DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
	The examiner acknowledges receipt of the preliminary amendment filed concurrently with the original claims on 12/28/2018. The claims presented in the preliminary amendment are examined on the merits in this action.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-9 rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) signing information, encrypting information, communicating the signed information, and verifying the signed information, which is a function that a human could perform mentally or by using pen and paper. This judicial exception is not integrated into a practical application because the additional elements solve a business problem, not 
Applicant has amended the claims from their original filing. While ordinarily the Examiner would leave Applicant’s markup signals (e.g., underlining and strikethroughs), the Examiner has revised Applicant’s marked-up claims to read in final form. The Examiner did not examine the originally filed claims and has no need to demonstrate what from the claims has changed due to amendment, and the Examiner generally finds the claims easier to read and understand in final form. 
Claims 1, 8, and 9
Claims 1, 8, and 9 are Applicant’s independent claims. Claim 1 is directed to a method, claims 8 a system, and claim 9 a computer-readable medium but, otherwise, claims 1, 8, and 9 are directed to the same limitations. Accordingly, the Examiner addresses claim 1 are representative of claims 8 and 9. 
A method of authenticating at least one piece of data, implemented during a payment transaction taking place between a merchant's . . . the method being of the type comprising transmission, . . . , of at least one piece of data to be signed to the user device . . . 
wherein the method comprises the following acts . . . : 
obtaining said piece of data to be signed; 
obtaining an identifier of said . . . ; 
signing, . . . , by
transmission of the pair of signed pieces of data to said user . . . ; and 
reception, from said user device, of a piece of encrypted data establishing authentication of said pair of signed pieces of data.
Claim 1 is directed to a method for signing information, communicating, or sending, the signed information, and verifying the signature used to sign the data. This is a method humans are capable of performing using pen and paper and is, accordingly, an abstract idea. Abstract ideas constitute judicial exceptions to patentability. 
Apart from Applicant’s claim limitations directed to the judicial exception, Applicant’s claim 1 includes the additional elements: communications terminal, user device, near field communications wireless data link, and a secured processing unit. These elements do not, however, transform Applicant’s invention into a practical application. The judicial elements carry out Applicant’s claimed judicial 
When considered individually and in combination, the additional elements do not amount to significantly more than the judicial exception. Again, individually, the additional elements perform their native function and solve a business problem. And in combination the claims simply amount to the judicial exception performed between a user device and a communication terminal. Essentially, Applicant’s judicial exception when combined with the additional elements amount to the judicial exception itself.  
Accordingly, Applicant’s claims 1, 8, and 9 are rejected under 35 U.S.C. § 101. 
Claim 2
The method of authentication according to claim 1, comprising, subsequently to said reception of the piece of encrypted data coming from said user device: 
decryption, . . . , of said piece of encrypted data delivering a piece of signed data; 
verification of validity of said piece of signed data in relation to a piece of reference data.

Claim 3
The method of authentication according to claim 2, wherein said piece of reference data is equal to said piece of data to be signed.
Applicant’s claim 3 further refines the validating step set forth for claim 2 by comparing and matching data. For the same reasons set forth for claims 1 and 2, Applicant’s claim 3 is rejected under 35 U.S.C. § 101. 
Claim 4
The method of authentication according to claim 2, wherein subsequently to verification of the validity of said piece of signed data in relation to the piece of reference data, if a positive result is delivered, the method comprises transmission, by the communications terminal, of said piece of signed data to a payment transaction processing system.
Claim 4 adds a step of transmitting data, i.e., sending information as set forth in claim 1. Accordingly, claim 4 is part of the judicial exception recited in claims 1 
Claim 5
The method of authentication according to claim 1, wherein said signing comprises: 
transmission of said piece of data to be signed and/or said identifier . . . ;
signing, . . . , using said key . . . , said piece of data to be signed and/or said identifier . . . , respectively delivering a piece of signed data and/or a signed identifier; 
transmission of said piece of signed data and/or of the signed identifier . . . .
Claim 5 recites steps that are part of the same judicial exception recited for claim 1, signing information and sending signed information. Claim 5 includes no further additional elements outside those recited for claim 1. Accordingly, claim 5 is rejected under 35 U.S.C. § 101 for the same reasons set forth for claim 1. 
