DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The following detailed action acknowledges the amendments of the response filed on the 21st of January of 2021. The amendments in the filed response have been entered. 
Claims 1-4, 8-11 and 15-18 have been amended.  The Examiner has confirmed no new matter has been added.
Claims 5-6, 12-13 and 19-20 are confirmed to have been cancelled.  
Claims 1-4, 7-11, and 14-18 are pending in the application and the status of the application is currently pending. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4, 7-11, and 14-18 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Regarding claims 1, 8 and 15, the claims are rejected for being indefinite. The claims recite the similar limitations: managing, by the payment TA via the processing circuitry, a biological recognition technology-based algorithm used by the third party payment applications, wherein the algorithm comprises at least one key generation algorithm and at least one data encryption algorithm. The limitations describe how the payment TA works along with the biological recognition technology-based algorithm, where the biological recognition application performs its respective functions, such as generate a key for encryption. 
The Specification describes the biological recognition technology-based algorithm as “a biological recognition (biometric recognition) technology-based payment function” as an application and the mobile payment device includes a sensor that collects the biological information (See USPGPub 2017/0148017, in para [0030]). The Specification further describes the payment TA to “generate a user key corresponding to a target user account using a second key generation algorithm, and encrypt the user key using a second data encryption algorithm and the application key” (See USPGPub in para [0035]), which defines a second key generation algorithm. 
Thus, the similar limitation generating, by the payment TA via the processing circuitry, a key required for performing payment-related operation by using the key generation algorithm (emphasis added) is not clearly describing which key algorithm is used, which makes the claim indefinite. It is unclear whether the biological recognition 
Further, the similar limitation generating, by the payment TA via the processing circuitry, a key required for performing payment-related operation by using the key generation algorithm (emphasis added) is not clearly defining which one of the at least one key algorithms are being used, which makes the claims indefinite. The term the key generation algorithm lacks the antecedent basis that makes the claim indefinite.
Also, the claims recite biological recognition algorithm and biometric recognition application. The terminology should be uniform with the description in the Specification. The claims would also be indefinite for a lack of antecedent basis for the term the biometric recognition application, see in claim 8, and also where biometric recognition application is not clearly anteceded by biological recognition technology-based algorithm.  A proposed correction is to use the term defined in the Specification, which is biological, and keep this as standard throughout the claims. 
The claims 1, 8 and 15, as well as dependent claims 2-4, 7, 9-11, 14 and 16-18, are rejected for being indefinite.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 4, 7, 8, 11, 14, 15, and 18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Smets (US 2015/0244718, hereinafter “Smets”), in view of Powell (US 2015/0327072, hereinafter “Powell”).
Regarding Claims 1, 8 and 15, Smets teaches 
a processor; and a memory storing instructions executable by the processor wherein the processor is configured to execute a payment Trusted Application (TA) that operates in a Trusted Execution Environment (TEE) on a device (“According to a third aspect there is provided a computer-implemented method comprising: a trusted application of a Trusted Execution Environment obtaining: an indication that a user requires access to a secured function accessible through an external application of a Secure Element outside of said Trusted Execution Environment, and a biometric validation of said user's identity; and in response to said obtaining of both said indication and said biometric validation, the trusted application directing a request for access to said secured function over a secure channel towards an interface application of said Secure Element configured to communicate with said external application. Said channel could be secured by means of the trusted application and said interface application both having knowledge of a secret cryptographic key. The method could further comprise, prior to the obtaining of the indication and the biometric validation, preconfiguring the trusted application and the interface application with said key. Said preconfiguring could occur in a user device before it is issued to the user.” See Smets in ¶ [0032]-[0033]);
