Trunomi Ltd.

Patent Trials and Appeals Board

May 24, 2021

2021000161 (P.T.A.B. May. 24, 2021)

UNITED STATES PATENT AND TRADEMARK OFFICE
UNITED STATES DEPARTMENT OF COMMERCE
United States Patent and Trademark Office
Address: COMMISSIONER FOR PATENTS
P.O. Box 1450
Alexandria, Virginia 22313-1450
www.uspto.gov
APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO.
15/650,690 07/14/2017 Stuart H. Lacey 102987-5006-US 6547
24341 7590 05/24/2021
Morgan, Lewis & Bockius LLP (PA)
1400 Page Mill Road
Palo Alto, CA 94304-1124
EXAMINER
LEFFALL-ALLEN, NAKIA
ART UNIT PAPER NUMBER
3699
NOTIFICATION DATE DELIVERY MODE
05/24/2021 ELECTRONIC
Please find below and/or attached an Office communication concerning this application or proceeding.
The time period for reply, if any, is set in the attached communication.
Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the
following e-mail address(es):
padocketingdepartment@morganlewis.com
vskliba@morganlewis.com
PTOL-90A (Rev. 04/07)

UNITED STATES PATENT AND TRADEMARK OFFICE
____________

BEFORE THE PATENT TRIAL AND APPEAL BOARD
____________

Ex parte STUART H. LACEY and NARESH SINGHAL

Appeal 2021-000161
Application 15/650,690
Technology Center 3600
____________

Before HUBERT C. LORIN, KENNETH G. SCHOPFER, and
MATTHEW S. MEYERS, Administrative Patent Judges.

MEYERS, Administrative Patent Judge.

DECISION ON APPEAL

STATEMENT OF THE CASE
Pursuant to 35 U.S.C. § 134(a), the Appellant1 appeals from the
Examiner’s Non-Final Decision to reject claims 1, 3–14, and 16–24, which
are all of the pending claims. We have jurisdiction under 35 U.S.C. § 6(b).
We REVERSE.

1 We use the word “Appellant” to refer to “applicant” as defined in
37 C.F.R. § 1.42. Appellant identifies the real party in interest as Trunomi
Ltd. Appeal Br. 4.
Appeal 2021-000161
Application 15/650,690

2

CLAIMED INVENTION
Appellant’s claimed invention generally relates to a system for
preventing fraudulent transactions in a computer networking environment.
Spec. ¶ 1.
Claims 1 and 14 are the independent claims on appeal. Claim 1,
reproduced below, with modified formatting and bracketed notations, is
illustrative of the claimed subject matter.
1. A server system for generating an auditable digital
certificate, the server system comprising:
[a] a first server with memory storing one or more data
structures, the one or more data structures including a user
information database storing user information associated with a
plurality of users;
[b] a second server with memory storing one or more data
structures, the one or more data structures including a certificate
database storing digital certificates associated with requests for
the user information stored in the user information database;
[c] a third server with one or more processors and memory
storing one or more programs, that, when executed by the one or
more processors, cause the third server to:
[d] receive, from a requester at a remote enterprise
device, a request for user information associated with a
user of the plurality of users, wherein the user information
corresponds to user information stored in the user
information database;
[e] before granting the request, determine that an
authorization from the user is required;
[f] in response to determining that authorization
from the user is required:
[g] create a digital certificate comprising: a
unique identifier associated with the requester, a
context of the request, and a date and time
associated with the request;
[h] send, to a remote client device associated
with the user, an authorization request that includes:
Appeal 2021-000161
Application 15/650,690

3

a request for consent to grant the request from the
requester, and a request for identity verification
evidence;
[i] receive, from the remote client device, the
consent and the identity verification evidence;
[j] add to the created digital certificate: a
unique identifier associated with the remote client
device, the consent received from the remote client
device, and a date and time associated with receipt
of the consent;
[k] tamperproof the digital certificate by
digitally signing the digital certificate; and
[l] store the digital certificate in the certificate
database.
Appeal Br. 57–58 (Claim App.).
REJECTIONS
1. Claims 23 and 24 are rejected under 35 U.S.C. § 112(a) as
failing to comply with the written description requirement.
2. Claims 23 and 24 are rejected under 35 U.S.C. § 112(b) as
indefinite.
3. Claims 1, 4–14, and 16–24 are rejected under 35 U.S.C.
§ 103(a) as being obvious over Cunningham (US 2009/0070371 A1, pub.
Mar. 12, 2009), Coulter (US 2013/0007849 A1, pub. Jan. 3, 2013), and
Ginter (US 6,640,304 B2, iss. Oct. 28, 2003).
4. Claim 3 is rejected under 35 U.S.C. § 103(a) as being obvious
over Cunningham, Coulter, Ginter, and Nelson (US 2011/0067098 A1, pub.
Mar. 17, 2011).
Appeal 2021-000161
Application 15/650,690

