`PATENT TRIAL & APPEAL BOARD
`
`
`John D’Agostino
`In re Patent of:
`U.S. Patent No.: 8,036,988
`Issue Date:
`October 11, 2011
`Application No.: 12/902,399
`Filing Date:
`October 23, 2010
`Title:
`System and Method for Performing Secure Credit Card
`Transactions
`
`
`
`
`DECLARATION OF DR. JACK D. GRIMES, Ph.D.
`
`I, Jack D. Grimes, Ph.D., declare as follows:
`
`(1)
`
`I have written this Declaration at the request of MasterCard International
`
`Incorporated (“MasterCard”). In forming my opinions, I rely on my knowledge
`
`and experience in the field and on documents and information referenced in this
`
`Declaration.
`
`(2)
`
`I reside at 5025 Wine Cellar Drive, Sparks, NV. I am an independent
`
`consultant. I have prepared this Declaration for consideration by the Patent Trial
`
`and Appeal Board. I am over eighteen years of age and I would otherwise be
`
`competent to testify as to the matters set forth herein if I am called upon to do so.
`
`I.
`
`BACKGROUND AND QUALIFICATIONS
`
`(3)
`
`I earned B.S. and M.S. degrees in Electrical Engineering, and a Ph.D.
`
`degree in Electrical Engineering (with a minor in Computer Science), all from
`
`
`
`1
`
`MasterCard, Exh. 1008, p. 1
`
`
`
`Iowa State University. I also earned an M.S. degree in Experimental Psychology
`
`from the University of Oregon. I have been active in several professional societies
`
`and have worked in the computer and electronics field for over forty (40) years
`
`including teaching at two universities. Details of my education and work
`
`experience are set forth in my curriculum vitae, which is attached as Appendix A.
`
`(4)
`
`From 1996 until 1999, I worked at Visa International (“Visa”) and was
`
`Senior Vice President for Technology, Architecture & Strategy. My
`
`responsibilities included developing the strategies for Visa in chip card technology,
`
`management of large-scale software projects, and the evaluation of investments in
`
`technology companies. My duties included management of two technology and
`
`strategy groups containing over 30 people. One group provided chip card and
`
`related technology development for new products and services, including SET
`
`(Secure Electronic Transactions over the Internet). The other group was
`
`responsible for the global network and processing architecture strategy to replace
`
`the then current VisaNet services, providing credit card authorization and
`
`settlement. I also served as an internal consultant on Internet payment systems.
`
`(5)
`
`I have reviewed United States Patent No. 8,036,9881 (“the ’988 patent”)
`
`to D’Agostino. I have also reviewed the publications cited within this declaration
`
`
`1 John D’Agostino, “System and Method for Performing Secure Credit Card
`Transactions,” U.S. Patent No. 8,036,988, issued October 11, 2011 (Exh. 1001).
`
`
`
`2
`
`MasterCard, Exh. 1008, p. 2
`
`
`
`and referenced in the covered business method patent review petition submitted
`
`herewith.
`
`II.
`
`STATE OF THE ART
`
`(6) The technology for performing secure credit card purchases in
`
`connection with remote commercial transactions was well known by the year 1999.
`
`Credit Card Fraud
`
`(7) There are many well-known ways that an unauthorized user can obtain
`
`your name, credit card number and expiration date. Credit cards have become so
`
`widely used that fraud is a major problem and concern for most cardholders.
`
`(8)
`
`In attended, point-of-sale (POS) transactions, the cardholder’s signature
`
`is compared to the signature printed on the credit card. This provides
`
`authentication that the person utilizing the credit card is, in fact, the cardholder. In
`
`Europe, where chip cards are common, attended transactions typically require the
`
`entry of a PIN at the point-of-sale.
`
`(9) However, these solutions do not work for “remote transactions,” such as
`
`on-line purchases using the Internet or for transactions over the telephone. In this
`
`case, the customer’s signature cannot be verified and there is no PinPad to provide
`
`for the entry of a PIN.
