Commissioner’s Decision #1419
Décision du Commissaire #1419
TOPIC: O00 (Obviousness); C00 (Adequacy or Deficiency of Description)
SUJET: O00 (Évidence); C00 (C00 (Caractère Adéquat ou Inadéquat de la Description))
Application No.: 2,604,913
Demande n°.: 2,604,913
IN THE CANADIAN PATENT OFFICE
DECISION OF THE COMMISSIONER OF PATENTS
Patent application number 2,604,913 having been rejected under subsection 30(3) of the Patent Rules has been reviewed in accordance with paragraph 30(6)(c) of the Patent Rules. The recommendation of the Patent Appeal Board and the decision of the Commissioner are to allow the application.
Agent for the Applicant:
SMART & BIGGAR
55 Metcalfe Street Suite 900
PO Box 2999 Station D
Ottawa, Ontario
K1P 5Y6
Introduction
[1] This recommendation concerns the review of rejected patent application number 2,604,913, which is entitled “METHOD AND SYSTEM FOR RISK MANAGEMENT IN A TRANSACTION” and is owned by PayPal PTE LTD. The outstanding defects to be addressed are whether the claimed subject matter is obvious and whether the specification is sufficient. A review of the rejected application has been conducted by the Patent Appeal Board pursuant to paragraph 30(6)(c) of the Patent Rules. As explained in more detail below, our recommendation is that the application be allowed.
Background
The Application
[2] Patent application 2,604,913 (“the instant application”) was filed in Canada on April 4, 2006 and published on October 19, 2006.
[3] The instant application relates to risk management and fraud avoidance and minimization in transactions between a consumer (or customer) and a merchant (or credit issuer). The instant application proposes risk management systems and methods that apply a two-tier risk rule set to transaction data to authorize transactions between a consumer and a merchant. The two-tier risk rule sets are modifiable, dynamic, and configurable in that the first tier rule set may be supplemented with new rules from the second tier rule set.
Prosecution history
[4] On July 24, 2014, a Final Action (“FA”) was written pursuant to subsection 30(4) of the Patent Rules. The FA states that the instant application is defective on the grounds that:
1. claims 1-25 (the “claims on file”) are directed to non-statutory subject matter that lies outside the definition of “invention” and thus do not comply with section 2 of the Patent Act;
2. the claims on file are obvious and thus do not comply with section 28.3 of the Patent Act; and
3. the specification is not sufficient and thus fails to comply with subsection 27(3) of the Patent Act.
[5] In a January 26, 2015 response to the Final Action (“R-FA”), the Applicant argued that the claims are directed to statutory subject matter, the claims are inventive, and that the description provides sufficient information for a person skilled in the art to practice the invention. The Applicant proposed amendments to the claims (“Proposed Claim Set 1”) and amendments to several pages of the description.
[6] As the Examiner considered the instant application not to comply with the Patent Act, pursuant to subsection 30(6) of the Patent Rules the instant application was forwarded to the Patent Appeal Board (the “Board”) on April 13, 2015 for review, along with an explanation outlined in a Summary of Reasons (“SOR”).
[7] In a letter dated June 30, 2015, the Board forwarded the Applicant a copy of the SOR and offered the Applicant an opportunity to make further written submissions and to attend an oral hearing.
[8] The Applicant, in a letter dated September 25, 2015, requested an oral hearing and provided written submissions in response to the SOR (“R-SOR”) in a letter dated May 10, 2016. The Applicant also proposed further amendments to the claims (“Proposed Claim Set 2”).
[9] The present panel (“the Panel”) was thereafter formed to review the instant application. Based on our review of the instant application and the record as it presently stands, our recommendation is to allow the instant application as it stood at the time of the FA. Therefore, an oral hearing is not required and the Panel need not make any recommendation on the acceptability of either Proposed Claim Set 1 or Proposed Claim Set 2.
Issues
[10] The SOR maintained the obviousness and sufficiency defects. The non-statutory subject matter defect was withdrawn (SOR at page 2). As the non-statutory defect was fully explored in the FA, appears to be consistent with the purposive construction approach set out in the Manual of Patent Office Practice §13.05 [revised June 2015; “MOPOP”] and thereafter withdrawn in light of the Applicant’s submissions, this issue is not further considered.