4

ANALYSIS
Written Description
The Examiner rejects dependent claims 23 and 24 as failing to comply
with the written description requirement because neither claim “disclose[s]
an algorithm such that one of ordinary skill would understand how the
inventor intended the function (closes) to be performed.” Non-Final Act. 5
(citing MPEP § 2161.01). The Examiner makes a similar rejection with
respect to a lack of disclosure for the algorithm for the “prevented” function
also recited by claims 23 and 24.
Appellant argues that the rejection “fails to make any factual inquiry
regarding the original disclosure of the Appellant’s disclosure at, for
example, paragraphs [0006], [0035], and [0204] of the application as filed.”
Appeal Br. 53; Reply Br. 21.
Responding to Appellant’s arguments in the Answer, the Examiner
explains that
[t]hese paragraphs do not describe how signing the digital
certificate ‘closes the digital certificate.’ Further, Appellant’s
Specification is silent to what ‘closes’ encompasses. According,
to the claim ‘such that changes to the digital certificate are
prevented’ are the result of closing and does not describe what
‘closing’ is. Nor does the Specification disclose who ‘closing’
prevents changes to the digital certificate.
Ans. 4 (emphases omitted).
Whether a specification complies with the written description
requirement of 35 U.S.C. § 112, first paragraph (now 35 U.S.C. § 112(a)), is
a question of fact and is assessed on a case-by-case basis. See, e.g., Purdue
Pharma L.P. v. Faulding, Inc., 230 F.3d 1320, 1323 (Fed. Cir. 2000) (citing
Vas-Cath Inc. v. Mahurkar, 935 F.2d 1555, 1561 (Fed. Cir. 1991)). The
Appeal 2021-000161
Application 15/650,690

5

disclosure, as originally filed, need not literally describe the claimed subject
matter (i.e., using the same terms or in haec verba) in order to satisfy the
written description requirement. But the specification must convey with
reasonable clarity to those skilled in the art that, as of the filing date,
Appellant was in possession of the claimed invention. See id.
Here, the Specification discloses
[a]n additional event is added to the certificate indicating
the result of the transaction at 874. The certificate is also then
closed at 876. In some embodiments, the certificate is then
digitally signed and no further changes can be made to the
certificate.
Spec. ¶ 204. Thus, we agree with Appellant that a person of ordinary skill in
the art would reasonably understand from the Specification, as originally
filed, that the Specification provides support for tamperproofing the digital
certificate by digitally signing the certificate wherein tamperproofing closes
the digital certificate such that changes are prevented given the ordinary
meaning of the functions in question. In other words, one of ordinary skill
in the art would appreciate that the functions of closing (e.g., to terminate
access, to bring to an end, or to conclude) and tamperproofing (i.e., to
prevent tampering or to provide evidence of tampering) are consistent with
the use of digital signatures which are recognized to provide authenticity and
integrity of the signed document. Accordingly, the rejection of claims 23
and 24 under 35 U.S.C. § 112(a) is not sustained.
Indefiniteness
We are persuaded that the Examiner erred in rejecting dependent
claims 23 and 24 under 35 U.S.C. § 112(b). The claims each recite “wherein
tamperproofing the digital certificate by digitally signing the digital
Appeal 2021-000161
Application 15/650,690

