Detailed Action
Acknowledgements
The present application is being examined under the pre-AIA  first to invent provisions. 
This office action is in response to the claim amendment filed March 10, 2021. 
Claims 2-14 & 21-27 are pending.
Claims 2-14 & 21-27 have been examined.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees.  See In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970);and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent is shown to be commonly owned with this application.  See 37 CFR 1.130(b). Effective January 1, 1994, a 

Claim 2 is rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claim 12 of US 8554689 B2 to Mardikar et al (“Patent Document”).  

Although the conflicting claims are not identical, they are not patentably distinct from each other. Claim 12 of the Patent Document recites all the limitations of claim 2 of the instant application; however, claim 1 of the Patent Document differs since it further recites additional claim limitations including: “and the application program being operable when invoked by the user to prompt the user to input the biometric trait into the device, request verification of the biometric trait and authentication of the financial transaction from the first SE”

However, it would have been obvious to a person of ordinary skill in the art to modify claim 12 of the Patent Document by removing the additional limitations noted above , resulting generally in the claims of the present application, since the claims of the present application and the claim recited in the Patent Document actually perform a similar function.  It is well settled that the omission of an element and its function is an obvious expedient if the remaining elements perform the same function as before.  In re Karison, 136 USPQ 184 (CCPA 1963).  Also note Ex parte Rainu, 168 USPQ 375 (Bd. App. 1969).  Thus, omission of a reference element whose function is not needed would be obvious to one of ordinary skill in the art.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.



Claim  2-14 & 21-27 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Ogilvy et al (US 20090099961 A1) (“Ogilvy”) in view of Belamant et al (US 20100088227 A1) in view of Leone et al (US 20070234034 A1) (“Leone”). 


As per claims 2, 21 & 22, Ogilvy discloses:
a first secure element (e.g. device memory) comprising a first computer-readable medium configured to store a payment application (e.g. payment application/software), the payment application configured to provide instructions for causing the electronic device (e.g. electronica device 1) to initiate a financial transaction (¶¶ [0069], [0089], [0100], [0109], [0354]; fig. 20) ; and 
a second secure element (e.g. SIM card, smart card or security module), physically separate from the first secure element (device memory) ( fig. 20) , comprising a second computer-readable medium configured to store transaction security data (e.g. keys) wherein the electronic device, via, the second secure element, is
receiving biometric data of a user associated with the electronic device via a […] tunnel (the biometric should only be used by the SIM ) (¶ [0409], [0444]); 
authenticating the biometric data of the user (¶ [0409]);
generating a secure payment message(e.g. encrypted/signed transaction information using stored keys/algorithms) in response to the payment application initiating a financial transaction and the authenticating the biometric data (¶¶ [0409], [0354], [0364]-[0366], [0405], [0412-[0418], [0433]-[0442]; claim 99) , 
wherein the transaction security data is excluded from the first secure element (¶ [0405]; claim 99) , and 
transmitting the secure payment message from the second secure element to the payment application in the first secure element (a (¶¶ [0253]), 
wherein the payment application in the first secure element is configured to perform operations comprising: 
receiving the secure payment message   (¶¶ [0089], [0360]-[0365], [0373]; claim 39), and 
transmitting the secure payment message with the financial transaction to a processor server (¶¶ [0089], [0360]-[0365], [0373]; claim 39).

Ogilvy does not expressly disclose wherein the secure payment message is generated based on the transaction security data.  

Belamant, however, clearly  discloses wherein the secure payment message is generated based on the payment information (¶ [0039]- [0040]) . 

It would have been obvious to a person of ordinary skill in the art to modify Ogilvy’s teaching to generate a message based on stored payment information in a SIM card, as disclosed by Belamant, to secure the payment instrument thereby preventing fraudulent transactions.  

Ogilvy does not expressly discloses receiving … data of a user associated with the electronic device via a secure tunnel.

Leone, however, discloses receiving … data of a user associated with the electronic device via a secure tunnel/channel (¶¶ [0013], [0017], [0035]). 

It would have been obvious to a person of ordinary skill in the art to modify Ogilvy’s teaching to incorporate a secure channel between the SIM and the SIM hosting device, as disclosed by Leone, to prevent leakage of sensitive data thereby preventing fraudulent transactions.  

As per claim 4, Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses wherein the transaction security data comprises stored authentication data associated with the biometric data  (¶¶ [0354], [0365], [0405], [0412-[0417], [0433]-[0442]; claim 99). 