[11] The two issues remaining to be addressed are whether the claims on file at the time the FA was written are obvious and whether the specification is sufficient. More precisely:
1. Would the subject matter defined by claims 1-25 have been obvious to a person skilled in the art as of the instant application’s claim date, and therefore not compliant with section 28.3 of the Patent Act?
2. Does the specification comply with subsection 27(3) of the Patent Act so as to correctly and fully describe, and enable, the subject matter of the claims on file?
Legislation and legal principles
Purposive construction
[12] In accordance with Free World Trust v Électro Santé Inc., 2000 SCC 66, essential elements are identified through a purposive construction of the claims done by considering the whole of the disclosure, including the specification and drawings (see also Whirlpool Corp v Camco Inc., 2000 SCC 67 at paras. 49(f) and (g) and 52). In accordance with the MOPOP §13.05, the first step of purposive claim construction is to identify the person of ordinary skill in the art and the relevant common general knowledge. The next step is to identify the problem addressed by the inventors and the solution disclosed in the application. Essential elements can then be identified as those elements of the claims that are required to achieve the disclosed solution.
Obviousness
[13] The Patent Act requires that the subject matter of a claim not be obvious. Section 28.3 of the Act provides as follows:
28.3 The subject matter defined by a claim in an application for a patent in Canada must be subject matter that would not have been obvious on the claim date to a person skilled in the art or science to which it pertains, having regard to
(a) information disclosed more than one year before the filing date by the applicant, or by a person who obtained knowledge, directly or indirectly, from the applicant in such a manner that the information became available to the public in Canada or elsewhere; and
(b) information disclosed before the claim date by a person not mentioned in paragraph (a) in such a manner that the information became available to the public in Canada or elsewhere.
[14] In Apotex Inc v Sanofi-Synthelabo Canada Inc, 2008 SCC 61 at para. 67 [Sanofi], the Supreme Court of Canada stated that it is useful in an obviousness inquiry to follow the following four-step approach:
(1)(a) Identify the notional "person skilled in the art";
(b) Identify the relevant common general knowledge of that person;
(2) Identify the inventive concept of the claim in question or if that cannot readily be done, construe it;
(3) Identify what, if any, differences exist between the matter cited as forming part of the “state of the art” and the inventive concept of the claim or the claim as construed;
(4) Viewed without any knowledge of the alleged invention as claimed, do those differences constitute steps which would have been obvious to the person skilled in the art or do they require any degree of invention?
Sufficiency
[15] The relevant portions of subsection 27(3) of the Act read as follows:
The specification of an invention must:
(a) correctly and fully describe the invention and its operation or use as contemplated by the inventor;
(b) set out clearly the various steps in a process, or the method of constructing, making, compounding or using a machine, manufacture or composition of matter, in such full, clear, concise and exact terms as to enable any person skilled in the art or science to which it pertains, or with which it is most closely connected, to make, construct, compound or use it; . . .
[16] The courts have indicated that sufficiency of disclosure primarily relates to two questions that are relevant for the purpose of paragraphs 27(3)(a) and 27(3)(b) of the Patent Act: i.) What is the invention? and ii.) How does it work? (Consolboard v MacMillan Bloedel, [1981] 1 SCR 504 at 526, 56 CPR (2d) 145 at 157). With respect to each question the description must be correct and full in order that when the period of the monopoly has expired the public, having only the specification, will be able to make the same successful use of the invention as the inventor could at the time of his application, without having to display inventive ingenuity or undertake undue experimentation.
Analysis
Purposive construction
[17] A claim construction is not set out explicitly, as there are no issues regarding the meaning of any terms recited in the claims and the Examiner’s characterization of the essential elements is consistent with the identified problem and solution as understood from the specification (see the FA at pages 2-4).