`
`(10) As a result, in remote transactions, the opportunity exists for an
`
`unauthorized user to provide a stolen credit card number with accompanying info
`
`
`
`3
`
`MasterCard, Exh. 1008, p. 3
`
`
`
`to conduct a purchase transaction. For example, for Internet transactions, it is
`
`difficult to differentiate between an unauthorized user and the true cardholder
`
`based on the credit card information provided for a transaction. The fraudulent
`
`transaction can only be identified later (e.g., if the cardholder realizes that a
`
`fraudulent transaction has occurred).
`
`(11) To address the problem of credit card fraud, several solutions were
`
`proposed, including the technology disclosed by U.S. Patent No. 6,422,462 to
`
`Cohen (Exh. 1004, “Cohen”), and by U.S. Patent No. 6,636,833 to Flitcroft et al.
`
`(Exh. 1005, “Flitcroft”).
`
`(12) One well-known solution to credit card fraud is creating a limited-use
`
`credit card that is restricted to a single use. (See Cohen at C2:35-43; Flitcroft at
`
`C6:53-56) Each of these single use cards has a unique card number that is
`
`different from to the master credit card account number. That way, if the card
`
`number and accompanying info is subsequently stolen, that card number cannot be
`
`used for a second purchase. After the card is used, it may be discarded.
`
`(13) Another well-known solution to credit card fraud is creating a limited-use
`
`credit card with restrictions on its usage, such as limiting the dollar amount,
`
`limiting the frequency of use, or limiting the merchant category where the card
`
`may be used – such as for airline tickets or for clothing stores, etc. (See Cohen at
`
`C7:66-8:46; Flitcroft at C8:2-10). These limited use cards also have numbers that
`
`
`
`4
`
`MasterCard, Exh. 1008, p. 4
`
`
`
`are different from the master credit card account number. That way, the limited-
`
`use card number cannot be used for purchases that are inconsistent with the
`
`restrictions on its usage.
`
`Repeating Credit Card Transactions
`
`(14) It was well known in the art at the time the patent was filed that you can
`
`call your bank and set up a repeating payment account to pay for reoccurring
`
`charges, e.g., on a monthly basis for your health club. For example, U.S. Patent
`
`No. 5,283,829 to Anderson (Exh. 1011, “Anderson”) discloses that various
`
`banking institutions offer their subscribers the option of automatically paying
`
`monthly reoccurring charges (such as car notes, insurance premiums, mortgages,
`
`etc.) via automatic funds transfer (Anderson at C1:57:63).
`
`(15) It was also well known in the art at the time the patent was filed that
`
`these repeating payments could be set-up and charged to a credit card account. For
`
`example, U.S. Patent No. 6,064,987 to Walker (Exh. 1010, “Walker”) discloses the
`
`use of credit cards for “installment plans” in which a user can set up a repeating
`
`transaction with a credit card to make payments at various time intervals, such as
`
`once a month. (See Walker at C1:66-2:10; C4:25-32; C4:37-40).
`
`III. LEVEL OF ORDINARY SKILL IN THE ART
`
`(16) The level of ordinary skill in the art of the ’988 Patent is a person having
`
`a B.S. degree in Electrical Engineering or Computer Science, or the equivalent
`
`
`
`5
`
`MasterCard, Exh. 1008, p. 5
`
`
`
`experience, with at least three years of experience in credit card payment
`
`technologies, including experience in existing, accepted remote credit card
`
`transaction practices in 1999, such as methods of performing secure credit card
`
`purchases of goods and services which reduces the risk of potential fraud and theft
`
`by eliminating unauthorized access to a consumer’s private credit card information.
`
`(17) Based on my experience, I have an understanding of the capabilities of a
`
`person of ordinary skill in the art. I have supervised and directed many such
`
`persons over the course of my career. Further, I had those capabilities myself at
`
`the time the patent was filed.