As per claim 5 & 23, Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses wherein the electronic device is registered with a trusted service manager (TSM) through the second secure element and exclusive of the first secure element, and wherein registering the electronic device with the TSM comprises registering the stored authentication data with the TSM (¶¶ [0077], [0079], (¶¶ [0358]-[0365]). 

As per claim 6, Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses a biometric sensor communicatively coupled to the second secure element, and configured to detected the biometric data (¶¶ [0192], [0407]-[0409]).

As per claim 3, Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses wherein the transaction security data (e.g. confirmation/account details/signature) comprises […] and a security key, and wherein the secure payment message comprises the stored payment instrument encrypted based on the security key ((¶¶ [0057], [0095], [0128]; claims 35- 37). 

Ogilvy does not expressly disclose wherein the transaction security data comprises a stored payment instrument. 



It would have been obvious to a person of ordinary skill in the art to modify Ogilvy’s teaching to store payment instrument in a SIM card, as discloses by Belamant, to secure the payment instrument thereby preventing fraudulent transactions.  

As per claim 7, Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses wherein the transaction security data (e.g. confirmation/account details/signature) comprises […] and a security key, and wherein the secure payment message comprises the stored payment instrument encrypted based on the security key ((¶¶ [0057], [0095], [0128]; claims 35- 37). 

Ogilvy does not expressly disclose wherein the transaction security data further comprises a stored payment instrument unlocked in response to registering the stored authentication data with the TSM.

Belamant wherein the transaction security data further comprises a stored payment instrument unlocked in response to registering the stored authentication data with the TSM (¶ [0039]).

It would have been obvious to a person of ordinary skill in the art to modify Ogilvy’s teaching to store payment instrument in a SIM card, as discloses by Belamant, to secure the payment instrument thereby preventing fraudulent transactions.  

As per claims 8, 9 & 24 Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses a user interface configured to receive a user input, wherein the user interface is tunneled to the second secure element (¶¶ [0014], [0192], [0407]-[0409]). 

Ogilvy further discloses:
receiving, from the payment application, an indication to generate the secure payment message (¶¶ [0014], [0192], [0407]-[0409]); and
generating the secure payment message in response to the authentication (¶¶ [0014], [0192], [0407]-[0409]).

Ogilvy further discloses:
receiving a user authentication input from the user interface (¶¶ [0014], [0192], [0407]-[0409]);  
comparing the user authentication input to the stored authentication data; 
determining a match of the user authentication input with the stored authentication data (¶¶ [0014], [0192], [0407]-[0409]); and 

As per claims 10 & 25, Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses wherein the first secure element is further configured to store a plurality of payment applications, and wherein the second secure element is 

As per claims 11 & 26, Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses wherein the transaction security data comprises a crypto key (¶¶ [0253], [0359]). 

As per claim 12, Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses wherein the secure payment message is generated with the crypto key (¶¶ [0253], [0359], [0364]). 

As per claim 12, Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses wherein the secure payment message is generated with the crypto key (¶¶ [0253], [0359], [0364]). 

As per claim 13, Ogilvy/ Belamant/ Leone discloses as shown above .
Ogilvy further discloses wherein the crypto key is received from a trusted service manager (TSM) in an encrypted message generated with a public key associated with the electronic device, and wherein the payment application is signed by TSM with the public key (¶¶ [0253], [0359], [0364]). 

As per claims 14 & 27, Ogilvy/ Belamant/ Leone discloses as shown above .
. 

Response to Arguments
Applicant’s arguments with respect to at least claim 2  have been considered but are moot in view of the new ground of rejection. 

Claim Rejections 35 U.S.C. § 103
Applicant argues (page 13):
However, nothing in Ogilvy discloses or even suggests a first and second secure element that are separate, where the second secure element processes biometric information and provides a secure payment message to the first secure element. As such, Ogilvy does not disclose, teach, or suggest the limitations of amended claim 2.