Obviousness
[18] The FA and the SOR stated that claims 1-25 on file would have been obvious having regard to either reference D4 or D5, in view of either reference D6 or D7:
D4: US Patent Application Number 2003/0130919 A1, published July 10, 2003;
D5: CA Patent Number 1,252,566, issued April 11, 1989;
D6: WO Patent Application Number 2005/025292 A2, published March 24, 2005; and
D7: US Patent Application Number 2002/0194119 A1, published December 19, 2002.
[19] References D1 to D3, raised by the Examiner in the earlier prosecution stages of the instant application, and references D8 to D10, labelled as references of interest in the FA, do not appear to provide any further teachings relevant to the obviousness analysis and are not considered further.
Sanofi step (1)(a) – Identify the notional person skilled in the art
[20] The FA at page 4 identified the person skilled in the art as “skilled in the field of financial transactions. The skilled person is also familiar with general purpose computing technology and basic programming techniques.” The Applicant did not dispute this characterization in the R-FA or the R-SOR.
[21] As the skilled person is knowledgeable in these two areas, it follows that the skilled person is a team comprised of a person skilled in financial transactions in cooperation with a person skilled in computer technology.
Sanofi step (1)(b) – Identify the relevant common general knowledge of that person
[22] The FA at page 4 identified the common general knowledge (“CGK”) of the person skilled in financial transactions as including “various payment methods and disadvantages as outlined in the present description (pages 1 to 5). The skilled person is also familiar with transaction risk management.”
[23] The Applicant’s characterization of the CGK appears to be consistent with, and further expands upon, the CGK identified in the FA. The Applicant’s characterization of the CGK, provided in the R-SOR at page 7, specified that:
…the person skilled in the art to whom the present specification is addressed will at least be familiar with transaction systems, risk management within transaction systems, as well as state of the art techniques for fraud minimization and avoidance within transaction systems between a consumer (or customer) and a merchant (or credit issuer).
[24] The FA at page 4 also identified the CGK of the person skilled in computer technology as including:
… various computer systems for performing financial transactions such as those outlined in the Background of the Invention, including computer systems comprising a central processing unit and a memory (database) coupled to the central processing unit as well as computer programming techniques.
[25] The Applicant did not dispute this in the R-FA or the R-SOR.
[26] The totality of the CGK is the sum of the CGK possessed by each member of the team identified above. Therefore, in our view, the person skilled in the art would be familiar with financial transactions, payment methods, transactional security issues, financial transaction systems, risk management within financial transaction systems, including commonly known techniques for fraud minimization and avoidance, and general purpose computing technology and basic programming techniques.
Sanofi step (2) – Identify the inventive concept of the claim in question or if that cannot readily be done, construe it
[27] The FA at page 5 identified two separate inventive concepts for the independent claims:
1. For independent claims 1 and 15, the inventive concept is represented by:
• the transaction data set having a plurality of data fields which is received from the entity;
• the denial rule set having a plurality of rules; risk data directed to the transaction being outputted based upon the result of applying at least one rule of the plurality of rules to at least one data field of the plurality of data fields in the transaction data set;
• the risk analysis rule set having a plurality of rules, risk data being outputted based upon the result of applying at least one rule of the plurality of rules to at least one data field of the plurality of data fields in the transaction data set;
• wherein the system is further configured to:
i) establish a new rule if the risk data from the online authorization denial system indicates that the transaction should not be denied but the risk data from applying a rule of the risk analysis rule set to at least one data field in the transaction data set indicates that the transaction should be denied, wherein the new rule is the rule of the risk analysis rule set that results in the denied transaction; and
ii) wherein the new rule is added to the denial rule set for use in subsequent transaction analysis.
2. For independent claim 24, the inventive concept is represented by:
• a transaction data set including a plurality of data fields;
• applying a denial rule set having a plurality of rules to at least one of the data fields in the transaction data set, thereby providing risk data;
• a denial instruction if the resulting risk data indicates that the transaction should be denied based upon the applied rule;
• receiving a new rule if the resulting risk data indicates that the transaction should not be denied based upon the applied rule, but the risk analysis system applying the new rule to at least one of the data fields in the transaction data set would have resulted in a denial of the transaction; and
• adding the new rule to the denial rule set for use in a subsequent transaction.