`
`IV. MATERIALS CONSIDERED
`
`(18) In developing my opinions below relating to the ’988 Patent, I have
`
`considered the following materials:
`
`• Exhibit 1001 – U.S. Patent No. 8,036,988
`
`• Exhibit 1002 – File History for U.S. Patent No. 8,036,988
`
`• Exhibit 1003 – File History for U.S. Reexamination No. 90/012,517
`
`• Exhibit 1004 – U.S. Patent No. 6,422,462 (“Cohen”)
`
`• Exhibit 1005 – U.S. Patent No. 6,636,833 (“Flitcroft”)
`
`• Exhibit 1006 – U.S. Patent No. 5,826,243 (“Musmanno”)
`
`• Exhibit 1007 – Complaint in D’Agostino v. MasterCard, Inc. et al. (13-cv-
`
`0738)
`
`
`
`6
`
`MasterCard, Exh. 1008, p. 6
`
`
`
`• Exhibit 1009 – Excerpts from Random House Webster’s Unabridged
`
`Dictionary, Second Edition (“Random House Webster”)
`
`• Exhibit 1010 – U.S. Patent No. 6,064,987 (“Walker”)
`
`• Exhibit 1011 – U.S. Patent No. 5,283,829 (“Anderson”)
`
`• Exhibit 1012 – ISO 8583 Financial Transaction Card Originated Messages –
`
`Interchange Message Specifications (1992) (“ISO 8583”)
`
`IV. CLAIM CONSTRUCTION
`
`(19) In proceedings before the USPTO, I understand that claims of a patent
`
`are to be given their broadest reasonable interpretation in view of the specification
`
`from the perspective of one skilled in the art. I understand that a different standard
`
`is used in district court proceedings. In comparing the claims of the ’988 Patent to
`
`the known prior art, I have carefully considered the ’988 Patent, and the ’988
`
`patent file history based upon my experience and knowledge in the field.
`
`(20) The claim limitation “generating [a/said] transaction code” may be
`
`construed, consistent with its plain and ordinary meaning, to mean “creating a code
`
`usable as a substitute for a credit card number in a purchase transaction, the
`
`number pre-coded to be indicative of a specific credit card account.” This
`
`
`
`7
`
`MasterCard, Exh. 1008, p. 7
`
`
`
`construction is consistent with the disclosure of the term in the ’988 Patent. (See
`
`Exh. 1001, ’988 Patent at Abstract; C3:48-53; C6:24-48; C7:1-6)2
`
`(21) The claim limitation “defining at least one payment category” may be
`
`construed, consistent with its plain and ordinary meaning, to mean “specifying the
`
`type of limitation (or limitations) that are available to be applied to a transaction
`
`code in order to limit its use.” This construction is consistent with the disclosure
`
`of the term in the ’988 Patent. (See Exh. 1001, ’988 Patent at C3:5-8; C3:53-C4:7;
`
`C4:25-29; C7:7-13; C7:61-C8:48).
`
`(22) The claim limitation “particular merchant” may be construed, consistent
`
`with its plain and ordinary meaning, to mean “a specific merchant with whom a
`
`customer can engage in the purchase transaction.” This construction is consistent
`
`with the disclosure of the term in the ’988 Patent. (See Exh. 1001, ‘988 Patent at
`
`C4:5-7; C4:13-18; C4:49-54)
`
`(23) The claim limitation “verifying that said defined purchase parameters are
`
`within said designated payment category” may be construed, consistent with its
`
`plain and ordinary meaning, to mean “ascertaining that any limitation associated
`
`with the designated payment category is satisfied.” This construction is consistent
`
`2 To the extent the Board does not accept this construction of “generating [a/said]
`transaction code,” I understand that the Board may instead construe this term to
`mean “creating a code usable as a substitute for a credit card number in a purchase
`transaction.”