Claim 6
The method of authentication according to claim 1, wherein said key . . . is a private key belonging a {private key; public key} pair.
Claim 6 adds no additional steps to the judicial exception recited for claim 1 nor recites any further additional elements. Accordingly, for the same reasons as set forth for claim 1, claim 6 is rejected under 35 U.S.C. § 101.
Claim 7
The method of authentication according to claim 1, comprising, within the user device, between the transmission of the pair of signed data and the reception of the piece of encrypted data: 
reception of the pair of signed data by the user . . . ; 
verification, by using a key, of the signature of the data of the pair of pieces of signed data; and 
when the signature of the pair of pieces of signed data is correct: 
signing, by using a signature key, of at least one of the pieces of data previously received from the merchant . . . , delivering a piece of signed data; 
encryption of said piece of signed data by using an encryption key delivering the piece of encrypted data;
transmission of the piece of encrypted data to the merchant . . . .
Claim 7 adds no additional steps outside the judicial exception recited in claim 1 and adds no additional elements outside those recited in claim 1. Accordingly, for the same reasons as set forth for claim 1, claim 7 is rejected under 35 U.S.C. § 101. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bogaard in view of James and Sykora.
Claims 1, 8, and 9
Claims 1, 8, and 9 are Applicant’s independent claims. Claim 1 is directed to a method, claims 8 a system, and claim 9 a computer-readable medium but, otherwise, claims 1, 8, and 9 are directed to the same limitations. Accordingly, the Examiner addresses claim 1 are representative of claims 8 and 9. 
Bogaard, teaches the following limitations. 
A method of authenticating at least one piece of data, implemented during a payment transaction taking place between a merchant’s communications terminal and a user device, the method being of the type comprising transmission, by the communications terminal, of at least one piece of data . . . to the user device by using a near field communications wireless data link, Bogaard discloses an Authentication/Payment system that “compris[s]: application software that would be installed on user mobile devices; NFC-payment-enabled gateway devices that would be integrated to communicate with merchant NFC-enabled POS devices; an ‘app’-provide computer system/device; and an Authentication computer Device. Bogaard, [0141]. Bogaard explains that an “‘app’-provider computer device . . . compare[s] the expected value that it had created with the modified version 
As demonstrated above, Bogaard teaches the portions of Applicant’s invention directed to authenticating information and, as a result of a positive authentication, communicating data, specifically payment data, across a near field communications link. But how Bogaard assembles data for verification is different than Applicant’s disclosure. Accordingly, Bogaard teaches none of Applicant’s claim limitations directed to the specific assemblage and signing of data. 
Nevertheless, a second reference, James does. James teaches the following limitations of Applicant’s claim 1: 
wherein the method comprises the following acts performed by the communications terminal: 
obtaining said piece of data to be signed; James discloses that “[w]hen the IoT device has information to send, the IoT device generates a payload in an application specific way.” 
obtaining an identifier of said communications terminal; James discloses obtaining a name of an IoT device. James, [0032] (“The resulting message is the combination of the name of the IoT device, the payload, and the cryptographic signature.”). 
signing, . . . , by; James discloses that “When the IoT device has information to send, the IoT device generates a payload in a an application specific way. James, [0032]. James explains that “[a] cryptographic signature is computed over the name of the IoT device and the payload.” James, [0032]. “The resulting message is the combination of the name of the IoT device, the payload, and the cryptographic signature.” James, [0032]. 
transmission of the pair of signed pieces of data to said user device; and James discloses that “[t]he message is then forwarded towards the 
reception, from said user device, of a piece of encrypted data establishing authentication of said pair of signed pieces of data. James discloses that “[w]hen received by the recipient, the name of the IoT device, the payload, and the signature are extracted from the message.” James, [0033]. James explains that “[t]he public key of the IoT device is retrieved from the globally accessible registry using the name of the IoT device as the key” and “[t]he public key is used by the recipient to verify the source of the message.” 
