Brief, filed July 3, 2018; “Ans.” for Examiner’s Answer, mailed Aug. 7, 2018; and “Reply Br.” for Appellant’s Reply Brief, filed Oct. 5, 2018. 2 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. According to Appellant, the real party in interest is Visa International Service Association. Appeal Br. 2. Appeal 2019-000224 Application 14/012,597 2 BACKGROUND Appellant’s disclosed embodiments and claimed invention relate to “protecting data on a device based on the awareness of the environment associated with the data.” Spec. ¶ 7. Claim 1, reproduced below, is illustrative of the claimed subject matter: 1. A method for protecting data assets on a computing device, the method comprising: prior to receiving a user input, [(1)] searching, by a data protection module run by a processor, for a plurality of different data assets residing at different memory locations on the computing device; [(2)] identifying, by the data protection module run by the processor, the plurality of different data assets based on attributes of the plurality of different data assets; [(3)] classifying the plurality of different data assets based on the attributes and data types of the plurality of different data assets, the different memory locations on the computing device for the plurality of different data assets, and a state of the plurality of different data assets, the state of the plurality of different data assets including one or more of an at- rest state, an in-use state corresponding to currently being utilized by an application, or an in-transit state corresponding to moving between entities, the data types selected from the group consisting of a numeric value, a string of text, an image, and an audio file; [(4)] ranking a particular data asset of the plurality of different data assets based at least in part on a classification of the plurality of different data assets, the ranking indicating sensitive data associated with the particular data asset in comparison to other ranks of other data assets of the plurality of different data assets; [(5)] updating the ranking of the particular data asset of the plurality of different data assets based at least in part on the user input; Appeal 2019-000224 Application 14/012,597 3 [(6)] generating a map using the classification of the plurality of different data assets, wherein the map associates the particular data asset of the plurality of different data assets with a location in the computing device, policies for protecting the particular data asset, an updated ranking of the particular data asset, and protection mechanisms used to protect the particular data asset; and [(7)] protecting the plurality of different data assets according to their associated protection mechanisms. Appeal Br. 22–23 (Claims App.) (emphasis and numbering added). REJECTION Claims 1, 3–7, 9, 10, and 12–20 stand rejected under 35 U.S.C. § 101 as directed to patent-ineligible subject matter. Final Act. 6–7. ANALYSIS We review the appealed rejection for error based upon the issues identified by Appellant and in light of the arguments and evidence produced thereon. Ex parte Frye, 94 USPQ2d 1072, 1075 (BPAI 2010) (precedential). To the extent Appellant has not advanced separate, substantive arguments for particular claims, or other issues, such arguments are waived. 37 C.F.R. § 41.37(c)(1)(iv). We have considered all of Appellant’s arguments and any evidence presented. We highlight and address specific findings and arguments for emphasis in our analysis below. Patent Eligibility Rejection of Claims 1–26 Section 101 of the Patent Act provides that “any new and useful process, machine, manufacture, or composition of matter, or any new and Appeal 2019-000224 Application 14/012,597 4 useful improvement thereof” is patent eligible. 35 U.S.C. § 101. But the Supreme Court has long recognized implicit exceptions to this section: “‘Laws of nature, natural phenomena, and abstract ideas are not patentable.’” Alice Corp. v. CLS Bank Int’l, 573 U.S. 208, 216 (2014) (quoting Ass’n for Molecular Pathology v. Myriad Genetics, Inc., 569 U.S. 576, 589 (2013)). To determine whether a claim falls within one of these excluded categories, the Court has set out a two-part framework. The framework requires us first to consider whether the claim is “directed to one of those patent-ineligible concepts.” Alice, 573 U.S. at 217. If so, we then examine “the elements of each claim both individually and ‘as an ordered combination’ to determine whether the additional elements ‘transform the nature of the claim’ into a patent-eligible application.” Alice, 573 U.S. at 217 (quoting Mayo Collaborative Servs. v. Prometheus Labs., Inc., 566 U.S. 66, 78, 79 (2012)). That is, we examine the claims for an “inventive concept,” “an element or combination of elements that is ‘sufficient to ensure that the patent in practice amounts to significantly more than a patent upon the [ineligible