`
`
`
`8
`
`MasterCard, Exh. 1008, p. 8
`
`
`
`with the disclosure of the term in the ’988 Patent. (See Exh. 1001, ’988 Patent at
`
`C4:13-18; C7:13-29) This construction is also consistent with the dictionary
`
`definition of the word “verify.” (See Exh. 1009, Random House Webster at 2114)
`
`(24) The claim limitation “[limiting/limits] … to one or more merchants” is
`
`indefinite. See Section VI. However, to the extent this term can be construed, my
`
`best understanding of the meaning of the term is “limiting … to a number of
`
`merchants, from one merchant up to any plurality of merchants.” (See Exh. 1001,
`
`’988 Patent at C8:18-24).
`
`(25) The claim limitation “a number of transactions” is indefinite. See Section
`
`VI. However, to the extent this term can be construed, my best understanding of
`
`the meaning of the term is “any number of transactions, including zero
`
`transactions, one transaction, or any plurality of transactions.” (See Exh. 1001,
`
`’988 Patent at C8:27-34).
`
`V. DISCUSSION OF RELEVANT PRIOR ART
`
`(26) In proceedings before the USPTO, I understand that the claims of an
`
`unexpired patent are to be given their broadest reasonable interpretation in view of
`
`the specification from the perspective of one skilled in the field. It is my
`
`understanding that the ’988 patent has not expired. In comparing the claims of the
`
`’988 patent to the known prior art, I have carefully considered the ’988 patent, and
`
`
`
`9
`
`MasterCard, Exh. 1008, p. 9
`
`
`
`the ’988 patent file history based upon my experience and knowledge in the
`
`relevant field.
`
`(27) I am informed that the ’988 patent is a continuation of U.S. Patent
`
`Application No. 11/252,009, filed on October 17, 2005, which is a continuation of
`
`U.S. Patent Application No. 10/037,007, filed on November 9, 2001, which is a
`
`continuation-in-part of U.S. Patent Application No. 09/213,745, filed on January
`
`15, 1999.
`
`(28) It is my understanding that claims may be found invalid as anticipated. I
`
`understand this to mean that a claim is invalid if there is a single prior art reference
`
`that discloses each limitation of the claim either expressly or inherently. I
`
`understand a limitation to be inherently disclosed if one of ordinary skill in the art
`
`would read the reference and understand that the limitation is necessarily present in
`
`the reference.
`
`(29) It is my understanding that a patent claim can be found unpatentable as
`
`obvious where the differences between the subject matter sought to be patented
`
`and the prior art are such that the subject matter as a whole would have been
`
`obvious at the time the invention was made to one of ordinary skill in the art.
`
`U.S. Patent No. 6,422,462 to Cohen
`
`(30) I’ve been asked to consider whether claims 1-10, 15-25, 27-33, & 35-38
`
`of the ’988 patent are invalid as anticipated under 35 U.S.C. § 102 by U.S. Patent
`
`
`
`10
`
`MasterCard, Exh. 1008, p. 10
`
`
`
`No. 6,422,462 to Cohen (Ex. 1004, “Cohen”). I have reviewed, had input into, and
`
`agree with the claim charts in the accompanying petition showing that each
`
`element of claims 1-10, 15-25, 27-33, & 35-38 is invalid as anticipated by Cohen.
`
`(31) I have read and I understand Cohen. Cohen teaches a secure method for
`
`engaging in credit card transactions, which limits the transactions to selected
`
`vendors. Cohen at C2:32-43. Cohen discloses a credit card holder contacting their
`
`credit card company, verifying their identity, and then receiving a transaction code
`
`number to be used for a limited number of transactions. Cohen at C3:41-48. The
`
`credit card holder can determine and customize the use of the transaction code
`
`number. Cohen at C3:49-52. After the credit card holder has received the
`
`transaction code number, they can use the number with a merchant as a substitute
`
`for a regular credit card number, and the merchant can validate the transaction
`
`code number with the credit card company. Cohen at C5:35-39. The credit card
`
`company can validate the transaction code number, or deny the transaction if the
`
`number is used for anything other than the pre-determined use indicated by the
`
`credit card holder. Cohen at C5:44-49.