receive, by the payment TA, a call request from one of a plurality of third party payment applications that are installed on the device and operate with the payment TA, wherein the payment TA is associated and configured to operate only with payment-related operations and with the plurality of third party payment applications installed on the device (“FIG. 3a shows a user device 300 with biometric functionality. Like user device 100 of FIG. 1, it comprises a biometric sensor device 310, a main processor 320 (having a TEE 330 and an REE 340) and an SE 350 (for example a SIM card). The TEE comprises a trusted OS 331 and a trusted biometric TM or iOSTM) and an application 342 (for example, a User Interface Software Development Kit (UISDK) app) forming an REE component of a payment application. The SE comprises a secure 351 (for example a combination of JavaCardTM and Global PlatformTM) and a secure application 352 (for example a mobile payment application cardlet) forming an SE component of the payment application. The user device 300 further comprises at least one user interface device 370 (for example a touchscreen, keyboard, mouse, touchpad or microphone) at least capable of receiving user input.” See Smets in ¶ [0058]; “FIG. 2 is a flowchart setting out the method of the first implementation. At step S210 a trusted application of a TEE obtains registration credentials. Subsequently, at step S220 it obtains both an indication that a user requires access to a secured function accessible through an external application outside of the TEE and a biometric validation of the user's identity. In response to obtaining both the indication and the biometric validation, at step S230 the trusted application directs authentication credentials dependent on the registration credentials towards the external application to request use of the secured function.” See Smets in ¶ [0056]);
manage, by the payment TA, a biological recognition technology-based algorithm used by the third party payment applications […] (“The TEE comprises a trusted OS 331 and a trusted biometric application 332.” See Smets in ¶ [0058]);
acquire, by the payment TA, a result of biometric recognition from a biometric recognition application (“At step S322 the user then places their finger on the fingerprint reader, which images the user's fingerprint. At this point, the trusted app 
determine, by the payment TA, content to be [provided] based on the call request (interpreting content as elements to allow payment, such as authentication credentials for payment app, see Smets in at least ¶ [0070]);
return, by the payment TA, the […] content to the third party payment application that generates the call request […] (“At step S332, the app 342 passes the authentication credentials (or a manipulated version of them) to the payment app in the SE (for example provided by a card network organization).” See Smets in ¶ [0070]);
the biometric recognition application receives the call request from the third party payment application, collects, recognizes and verifies biometrics to obtain the result of biometric recognition, and sends the result of biometric recognition to the third party payment application (“At step S622, the trusted app then intervenes to 
when the result of biometric recognition indicates that verification of biometrics is successful, the third party payment application sends the call request to the payment TA (“Once the trusted app has obtained a biometric validation, at step S631 it informs interface application 653 in the SE over a secure channel that an authorized user requires access to the payment app.” See Smets in ¶ [0097]).
Smets substantially teaches the use of a cryptographic key possessed by the payment TA and the third party payment application for the purposes of validation and secure connection between applications (See Smets in at least ¶ [0032]-[0033]). 
Smets further teaches the third party payment application would perform a payment-related operation based on the received content (for example: “at step S340, the payment app prepares the transaction data to perform payment and communicates this data with the NFC controller 360, when the NFC controller is held close enough to a merchant's NFC controller. Alternatively, the transaction data could be returned to app 342 and returned over an internet connection (via e.g. WiFi, Bluetooth or GPRS) to a web merchant for an e-commerce transaction.” See Smets in ¶ [0071]).
Smets does not expressly teach determine content to be encrypted and an encryption parameter for performing encryption and encrypt the content according to the encryption parameter. In view of the Specification, the TEE is capable of performing the encryption in favor of secure transmission of content, without the need for the trusted application TA to further encrypt the data. 
However, Powell does teach a system that includes an encryption module to encrypt the content (“encryption module 44B may include any suitable encryption algorithms to encrypt data in embodiments of the invention. Suitable data encryption algorithms may include DES, triple DES, AES, etc.” See Powell in ¶ [0058]), and encrypting content requested for access (examples of ‘access data’, See Powell in ¶ [0030]; “Prior to step S102, a user may wish to load access data into the second application 20B. …The authentication code may be generated in any suitable manner. The authentication code may be generated using an encryption process. In some embodiments, the authentication code may include an encrypted portion and a non-encrypted portion. The non-encrypted portion may be used to decrypt the encrypted portion. Further, the encrypted portion may include a consumer's primary account identifier (PAN), a date and time when the authentication code was generated (an example of a time data element) or when the user was validated by the authorizing entity, and specific authorization code generated by the authorization entity.” See Powell in ¶ [0074]-[0080]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Smets to include “encryption parameters and encrypting the content”, as taught by Powell, to improve the 
Further, Smets does not expressly teach the algorithm comprises at least one key generation algorithm and at least one data encryption algorithm; generate a key required for performing payment-related operation by using the key generation algorithm; encrypt target content to be encrypted by using the data encryption algorithm; and store the generated key in a memory. 