6

certificate closes the digital certificate such that changes to the digital
certificate are prevented.” The Examiner takes the position that closing the
digital certificate, such that changes are prevented, is a step that “attempts to
claim both a system and method of using the system.” Non-Final Act. 6.
We disagree.
Instead, we agree with Appellant that claims 23 and 24 “further define
the ‘one or more programs’ limitation from claims 1 and 14, respectively”
(Appeal Br. 54), and that the claims “do[] not specify or require ‘actual use’
to infringe the claim, and thus, there is also no ambiguity or indefiniteness.”
Id. at 55 (citing UltimatePointer, LLC v. Nintendo Co., Ltd., 73 F.Supp.3d
1305, 1309 (2014)). As Appellant points out,
the “third server with one or more processors and memory
storing one or more programs, that, when executed by the one or
more processors, cause the third server to . . .” provides the
structural elements that perform that claimed features recited in
claim 23.
Reply Br. 23. The claims reflect the capabilities of the structure rather than
activities of a user. Therefore, we do not sustain the Examiner’s rejection of
dependent claims 23 and 24 under 35 U.S.C. § 112(b).
Obviousness
Independent claims 1 and 14, and dependent claims 4–13 and 16–24
We are persuaded by Appellant’s argument that the Examiner erred in
rejecting independent claim 1 under 35 U.S.C. § 103(a) because Ginter,
upon which the Examiner relies, fails to disclose or suggest “add[ing] to the
created digital certificate: a unique identifier associated with the remote
client device, the consent received from the remote client device, and a date
and time associated with receipt of the consent,” as recited by limitation [j]
Appeal 2021-000161
Application 15/650,690

7

of independent claim 1, and similarly recited by independent claim 14.
Appeal Br. 29–32.
The Examiner maintains the rejection is proper, and cites several
portions of Ginter, as disclosing the argued limitation. See Non-Final
Act. 8–9 (citing Ginter 25:14–17, 135:49–58, 155:10–11, 158:45–162:28,
163:5–9, 163:64–164:4, 165:65–166:34, 182:33–38, 198:7–11, 251:14–17,
23–39, 252:45, and 255:51–58); Ans. 7–8. We disagree with the Examiner.
Ginter is directed to a system for secure transaction management and
electronic rights protection that includes a virtual distribution environment
“that may enforce a secure chain of handling and control, for example, to
control and/or meter or otherwise monitor use of electronically stored or
disseminated information.” Ginter, Abstract. Ginter discloses the use of a
permission record (PERC) that
is a record corresponding to a VDE object 300 that identifies to
ROS 602, among other things, the elements ROS is to assemble
together to form a component assembly 690. Thus PERC 808 in
effect contains a “list of assembly instructions” or a “plan”
specifying what elements ROS 602 is to assemble together into
a component assembly and how the elements are to be connected
together.
Id. at 86:45–50. Ginter describes “[t]hese PERCs might be used in
conjunction with any of the negotiation process(es) and protocols” (id. at
251:24–30) and “[o]nce an agreement is reached, the negotiation process
may create a new PERC . . . that describes the result of the negotiation.” Id.
at 251:12–14.
Cunningham is directed to an inline rights request and communication
for remote content system that provides “a user, e.g., a content consumer an
Appeal 2021-000161
Application 15/650,690

8

inline ability to request the use of a media asset for reuse.” Cunningham
¶ 25. As Cunningham discloses,
[i]f the request passes the rule set, the user may immediately be
given a link to download and reuse the content. If the rule set is
denied, the form may communicate the request to the content
creator who may manually release the rights to the requester or
contact the content creator/owner to negotiation a user, price, etc.
Id.
Coulter is directed to “[a] transaction processing service that operates
as an intermediary between aggregators of transaction requests, service
providers, consumers, and third–party recipients of consumer services.”
Coulter, Abstract. Coulter discloses that “a transaction request is a request
for consumer services to be provided to a consumer or third-party, a
consumer’s authorization of such consumer services and/or a consumer’s
authorization of applicable terms, policies, contracts, or agreements.” Id.
Coulter describes a system in which
[a]fter authenticating the transaction request from the request
aggregator 214, at a step 4a, the intermediary service 204 may
transmit an authorization message to a mobile device 206 that is
associated with the consumer if the rules that are applicable to
the consumer and the transaction require authorization. To
illustrate, the rules may require an authorization message if the
transaction involves the transfer of sensitive data, but may not
require an authorization message if the transaction simply
involves the transfer of advertising content.
Id. ¶ 61. Coulter further describes that for some transactions “the
intermediary service 204 may require the consumer 102 to confirm that the
consumer service should take place and may require information that
verifies the identity of the person confirming the transaction.” Id. ¶ 68.
Appeal 2021-000161
Application 15/650,690