`
`(32) Cohen discloses a “payment category... limiting...[a number of]
`
`transactions to one or more merchants.” Cohen discloses a transaction code
`
`number that is limited in use to transactions with one or more merchants: “А
`
`customized credit card could be issued to the user which is only valid for use for
`
`
`
`11
`
`MasterCard, Exh. 1008, p. 11
`
`
`
`that particular type of charge (computer hardware or software stores)…The card
`
`could even [be] customized for use in a particular store itself or a particular chain
`
`of stores (such as a particular restaurant, or a particular chain of restaurants).”
`
`(Cohen at C8:25-35). “The card could be valid only for purchase…in a certain
`
`store, or group of stores or types of stores (e.g. clothing stores)” (Cohen at C8:43-
`
`46). A limitation to a particular “group”, “type”, or “chain” of stores is a limitation
`
`to one or more merchants.
`
`(33) Cohen discloses: “said one or more merchants limitation being included
`
`in said payment category prior to any particular merchant being identified as one
`
`of said one or more merchants”. Cohen discloses that the transaction code could
`
`be limited to a particular “group”, “type”, or “chain” of stores: “The card could
`
`even [be] customized for use in…a particular chain of stores (such as…a particular
`
`chain of restaurants).” (Cohen at C8:25-35). “The card could be valid only for
`
`purchase [to a] group of stores or types of stores (e.g. clothing stores)” (Cohen at
`
`C8:43-46). The transaction code is therefore limited to a category of merchants.
`
`This categorical limitation to the merchant occurs before the transaction code is
`
`used – and in effect, before any particular merchant is identified. Therefore, the
`
`transaction code as disclosed by Cohen is inherently limited to one or more
`
`merchants by their “group”, “type”, or “chain” before any particular merchant is
`
`identified.
`
`
`
`12
`
`MasterCard, Exh. 1008, p. 12
`
`
`
`(34) Cohen discloses “a payment category that at least limits transactions to a
`
`single merchant.” Cohen discloses a transaction code number that is limited in use
`
`to a one-time transaction with one merchant: “The card could even [be] customized
`
`for use in a particular store itself...” (Cohen at C8:25-34). “[I]n one
`
`embodiment…[t]hese credit cards or credit card numbers are generated for a one
`
`time, single transaction basis, after which they are disposed of, or thrown away.
`
`The numbers can be used…to effect a single transaction.” (Cohen at C2:35-43).
`
`(35) Cohen discloses: “said single merchant limitation being included in said
`
`payment category prior to any particular merchant being identified as said single
`
`merchant”. Cohen discloses that the transaction code could be limited to a single
`
`transaction: “in one embodiment…[t]hese credit cards or credit card numbers are
`
`generated for a one time, single transaction basis” and subsequently “[a]fter a one
`
`time use of the credit card number, the number is deactivated.” (Cohen at C2:35-
`
`43). A one-time use transaction code can only be used at one merchant, therefore
`
`the transaction code is inherently limited to a one merchant. This limitation to a
`
`single merchant occurs before the transaction code is used – and in effect, before
`
`the particular merchant is identified. Therefore, the single-use transaction code as
`
`disclosed by Cohen is inherently limited to a single merchant before any particular
`
`merchant is identified.
`
`
`
`13
`
`MasterCard, Exh. 1008, p. 13
`
`
`
`(36) Cohen discloses a “transaction code [reflecting/associated with]…the
`
`limits of said payment category.” Cohen discloses that “[a] customized credit card
`
`could be issued to the user which is only valid for use for that particular type of
`
`charge … such that if the employee tries to use it for anything else in excess of that
`
`authorized, the charge will be declined.” (Cohen at C8:25-32) Cohen’s disclosure
`
`of declining authorization inherently shows that the transaction code reflects and is
`
`associated with the limits on use.