A person of ordinary skill in the art would have been motivated to combine the teachings of Bogaard with James because doing so would constitute a simple substitution of one known element for another. Again, in order to authenticate the sender of information, prior to performing a payment transaction, Bogaard teaches authenticating data by comparing the received data to a calculated expectation of what the data should be. A POSITA reading Bogaard would thus understand the importance of authenticating the sender of data and, in connection with reading James, would understand that myriad examples exist as to how to authenticate the sender of data. Accordingly, the POSITA would have considered substituting the 
Additionally, although Applicant’s invention describes “a pair of signed pieces of data,” the Examiner determines that one of ordinary skill in the art would not have discerned any patentable difference between sending two signed pieces of data, each signed with the same key, as opposed to sending a signed message that includes two pieces of data. A POSITA would understand that cryptographically this amounts to the algebraic difference between (A+B)X = AX + BX, where A and B are the pieces of data, and X is the encryption key. Accordingly, the Examiner reiterates that James’s teaching that “[a] cryptographic signature is computed over the name of the IoT device and the payload” reads on Applicant’s claim limitation signing, . . . a pair of signed pieces of data. See James, [0032]
Although Bogaard in view of James teaches all of Applicant’s limitations directed to assembling a cryptographically signed message that includes an identifier of a terminal (James’s name of the IoT device) and a piece of data (James’s payload), James does not disclose using a secure processing unit to perform the describes steps. Nevertheless, a second reference, Sykora, does. 
Sykora teaches:
“. . . ., within a secured processing unit of said communications terminal, . . . .” Sykora discloses a secure enclave processor (SEP). 
A person of ordinary skill in the art would have been motivated by security to modify Bogaard and James with the teachings of Sykora. Sykora notes that “[b]y isolating SEP 114 in th[e] manner [described], secrecy of maintained private keys may be enhanced.” Sykora, [0024]. Accordingly, A POSITA reading Sykora would understand the benefits to security of using an SEP and would have employed one to perform the functions taught by James. 
For these reasons, a POSITA would have found it obvious at a time before Applicant filed the foreign reference underlying the current application to combine 
Claim 2
James teaches the following limitations of claim 2:
The method of authentication according to claim 1, comprising, subsequently to said reception of the piece of encrypted data coming from said user device: 
decryption, . . . , of said piece of encrypted data delivering a piece of signed data; James teaches that “[w]hen received by the recipient, the name of the IoT device, the payload, and the signature are extracted from the message.” James, [0033]. James explains that “[t]he public key of the IoT device is retrieved from the globally accessible registry using the name of the IoT device as the key” and “[t]he public key is used by the recipient to verify the source of the message.” James further teaches that the “[t]he public key is used by entities wishing to verify the authenticity of signed data received from a entity and/or to encrypt encrypted data to be sent to an entity.” James, [0033].  
verification of validity of said piece of signed data in relation to a piece of reference data. James discloses that “[w]hen received by the recipient, the name of the IoT device, the payload, and the signature are extracted from the message.” James, [0033]. James explains that “[t]he public key 
Again, James does not disclose the secured processing unit limitation of Applicant’s claims, by Sykora does. Sykora teaches “by using the secured processing unit of said communications terminal.” Sykora discloses that “[a]pplications 132 may request, for example, that SEP 114 perform encryption (and decryption) operations using keys accessible within SEP 114 and using dedicated cryptographic circuitry in SEP 114.” Sykora, [0023]. 
For the same reason as set forth for claim 1, a POSITA would have found it obvious at a time before Applicant filed the foreign reference underlying the current application to combine the teachings of Bogaard with James and Sykora to arrive at Applicant’s invention. Thus, claim 2 is rejected under 35 U.S.C. § 103.

Claim 3
James teaches the following limitations of claim 3:
The method of authentication according to claim 2, wherein said piece of reference data is equal to said piece of data to be signed. James discloses that the IoT generates and signs a payload. James, [0032]. 
For the same reason as set forth for claim 1, a POSITA would have found it obvious at a time before Applicant filed the foreign reference underlying the current application to combine the teachings of Bogaard with James and Sykora to arrive at Applicant’s invention. Thus, claim 3 is rejected under 35 U.S.C. § 103.