[28] We take the dependent claims and the additional details recited therein, to represent refinements of the inventive concepts of the independent claims.
[29] The Applicant did not dispute the inventive concepts for the independent claims as stated in the FA.
[30] Therefore, we adopt for our analysis the inventive concepts as stated in the FA. As the inventive concepts are similar, for the purpose of the present analysis, an overall inventive concept may be described as relating to a risk management system applied to transaction data associated with a transaction between a consumer/customer and a merchant/credit issuer. The risk management system applies a two-tier risk rule set to the transaction data. The first tier rules (the denial rule set) act as a filter to provide immediate risk data based on a subset of transactional data and the second tier rules (the risk analysis rule set) allow for a more detailed review of a greater subset of transaction data. The denial rule set may be supplemented with a new rule from the risk analysis rule set if the first tier rule set indicates that the transaction should not be denied but the second tier rule set indicates that the transaction should be denied.
Sanofi step (3) – Identify what, if any, differences exist between the matter cited as forming part of the “state of the art” and the inventive concept of the claim or the claim as construed
[31] The FA at page 5 identified the state of the art as either reference D4 or D5. The Applicant did not dispute that references D4 or D5 represent the state of the art. We consider these references in Sanofi step 3.
[32] The FA at pages 6-7 also identified either reference D6 or D7 to close the gap between the state of the art and the inventive concepts of the claims. We consider these references in Sanofi step 4.
[33] D4 is directed to systems and methods for selectively determining when and from what source to access additional financial information in a risk assessment for a transaction (D4, abstract).
[34] D4 discloses a risk engine that applies a set of pre-scoring rules to transaction data for an initial risk assessment of a transaction (D4, FIG 2, para [0070]). The pre-scoring rules allow the risk system to make an authorize/decline decision without a need for further risk assessment activities. The pre-scoring rules may also dictate how various factors will guide further risk assessment and decision-making operations (D4, para [0071]). The risk engine further comprises a scoring rule matrix configured to calculate and return a risk score indicative of the probable risk of a transaction and whether the transaction should be authorized, declined, or further evaluated. Borderline risk scores result in further transaction data analysis by a postscore rules component of the risk engine that provides additional evaluation (D4, paras [0072]-[0074] and [0113]).
[35] The scope of D4 as stated in the FA at page 5 is consistent with the Applicant’s view of the scope of D4 as stated in the R-FA at page 18. Namely, D4 discloses a two-tier risk rule set, pre-scoring rules and postscore rules, used to evaluate the risk of a transaction by applying the two-tier risk rule set to the transaction data.
[36] In our view, the person skilled in the art would view the difference between the state of the art, represented by D4, and the inventive concept as being that the first tier rule set may be supplemented with a new rule from the second tier rule set, if the first tier rule set indicates that the transaction should not be denied but the second tier rule set indicates that the transaction should be denied.
[37] D5 relates to a transaction system that authorizes requests for transactions. Transaction cards are encoded with risk assessment information, such as a multiplier, associated with each cardholder used in evaluating a transaction. The transaction terminal compares the transaction amount to the transaction terminal dollar limit, modified by the multiplier. If the transaction amount exceeds the modified terminal dollar limit, the transaction is not approved and the terminal transmits the transaction information to the card issuer for evaluation (D5, abstract, pages 6-7).
[38] The person skilled in the art would view D5 as disclosing a transaction risk assessment that applies, at a first tier, a set of rules (comparison of the transaction amount to the modified terminal dollar limit) to the transaction data. However, D5 does not disclose that “rules” are used at a second tier; rather D5 merely discloses that the card issuer evaluates the transaction information at the second tier.
[39] In our view, the person skilled in the art would conclude that D5 discloses a one-tier risk rule set used to evaluate the risk of a transaction and would view the difference between the state of the art, represented by D5, and the inventive concept, as a two-tier risk rule set used to evaluate the risk of a transaction by applying the two-tier risk rule set to the transaction data and that the first tier rule set may be supplemented with a new rule from the second tier rule set.
