DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on November 15, 2020, has been entered.

Status of Claims
Claims 1, 8, and 10 are amended.
Claims 9 and 11 are canceled.
Claims 1-8 and 10 are pending.

Response to Remarks
Claim Objections
Applicant’s amendments have overcome the claim objections.  Accordingly, the claim objections are withdrawn.


35 U.S.C. § 103
Applicant’s arguments with respect to claim(s) 1-8 and 10 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 

(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth 
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 8 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Per Claim 8: Claim 8 recites “first calculating means, arranged for the security module to calculate a second one-time secret by means of the secret key” and “second calculating means, arranged for the security module to calculate an authentication status by comparing the first one-time password with the second one-time secret”.  However, it is unclear from the claim elements what is performing the recited functions.  For example, it is unclear whether it is the first calculating means or the security module that calculates a second one-time secret by means of a secret key.  Similarly, it is unclear whether it is the second calculating means or the security module that calculates an authentication status by comparing the first one-time password with the second one-time secret.  Therefore, the scope of the claim is unclear.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-8 and 10 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Per Claim 1: Claim 1, as a whole, is directed towards the abstract idea of calculating and comparing codes to determine, by a customer, the authenticity of a transaction server in order to establish a secure communication channel.  In other words, the customer device receives various data, such as a first one-time secret, from the transaction server.  The customer device calculates a second one-time secret.  The customer device then compares the two one-time secrets to determine whether they match.  The customer then transmits the result of the comparison to the contactless reader.  Therefore, the claim recites Mental Processes.  More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements as described in the 2019 PEG:
receiving a first determination value by the security application from the contactless reader, 
receiving from the remote server a second determination value and a first one-time password, said first one-time password being calculated by the remote server by means of a secret key shared with the security module, said first one-time password being sent to the security module, 
calculating by the security module a second one-time secret by means of the secret key, 
calculating by the security module an authentication status by comparing the first one-time password with the second one-time secret, 
transmitting to the remote server the first determination value, 
transmitting to the contactless reader, the second determination value and an authentication message calculated by the security module from at least the first one-time password and the authentication status, said authentication message being verified by the  to authenticate the security module and said first and second determination values being used by the remote server and by the contactless reader to calculate a session key, said session key being used to secure the exchanges between the contactless reader and the remote server.
Because the claim recites abstract ideas, the analysis proceeds to determine whether the claims recite additional elements that recite a practical application of the abstract ideas.  According to the 2019 PEG, additional elements that amount to instructions to apply the abstract idea using a computer, that add insignificant extra-solution activity, and that generally link the use of the abstract idea to a particular technological environment fail to recite a practical application.  Here, the security module, remote server, and contactless reader are simply instructions to apply the abstract ideas using a computer.  Therefore, they fail to recite a practical application.  Further, the additional elements of receiving data from the contactless reader and remote server and then transmitting data to the contactless reader and remote server are examples of insignificant extra-solution activities that fail to meaningfully limit the abstract ideas.  See MPEP 2106.05(g).  Therefore, none of the additional elements, when considered individually and in combination, recite a practical application of the abstract ideas.
The analysis then proceeds to determine whether the additional elements, when considered individually and in combination, recite significantly more than the abstract ideas.  According to the 2019 PEG, additional elements that amount to instructions to apply the abstract idea using a computer, that add insignificant extra-solution activity, and that generally link the use of the abstract idea to a particular technological environment fail to recite significantly more than the abstract ideas.  Further, additional elements that were considered to recite insignificant extra-solution activity previously must be re-evaluated to determine whether they recite well-Berkheimer Memo evidentiary requirements.  Here, these elements are receiving and transmitting data over a network, which are examples of well-understood, routine, and conventional activity.  See MPEP 2106.05(d).  Therefore, the additional elements, when considered individually and in combination, fail to recite significantly more than the abstract ideas.
Accordingly, claim 1 is rejected as being directed towards patent ineligible subject matter.

Per Claim 8: Claim 8 recites abstract subject matter similar to that discussed above in connection with claim 1.  Claim 8 recites the following additional elements:
first receiving means;
second receiving means;
first calculating means;
second calculating means;
transmitting means;
sending means

Further, these additional elements also fail to recite significantly more than the abstract ideas because the additional elements amount to instructions to apply the abstract ideas using a computer.
Accordingly, claim 8 is rejected as being directed towards patent ineligible subject matter.

Per Claim 10: Claim 10 recites abstract subject matter similar to that discussed above in connection with claim 1.  Claim 10 fails to recite any additional elements not already discussed.  
Accordingly, claim 10 is rejected as being directed towards patent ineligible subject matter.