However, Powell does teach 
manage an […] algorithm, wherein the algorithm comprises at least one key generation algorithm (“The validation entity computer 80 and the authorization computer system 40 may share symmetric encryption keys that will allow them to encrypted and decrypt authentication codes or portions thereof. In other embodiments, the authorization computer system and the validation entity computer may respectively utilize a public key to encrypt a portion of an authentication code and a private key to decrypt the portion of the authentication code. If the authentication code received from the authorization computer system 40 does not match the authentication code received from the digital wallet server computer 60, then a message may be transmitted to the mobile device 10 indicating that the provisioning request has failed.” See Powell in ¶ [0087]; “Any suitable key scheme can be established between the parties that create and verify the authentication code.” See Powell in ¶ [0099])
and at least one data encryption algorithm (“Suitable data encryption algorithms may include DES, triple DES, AES, etc.” See Powell in ¶ [0058])
generate a key required for performing payment-related operation by using the key generation algorithm (in the embodiment where the keys are created and used by each respective device for authentication, See Powell in ¶ [0087])
encrypt target content to be encrypted by using the data encryption algorithm (See Powell in ¶ [0074]-[0080])
store the generated key in a memory (“It may also store encryption keys that can be used with such encryption algorithms.” See Powell in ¶ [0058]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Smets to include “key generation algorithms and encryption algorithms to create a key and encrypt the content for authentication”, as taught by Powell, because the process of biometric authentication is further improved by the encryption of the content to be provided to a non-secure application.
Regarding Claims 4, 11 and 18, Smets, in view of Powell, teaches the limitations of claims 1, 8 and 15. Smets, in view of Powell, further teaches 
detect, by the payment TA, whether the result of biometric recognition indicates a success of biometric verification when the third party payment application performs a payment operation for a user account (“According to any of the first to third aspects, the biometric validation could be derived from data obtained by a fingerprint reader, a microphone, a camera or an iris scanner.” See Smets in ¶ [0039]; “At the start of the process, it is assumed that biometric sensor device 310 and trusted biometric application 332 (hereafter referred to as the trusted app for brevity) are already configured to be able to validate the identity of a user, the user 
encrypt, by the payment TA, the content using the encryption parameter and a user key corresponding to the user account to obtain an encryption result (See Powell in ¶ [0058] and [0063]);
return, by the payment TA, the encryption result to the third party payment application for the third party payment application to provide the encryption result to a server (after it is passed through the third-party payment application, See Powell in at least ¶ [0063]).
Regarding Claims 7 and 14, Smets, in view of Powell, teaches the limitations of claims 1 and 8. Smets further teaches the third party payment application is a Client Application (CA) operating in a Rich Execution Environment (REE) in the device (See Smets in ¶ [0058]).

Claims 2, 3, 9, 10, 16 and 17 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Smets, in view of Powell, and further in view of Lopez (US 2017/0364903, hereinafter “Lopez”).
Regarding Claims 2, 9 and 16, Smets, in view of Powell, teaches the limitations of claims 1, 8 and 15. Smets, in view of Powell, does not expressly teach detecting whether an application key corresponding to the third party payment application exists in the payment TA at a time to activate the third party payment application for a biometric recognition based payment function; determining a first key generation algorithm, a first data-encryption algorithm, a second key generation algorithm and a second data encryption algorithm based on the call request when no application key corresponding to the third, party payment application exists in the payment TA; generating the application key for the third party payment application using the first key generation algorithm; encrypting the application key using the first data encryption algorithm and a device key of the device; generating a user key corresponding to a user account using the second key generation algorithm; encrypting the user key using the second data encryption algorithm and the application key; and returning fee encrypted application, key and the encrypted user key to the third patty payment application, for the third, party payment application to provide the encrypted application key and fee encrypted user key to a sever. 