concept] itself.’” Alice, 573 U.S. at 217–18 (alteration in original) (quoting Mayo, 566 U.S. at 72–73). The Patent Office recently issued guidance regarding this framework. See USPTO, 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50 (Jan. 7, 2019) (“Revised Guidance”). Under the Revised Guidance, to decide whether a claim is “directed to” an abstract idea, we evaluate whether the claim (1) recites subject matter falling within an abstract idea grouping listed in the Revised Guidance and (2) fails to integrate the recited abstract idea into a practical application. See Revised Guidance, 84 Fed. Reg. at 51. If the claim is “directed to” an abstract idea, Appeal 2019-000224 Application 14/012,597 5 as noted above, we then determine whether the claim recites an inventive concept. The Revised Guidance explains that when making this determination, we should consider whether the additional claim elements add “a specific limitation or combination of limitations that are not well- understood, routine, conventional activity in the field” or “simply append[] well-understood, routine, conventional activities previously known to the industry.” Revised Guidance, 84 Fed. Reg. at 56. With these principles in mind, we turn to the § 101 rejection. Appellant argues claims 1, 3, 4, 6, 7, 9, 10, 12, 13, and 15–20 as a group and separately addresses dependent claims 5 and 14 as a group.3 See Appeal Br. 10–20. Therefore, consistent with the provisions of 37 C.F.R. § 41.37(c)(1)(iv), we limit our discussion to independent claim 1 and dependent claim 5. The Judicial Exception—Abstract Idea The Examiner determined the claims are directed to the abstract idea of “searching for a plurality of different data assets, identifying the plurality of different data assets, classifying the plurality of different data assets, ranking a particular data asset of the plurality of different data assets, and generating a map using the classification of the plurality of different data 3 Appellant states that “[d]ependent claims 3–5 and 12–14 are also separately argued” (Appeal Br. 10), but Appellant does not present a separate argument regarding dependent claims 3, 4, 12, or 13 (see id. at 20). Rather, Appellant includes a section contending that claims 5 and 14 are patent eligible, and in that section, Appellant notes that these claims depend from claims 3, 4, 12, and/or 13. Id. Accordingly, dependent claims 3, 4, 12, and 13 are not separately argued, and they stand or fall with their respective independent claim. Appeal 2019-000224 Application 14/012,597 6 assets, and protecting the plurality of different data assets.” Final Act. 6–7 (quotation marks, commas, and ellipses omitted for clarity). The Examiner determined the claim as a whole merely recites “collecting information, analyzing it and displaying certain result[s] of [the] collection and analysis.” Id. at 3, 7 (citing Elec. Power Grp., LLC v. Alstom S.A., 830 F.3d 1350, 1353 (Fed. Cir. 2016)). For the reasons explained below, we agree with the Examiner that the claims recite an abstract idea. Under the broadest reasonable interpretation, the limitations of claim 1 recite a mental process. Specifically, claim 1 recites “searching” for data assets (limitation (1)), “identifying” those assets based on their attributes (limitation (2)), “classifying” those assets based on their attributes, their data types, the location in memory where they reside, and their state (limitation (3)), “ranking” a particular asset based on the classification (limitation (4)), “updating” that ranking based on user input (limitation (5)), and “generating a map” associating the assets with locations, policies, rankings, and protection mechanisms (limitation (6)). Appeal Br. 22–23 (Claims App.). These limitations, under their broadest reasonable interpretation, recite steps that, but for the recitation of a “processor” running a “data protection module” and a “computing device” storing data in “memory locations,” could be performed in the mind or with pencil and paper. For example, a person can search for information, identify and classify the information, rank (and update the ranking for) a particular piece of information, and generate a table that associates different categories of information with mechanisms for protecting the information (e.g., Appeal 2019-000224 Application 14/012,597 7 encrypting the information or deleting it). See, e.g., Spec. ¶¶ 37 (defining the claimed “policy” to broadly include “a set of rules”), 39 (defining the claimed “map” to broadly include “an association of one or more data assets on a computing device with one or more other aspects of the data or computing device,” which may be implemented as a table), 91 (defining “protection mechanisms” to broadly include “encryption, tokenization, masking, de-contexting, hashing, deletion, scrubbing, or any protection mechanism suitable for protecting security sensitive