Per Claims 2-7: Claims 2-7 have also been analyzed according to the 2019 PEG.  Claims 2 and 5 recite additional abstract ideas, namely Mental Processes.  Therefore, claims 2 and 5 fails to recite patent eligible subject matter.  Claims 3-4 and 6-7 recite additional elements of sending and receiving various data over a network.  Such additional elements recite insignificant extra-solution activities.  See MPEP 2106.05(g).  Therefore, they fail to recite a practical application of the abstract ideas.  Further, they fail to recite significantly more than the abstract ideas because the claims recite well-understood, routine, and conventional activities because the claims recite receiving and sending data over a network.  See MPEP 2106.05(d).  Therefore, claims 3-4 and 6-7 also fail to recite patent eligible subject matter.
Accordingly, claims 2-7 are rejected as being directed towards patent ineligible subject matter.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 5, 8, and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Pub. No. 2014/0236842 to Salminen et al. in view of U.S. Patent Pub. No. 2009/0313687 to Popp et al. and U.S. Patent Pub. No. 2009/0214028 to Schneider.
Per Claim 1: Salminen discloses:
A method for securing a transaction of a contactless service, said service being stored in a mobile terminal (e.g., user’s terminal), said transaction involving the mobile terminal, a contactless reader (e.g., point-of-sale terminal) and a remote server (e.g., operator server), said remote server storing at least one sensitive piece of data and/or function of the service necessary for the execution of the transaction, said mobile terminal comprising a security module, said method being characterized in that the terminal also stores a contactless security application and in that it comprises the following steps, executed by the mobile terminal: (see Salminen at Abstract: A method of making a payment in which payment data is received by a user's terminal from a point-of-sale terminal, a secret of a payment application is received by the terminal from the operator's server system, a trust card is activated in the user's terminal by utilizing said secret of the payment application, and data of the trust card is transmitted from the user's terminal to the point-of-sale terminal for making the payment transaction.)
receiving a first determination value (e.g., payment transaction data) by the security application from the contactless reader, (see Salminen at ¶ 61: The external reader returns the data of the payment transaction to the reader, which data are automatically transferred by the RFID module to the trusted zone of the terminal.)
receiving from the remote server a second determination value (e.g., trust card) (see Salminen at ¶ 56: Next, the server system transmits the payment application, the sensitive data relating to it, that is, the trust card specific secret SS2 as well as the public key PK2 of the server system, encrypted with the symmetric key SYK1, to the terminal in step 8.)
transmitting to the remote server the first determination value, (see 
transmitting to the contactless reader, the second determination value (e.g., trust card data) and an authentication message (e.g., result of checking PIN code) calculated by the security module (see Salminen at ¶ 64: In step 32, the customer brings the terminal equipped with RFID communication means to the vicinity of an external reader. The external reader reads the data of the trust card and the result of checking of the PIN code from the trusted zone in step 33.)
However, Salminen fails to disclose, but Popp, an analogous art of one-time passwords, discloses:
receiving from the remote server a first one-time password (e.g., OTP2), said first one-time password being calculated by the remote server by means of a secret key shared with the security module, said first one-time password being sent to the security module, (Examiner’s Note: the language “said first one-time password being calculated by the remote server by means of a secret key shared with the security module” has been considered and determined to be outside the scope of the claim because this language recites operations performed by the remote server.  However, the claim preamble recites that the claimed method is executed by the mobile terminal.  Because operations performed by the remote server do not affect the operations performed by the mobile terminal, such operations fail to distinguish over the prior art.  However, for compact prosecution purposes, the following citation is provided for the entire claim element: see Popp at ¶ 51: 2—The server can check OTP1 and, if correct, can send back OTP2.  See also ¶ 21: The OTP algorithm in accordance with the present invention can be based on an increasing counter value and a static symmetric key known only to the token and the validation service. In order to create the OTP value, the HMAC-SHA-1 algorithm 
calculating by the security module a second one-time secret by means of the secret key, (see Popp at ¶ 103: The token can send its one time password, computed based upon K and C, to the validation server. The validation server can calculate a one time password based upon K and C′.  See also ¶ 49: The HOTP client could also be used to authenticate the validation server, claiming that it is a genuine entity knowing the shared secret. Since the HOTP client and the server are synchronized and share the same secret (or a method to recompute it) a simple 3-pass protocol could be put in place.)
calculating by the security module an authentication status by comparing the first one-time password with the second one-time secret, (see Popp at ¶ 52: 3—The end user can check OTP2 using his HOTP device and, if correct, the server is authenticated and the end user uses the web site.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salminen with Popp to authenticate the remote server by verifying a hash message authentication code in order to ensure that the customer device is communicating with the proper remote server, thereby increasing communication security.
However, the combination of Salminen and Popp fails to disclose, but Schneider, an analogous art of securing communications, discloses:
said authentication message being verified by the remote server to authenticate the security module and said first and second determination values being used by the remote server and by the contactless reader to calculate a session key, said session key being used to secure the exchanges between the contactless reader and the remote server. (Examiner’s Note: the language “•	said authentication message being verified by the remote server to authenticate the security module and said first and second determination values being used by the remote server and by the contactless reader to calculate a session key, said session key being used to secure the exchanges between the contactless reader and the remote server” has been considered and determined to be outside the scope of the claim because this language recites operations performed by the remote server and contactless reader.  However, the claim preamble recites that the claimed method is executed by the mobile terminal.  Because operations performed by the remote server and the contactless terminal do not affect the operations performed by the mobile terminal, such operations fail to distinguish over the prior art.  However, for compact prosecution purposes, the following citation is provided for the entire claim element: see Schneider at ¶ 30: The second node 403 receives the timestamp A and random string A and then generates a message for the third node C 405 that includes the timestamp A and random string A. In addition, the message includes a timestamp B and random string B from the second node 403. The second node also sends the timestamp B and random string B to the first node 401. The process of sending messages in this stage is to provide all of the timestamps and random strings from all of the nodes (one set each) except the last node to all of the other nodes.  See also Schneider at ¶ 23: An acknowledgment message is then generated, encrypted and sent to the second node (block 215). The acknowledgment message confirms that the key generation process was successful and allows the communication session to start (block 217). The acknowledgment message can have any content. In one embodiment, the acknowledgment message includes a MAC of both 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salminen as disclosed in Schneider so that the point-of-sale terminal, customer device, and remote server all communicate securely with each other.