[40] In light of the above, it is our view that D4 is closer to the inventive concept of the claims than D5.
[41] The FA at page 6 characterized the difference between the state of the art and the inventive concept of the claims on file as “the use of a dynamic rule set.” In evaluating these differences with respect to the prior art in the Sanofi step 4 analysis, the FA equated the term “dynamic” with “creating”, “updating”, “modifying”, and “adjusting” rules.
[42] While we agree with this definition of a “dynamic rule set”, in our view, the person skilled in the art would view the difference between the state of the art, represented by D4, and the inventive concept of the claims on file as, more specifically, a first tier rule set that may be supplemented with a new rule from the second tier rule set, if the first tier rule set indicates that the transaction should not be denied but the second tier rule set indicates that the transaction should be denied.
Sanofi step (4) – Viewed without any knowledge of the alleged invention as claimed, do those differences constitute steps which would have been obvious to the person skilled in the art or do they require any degree of invention?
[43] The FA at pages 6-7 stated that each of the references D6 and D7 teach dynamically modifying rules, a principle that may be applied to the two-tier risk rule set of D4, thus rendering the claims obvious.
[44] D6 is directed to risk based authentication of a transaction that sets a risk level (D6, abstract). The risk level determines any additional security or authentication details required in a further risk assessment (D6, pages 9, 11, and 13). Risk assessment is performed according to a set of rules (D6, pages 15 and 16). New rules to detect fraudulent activities may be created based on various sources of information (D6, page 17, lines 1-4).
[45] The FA at page 6 stated that D6 discloses that the rules are dynamically modified.
[46] In our view, the person skilled in the art would view D6 as disclosing a risk analysis system that uses a single tier risk rule set, these rules being updated based on past activities and decisions, inputs from institutions such as banks, and information on users reporting fraud (D6, pages 16 and 17). However, in our view, there is no disclosure in D6 that the transaction data is analyzed by two distinct tiers of rule sets, and therefore no disclosure of adding new rules from one rule set to another.
[47] D7 is directed to evaluating fraud risk in an electronic commerce transaction (D7, abstract). Transaction information is analyzed using a series of transaction present tests (D7, FIG 10B, paras [0180]-[0255]), equivalent to rules of the instant application, that determine whether or not the transaction information represents a good transaction (D7, para [0164]). If the transaction information passes the transaction present tests, then the transaction information is compared to history information resulting in discrete score values (D7, FIG 10B, para [0165]). The discrete score values are then analyzed by statistical and heuristic models (D7, paras [0166]-[0177]).
[48] D7 also discloses examples of merchant-specific values of the heuristic models, including weight values (D7, paras [0168]-[0176]). D7 also teaches that the dynamic modification of weights are used to fine-tune the models by adjusting the relative importance of each test in the model (D7, para [0100]) to minimize false positives and missed fraudulent transactions (D7, para [0110]). In our view, the person skilled in the art would view the merchant-specific model weight values as equivalent to “rules.”
[49] The FA at page 6 stated that the updating of the model weights in D7 disclose dynamically modifying the rules.
[50] In our view, the person skilled in the art would view D7 as disclosing a transactional data risk analysis system involving two-tier risk rules, namely, the transaction present tests and merchant-specific weight values of the heuristic model. However, the person skilled in the art would view the dynamic modification of weights as disclosing, at best, an updating of risk rules in one tier, but not disclosing the addition of a new rule to a first tier rule set from a second tier rule set.
[51] In summary, it is our view that the person skilled in the art would view both D6 and D7 as disclosing dynamic modification of rules for assessing risk in a financial transaction. The person skilled in the art applying the teachings of either D6 or D7 to the state of the art, as represented by D4, would be led to a risk management system comprising a two-tier risk rule set, wherein the rules of each tier of the two-tier risk rule set may be dynamically modified.
[52] However, in our view, as set out in the Sanofi step 3 analysis above, the difference between the inventive concept of the claims and the state of art is not merely the dynamic modification of the rules within one tier or the other in a two-tier risk rule set. Rather, the inventive concept relates to dynamic modification of the rules by the transfer of a rule from a second tier to a first tier in a two-tier risk rule set.