9

We have reviewed the cited portions of Ginter, and agree with
Appellant that the cited portions of Ginter, fail to disclose or suggest
limitation [j], as recited by independent claim 1, and similarly recited by
independent claim 14. According to the Examiner, Ginter “discloses a
secure database registering a plurality of PERC that reflects user-specified
control information, to include, but not limited to, time-aged keys, which
correspond to the time the user came into possession of the object.” Ans. 8.
Based on this disclosure, the Examiner concludes that Ginter
teaches the claim language in response to receiving the consent
and the identity verification evidence from the remote client
device, add to the created digital certificate: a unique identifier
associated with the remote client device, the consent received
from the remote client device, and a date and time associated
with receipt of the consent.
Id. (emphases omitted).
However, we do not see, and the Examiner does not explain
adequately how or why Ginter discloses or suggests, “add[ing] to the created
digital certificate: a unique identifier associated with the remote client
device, the consent received from the remote client device, and a date and
time associated with receipt of the consent” as required by limitation [j] of
independent claim 1. Instead, we agree with Appellant that
[n]one of Ginter’s traveling objects, the permission records, or
the time-aged keys corresponds to the claimed digital certificate
because they all lack the three claimed features: 1) unique
identifier associated with the remote client device, 2) the consent
received from the remote client device, and 3) a date and time
associated with receipt of the consent recited in the claimed
digital certificate.
Appeal 2021-000161
Application 15/650,690

10

Appeal Br. 31–32 (emphasis omitted). As Appellant points out with respect
to time–aged keys, “the time-aged keys are associated with ‘the time the user
come [sic] into possession of the [traveling] object . . . [which is]
electronically distributed by broadcast, network, or telecommunications.’”
Reply Br. 18 (emphasis omitted) (citing Ginter 135:48–58). We also agree
with Appellant that “the expiration date/time would likely not be the claimed
‘date and time associated with the receipt of consent’ (e.g., expiration
date/time would be later than the date and time associated with the receipt of
the consent).” Appeal Br. 30. We note that Ginter discloses three PERCs
used to support negotiations including “PERC sent by the content owner . . .
PERC created by user to represent their selections and rights . . . PERC for
controlling the negotiation process.” Ginter 251:24–30. Ginter’s disclosure
of three separate PERCs fails to disclose or suggest “add[ing] to the created
digital certificate: a unique identifier associated with the remote client
device, the consent received from the remote client device, and a date and
time associated with receipt of the consent.” The addition of Cunningham
and Coulter fails to cure the identified deficiency.
In view of the foregoing, we do not sustain the Examiner’s rejection
of independent claim 1 under 35 U.S.C. § 103(a). For the same reasons, we
also do not sustain the Examiner’s rejections of dependent claims 4–13, and
23. Independent claim 14 includes a limitation similar to independent claim
1’s limitation [j] discussed above, and the Examiner relies on the same
rationale in rejecting claim 14. See Non–Final Act. 8–9. Therefore, we do
not sustain the Examiner’s rejection of independent claim 14, and dependent
claims 16–22, and 24 for the same reasons set forth above with respect to
independent claim 1.
Appeal 2021-000161
Application 15/650,690

11

Claim 3
Claim 3 depends from claim 1, and thus, incorporates limitation [j]
recited in independent claim 1. The Examiner’s rejection with respect to
Nelson, in combination with Cunningham, Coulter, and Ginter as applied to
claim 1, does not cure the above-discussed shortcomings of Cunningham,
Coulter, and Ginter identified by Appellant. Thus, we do not sustain the
Examiner’s rejection of dependent claim 3 under 35 U.S.C. § 103(a) for the
same reasons set forth above with respect to independent claim 1.
Appeal 2021-000161
Application 15/650,690

12

CONCLUSION
In summary:
Claim(s)
Rejected
35 U.S.C. § Reference(s)/Basis Affirmed Reversed
23, 24 112(a) Written Description

23, 24
23, 24 112(b) Indefiniteness 23, 24
1, 4–14,
16–24
103 Cunningham,
Coulter, Ginter
1, 4–14,
16–24
3 103 Cunningham,
Coulter, Ginter,
Nelson
3
Overall
Outcome
1, 3–14,
16–24

REVERSED