`
`(37) Cohen discloses “the step of designating at least one of said one or more
`
`merchants subsequent to generating said transaction code.” Cohen discloses that
`
`the user “accesses one of his or her disposable credit cards” and then “the user
`
`transmits his or her credit card information to the vendor.” (Cohen at C5:29-37).
`
`By transmitting the transaction code (i.e. the disposable credit card number) to the
`
`vendor, the user is designating the vendor as the one or more merchants.
`
`(38) Cohen discloses “communicating said transaction code to the customer
`
`at the location of the merchant for use in person.” Cohen discloses that the user
`
`could contact the credit card company by telephone and obtain a transaction code
`
`in response: “a user dials into her credit card company before making a transaction,
`
`and...is provided with a disposable or customized number.” (Cohen at C3:41-45).
`
`It would have been obvious to a person of ordinary skill in the art that the user
`
`
`
`14
`
`MasterCard, Exh. 1008, p. 14
`
`
`
`could call the credit card company and obtain a transaction code by telephone from
`
`any location, including at the location of the merchant.
`
`(39) Cohen discloses “said step of verifying that said defined purchase
`
`parameters correspond to said selected payment category further identifies said
`
`merchant as one of said one or more merchants.” Cohen discloses that the
`
`merchant seeks verification of the purchase parameters: “Upon use of the card, the
`
`information regarding the transaction is transmitted to the credit card company, as
`
`is known in the art.” (Cohen at C13:66-14:1). “That vendor then verifies the
`
`transaction and obtains an authorization code from the credit card company
`
`authorizing the purchase, as is currently standard practice with credit card
`
`transactions … Upon receiving the request for verification, the credit card
`
`company notes the identity of the vendor.” (Cohen at C5:35-49). Cohen inherently
`
`discloses that when the merchant seeks verification of the purchase parameters, the
`
`merchant is identified as one of said one or more merchants by the information
`
`contained in the transaction messaging. (See ISO 8583 at 1, 3-4, 23, 34).
`
`(40) Cohen discloses “designating a merchant as one of said one or more
`
`merchants.” Cohen discloses that the merchant seeks verification of the purchase
`
`parameters: “Upon use of the card, the information regarding the transaction is
`
`transmitted to the credit card company, as is known in the art.” (Cohen at C13:66-
`
`14:1). “That vendor then verifies the transaction and obtains an authorization code
`
`
`
`15
`
`MasterCard, Exh. 1008, p. 15
`
`
`
`from the credit card company authorizing the purchase, as is currently standard
`
`practice with credit card transactions … Upon receiving the request for
`
`verification, the credit card company notes the identity of the vendor.” (Cohen at
`
`C5:35-49). Cohen inherently discloses that when the merchant seeks verification
`
`of the purchase parameters, the merchant is designated as one of said one or more
`
`merchants by the information contained in the transaction messaging. (See ISO
`
`8583 at 1, 3-4, 23, 34).
`
`(41) Cohen discloses “receiving a request from said account holder for a
`
`transaction code to make a purchase within a payment category that includes
`
`limiting purchases to a minimum time interval after which a subsequent purchase
`
`is permitted.” Cohen discloses that the transaction code could be limited to
`
`predetermined times: “For example, the customized card could be set to be valid
`
`for a certain limited number of dates.… Thus, in accordance with these
`
`embodiments, the card can have а user customized range of dates or series of
`
`dates.… Likewise, the card could become valid for a series of ranges of dates, even
`
`dates which are non consecutive or non contiguous…. It could also be valid for a
`
`specific predetermined amount of time.” (Cohen at C7:35-62). Cohen’s disclosure
`
`of a card that is set to be valid for a range of non-contiguous dates expressly
`
`discloses “limiting purchases to a minimum time interval after which a subsequent
`
`
`
`16
`
`MasterCard, Exh. 1008, p. 16
`
`
`
`purchase is permitted” because the non-contiguous period during which the card is
`
`not valid could undoubtedly be a minimum time interval prior to use.
