DETAILED ACTION
Acknowledgements
This Office Action is in reply to Applicant’s response filed 04 March 2021 (“Response”).  
Claims 1–4, 6–9, and 12–17 are currently pending and have been examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. § 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1–4, 6–9, and 12–17 are rejected under 35 U.S.C. § 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Claim 1 recites the limitation “said first and second messages received from the electronic payment terminal determined to be authentic” in lines 22–24. There is insufficient antecedent basis for this limitation in the claim. For example, while the claim does recite “a first message” (line 12) and “a second message” (line 15), the claim does not recite that either of the first message or the second message is “determined to be authentic.” Therefore, it is unclear whether “said first and second messages received from the electronic payment terminal determined to be authentic” is referring to the first message and second message in lines 12 and 15, respectively, or to some other messages, or it is at least unclear what is meant by the language “determined to be authentic,” since the claim does not previously make any such determination(s).

Claims 9, 12–13, and 16–17 contain language similar to claims 1–4, 6–8, and 14–15 as discussed in the preceding paragraphs, and for reasons similar to those discussed above, claims 9, 12–13, and 16–17 are also rejected under 35 U.S.C. § 112 as failing to particularly point out and distinctly claim the subject matter which the inventor regards as the invention.
Claim Rejections - 35 U.S.C. § 103
The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Giobbi, in view of Callaway and Simpson, and alternatively in view of Morioka and Varoglu
Claims 1–2, 4, 6–9, and 12–17 are rejected under 35 U.S.C. § 103 as being unpatentable over Giobbi (US 2009/0254448 A1), in view of Callaway et al. (US 2008/0069072 A1) (“Callaway”), and Simpson (Document U cited on PTO-892 mailed 01 May 2020), and alternatively in view of Morioka et al. (WO 2004/092864 A2) (“Morioka”) and Varoglu et al. (US 2014/0066091 A1) (“Varoglu”).
As per claim, Giobbi teaches a method for detecting whether an electronic payment terminal is fraudulent, wherein the method is implemented by a smartphone of a user executing an application and comprises:
entering a wait state in which the smartphone waits to receive a beacon from the electronic payment terminal ([0103] [0055]; [0107] [0044]);

in response to the smartphone receiving the beacon in a first message from the electronic payment terminal (fig. 6, 602; [0103]), sending a challenge message comprising a challenge to the electronic payment terminal ([0104] “[i]n step 604, a device authentication is performed … the PDK 102 establishes if the Reader 108 is valid”; [0105] “for this type of authentication … a challenge handshake authentication protocol (CHAP) [may be used]”; note: when PDK authenticates Reader using CHAP, PDK inherently sends a challenge message comprising a challenge to the Reader (Simpson § 4.1));
receiving a second message in response to the challenge, said second message comprising a response to the challenge ([0104] “[i]n step 604, a device authentication is performed … the PDK 102 establishes if the Reader 108 is valid”; [0105] “for this type of authentication … a challenge handshake authentication protocol (CHAP) [may be used]”; note: when PDK authenticates Reader using CHAP, PDK inherently receives a second message in response to the challenge, said second message comprising a response to the challenge (Simpson § 4.1));
performing a verification of the response ([0104] “[i]n step 604, a device authentication is performed … the PDK 102 establishes if the Reader 108 is valid”; [0105] “for this type of authentication … a challenge handshake authentication protocol (CHAP) [may be used]”; note: when PDK authenticates Reader using CHAP, PDK inherently performs a verification of the response (Simpson § 4.1)); and:
in response to the verification delivering a negative verification result, generating an alarm indicating that said electronic payment terminal is fraudulent ([0104] “[i]n step 604, a device authentication is performed … the PDK 102 establishes if the Reader 108 is 
in response to the verification delivering a positive verification result, determine that said electronic payment terminal is authentic ([0104] “[i]n step 604, a device authentication is performed … the PDK 102 establishes [ ] Reader 108 is valid”; [0105] “for this type of authentication … a challenge handshake authentication protocol (CHAP) [may be used]”; note: when PDK “establishes [ ] Reader 108 [as] valid” using CHAP, such establishing inherently results (or is in response to) verification of the response delivering a positive verification result (Simpson § 4.1)).
Giobbi does not expressly disclose that the “detecting” is before expiry of a predetermined timeout period; and in response to the smartphone not receiving any beacon coming from the electronic payment terminal before expiry of the predetermined timeout period, generating an alarm indicating that said electronic payment terminal is fraudulent.
Callaway teaches: detecting whether a wireless device receives any beacon from a terminal before expiry of a predetermined timeout period and: in response to the wireless device not receiving any beacon coming from the terminal before expiry of the predetermined timeout 
Therefore, it would have been obvious to a person having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Giobbi to also generate the alarm when the terminal is detected (e.g., during step 602, prior to step 604) but a beacon is not received, as taught by Callaway. One would have been motivated to do so in order to prevent a denial-of-service attack from a fraudulent terminal (Callaway [0005] [0019]).
Alternatively, even if Giobbi and/or Callaway did not disclose and/or teach generating an alarm indicating the fraudulent terminal, Morioka teaches generating an alarm indicating the fraudulent terminal (21:3–4, a device displaying a screen notifying the failure of mutual authentication between the device and a terminal).
Therefore, it would have been obvious to a person having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Giobbi/Callaway to generate an alarm indicating the fraudulent terminal, as taught by Morioka, in order to notify the user of the failed authentication status of the terminal.
Giobbi/Callaway does not expressly teach said first and second messages received from the electronic payment terminal determined to be authentic comprising data associated with said electronic payment terminal and with the corresponding challenge, said data comprising a strength of a BLUETOOTH® signal between the electronic payment terminal and the smartphone during the time the electronic payment terminal sends the first and the second messages. However, the limitation “data associated with said electronic payment terminal and with the corresponding challenge, said data comprising a strength of a BLUETOOTH® signal Praxair Distribution, Inc. v. Mallinckrodt Hosp. Prods. IP Ltd., 126 USPQ2d 1749, 1753 (Fed. Cir. 2018) (“Claim limitations directed to the content of information and lacking a requisite functional relationship are not entitled to patentable weight ….”).
Alternatively, Varoglu teaches first and second messages received from an electronic payment terminal comprising data, said data comprising a strength of a BLUETOOTH® signal between the electronic payment terminal and a smartphone during the time the electronic payment terminal sends the first and the second messages ([0037]–[0038]).
Therefore, it would have been obvious to a person having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify the messages of Giobbi/Callaway to comprise data comprising a strength of a BLUETOOTH® signal between the electronic payment terminal and a smartphone, as taught by Varoglu, in order to determine the distance of the receiving equipment from the transmitting equipment (Varoglu [0038]).
As per claim 2, Giobbi, Callaway, and Simpson, and alternatively Morioka/Varoglu teach the method for detecting according to claim 1, wherein said performing a verification comprises: verifying the response by comparison of said response with a reference response, delivering the negative verification result when said comparison is negative (Giobbi [0105] “CHAP”; see Simpson § 4.1).
As per claim 4, Giobbi, Callaway, and Simpson, and alternatively Morioka/Varoglu teach the method for detecting according to claim 1, wherein said act of generating an alarm comprises 
As per claim 6, Giobbi, Callaway, and Simpson, and alternatively Morioka/Varoglu teach the method for detecting according to claim 1, wherein the electronic payment terminal is authentic and the method further comprises the following acts implemented in the authentic electronic payment terminal:
sending out the beacon (Giobbi [0103]);
receiving the challenge message comprising the challenge sent by said smartphone ([0104] “[i]n step 604, a device authentication is performed … the PDK 102 establishes if the Reader 108 is valid”; [0105] “for this type of authentication … a challenge handshake authentication protocol (CHAP) [may be used]”; note: when PDK authenticates Reader using CHAP, the Reader inherently receives a challenge message comprising a challenge from the PDK (Simpson § 4.1));

