DETAILED ACTION
This is first office action on the merits in response to the application filed on 04/15/2021. 
Claims 1, 4-6, 8, 12, 14, 17-18, 20 and 23-25 are currently pending and have been examined. 
Claims 15-16 and 21-22 have been withdrawn from consideration based on applicant’s election on restriction requirement. 
Claim 2-3, 7, 9-10, 11 and 19 have been cancelled by the applicant.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/15/2021 has been entered.
Response to Arguments
Rejection under 35 USC § 112:
Previous 112 rejections have been withdrawn based on applicant’s amendments.
Rejection under 35 USC § 101:
Previous 101 rejection have been withdrawn based on applicant’s amendments and argument.
Rejection under 35 USC § 103:
The applicant asserts that Markantonakis does not teach “said cooperating comprising: exchanging transaction messages, compliant with a credit card payment protocol, with the external payment terminal during the payment transaction to perform payment; and wherein one of the transactions messages exchanged during said payment transaction is used to convey the security information to the external payment terminal” on pages 17-18 of remark filed on 04/15/2021. The examiner respectfully disagrees. Markantonakis does teaches including security information in [transaction] message during [performing payment transaction] with an external [payment] terminal, See 103 rejection. Markantonakis also suggests that bank and card issuer would be also interested to access the log files (see Sec. 2 and 2.2). Jiang teaches sending transaction history to remote server (i.e. bank or issuer) during transaction with merchant so the remote server and verify transaction and/or detecting fraudulent [0035], [0173], [0220]. It would have been motivated to modify Markantonakis with Jiang’s feature as Markantonakis has such intention. 
The applicant asserts that Jiang does not teach “using transaction message exchanged during payment transaction to convey a [security] information” on pages 17-18 of remark filed on 04/15/2021. The examiner respectfully disagrees. Jiang teaches sending transaction history to remote server (i.e. bank or issuer) during transaction with merchant so the remote server and verify transaction and/or detecting fraudulent [0035], [0173], [0220]. In addition, the term “security information” is very broad, any transaction information would be reasonable read on 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1, 4-6, 8, 12, 14, 17-18, 20, 23 and 25  is/are rejected under 35 U.S.C. 103 as being unpatentable over Constantinos Markantonakis (Secure Log File Download Mechanisms for Smart Cards; hereinafter, "Markantonakis"), and further in view of Sekiya (US 20090132852 Al; hereinafter, "Sekiya") and Le Burge et al. (US 8957757 B1; hereinafter, "Le") and Jiang et al. (US 20140258109 A1; hereinafter, "Jiang").
With respect to claim 1, 14 and 17:
Markantonakis teaches:
detecting an event (every day transactions) encountered by the electronic device (smart card). (There are certainly more entities involved in the smart card life cycle and in every day transactions. As a result these entities might gain potential benefits from attacking, denying or forging transactions. there are occasions when further evidence is required. It would then be beneficial to distinguish between the different entities supporting the provision of audit log mechanisms in particular smart card applications. See at least Section 2)
generating and storing security information (log files) representative of said event in a secure memory (LFM) of the electronic device. (Firstly we have to assume that the log file construction in the card is a LFM task, and no other entity will be able to interfere. The write and update permissions for the log file are totally under the control of the LFM. Secondly we require that the log files will be linked with each other in a way that would make difficult to add, delete or modify any entries without such changes being evident. LFM is the log file manager, a smart card operating system entity. This is the only authorised entity for updating and writing in the log files in the card. In the first phase. the card C generates evidence which is stored and managed by the LFM. See at least Section 3.1 and 3.2)
before or after said storing, starting a […] with an external […] terminal (ALSS). (ALSS stands for an Audit Log Storage Server. This entity will receive and store the transmitted log files in dedicated locations. In the second phase we would like to ensure that a log 
cooperating with the external […] terminal during the […], said cooperating comprising: exchanging […] messages, […] with the external […] terminal during the […] to […] and wherein one of the […] messages exchanged during said […] is used to convey the security information to the external […] terminal. (ALSS stands for an Audit Log Storage Server. This entity will receive and store the transmitted log files in dedicated locations. Depending on the environment the ALSS could be a ··smart wallet", a personal computer used in conjunction with the smart card or even a repository server connected in the Internet. For example the next time the card is used and the default storage space for the log file is full, the LFM has to decide ( depending 011 the type of the application, the card, along with the applications predefined security policy) either to block the card, allow further transactions or proceed and download the log files. the card holder needs to contact its issuer or some other specific terminals (ATMs). When the card is next inserted in such a terminal the LFM proceeds with one of the download mechanisms below. Upon the successful completion of the download process the LFM will permanently flush the space occupied by the log file, only after it receives an 