data”), 101 (noting that the tables in Figures 6A and 6B are examples of the claimed “map”). Accordingly, these limitations recite a mental process. When claimed in a manner similar to the claims here, identifying, classifying, ranking, and associating information has been determined to be an abstract idea. CyberSource Corp. v. Retail Decisions, Inc., 654 F.3d 1366, 1372, 1376 (Fed. Cir. 2011) (holding that a method that can be performed by human thought alone is merely an abstract idea and is not patent-eligible under 35 U.S.C. § 101); see also Intellectual Ventures I LLC v. Capital One Fin. Corp., 850 F.3d 1332, 1340 (Fed. Cir. 2017) (finding claims were “directed to the abstract idea of collecting, displaying, and manipulating data”); Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307, 1318 (Fed. Cir. 2016) (“[W]ith the exception of generic computer-implemented steps, there is nothing in the claims themselves that foreclose them from being performed by a human, mentally or with pen and paper.”). Accordingly, we conclude the claims recite a mental process, and thus, an abstract idea. Revised Guidance, 84 Fed. Reg. at 52–53 (listing “[m]ental processes—concepts performed in the human mind (including an Appeal 2019-000224 Application 14/012,597 8 observation, evaluation, judgment, opinion)” as one of the “enumerated groupings of abstract ideas”). Integration of the Judicial Exception into a Practical Application If a claim recites a judicial exception, we determine whether the recited judicial exception is integrated into a practical application of that exception by: (a) identifying whether there are any additional elements recited in the claim beyond the judicial exception(s); and (b) evaluating those additional elements individually and in combination to determine whether they integrate the exception into a practical application. If the recited judicial exception is integrated into a practical application, the claim is not directed to the judicial exception. Here, claim 1 recites a “processor” running “a data protection module” (limitations (1) and (2)) and a “computing device” storing data in “memory locations” (limitations (1), (3), and (6)). Appeal Br. 22–23 (Claims App.). Considering claim 1 as a whole, these additional elements do not apply or use the abstract idea in a meaningful way because they are simply generic computer limitations. See Alice, 573 U.S. at 223 (“Stating an abstract idea while adding the words ‘apply it with a computer’” is not sufficient to confer patent eligibility.); DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1256 (Fed. Cir. 2014) (“[A]fter Alice, there can remain no doubt: recitation of generic computer limitations does not make an otherwise ineligible claim patent-eligible.”). The Specification demonstrates that the “computing device” and “memory locations” are generic components. E.g., Spec. ¶¶ 30 (“A ‘computing device’ may comprise any electronic device that may be operated by a user, which may also provide Appeal 2019-000224 Application 14/012,597 9 remote communication capabilities to a network. . . . Examples of computing devices include mobile devices (e.g. cellular phones), personal computers, PDAs, tablet computers, net books, laptop computers, personal music players, hand-held specialized readers, etc.”), 45 (“[M]emory on the computing device 100 may be implemented in any suitable manner and may include a combination of different types of memory storage.”). The claimed “processor” is not described in any detail in the Specification, which confirms that it is also a generic component. See, e.g., Spec. ¶¶ 61 (“In one embodiment, the processor 302 may be configured for processing the functions of a phone.”), 117 (noting that the steps may be implemented by execution of instructions “by a suitably-programmed computing device, microprocessor, data processor, or the like”). And, finally, the Specification’s description of the claimed “data protection module” indicates it is simply a generic software component. See, e.g., Spec. ¶¶ 69–71 (data protection module 400 may be part of a downloaded application, a “standalone module,” or “a module in the operating system kernel”), 119 (software may be implemented with conventional techniques). In addition, claim 1 recites the additional element of “protecting” the assets according to the associated “protection mechanisms” (limitation (7)). Considering claim 1 as a whole, this additional element (alone and when considered in combination with other additional elements) does not apply or use the abstract idea in a sufficiently meaningful way. The Supreme Court guides that the “prohibition against patenting abstract ideas ‘cannot be circumvented by attempting to limit the use of the formula to a particular technological environment’ or [by] adding ‘insignificant postsolution activity.”’ Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (quoting Appeal 2019-000224 Application 14/012,597 10 Diamond v. Diehr, 450 U.S. 175, 191–92 (1981)). The Specification makes clear that “protecting” assets according to “protection mechanisms” is a generic computer-based activity. E.g., Spec. ¶¶ 91–97 (providing high-level description of protection mechanisms, which include “encryption,” “hashing,” and “deletion”). Accordingly, we conclude that claim 1 does not integrate the abstract idea into a practical application. See Intellectual Ventures I LLC v. Capital One Fin. Corp., 850 F.3d 1332, 1340 (Fed. Cir. 2017) (holding that claims reciting modifying data in an “XML document” were not patent eligible because, “at best, this limits the invention to a technological environment for which to apply the underlying abstract concept”); Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307, 1318 (Fed. Cir. 2016) (holding that claims directed to applying rules and automatically delivering email messages were not patent eligible); Ultramercial, Inc. v. Hulu, LLC, 772 F.3d 709, 716 (Fed. Cir. 2014) (holding claims that included limitations restricting access were not patent eligible). Appellant’s arguments have not persuaded us that claim 1 is directed to a patent-eligible concept. For example, we are not persuaded by Appellant’s arguments that the Examiner failed to establish a prima facie case. Appeal Br. 11–13. The Federal Circuit has explained that “the prima facie case is merely a procedural device that enables an appropriate shift of the burden of production.” Hyatt v. Dudas, 492 F.3d 1365, 1369 (Fed. Cir. 2007) (citing In re Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992)). We determine that the Examiner established a prima facie case by setting forth the rejection in a sufficiently articulate and informative manner. See In re Jung, 637 F.3d 1356, 1363 (Fed. Cir. 2011) (declining to “impose additional Appeal 2019-000224 Application 14/012,597 11 prima facie procedural requirements” beyond the notice required by statute). Appellant does not allege a failure to understand the rejection, and indeed, Appellant identifies and responds to the Examiner’s analysis. See, e.g., Appeal Br. 11–12 (identifying abstract idea and alleging the case cited by the Examiner is distinguishable). Moreover, Appellant submits “[t]he instant claims share substantial similarities to the claims of DDR Holdings,” which were found to be patent eligible because “they were necessarily rooted in computer technology in order to overcome a problem specifically arising in the realm of computer technology.” Appeal Br. 14 (citing DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245 (Fed. Cir. 2014)). According to Appellant, limitations (6) and (7) demonstrate that the claims recite a technical solution to a technical problem by allowing “the data protection module . . . to proactively store and securely maintain a data asset based on the awareness of the environment.” Id. Although an abstract idea can be integrated into a practical application by improving the functioning of a computer, we are not persuaded that claim 1 does this. As discussed above, claim 1 recites locating data assets (limitations (1)–(2)), classifying and ranking the data assets (limitations (3)– (5)), generating a map associating the data assets with protection mechanisms (limitation (6)), and protecting the assets according to the protection mechanisms (limitation (7)). Appeal Br. 22–23 (Claims App.). Even if we were to agree that this addresses a technical problem, the claim fails to provide a technical solution. At best, claim 1 recites an idea (i.e., protecting different categories of data with different protection mechanisms)—it lacks technical details for implementing its idea, and Appeal 2019-000224 Application 14/012,597 12 instead broadly recites generating a map (e.g., a table specifying the protection mechanism for a particular type of data) and protecting the data as specified. The Specification, likewise, lacks technical details to implement the idea and fails to include a technical solution. See, e.g., Spec. ¶¶ 28 (identifying technical problems which may cause data to be unprotected, but purporting to “solve this problem by searching for and identifying such data and providing [an] appropriate” protection mechanism), 24–25 (generally stating that invention uses “awareness of the environment associated with the data” where existing solutions use “reactive measures”); see also Ans. 8– 9 (“[T]he instant claims do[] not disclose[] a solution to a problem necessarily rooted in the computer technology and the recited limitations are steps previously performed by human processor.”). As a result, we are not persuaded that claim 1 recites a technical solution to a technical problem, and consequently, we are not persuaded that claim 1 is analogous to the claims in DDR Holdings. Accordingly, even in combination with all the other recited elements, the