`
`(42) Cohen discloses “utilizing a processing computer of a custodial
`
`authorizing entity.” Cohen discloses that the transaction code is generated by the
`
`custodial authorizing entity using a processing computer: “[A] software program
`
`can be provided to customize and/or activate the card.” (Cohen at C12:51-52).
`
`Cohen’s disclosure of a software program to customize the card would inherently
`
`disclose the use of a processing computer to execute the software program. It
`
`would be impossible to implement a software program without a processing
`
`computer to execute the software program code.
`
`U.S. Patent No. 6,636,833 to Flitcroft et al.
`
`(43) I’ve been asked to consider whether claims 1-10, 15-25, 27-33, & 35-38
`
`of the ’988 patent are invalid as anticipated under 35 U.S.C. § 102 by U.S. Patent
`
`No. 6,636,833 to Flitcroft et al. (Exh. 1005, “Flitcroft”). I have reviewed, had
`
`input into, and agree with the claim charts in the accompanying petition showing
`
`that each element of claims 1-10, 15-25, 27-33, & 35-38 is invalid as anticipated
`
`by Flitcroft.
`
`(44) I have read and I understand Flitcroft. Flitcroft discloses a secure method
`
`for implementing limited-use credit card numbers that can only be used for
`
`transactions at limited merchants. Flitcroft at C1:11-13; C6:53-60.
`
`
`
`17
`
`MasterCard, Exh. 1008, p. 17
`
`
`
`(45) Flitcroft discloses that an account holder can contact an authorizing entity
`
`and request a transaction code number for use in making credit card transactions in
`
`a secure manner. Flitcroft at C14:12-13. The limited-use transaction code number
`
`could restrict the permissible transactions, such as for purchases with one or more
`
`merchants. Flitcroft at C6:53-56. The transaction code number could also be
`
`restricted to purchases with a single merchant. Flitcroft at Abstract. After the
`
`limitation on the number of permissible merchants with which the transaction code
`
`can be used is established, the customer can then use the transaction code to make
`
`a purchase. Flitcroft at C5:5-14. The authorizing entity will verify the purchase if
`
`it is within the use-limits of the payment categories permitted for the transaction
`
`code. Flitcroft at C5:5-14.
`
`(46) Flitcroft discloses a “payment category... limiting...[a number of]
`
`transactions to one or more merchants.” Flitcroft discloses a transaction code
`
`number that can be used a single time or multiple times with one or more
`
`merchants: “A credit card system is provided which has the added feature of
`
`providing additional limited-use credit card numbers and/or cards. These numbers
`
`and/or cards can be used for a single transaction...” Flitcroft at Abstract. “The term
`
`‘limited-use’ credit card number is used to encompass at least both the
`
`embodiment in which the credit card is designated for a single use, and the
`
`embodiment in which the credit card is designated for multiple uses…” Flitcroft at
`
`
`
`18
`
`MasterCard, Exh. 1008, p. 18
`
`
`
`C6:53-56. A single or multiple use transaction code can be used for purchases
`
`with one or more merchants.
`
`(47) Flitcroft discloses: “said one or more merchants limitation being
`
`included in said payment category prior to any particular merchant being
`
`identified as one of said one or more merchants”. Flitcroft discloses a limited-use
`
`transaction a code that could be restricted in use within a “category” of merchants:
`
`“valid single use numbers are stored in a database of valid account numbers along
`
`with other information specific to single use numbers. This includes…any
`
`additional limitations placed upon the card in terms of transaction value or
`
`category of merchant for which the card can be used.” Flitcroft at C23:67-24:6.
`
`The limitation to a “category” of merchants occurs before any particular merchant
`
`is identified by the user. The merchant is identified when the transaction code is
`
`used. “When the limited-use number is limited to a specific merchant, the
`
`merchant can be…determined by first use.” Flitcroft at C16:57-59. “[W]herein
`
`use of the limited-use credit card number is valid for transactions with a specific
`
`merchant as determined by a first use.” Flitcroft at C28:23-25. Accordingly, the
`
`transaction code is limited in use to one or more merchants before any particular
`
`merchant is identified.