However, Lopez does teach
determine, by the payment TA, a first key generation algorithm, a first data-encryption algorithm, a second key generation algorithm and a second data encryption algorithm based on the call request when no application key corresponding to the third party payment application exists in the payment TA (interpreting the keys will be generated for every transaction: “In some embodiments, two types of transaction cryptogram may be used--one for track-2 data used in magnetic stripe based transactions, and one for integrated chip based transactions. For both types of transaction cryptogram, the transaction cryptogram is generated using a limited use key (LUK).” See Lopez in ¶ [0167])
generate, by the payment TA, the application key for the third party payment application using the first key generation algorithm (“Process 800 may begin by encrypting account information 804 with a first encryption key 802 using an encryption function 806 to generate a second encryption key 808. The first encryption key 802 may be a base key that is associated with the issuer of the user's account, and the base key may be associated with a group of accounts. For Example, the first encryption key 802 may be associated with a group of accounts within a BIN or PAN range designated for the cloud-based transaction service. In some embodiments, the first encryption key 802 may be a master derivation key (MDK) associated with the issuer of the account associated with the account information 804, and the first encryption key 802 can be maintained at the CBPP or at the issuer/host system.” See Lopez in ¶ [0172])
encrypt, by the payment TA, the application key using the first data encryption algorithm and a device key of the device (the key to be encrypted is created from the data to be encrypted and the device key is a master key, see Lopez in ¶ [0172])
generate, by the payment TA, a user key corresponding to a user account using the second key generation algorithm (“Process 800 may continue by encrypting key 
encrypt, by the payment TA, the user key using the second data encryption algorithm and the application key (interpreting this step occurs prior and the user key is generated from the encryption, See Lopez in ¶ [0175]) 
return, by the payment TA, the encrypted application key and the encrypted user key to the third party payment application, for the third party payment application to provide the encrypted application key and the encrypted user key to a sever (“After the LUK 814 is generated (e.g., by the CBPP or the issuer), the LUK 814 and the key index that includes information pertaining to the generation of LUK 814 may be provided to a portable communication device to facilitate generation of transaction cryptograms for transactions conducted using the portable communication device.” See Lopez in ¶ [0177]; “At block 1008, the communication device may send the transaction cryptogram to the access device to conduct the transaction.” See Lopez in at least ¶ [0187]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Smets to include “derived encryption keys and a Limited Use Key”, as taught by Lopez, to improve the process, as recited in Powell, to use the content data and reduce creating new keys during a maintenance process and instead create new keys for every transaction. 
Regarding Claims 3, 10 and 17, Smets, in view of Powell, teaches the limitations of claims 1, 8 and 15. Smets, in view of Powell, does not expressly teach detecting whether an application key corresponding to the third party payment application exists in fee payment TA at a time to activate the third party payment application for a biometric recognition based payment function; determining a key generation algorithm and a data encryption algorithm, based on the call request: when, the application, key corresponding to the third, party payment application exists in fee payment TA; generating a user key corresponding to a user account using the key generation algorithm; encrypting, fee user key using the data encryption algorithm and fee application, key; and returning the encrypted user key to 
However, following the process for claims 2, 9 and 16, and under the interpretation the keys are stored at the TA, Lopez does teach the functions to encrypt the data and the keys and send them to a server (See Lopez in ¶ [0167], [0172], [0175] and [0177]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Smets to include “derived encryption keys and a Limited Use Key”, as taught by Lopez, to improve on the process recited by Powell by using the content data and reducing the need to create new keys during a maintenance process and rather create new keys automatically to secure every transaction.

Response to Arguments
Applicant’s arguments, filed 21st of January of 2021, with respect to the rejections under 35 USC 101 and 35 USC 103 have been fully considered.  
