PTAB

IPR2023-01290

MasterCard Inc v. Ov Loop Inc

Log In
Key Events
Petition
petition Intelligence

1. Case Identification

2. Patent Overview

  • Title: Secure Application-Based Participation in Payment Card Transactions
  • Brief Description: The ’171 patent describes a method for a mobile device to participate in a secure payment transaction by using a non-permanent cryptographic key obtained from a remote server. This key is used to generate a transaction-specific cryptogram, avoiding the need to store a permanent cryptographic key on the mobile device itself.

3. Grounds for Unpatentability

Ground 1: Claims 1-33 are obvious over White in view of EMV

  • Prior Art Relied Upon: White (Patent 8,374,916) and EMV (“EMV® Contactless Specifications for Payment Systems” and related documents).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that White disclosed a mobile payment system where a mobile device receives a "one-time digital key" from a remote payment server to generate a "payment number" for a transaction. This system, however, lacked compliance with the prevailing EMV standard. The EMV specifications described the industry-standard protocol for secure payment transactions, including the use of a non-permanent, transaction-specific "Session Key" to generate an "Application Cryptogram." Petitioner contended that a person of ordinary skill in the art (POSA) would have recognized White's "one-time digital key" as analogous to EMV's "Session Key," and White's "payment number" as analogous to EMV's cryptogram. The combination allegedly taught all limitations of independent claims 1 and 17, such as requesting and receiving a non-permanent key from a remote system and using it locally to generate a response cryptogram for a POS terminal.
    • Motivation to Combine: A POSA would combine White with the EMV standard to ensure interoperability with the vast and growing global infrastructure of EMV-compliant POS terminals. This combination would improve the security of White’s system by adopting proven anti-fraud techniques (like dynamic data authentication via cryptograms) and enhance its marketability, making it a predictable and necessary modification.
    • Expectation of Success: Success would have been expected because it involved applying the well-documented and standardized EMV protocol to a known mobile payment framework. The implementation would involve routine programming, well within the skill of a POSA.

Ground 2: Claims 1-33 are obvious over Mellqvist in view of EMV

  • Prior Art Relied Upon: Mellqvist (Application # 2010/0153721) and EMV.
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner asserted that Mellqvist disclosed an NFC-enabled portable device that communicates with remote servers hosting secure elements for payment applications. To make Mellqvist’s system functional for standardized credit card transactions, a POSA would implement it according to EMV standards. Petitioner argued that a POSA, faced with a finite number of predictable design choices, would have found it obvious to configure Mellqvist’s device to request only the non-permanent EMV "Session Key" from the remote secure element prior to a transaction. The device would then locally generate the "Application Cryptogram" during the POS interrogation. This architecture solves known problems of network latency and unreliable connectivity that would arise if the device had to communicate with the remote server for every step of the transaction.
    • Motivation to Combine: The motivation was to adapt Mellqvist’s conceptual framework for use in the real-world EMV payment ecosystem. A POSA would be driven by the need for EMV compliance for the same reasons of interoperability, security, and commercial viability as in Ground 1. This approach was consistent with Mellqvist’s teaching of providing a "predetermined level of security" remotely without needing to maintain that full level of security on the mobile device (e.g., by not storing the permanent master key locally).
    • Expectation of Success: A POSA would have had a high expectation of success. The design choice to pre-fetch a session key and generate a cryptogram locally was presented as the most logical solution among a few alternatives when considering the practical constraints of NFC transaction speeds and potential network unavailability.

4. Key Claim Construction Positions

  • "R-APDU Term": Petitioner identified the term "at least one response application data protocol unit containing the response cryptogram and an account identifier for the account" as requiring construction.
  • Proposed Constructions: Petitioner proposed two alternative constructions:
    • Construction 1: One or more response APDUs that collectively contain the cryptogram and account identifier.
    • Construction 2: One or more response APDUs where each APDU contains both the cryptogram and account identifier.
  • Argument: Petitioner argued that the prior art rendered the claims obvious under either construction. For example, under Construction 1, a Mastercard EMV transaction uses separate APDUs for the account identifier and the cryptogram. Under Construction 2, a Visa EMV transaction could use a single APDU containing both.

5. Arguments Regarding Discretionary Denial

  • §314(a) / Fintiv: Petitioner argued against discretionary denial under Fintiv, stating that the parallel district court case was in its infancy, no scheduling order had been entered, and discovery had not begun. Petitioner had filed a motion to stay the district court case pending the outcome of the inter partes review (IPR), and the court had a history of granting such stays.
  • §325(d): Petitioner contended that denial under §325(d) was inappropriate because the examiner did not substantively consider the primary references during prosecution. While White and Mellqvist were cited on the face of the patent, the crucial EMV specifications, which provide the roadmap for combining the references, were never presented to or considered by the USPTO. Therefore, the petition raised new arguments and art that were not previously before the Office.

6. Relief Requested

  • Petitioner requested institution of an IPR and cancellation of claims 1-33 of Patent 10,032,171 as unpatentable.