`
`(48) Flitcroft discloses “a payment category that at least limits transactions to
`
`a single merchant.” Flitcroft discloses a transaction code number that can be used
`
`
`
`19
`
`MasterCard, Exh. 1008, p. 19
`
`
`
`a single time with one merchant: “This plan provides security against fraud
`
`because it is locked to a single merchant.” Flitcroft at C16:53-54. “A credit card
`
`system is provided which has the added feature of providing additional limited-use
`
`credit card numbers and/or cards. These numbers and/or cards can be used for a
`
`single transaction.” Flitcroft at Abstract. “The term ‘limited-use’ credit card
`
`number is used to encompass…the embodiment in which the credit card is
`
`designated for a single use.” Flitcroft at C6:53-56. A single use transaction code
`
`can only be used for a purchase with a single merchant.
`
`(49) Flitcroft discloses: “said single merchant limitation being included in
`
`said payment category prior to any particular merchant being identified as said
`
`single merchant”. Flitcroft discloses a limited-use transaction a code that could be
`
`restricted in use with a single merchant, but no particular merchant is identified
`
`until the card is used for the first time: “When the limited-use number is limited to
`
`a specific merchant, the merchant can be…determined by first use.” Flitcroft at
`
`C16:57-59. “[W]herein use of the limited-use credit card number is valid for
`
`transactions with a specific merchant as determined by a first use.” Flitcroft at
`
`C28:23-25. Therefore, the transaction code is limited to a single merchant before
`
`any particular merchant is identified by the use of the transaction code.
`
`(50) Flitcroft discloses a “transaction code [reflecting/associated with]…the
`
`limits of said payment category.” Flitcroft discloses “a first exemplary
`
`
`
`20
`
`MasterCard, Exh. 1008, p. 20
`
`
`
`embodiment, which pertains to a credit card technique involving: …assigning at
`
`least one credit card number from the pool of credit card numbers to be a limited-
`
`use credit card number which is deactivated upon a use-triggered condition
`
`subsequent.” Flitcroft at C4:60-5:1. Flitcroft’s disclosure of a “limited-use credit
`
`card number” and deactivating the limited-use credit card number inherently shows
`
`that the credit card number (i.e. transaction code) reflects and is associated with the
`
`limits on use.
`
`(51) Flitcroft discloses “the step of designating at least one of said one or
`
`more merchants subsequent to generating said transaction code.” Flitcroft
`
`discloses that “[t]he step of processing the transaction includes:… determin[ing]
`
`whether to deactivate the limited-use credit card number based on whether a
`
`limited-use event pertaining to the use of the limited-use credit card number has
`
`occurred.” Flitcroft at C5:38-43. By using the transaction code (i.e. the limited-
`
`use credit card number) to perform a limited-use event with a vendor, the user is
`
`designating the vendor as the one or more merchants.
`
`(52) Flitcroft discloses “communicating said transaction code to the customer
`
`at the location of the merchant for use in person.” Flitcroft discloses that the user
`
`could contact the credit card company and obtain a transaction code in response:
`
`“When a customer needs single use cards, the CPU can issue the additional credit
`
`card numbers to the customer.” Flitcroft at C14:12-13. It would have been obvious
`
`
`
`21
`
`MasterCard, Exh. 1008, p. 21
`
`
`
`to a person of ordinary skill in the art that the user could contact the credit card
`
`company and obtain a transaction code from any location, including at the location
`
`of the merchant.
`
`(53) Flitcroft discloses “said step of verifying that said defined purchase
`
`parameters correspond to said selected payment category further identifies said
`
`merchant as one of said one or more merchants.” Flitcroft discloses that the
`
`merchant seeks verification of the purchase parameters: “Processing systems for
`
`handling limited use cards perform a number of functions including…Provide
`
`authorization to the merchant if valid and within the limitations for specified
`
`number and associated account.” Flitcroft C23:12-23. Flitcroft inhere