Regarding the rejection under 35 USC 112, the Applicant argues: Claims 1-4, 7-11 and 14-18 are rejected under 35 USC § 112(b) as being indefinite. Applicant amended the claims responsive to the § 112(b) rejection.
In response: to the amendments that reduce the 112 issues, overcome the 112 issues. The rejection has therefore been withdrawn. However, new rejections are presented due to unclear claim limitations that make the claims indefinite.
 
Regarding the rejection under 35 USC 103, the Applicant argues: Amended independent claim 1 recites, in part:
“	receiving, by a payment Trusted Application (TA) that is executed by processing circuitry and that operates in a Trusted Execution Environment (TEE) on a device, a call request from one of a plurality of third party payment applications that are installed on the device and operate with the payment TA, wherein the payment TA is associated and configured to operate only with payment-related operations and with the plurality of third party payment applications installed on the device;
managing, by the payment TA via the processing circuitry, a biological recognition technology-based algorithm used by the third party payment applications, wherein the algorithm comprises at least one key generation algorithm and at least one data encryption algorithm;
generating, by the payment TA via the processing circuitry, a key required for performing payment-related operation by using the key generation algorithm;
acquiring, by the payment TA via the processing circuitry, a result of biometric recognition from a biometric recognition application;
storing, by the payment TA via the processing circuitry, the generated key;
determining, by the payment TA via the processing circuitry, content to be encrypted and an encryption parameter for performing encryption based on the call request;
encrypting, by the payment TA via the processing circuitry, the content according to the encryption parameter and the result of biometric recognition; and
returning, by the payment TA via the processing circuitry, the encrypted content to the third party payment application that generates the call request, for the third party payment application to perform a payment-related operation based on the encrypted content,

Amended independent claims 8 and 15 recite similar features.
Applicant respectfully submits that Smets, Powell and Lopez, either individually or in combination, fail to disclose or suggest at least the aforementioned features recited in amended independent claims 1, 8 and 15.
During the Examiner Interview, Applicant’s Representative and the Examiners discussed various issues concerning conflicts between various operations and the need to clarify the claims. Based on the Examiner Interview, Applicant has amended the claims to resolve the conflicts between the claimed features and clarified the claims. In particular the independent claims 1, 8 and 15 have been amended to specify that the all operations are performed by the payment TA and that the payment TA is associated and configured to operate only with payment-related operations and with the plurality of third party payment applications installed on the device.
Applicant respectfully submits that none of the cited references disclose or suggest “a payment Trusted Application (TA)” that “is associated and configured to operate only with payment-related operations and with the plurality of third party payment applications installed on the device.” Furthermore, Applicant respectfully submits that none of the cited references disclose or suggest the claimed operations performed by the payment TA while having the particular and exclusive association with the third party payment applications. 
In response: The prior art of Smets teaches a device that includes a trusted execution environment (TEE) and a Rich Execution Environment (REE). The device further includes a secure element (SE) comprising a secure application forming an SE component of the payment application (See ¶ [0058]). Thus, Smets is shown to teach a payment trusted application, as shown in the rejection above. 
Smets further teaches a biometric application used to validate the execution of an external application in the secured element in connection to the payment application. (See at least ¶ [0032]-[0033]). Smets further teaches a trusted application activating when the payment application is running, where the payment application is defined as an external application to the SE payment application (See ¶ [0066]). Thus, Smets is shown to teach a payment application in association with third party applications. 
The claims still broadly recite the functions in the method as executed by the payment TA but not clearly describing how a plurality of third party applications associated to the payment TA are used in the method steps. Therefore, the claims remain rejected under 35 USC 103. 

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDGAR R MARTINEZ-HERNANDEZ whose telephone number is (571)270-0658.  The examiner can normally be reached on M-F from 9:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JOHN W. HAYES can be reached on (571) 272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information 



/ERM/Examiner, Art Unit 3685

/STEVEN S KIM/Primary Examiner, Art Unit 3685