sending the second message comprising at least said cryptogram, to said smartphone ([0104] “[i]n step 604, a device authentication is performed … the PDK 102 establishes if the Reader 108 is valid”; [0105] “for this type of authentication … a challenge handshake authentication protocol (CHAP) [may be used]”; note: when PDK authenticates Reader using CHAP, Reader inherently sends a second message comprising the cryptogram (Simpson § 4.1)).
As per claim 7, Giobbi, Callaway, and Simpson, and alternatively Morioka/Varoglu teach the method for detecting according to claim 6, wherein said first message comprises data associated with the corresponding electronic payment terminal and said data comprises at least: a unique universal identifier of said electronic payment terminal; a serial number of said electronic payment terminal; a strength of a BLUETOOTH® signal between the electronic payment terminal and the smartphone during the time the electronic payment terminal sends the beacon; and a piece of information stating a capacity of the electronic payment terminal to be challenged (Giobbi [0103]–[0105]).
As per claim 8, Giobbi, Callaway, and Simpson, and alternatively Morioka/Varoglu teach the method for detecting according to claim 6, wherein said second message, sent out by the authentic electronic payment terminal, comprises data associated with said electronic payment terminal and with the corresponding challenge, and said data comprises at least: an encrypted 
As per claim 14, Giobbi, Callaway, and Simpson, and alternatively Morioka/Varoglu teach the method according to claim 1, further comprising: the electronic payment terminal performing the transaction using the smart card of the user after the smartphone detecting whether the electronic payment terminal is or fraudulent or authentic (Giobbi, [0107] [0044]).
As per claim 15, Giobbi, Callaway, and Simpson, and alternatively Morioka/Varoglu teach the method according to claim 1, further comprising: in response to the smartphone determining the electronic payment terminal is authentic, using the smart card of the user to perform a transaction with the electronic payment terminal (Giobbi, [0107] [0044]).
Claims 9, 12–13, and 16–17 contain language similar to claims 1–2, 4, 6–8, and 14–15 as discussed in the preceding paragraphs, and for reasons similar to those discussed above, claims 9, 12–13, and 16–17 are also rejected under 35 U.S.C. § 103 as unpatentable over the cited references.
Giobbi, Callaway, and Simpson, and alternatively Morioka/Varoglu, in view of Carter
Claim 3 is rejected under 35 U.S.C. § 103 as being unpatentable over Giobbi, Callaway, Simpson, and alternatively Morioka/Varoglu, and in view of Carter (US 2011/0202466 A1).
As per claim 3, Giobbi, Callaway, and Simpson, and alternatively Morioka/Varoglu teach the method for detecting according to claim 1, but does not expressly teach wherein the method further comprises locating said electronic payment terminal, and said act of generating an alarm takes account of said location.
i.e. challenge and response). Carter disclosed the following, “Optionally, the method may further comprise determining the current location of the terminal, the authenticating step further comprising: comparing the location of the transaction with the current location of the terminal; and authenticating the transaction if the current location of the terminal is within a predetermined area relative to the location of the transaction” ([0030]).
Therefore, it would have been obvious to a person having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify the method for detecting a fraudulent electronic payment terminal of Giobbi/Callaway to take account of the location of the electronic payment terminal, to that of Carter, in order to identify the location fraudulent electronic payment terminal for further action.
Response to Arguments
Applicant’s arguments have been fully considered but are moot in view of the new ground of rejection herein.
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB C. COPPOLA whose telephone number is (571)270-3922. The examiner can normally be reached on Monday-Friday 8:00-6:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685