Per Claim 8: Claim 8 recites subject matter similar to that discussed above in connection with claim 1.  Claim 8 further recites, and Salminen further discloses, a first means to receive and send data from/to the contactless reader (see Salminen at ¶ 87: The external reader 67 communicates with the Java Card 65 by means of APDU commands via the NFC module 66 according to the ISO/IEC 14443 standard, simultaneously transmitting the payment data, such as the sum total, from the merchant's reader to the user interface 63.) and a second means for receiving data from the remote server (see Salminen at ¶ 51: Furthermore, the communication means refer to those software components which take care of communication with the server system via an Internet connection.)

Per Claim 10: Claim 10 recites subject matter similar to that discussed above in connection with claim 1.  Claim 10 further recites, and Salminen further discloses: 
A non-transitory computer-readable medium storing a computer program which is stored on ainvolving the mobile terminal, a contactless reader and a remote server, said remote server storing at least one sensitive piece of data and/or function of the service necessary for the execution of the transaction, said terminal comprising a security module, said method being characterized in that the mobile terminal also stores a contactless security application and in that it comprises the following steps, executed by the mobile terminal: (see Salminen at Claim 35: A computer program product for making a payment, the computer program product comprising a computer software code stored on a non-volatile computer-readable medium, the computer program code, when run in at least one processor, causing a device or a system to perform the method according to claim 1.)

Per Claim 2: The combination of Salminen, Popp, and Schneider discloses the subject matter of claim 1, from which claim 2 depends.  Salminen further discloses:
a step of obtaining an authentication status from the security module, (see Salminen at ¶ 63: The intrinsic state machine of the trust card is activated by comparing the PIN(check) with the actual PIN, and if they match, the intrinsic state machine is activated.)
the authentication status also being used by the security element for calculating the authentication message. (see Salminen at ¶ 64: In step 32, the customer brings the terminal equipped with RFID communication means to the vicinity of an external reader. The external reader reads the data of the trust card and the result of checking of the PIN code from the trusted zone in step 33.)
However, Salminen fails to disclose, but Popp discloses:
said authentication status being obtained by comparing the first one-time password with a second one-time password, (see Popp at ¶ 52: 3—The end user can check OTP2 using his HOTP device and, if correct, the server is authenticated and the end user uses the web site.)
said second one-time password being calculated by the security module by means of the secret key shared with the server, (see Popp at ¶ 103: The token can send its one time password, computed based upon K and C, to the validation server. The validation server can calculate a one time password based upon K and C′.  See also ¶ 49: The HOTP client could also be used to authenticate the validation server, claiming that it is a genuine entity knowing the shared secret. Since the HOTP client and the server are synchronized and share the same secret (or a method to recompute it) a simple 3-pass protocol could be put in place.)
the authentication status being positive if the first and second one-time passwords are identical, (see Popp at ¶ 52: 3—The end user can check OTP2 using his HOTP device and, if correct, the server is authenticated and the end user uses the web site.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salminen with Popp to authenticate the remote server by verifying a hash message authentication code in order to ensure that the customer device is communicating with the proper remote server, thereby increasing communication security.

