Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

DETAILED ACTION
Continued Examination Under 37 CFR 1.114

1.       A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  
Applicant's submission filed on 12-30-2020 has been entered.

2.       Claims 1 - 20 are pending.  Claims 1, 8, 15 have been amended.  Claims 1, 8, 15 are independent.  This application was filed on 6-13-2018.  

Response to Arguments

3.    Applicant's arguments have been fully considered, however upon further consideration of the prior art and the claimed limitations, they were not persuasive.

A.  Applicant argues on page 8 of Remarks:    ...   Innes fails to describe or suggest storing the credentials in the (tamper-resistant) secure element and thereafter returning a portion of the credentials stored in the secure element to be used as the signature without communicating and without revealing the portion of the credentials outside of the secure element,   ...   . 

    The Examiner respectfully disagrees.  Innes discloses processing credentials within an authentication process without communicating the credentials between network-connected nodes (i.e. without communicating or revealing the credentials outside of the network-connected nodes).  (see Innes paragraph [0104], lines 14-19: broker integration component utilizes standard Windows authentication interfaces such as Security Support Provider Interface (SSPI) to authentication to the broker service without communicating the user credentials; (credentials are not communicated between network-connected nodes in order to complete an authentication procedure) 
    Marshall discloses a secure element is implemented utilizing tamper-resistance hardware. (see Marshall paragraph [0022], lines 5-19: secure element implemented using hardware; secure element implemented using a tamper-resistant integrated circuit resistant to “snooping” as well as physical removal from mobile communication device (cover circuit with epoxy causing circuit to break if removal is attempted)   Marshall discloses the capability to store the set of authentication credentials within a secure element of a network-connected entity. (see Marshall paragraph [0005], lines 1-7: decrypt credentials using a private key included in secure element and store the credentials in the secure element, credentials utilized for secure communications with mobile communications device; paragraph [0044], lines 1-10: provisioning service receives a response to the request (initial provisioning request) including mobile device’s public key; provisioning service requests data (i.e. credentials) to be communicated to the mobile device; provisioning service receives the data (i.e. credentials) encrypted by public key and communicates the data to the mobile 
    And, Zic discloses the capability for a portion of a set of credentials (or the entire credential to be considered as a portion) to be utilized in the generation of a digital signature.  Zic discloses the capability to transfer a certificate (i.e. load or return a certificate) and utilize the digital certificate (i.e. credentials) in the generation of a digital signature. (see Zic paragraphs [0011] - [0015]: generate a digital certificate using public key (of key pair) and credential data; generate digital signature using private key (of key pair) and credential certificate; (digital signature generated utilizing credential information (i.e. digital certificate)); paragraph [0043], lines 26-29: credential digital signature is generated based on credential and cryptographic private key (of key pair); paragraph [0044], lines 1-8: TPM generates identity request messages to load (i.e. transfer) digital certificates and the generation and storage of cryptographic hashes)

B.  Applicant argues on page 8 of Remarks: Claims 2-7 depend from independent Claim 1.    ...   , Applicant submits that Claims 2-7 are patentable over the cited references.

        Responses to arguments against the independent claims also answer arguments against the associated dependent claims.       

C.  Applicant argues on page 8 of Remarks:    ...   independent Claims 8 and 15 include recitations similar to the recitations of independent Claim 1, Applicant submits that Claims 8 and 15 are also patentable over the cited art. 

        Responses to arguments against independent claim 1 also answer arguments against independent claims 8 and 15, which have similar limitations as independent 

D.  Applicant argues on page 8 of Remarks: Claims 9-14 depend from independent Claim 8 and Claims 16-20 depend from independent Claim 15.    ...   , Applicant submits that Claims 9-14 and 16-20 are also patentable over the cited art.

        Responses to arguments against the independent claims also answer arguments against the associated dependent claims.       

Claim Rejections - 35 USC § 112

4.       The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

5.        Claims 1, 8, 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  The claims recite “returning a portion of the credentials stored in the secure element… without communicating and without revealing the portion of the credentials outside the secure element” is unclear how the authentication process can be implemented without the communication of credential information in some manner between network-connected nodes.  Dependent claims 2-7, 9-14 and 16-20 are also rejecting under the same rationale set forth above. 

Claim Rejections - 35 USC § 103  


a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

7.        Claims 1 - 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Marshall et al. (US PGPUB No. 20120099727) in view of Innes (US PGPUB No. 20090210934) and further in view of Zic et al. (US PGPUB No. 20090319793).     