Markantonakis does not teach the following limitations, however, Sekiya teaches: 
wherein the event encountered by the electronic device comprises at least one of: an anomaly encountered by the electronic device, an abnormal behavior of the electronic device, or an attack against the electronic device. (When the IC card 1 determines that the regular process information in which the regular command matched with the received command is set does not exist, the IC card 1 determines that the unauthorized access is made. Therefore, in the third fraud detecting process, the unauthorized access can be detected for the plural types of the processes based on the sequence of the contents of the received command. See at least Paragraph [0247]). Markantonakis discloses a system for logging activities to preventing smart card frauds. Sekiya discloses a system for detecting unauthorized activities with a smart card.
determining that at least one condition pre-recorded in a rule stored in the electronic device is satisfied. (When the IC card 1 determines that the regular process information in which the regular command matched with the received command is set does not exist, the IC card 1 determines that the unauthorized access is made. Therefore, in the third fraud detecting process, the unauthorized access can be detected for the plural types of the processes based on the sequence of the contents of the received command. See at least Paragraph [0247])


Markantonakis in view of Sekiya does not teach wherein the event is detected based on at least one of: a time interval between said electronic device sending a response to a command from the external terminal and receiving a subsequent command from the external terminal, a current value of a counter, a reinitialization of the electronic device, or the electronic device executing an operation that affects a confidential code stored in the secure memory of the electronic device, however, Le teaches wherein the event is detected based on at least one of: a time interval between said electronic device sending a response to a command from the external terminal and receiving a subsequent command from the external terminal, a current value of a counter, a reinitialization of the electronic device, or the electronic device executing an operation that affects a confidential code stored in the secure memory of the electronic device. (If a user attempts to log in with an invalid PIN code a predetermined number of times within a predetermined amount of time, for example three times within a five minute period, a message may be sent via the Gateway. This may be a valuable notification, for example in case of a vendor being unable to access a door, or a disgruntled employee trying to gain unauthorized access. 2.37. # PINS Exceeded; 2.38. Record Access; 2.39. Record Incorrect Code Entry. See at least Col 14 line 40-55). Markantonakis discloses a system for logging activities to 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Markantonakis with the feature of recording incorrect code entering as disclosed by Le to detecting fraud more accurately and efficiently.

Markantonakis in view of Sekiya and Le does not teach the following limitations. However, Jiang teaches: 
exchanging transaction messages, compliant with the credit card payment protocol, with the external payment terminal during the payment transaction to perform payment; and wherein one of the transactions messages exchanged during said payment transaction is used to convey the [security] information to the external payment terminal. (During the future transaction, the smart card transmits its transaction history, which comprises the deposit confirmation, to the device, and the device transmits the transaction history to the remote system. the remote system 160 is capable of determining which merchant device 120 signed each transaction and during which session the transaction was signed based upon the deposit/withdrawal records stored in the transaction history on the smart card 110. See at least Abstract, Paragraph [0035], Fig. 2). Jiang inherently teaches “credit card payment protocol” as the transaction history is sent during transaction.


The applicant is reminded that “wherein one of the transaction messages exchanged during said payment transaction is used to convey the security information to the external terminal” do not move to distinguish over prior art as the description merely describes the intended use of the transaction messages.