Per Claim 3: 
receiving from the contactless reader, and retransmitting to the remote server, a secret value obtained by the contactless reader by encrypting the authentication message and the authentication status by means of the session key. (Examiner’s Note: the language “a secret value obtained by the contactless reader by encrypting the authentication message and the authentication status by means of the session key” has been considered and interpreted to be an operation performed by the reader.  Therefore, it is outside the scope of the claim and fails to distinguish over the prior art.  Further, the secret value has been considered and determined to be non-functional descriptive material.  Therefore, it fails to distinguish over the prior art.  See MPEP 2111.05.  It is non-functional because the claim fails to recite any functional relationship that uses the secret value.  Further, it describes data rather than structure.  Therefore, it receives no patentable weight.  However, for purposes of compact prosecution, the following citation is provided: see Schneider at ¶ 32: FIG. 4C is diagram of the last stage of the process. Each of the nodes except the last node 405 sends acknowledgment messages to each of the other nodes. The acknowledgment messages are generated using a session key derived from the full set of timestamps and random strings exchanged in the last two stages. The acknowledgment message includes encrypted timestamps or random string of the nodes other than the timestamp or random string of the node generating the acknowledgement message. Thus, in the example, the first node A 401 sends an acknowledgment message to the other nodes 403, 405 encrypting the timestamps B and C, while the second node B 403 sends an acknowledgment message to the first node A 401 and last node C 405 encrypting the timestamps A and C. Each node can verify each of the acknowledgment messages and once 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salminen as disclosed in Schneider so that the point-of-sale terminal, customer device, and remote server all communicate securely with each other.

Per Claim 5: The combination of Salminen, Popp, and Schneider discloses the subject matter of claim 1, from which claim 5 depends.  However, the combination of Salminen and Schneider fails to disclose, but Popp discloses:
wherein the first one-time password is calculated by the remote server by encrypting, by means of a secret key (Ks) shared by the security module and the remote server, a counter which is incremented at each session. (Examiner’s Note: this claim language has been interpreted as being performed by the server.  Therefore, this operation is outside the scope of the claimed method performed by the mobile terminal and fails to distinguish over the prior art.  However, for purposes of compact prosecution, the following citation is provided: see Popp at ¶ 54: Although the server's counter value is only incremented after a successful HOTP authentication, the counter on the token is incremented every time a new HOTP is requested by the user.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salminen with Popp to authenticate the remote server by verifying a hash message authentication code in order to ensure that the customer device is communicating with the proper remote server, thereby increasing communication security.

Claims 4 and 6-7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Salminen, Popp, and Schneider as applied to claim 1 above, and further in view of U.S. Patent Pub. No. 2005/0066057 to Thorstensson et al.
Per Claim 4: The combination of Salminen, Popp, and Schneider discloses the subject matter of claim 1, from which claim 4 depends.  However, the combination of Salminen, Popp, and Schneider fails to disclose, but Thorstensson, an analogous art of securing communications, discloses:
receiving from the remote server a first signature calculated on the basis of at least one identifier of the security module and a signature key belonging to the remote server, (Examiner’s Note: the language “calculated on the basis of at least one identifier of the security module and a signature key belonging to the remote server” has been interpreted as being performed by the server, which is outside the scope of the claimed method being performed by the mobile terminal.  Therefore, it fails to distinguish over the prior art.  However, for purposes of compact prosecution, the following citation is provided: see Thorstensson at ¶ 45: The gateway 110 receives the digital signature message and relays it to the agent 116.)
sending said signature to the contactless reader, (see Thorstensson at ¶ 45: The gateway 110 receives the digital signature message and relays it to the agent 116.)
receiving from the contactless reader, and retransmitting to the remote server, a second signature calculated on the basis of at least the identifier of the security module and a signature key belonging to the remote server. (Examiner’s Note: the language “calculated on the basis of at least the identifier of the security module and a signature key belonging to the remote server” has been interpreted as being performed by see Thorstensson at ¶ 45: The gateway 110 receives the digital signature message and relays it to the agent 116.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salminen as disclosed in Thorstensson to increase the security of the communications between the point-of-sale terminal, customer device, and remote server.