Regarding Claims 1, 8, 15, Marshall discloses a method and a mobile computing device comprising a secure element implemented in tamper-resistant hardware and one or more computer storage devices storing computer readable instructions that, when executed by at least a processor, cause the at least one processor to perform operations, the method, mobile computing device, and storage media comprising:
a)  receiving, from an application executing on a mobile communication device, a request for a secure element to provision credentials for the application (see Marshall paragraph [0004], lines 1-8: a request including identification of a secure element; response received including encrypted data that is decrypted by secure element using private key and functionality of mobile communication device is provisioned using received data; paragraph [0022], lines 1-5: mobile communications device includes a secure element (part of mobile device) to support secure communications with mobile communication device), wherein the secure element is implemented using tamper-resistant hardware; (see Marshall paragraph [0022], lines 5-16: secure element implemented using hardware; 
b)  based at least on receiving the provisioning request, storing the credentials in the secure element. (see Marshall paragraph [0005], lines 1-7: decrypt credentials using a private key included in secure element and store the credentials in the secure element, credentials utilized for secure communications with mobile communications device; paragraph [0044], lines 1-10: provisioning service receives a response to the request (initial provisioning request) including mobile device’s public key; provisioning service requests data (i.e. credentials) to be communicated to the mobile device; provisioning service receives the data (i.e. credentials) encrypted by public key and communicates the data to the mobile communication device)    

Furthermore, Marshall discloses for d): returning data stored in the secure element without revealing the portion of the credentials outside of the secure element. (see Marshall paragraph [0016], lines 5-16: asymmetric encryption techniques employed and private key implemented in hardware on mobile communication device; provisioning service provides public key to other services in order for secure communications with mobile communications device; services communicate data (i.e. credentials, cryptographic keys, and other information) without the data being exposed “in the clear” or exposed outside of secure element)    


However, Innes discloses wherein for d): processing without communicating the portion of the credentials outside of the secure element. (see Innes paragraph [0104}, lines 14-19: broker integration component utilizes standard Windows authentication interfaces such as Security Support Provider Interface (SSPI) to authentication to the broker service without communicating the user credentials; (credentials are not communicated between network-connected nodes to complete the authentication procedure)) 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Marshall for d): processing data without communicating a portion of the credentials outside of a secure element as taught by Innes.  One of ordinary skill in the art would have been motivated to employ the teachings of Innes for the benefits achieved from a system that enables an authentication procedure without communicating authentication credentials between the network-connected nodes.  (see Innes paragraph [0104], lines 17-18)  

Although Marshall discloses a communication module for the transfer of messages such as emails messages, status updates messages, and short message service (see Marshall paragraph [0021], lines 1-7: communication includes functionality for transfer of data such as from short message services, text messages, messaging service, emails) and discloses the processing of credentials (see Marshall paragraph [0005], lines 1-7: decrypt credentials using a private key included in secure element and store credentials in secure element, credentials utilized to secure 
However, Zic discloses:
c)  receiving, by the application, a request for a signature of data using the credentials; (see Zic paragraphs [0011] - [0015]: generate a digital certificate using public key (of key pair) and credential data; generate digital signature using private key (of key pair) and credential certificate; (digital signature generated utilizing credential information (i.e. digital certificate)); paragraph [0043], lines 26-29: credential digital signature is generated based on credential and cryptographic private key (of key pair); paragraph [0044], lines 1-8: TPM generates identity request messages to load digital certificates (i.e. transfer portion of credentials) and the generation and storage of cryptographic hashes) and
d)  based at least on receiving the request for the signature, returning a portion of the credentials to be used as the signature. (see Zic paragraphs [0011] - [0015]: generate a digital certificate using public key (of key pair) and credential data; generate digital signature using private key (of key pair) and credential certificate; (digital signature generated utilizing credential information (i.e. digital certificate)); paragraph [0043], lines 26-29: credential digital signature is generated based on credential and cryptographic private key (of key pair); paragraph [0044], lines 1-8: TPM generates identity request messages to load (i.e. transfer) digital certificates and the generation and storage of cryptographic hashes)