Claim 14, a non-transitory data medium with the same scope as claim 1, is rejected.
Claim 17, an electronic device with the same scope as claim 1, is rejected.
With respect to claim 4:
Le further teaches wherein the event is detected based on a current value of a counter, and wherein the event is an anomaly or an attack detected by the electronic device by comparing the current value of the counter with a threshold value. (If a user attempts to log in with an invalid PIN code a predetermined number of times within a predetermined amount of time, for example three times within a five minute period, a message may be sent via the Gateway. This may be a valuable notification, for example in case of a vendor being unable to access a door, 
With respect to claim 5:
Le further teaches wherein the event is detected based on a current value of a counter, and wherein the counter represents at least one of the following: a number of consecutive failed attempts at inputting a secret code; and a total number of incomplete transactions performed by the electronic device. (If a user attempts to log in with an invalid PIN code a predetermined number of times within a predetermined amount of time, for example three times within a five minute period, a message may be sent via the Gateway. This may be a valuable notification, for example in case of a vendor being unable to access a door, or a disgruntled employee trying to gain unauthorized access. 2.37. # PINS Exceeded; 2.38. Record Access; 2.39. Record Incorrect Code Entry. See at least Col 14 line 40-55)
With respect to claim 6:
Le further teaches wherein the event is detected based on a current value of a counter, and wherein the security information comprises the current value of said counter as stored in the secure memory. (If a user attempts to log in with an invalid PIN code a predetermined number of times within a predetermined amount of time, for example three times within a five minute period, a message may be sent via the Gateway. This may be a valuable notification, for example in case of a vendor being unable to access a door, or a disgruntled employee trying to gain unauthorized access. 2.37. # PINS Exceeded; 2.38. Record Access; 2.39. Record Incorrect Code Entry. See at least Col 14 line 40-55)
With respect to claim 8:
 wherein the event is detected based on a time interval between said electronic device sending a response to a command from the external terminal and receiving a subsequent command from the external terminal, and wherein said electronic device is configured to decide on the basis of a comparison between said time interval and a predetermined threshold value whether data representative of said time interval should be stored during the storing. (Furthermore, error history information may also be recorded in the data memory 14. The error history information indicates contents of the unauthorized access when it is determined that the command is unauthorized access from the outside (a command group issued from the outside is not authorized). In the fifth fraud detecting process, it is determined whether or not the time interval between the commands in the log data is authorized based on the time interval between the commands defined by the regular process information P2. See at least Paragraph [0061] and [0348])
With respect to claim 12:
Markantonakis further teaches sending reference to the external terminal in an application file locator (AFL) message according to the credit card payment protocol, said reference data specifying the security information within an AFL message, said reference data once extracted from the AFL message enabling the external terminal to read the security information in the secure memory of the electronic device; wherein the security information is sent to the external terminal in response to a read command received from the external terminal after sending the AFL message. (On receiving the first message the ALSS decrypts its first part. Subsequently it checks the following: if it has already received a similar message before (i.e. if the timestamp is within its current window along with a valid sequence number), and finally if the message as 
With respect to claim 18:
Markantonakis further teaches wherein the operations further comprises carrying through the transaction to its end once the security information has been sent to the external terminal. (Within our model we divide the audit related operation of the smart card into three phases. In the first phase, the card C generates evidence which is stored and managed by the LFM. In the second phase, the LF stored within the card is transmitted to and stored by the ALSS. See at least Section 3.2). There must be a hardware with software in order to perform the functions of Markantonakis system.
With respect to claim 20:
Sekiya further teaches detecting said event on the basis of a command received from an external entity by an interface of the electronic device, said interface module serving to set up communication between the electronic device and said external entity; detecting by a sensor communicatively coupled to the at least one electronic processor an attack made against the electronic device; and detecting said event on the basis of the detected attack. (When the IC card 1 determines that the regular process information in which the regular command matched with the received command is set does not exist, the IC card 1 determines that the unauthorized access is made. Therefore, in the third fraud detecting process, the unauthorized access can be detected for the plural types of the processes based on the sequence of the 
With respect to claim 23:
Markantonakis further teaches sending reference data to the external terminal in an Answer to Reset (ATR) message according to the credit card payment protocol, said reference data specifying the security information within ATR message, said reference data once extracted from the ATR message enabling the external terminal to read the security information in the secure memory of the electronic device. (On receiving the first message the ALSS decrypts its first part. Subsequently it checks the following: if it has already received a similar message before (i.e. if the timestamp is within its current window along with a valid sequence number), and finally if the message as intended for it. The next step requires the ALSS to obtain (by using the Ic value as an index) a copy of card's public verification key. This key will be used in order to verify the signature in the second part of the message. Upon the successful signature verification the ALSS sends the following message to the card. See at least Section 4.4)
With respect to claim 25:
Markantonakis further teaches wherein said one of the transaction messages is one of: - an application file locator (AFL) message according to the credit card payment protocol; - an Answer to Reset (ATR) message according to the credit card payment protocol; - an ARQC message in response to a GENERATE AC (GAC) message received according to the credit card payment protocol from the external payment terminal. (On receiving the first message the ALSS decrypts its first part. Subsequently it checks the following: if it has already received a similar message before (i.e. if the timestamp is within its current window along with a valid sequence 
Claim 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Constantinos Markantonakis (Secure Log File Download Mechanisms for Smart Cards; hereinafter, "Markantonakis"), and further in view of Sekiya (US 20090132852 Al; hereinafter, "Sekiya") and Le Burge et al. (US 8957757 B1; hereinafter, "Le") and Jiang et al. (US 20140258109 A1; hereinafter, "Jiang") and Hogan et al. (US 20020007320 A1; hereinafter, "Hogan").
With respect to claim 24:
Markantonakis further teaches wherein the security information is sent to the external terminal as data […] by the external terminal and in response to a GENERATE AC (GAC) message received according to the credit card payment protocol from the external terminal. (On receiving the response message, the LFM decrypts its first part by using its private encryption key (Bc)….Successful signature verification will indicate that both entities have successfully completed the registration phase. The second phase involves the actual transmission of the Jog files to the ALSS. See at least Section 4.4)

Markantonakis in view of Sekiya and Le and Jiang does not teach data that is not interpretable. However, Hogan teaches data that is not interpretable. (According to the present invention, a "pseudo" account number is assigned to a customer and cryptographically linked to a 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZESHENG XIAO whose telephone number is (571)272-6627.  The examiner can normally be reached on 8:30-5 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/Z.X./Examiner, Art Unit 3685                                                                                                                                                                                                        
/STEVEN S KIM/Primary Examiner, Art Unit 3685