Per Claim 6: The combination of Salminen, Popp, and Schneider discloses the subject matter of claim 1, from which claim 6 depends.  However, the combination of Salminen, Popp, and Schneider fails to disclose, but Thorstensson discloses:
if the exchanges between the contactless reader and remote the server are encrypted by means of the session key, the following steps: receiving from the contactless reader an information message belonging to the service and intended for a user of the mobile terminal, said message having been sent from the remote server to the contactless reader, (Examiner’s Note: all of the claim elements of claim 6 have been considered and determined to recite contingent elements.  The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met.  See MPEP 2111.04(II).  Because the condition precedent is not required to be met, the contingent elements do not need to be disclosed in the prior art.  Further, the language “intended for a user of the terminal” is an intended use of receiving the information message.  Because it is an see Thorstensson at ¶ 41: The gateway 110 receives the message and forwards it to the signing means 206 within the mobile device 104.)
displaying said message on a user interface of the mobile terminal. (see Thorstensson at ¶ 42: The mobile device 104 receives the signature request message. The signing means 206 may display the text to be signed in the displayer 210 of the mobile device 104 and prompting the user for his/her PIN.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salminen as disclosed in Thorstensson to increase the security of the communications between the point-of-sale terminal, customer device, and remote server.

Per Claim 7: The combination of Salminen, Popp, and Schneider discloses the subject matter of claim 1, from which claim 7 depends.  However, the combination of Salminen, Popp, and Schneider fails to disclose, but Thorstensson discloses:
when the exchanges between the contactless reader and the remote server have been encrypted by means of the session key, the following steps: receiving from the service a piece of data input by a user of the mobile terminal, said piece of data having been requested by the remote server, (Examiner’s Note: all of the claim elements of claim 7 have been considered and determined to recite contingent elements.  The broadest reasonable interpretation of a method (or process) claim having contingent limitations See MPEP 2111.04(II).  Because the condition precedent is not required to be met, the contingent elements do not need to be disclosed in the prior art.  Further, the language “said piece of data having been requested by the server” has been interpreted to be performed by the server, which is outside the scope of the claimed method performed by the mobile terminal.  However, for compact prosecution purposes, the following citation is provided: see Thorstensson at ¶ 43: The user enters his/her signing Personal Identification Number (PIN) to the signing means 206 by means of the input means. The signing means 206 obtains the PIN and verifies the PIN. If the correct PIN is entered, the signing means 206 is allowed to access the private key for performing the cryptographic calculation forming the digital signature.)
sending the input piece of data to the contactless reader, said input piece of data being intended for transmission to the remote server. (Examiner’s Note: the language “said input piece of data being intended for transmission to the remote server” has been interpreted as a desired result of sending the input piece of data to the contactless reader.  Therefore, it is accorded no patentable weight.  However, for compact prosecution purposes, the following citation is provided: see Thorstensson at ¶ 43: The signing means 206 returns the digital signature to the mobile client software 204 which in turn sends the digital signature over the bandwidth restricted mobile access network 108 to the gateway 110, possibly together with parameters provided in the original message from the receiver 102. The digital signature is transferred in a message.)
.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent No. 9,491,261 discloses a remote messaging protocol that combines application data and reliability information into a three-packet handshake exchange. Each packet may comprise message information indicating an initial packet, or an acknowledgement packet, along with a unique identifier for identifying responses to the initial message. Time-to-live and retransmission timers may be used in order to increase reliability of the protocol.
U.S. Patent No. 6,233,565 discloses a system and methods for conducting Internet based financial transactions between a client and a server. The client has a processor, a printer, a client authentication module, a module for issuing a transaction request, and a unique digital signature. The server has a network including a transaction server, a transaction database, a server authentication module, and a receipt generation module. An internet connection is used between the client and the server network. The transaction execution system includes authentication, wherein the client authentication module and the server authentication modules communicate via the internet connection and are authenticated to each other. A transaction module is included wherein, in response to the client and server being authenticated, the client issues a transaction request to the server 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NILESH B KHATRI whose telephone number is (571)270-7083.  The examiner can normally be reached on 8:30 AM - 5:30 PM Monday-Friday, alternating Fridays off.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/N.B.K./Examiner, Art Unit 3685                                                                                                                                                                                                        
/STEVEN S KIM/Primary Examiner, Art Unit 3685