Regarding Claims 2, 9, 16, Marshall-Innes-Zic discloses the method of claim 1 and the mobile computing device of claim 8 and the one or more computer storage devices of claim 15, wherein an integrated circuit implements the secure element. (see Marshall paragraph [0022], lines 5-16: secure element implemented using hardware and configured during manufacture to include a private key; implemented using a tamper-resistant integrated circuit that is resistant to “snooping” as well as physical removal from mobile communication device; epoxy helps prevent snooping of circuit as well as causing circuit to break if removal is attempted)    

Regarding Claims 3, 10, 17, Marshall-Innes-Zic discloses the method of claim 2 and the mobile computing device of claim 9 and the one or more computer storage devices of claim 16, wherein the integrated circuit is resistant to removal from a circuit board of the mobile communication device. (see Marshall paragraph [0022], lines 5-16: secure element implemented using hardware and configured during manufacture to include a tamper-resistant integrated circuit that is resistant to “snooping” as well as physical removal from mobile communication device; epoxy helps prevent snooping of circuit as well as causing circuit to break if removal is attempted)    

Regarding Claims 4, 11, 18, Marshall-Innes-Zic discloses the method of claim 1 and the mobile computing device of claim 8 and the one or more computer storage devices of claim 15, wherein the credentials are configured to authenticate a user’s identity for the application. (see Marshall paragraph [0051], lines 10-11: expose data for use by the client such as credentials used to logon (i.e. authentication of a client, user) for purchases)    

Regarding Claims 5, 12, Marshall-Innes-Zic discloses the method of claim 1 and the mobile computing device of claim 8, wherein the secure element includes a private key configured to decrypt data that includes the credentials encrypted using a corresponding public key, the secure element configured to perform the decryption without exposing the private key and the one or more credentials outside of the secure element. (see Marshall paragraph [0005], lines 1-7: decrypt credentials using a private key included in secure element and store the credentials in the secure element, credentials utilized to secure communications with mobile communications device; paragraph [0016], lines 5-16: asymmetric encryption techniques employed and private key implemented in hardware on mobile communication device; provisioning service provides public key to other services in order to secure communications with mobile communications device; other services communicate data (i.e. credentials, 

Regarding Claims 6, 13, Marshall-Innes-Zic discloses the method of claim 5 and the mobile computing device of claim 12, wherein the private key is configured during manufacture of the secure element. (see Marshall paragraph [0022], lines 5-16: secure element implemented using hardware and configured during manufacture to include a private key; implemented using a tamper-resistant integrated circuit that is resistant to “snooping” as well as physical removal from mobile communication device; epoxy helps prevent snooping of circuit as well as causing the circuit to break if removal is attempted)    

Regarding Claims 7, 14, 20, Marshall-Innes-Zic discloses the method of claim 1 and the mobile computing device of claim 8 and the one or more computer storage devices of claim 15, wherein the one or more credentials are configured for use by the mobile communication device to authenticate the user to make a purchase using information relating to a credit card, provide an identifier for use as a transit access card, provide an identifier associated with a loyalty card, or provide credentials usable by the mobile communication device to access a premises. (see Marshall paragraph [0051], lines 10-11: expose data for use by the client such as credentials used to logon (i.e. authentication of a user) for purchases; (selected: authenticate the user to make a purchase using information relating to a credit card))    
 
Regarding Claim 19, Marshall-Innes-Zic discloses the one or more computer storage devices of claim 15, wherein the secure element includes a private key configured to decrypt data that includes the credentials encrypted using a corresponding public key, the secure element configured to perform the decryption without exposing the private key and the one or more credentials outside of the secure element (see Marshall paragraph [0005], lines 1-7: decrypt credentials using a private key included in secure element and store the credentials in the secure element, credentials utilized to secure communications with mobile communications device; paragraph [0016], lines 5-16: asymmetric encryption techniques employed and private key implemented in hardware on mobile communication device; provisioning service provides public key to other services in order for secure communications with mobile communications device; other services communicate data (i.e. credentials, cryptographic keys, and other information) without the data being exposed “in the clear”), and wherein the private key is configured during manufacture of the secure element. (see Marshall paragraph [0022], lines 5-16: secure element implemented using hardware and configured during manufacture to include a private key; implemented using a tamper-resistant integrated circuit that is resistant to “snooping” as well as physical removal from mobile communication device; epoxy helps prevent snooping of circuit as well as causing the circuit to break if removal is attempted)    

Conclusion
         
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLTON JOHNSON whose telephone number is (571)270-1032.  The examiner can normally be reached on Work: 12-9PM (most days).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CJ/
March 29, 2021     
                                                                                                                                                                                                                                                                                            
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436