Claim 4
Bogaard teaches the following limitations of Applicant’s claim 4:
The method of authentication according to claim 2, wherein subsequently to verification of the validity of said piece of signed data in relation to the piece of reference data, if a positive result is delivered, the method comprises transmission, by the communications terminal, of said piece of signed data to a payment transaction processing system. Bogaard teaches that if Authentication passes then payment information is communicated to merchant. See Bogaard, FIG. 13B. Bogaard explains that an “‘app’-provider computer device . . . compare[s] the expected value that it had created with the modified version that it had received through the local exemplary 
For the same reason as set forth for claim 1, a POSITA would have found it obvious at a time before Applicant filed the foreign reference underlying the current application to combine the teachings of Bogaard with James and Sykora to arrive at Applicant’s invention. Thus, claim 4 is rejected under 35 U.S.C. § 103.
Claim 5
Sykora teaches the following limitations of claim 5:
The method of authentication according to claim 1, wherein said signing comprises
transmission of said piece of data to be signed and/or said identifier of the communications terminal to said secured processing unit of said communications terminal by a general processing unit of said communications terminal; Sykora discloses that “[a]pplications 132 may also request that SEP 114 sign payloads provided by the applications 132.” Sykora, [0023]. Sykora’s applications 132 are “applications that may use services of SEP 114 and are executable on CPU 112.” Sykora, [0023]. 
signing, by said secured processing unit, using said key of the communications terminal, said piece of data to be signed and/or said identifier of the communications terminal, respectively delivering a piece of signed data and/or a signed identifier; Sykora discloses that “[a]pplications 132 may also request that SEP 114 sign payloads provided by the applications 132 with keys accessible in the SEP.” Sykora, [0023]. Sykora explains that “[i]n some embodiments, SEP 114 is configured to store multiple keys, each associated with a respective application 132.” Sykora, [0023]. 
transmission of said piece of signed data and/or of the signed identifier to said general processing unit of said communications terminal. Sykora’s SEP is “an isolated, internal resource.” Sykora, 
For the same reason as set forth for claim 1, a POSITA would have found it obvious at a time before Applicant filed the foreign reference underlying the current application to combine the teachings of Bogaard with James and Sykora to arrive at Applicant’s invention. Thus, claim 5 is rejected under 35 U.S.C. § 103.
Claim 6
James teaches the following limitations of claim 6:
The method . James discloses that the IoT device “generates a private and public key pair” and the “private key is used by the entity for singing data to be sent.” James, [0032, 33]. 
For the same reason as set forth for claim 1, a POSITA would have found it obvious at a time before Applicant filed the foreign reference underlying the 
Claim 7
James teaches the following limitations of claim 7:
The method of authentication according to claim 1, comprising, within the user device, between the transmission of the pair of signed data and the reception of the piece of encrypted data: 
reception of the pair of signed data by the user device; James discloses receiving a message that “is the combination of the name of the IoT device, the payload, and the cryptographic signature.” James, [0032, 33]. 
verification, by using a key, of the signature of the data of the pair of pieces of signed data; and James discloses that once the message is received, “[t]he public key of the IoT device is retrieved from the globally accessible registry” and “[t]he public key is used by the recipient to verify the source of the message and that the message has not been modified in transit.” 
when the signature of the pair of pieces of signed data is correct: 
signing, by using a signature key, of at least one of the pieces of data previously received from the merchant's communication terminal, delivering a piece of signed data; James discloses that “[e]very entity has a private/public key pair” and explains that “[t]he private key is used by the entity for signing data to be sent.” James, [0033]. 
encryption of said piece of signed data by using an encryption key delivering the piece of encrypted data; James discloses that “the public key is used by entities wishing to . . . encrypt encrypted data to be sent to an entity.” James, [0033]. 
transmission of the piece of encrypted data to the merchant's communications terminal. James discloses sending signed data and sending encrypted data. James, [0032, 33]. 
For the same reason as set forth for claim 1, a POSITA would have found it obvious at a time before Applicant filed the foreign reference underlying the current application to combine the teachings of Bogaard with James and Sykora to arrive at Applicant’s invention. Thus, claim 7 is rejected under 35 U.S.C. § 103.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZACHARY MICHAEL COOTS whose telephone number is (571)270-7002.  The examiner can normally be reached on M-F 7:30 to 5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-






/Z.M.C./Examiner, Art Unit 3685                                                                                                                                                                                                        

/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3685