The Examiner, however, respectfully disagrees. 
Ogilvy discloses: 
SIM Card 116 having a separate processor and memory (not shown) from the mobile device main processor 118 (Fig. 20 & related text). 
a SIM card with secure storage (e.g. removable device) for encrypting keys and encryption algorithms, wherein the SIM cards encrypts data using the keys and/or encryption algorithms (¶¶ [0365], [0366]; fig. 20). 
To transmit the encrypted data outside the mobile device, the encrypted data has to be transmitted from the SIM card to processor 118 and then to transceiver 120  (¶ [0232]; Fig. 20 & related text). 
Therefore, Ogilvy meets the limitations as claimed. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is cited in the Notice of References Cited (form PTO-892).
Andersson et al US 20050182710 A1) discloses:
The invention relates to processing an electronic payment cheque that relates to a transfer of an amount of money from an account of a first user in a first banking institute to an account of a second user in a second banking institute, which processing includes generating digital signatures by means of asymmetric encryption. The method comprises the following steps:.cndot.in a first SIM card, creating an electronic payment cheque and signing the electronic payment cheque with a first signature;.cndot.transmitting the signed electronic payment cheque to a second SIM card in a second mobile equipment of the second user;.cndot.in the second SIM card, additionally signing the electronic payment cheque with a second signature;.cndot.transmitting the thus signed electronic payment cheque to subsequently initiate a deposit of the amount of money in the electronic payment cheque into the account of the second user. 

Bas Bayod et al (US 20080091614) discloses:
A method to carry out safe transactions using programmable mobile telephones. The use of programmable handsets--for example with Java technology--, to which an application is downloaded (e.g. Java application) allows people to carry out safe transactions. The application allows the buyer/seller to carry out the transaction, including the verification, with just one connection. The data that was sent is then encrypted and transmitted via GPRS or any other data transmission protocol, to a transactions server, where the transactions are verified and authorised. The security of the process is provided mainly by the use of up to five non related 

LaPorta ET AL (US 5918158 A) discloses:

  Referring now to FIG. 9 there is illustrated one example of a messaging device that can be used with the present invention. It is illustrated as a dedicated, stand alone two-way pager 11. In this example, the messaging device 11 generates, receives and displays messages to the subscriber user. The design of the messaging devices must take into account important hardware limitations, such as the need for minimum power consumption. As illustrated, the messaging device 11 should be business card size to provide the portability required of "any time, anywhere" service. The power consumption should be minimum, requiring infrequent battery change.


Moshir (US 20090265552 A1) discloses generating a random key (encryption/AES key) before receiving a request for processing a transaction for a client device (phone)  (¶¶ [0046], [0038], [0044], [0052]); encrypting the random key using a public certificate (module 201 public key)  of the client device (¶ [0046]);sending the random key to the client device for storage in a crypto secure element (secure storage 64) (¶¶ [0041], [0046], [0053]), wherein: the client device is registered with the TSM  (Gateway 115) only through the crypto secure element, (e.g. registering phone using the phone number/secure identification code stored in  secure storage 64 (or SIM) and associated with module 201) (¶¶ [0041], [0044], [0045]), exclusive of an app secure element that is separate from the crypto secure element (e.g. different storage sectors/areas) (¶¶ [0041], [0044], [0045]),the security key and data associated with a payment instrument (credit/account information) are excluded from the app secure element, wherein registering the client device with the TSM for authentication includes registering and storing an authentication data, and the stored authentication data is excluded from the app secure element (e.g. registering phone using the phone number/secure identification code stored in  secure storage 64 (or SIM) and associated with module 201) (¶¶ [0041], [0044], [0045]);and the data associated with the payment instrument comprises data associated with a bank, a credit card, a public transport company and/or a loyalty program (¶¶ [0057], [0084], [0110]), and securely uploading a payment application (e.g. module 201) to the app secure element of the client device from the TSM server, wherein the app secure element is programmed to download the payment application in response to determining that 
after uploading the payment application to the app secure element, receiving an encrypted SMS message comprising a payment certificate and an address (phone no. ) of a service provider (SP) (e.g. another user) (¶ [0070]), wherein the SMS message from the client device is encrypted in accordance with the random key (e.g. first encryption key) (¶¶ [0052] [0075]); decrypting the SMS message using the random key and determining the address of the SP (¶¶ [0052] [0075]); 
re-encrypting the SMS message using a second stored key (e.g. second encryption key) corresponding to the SP (¶¶ [0052] [0075]); and forwarding the re-encrypted SMS message to the SP (¶¶ [0052] [0075]),

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 


Any inquiry concerning this communication or earlier communications from the Examiner should be directed to MAMON OBEID whose telephone number is (571)270-1813.  The Examiner can normally be reached on 8 AM- 5 PM.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/MAMON OBEID/Primary Examiner, Art Unit 3685