[53] We conclude that neither D6 nor D7 would lead the person skilled in the art to close the gap between D4 and the inventive concept of the claims on file, namely, adding a new rule to the first tier rule set from the second tier rule set, if the first tier rule set indicates that the transaction should not be denied but the second tier rule set indicates that the transaction should be denied.
[54] As our Sanofi analysis is based on the inventive concept of the independent claims, we conclude that the independent claims 1, 15, and 24 are not obvious. Dependent claims 2-14, 16-23 and 25 recite additional details and therefore are also not obvious given their dependence on the independent claims.
[55] We conclude that claims 1-25 are compliant with section 28.3 of the Patent Act.
Sufficiency
[56] With regard to the sufficiency requirement to correctly and fully describe as well as enable the invention under paragraph 27(3) of the Patent Act, we consider whether the person skilled in the art, having only the specification, will be able to make the same successful use of the invention as the inventor could at the time of his application, without having to display inventive ingenuity or undertake undue experimentation.
[57] The FA at page 7 stated (similarly stated in the SOR at page 2) that:
It is not clear from the description as to how the rule set is made to be dynamic and configurable. The description does not indicate how the determination is made that a new rule should be added, nor as to how the determination is made as to what the new rule should be. Neither the rules, rule set, nor the table are defined in any detail, nor is it specified how this is performed.
[58] The Applicant responded in the R-FA at pages 19-20, and further elaborated with additional detail in the R-SOR at pages 5-10, with references to various passages in the instant application which, in the Applicant’s view, provide the required description and detail for the person skilled in the art to describe and enable the invention.
[59] In particular, the Applicant drew attention to the description at para [0035]:
The communication between the risk analysis system 32 and the authorization denial system 18 provides for the transmission of a rule 38 from the risk analysis rule set 36, a new rule, an applied rule, transaction denial data, authentication denial data and/or authorization denial data between the systems 18, 32. In one embodiment, a new rule 42, such as a new fraud rule, is transmitted from the risk analysis system 32 to the authorization denial system 18. This new rule 42 is then added to the denial rule set 26 for use in subsequent transaction analysis. Therefore, when the risk analysis system 32 analyzes a transaction and the transaction data set 22, it may identify new patterns, rules or data that would have resulted in an immediate denial instruction by the authorization denial system 18 if it had access to this information. Therefore, the new rule 42 allows the denial rule set 26 to be updated appropriately, which, in turn, makes the authorization denial system 18 a "self healing" system.
[60] In our view, the person skilled in the art would understand, based on the specification and, in particular, the recited passage, the process for identification of a new rule, the criteria by which a new rule is determined, the means to transfer the new rule from the risk analysis system to the authorization denial system, and the means for inclusion of the new rule into the denial rule set for subsequent transaction processing. Additional details specifying particular rules would depend on the context of the transaction being analyzed and such details would be within the CGK of the person skilled in the art. Thus, the specification discloses in sufficient detail the invention and how it works.
[61] We conclude that the specification is compliant with the requirements of subsection 27(3) of the Patent Act.
Conclusion
[62] Based on our review of the facts of this case, we have reasonable grounds to believe that the instant application complies with the Patent Act and Patent Rules.
Recommendation of The Board
[63] For the reasons set out above, we are of the view that the rejection is not justified on the basis of the defects indicated in the Final Action notice and have reasonable grounds to believe that the instant application complies with the Patent Act and the Patent Rules. We recommend that the Applicant be notified in accordance with subsection 30(6.2) of the Patent Rules that the rejection of the instant application is withdrawn and that the instant application has been found allowable.
Lewis Robart Andrew Strong Stephen MacNeil
Member Member Member
Decision
[64] I concur with the findings and the recommendation of the Board. In accordance with subsection 30(6.2) of the Patent Rules, I hereby notify the Applicant that the rejection of the instant application is withdrawn, the instant application has been found allowable and I will direct my officials to issue a Notice of Allowance in due course.
Johanne Bélisle
Commissioner of Patents
Dated at Gatineau, Quebec,
this 17th day of May, 2017