addition of these additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. For these reasons, we determine that claim 1 does not integrate the recited abstract idea into a practical application. Inventive Concept Because we agree with the Examiner that claim 1 is “directed to” an abstract idea, we consider whether an additional element (or combination of elements) adds a limitation that is not well-understood, routine, conventional (“WURC”) activity in the field or whether the additional elements simply Appeal 2019-000224 Application 14/012,597 13 append WURC activities previously known to the industry, specified at a high level of generality, to the judicial exception. Revised Guidance, 84 Fed. Reg. at 56. The Examiner’s finding that an additional element (or combination of elements) is WURC activity must be supported with a factual determination. Id. at n.36 (citing MPEP § 2106.05(d), as modified by the Berkheimer Memorandum4). Whether additional elements are WURC activity is a question of fact. See Berkheimer v. HP Inc., 881 F.3d 1360, 1369 (Fed. Cir. 2018) (“Whether something is well-understood, routine, and conventional to a skilled artisan . . . is a factual determination.”). On the record before us, Appellant has not shown that the claims on appeal add a specific limitation beyond the judicial exception that is not “well-understood, routine, and conventional” in the field (see MPEP § 2106.05(d)). The Examiner found that the claim’s limitations recite “routine, conventional activity.” Final Act. 7. Appellant argues that the claim, when considered in its entirety, is not conventional and argues the Examiner erred by not presenting evidence that claim 1, as a whole, is conventional. Appeal Br. 19–20; see Reply Br. 4–5. Appellant’s argument is not persuasive because the novelty of a claim “is of no relevance in determining whether the subject matter of a claim falls within the § 101 categories of possibly patentable subject matter.” Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307, 1315 (Fed. Cir. 2016) (quoting Diehr, 450 U.S. at 188–89). 4 Robert W. Bahr, Changes in Examination Procedure Pertaining to Subject Matter Eligibility, Recent Subject Matter Eligibility Decision (Berkheimer v. HP, Inc.) (2018) (hereinafter “Berkheimer Memorandum”). Appeal 2019-000224 Application 14/012,597 14 Appellant does not point to any particular claim element or combination of elements that does not qualify as WURC, and as explained supra, Appellant’s Specification demonstrates the WURC nature of the additional elements by indicating that they can be implemented with generic devices. E.g., Spec. ¶¶ 30, 37, 39, 45, 61, 69–71, 91–97, 101, 117, 119. For these reasons, we conclude that claim 1, considered as a whole, does not include an inventive concept. Therefore, we sustain the Examiner’s § 101 rejection of independent claim 1. Grouped independent claims 10 and 18 and dependent claims 3, 4, 6, 7, 9, 12, 13, 15–17, 19, and 20 fall with claim 1, and we also sustain the Examiner’s § 101 rejection of these claims. Dependent Claim 5 Appellant further argues that dependent claim 5 is patent eligible because it “specifically mentions different protection schemes that can be used to protect different data assets.” Appeal Br. 20. In particular, claim 5 specifies: the searching, identifying, and classifying steps are based on “a policy”; and a data asset is protected according to the policy, where the protecting includes “encryption, de-contexting, tokenization, masking, hashing, or deletion.” Appeal Br. 23 (Claims App.). We are not persuaded that claim 5 recites eligible subject matter. For the reasons explained above with respect to claim 1, the additional limitations recited by claim 5 neither integrate the abstract idea into a practical solution nor recite elements (individually or in combination) that do not qualify as WURC. Using policies to perform a mental process is yet another mental process, and thus an abstract idea. And the recited protection schemes do not integrate the abstract idea into a practical application and are Appeal 2019-000224 Application 14/012,597 15 not an inventive concept (either individually or considered with other additional elements), as the Specification confirms that they are conventional activity. E.g., Spec. ¶ 92 (“Encryption of the data may include encoding the data based on any known encryption algorithm . . . .” (emphasis added)); see also id. ¶¶ 91–97 (providing high-level description of protection mechanisms). Accordingly, we conclude that claim 5 does not recite patent eligible subject matter, and consequently, we sustain the Examiner’s § 101 rejection of claim 5 and grouped claim 14. CONCLUSION In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1, 3–7, 9, 10, 12–20 101 Eligibility 1, 3–7, 9, 10, 12–20 TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED Copy with citationCopy as parenthetical citation
