DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 07/01/2019.
Status of claims in the instant application:
Claims 1-20 are pending.
Information Disclosure Statements (IDS) filed on 10/08/2019 have been considered, and a signed copies of the IDS forms have been attached to this office action.
Claim Objections
Claims 5, 12 and 19 are objected to because of the following informalities:
	Claim 5 recites, “The system of claim 1, wherein double encrypting the stored user credentials at a specified interval of time further comprises; ….”
The “;” after comprises, as highlighted above should be replaced with “:”
	Claims 12 and 19 also have issues similar to that of claim 5 noted above. 
Appropriate correction is required.
Claim Interpretation
Claim 1 recites, “A system for transient pliant encryption with indicative nano-display cards, the system comprising: a memory device; and a processing device operatively coupled to the memory device, wherein the processing device is configured to execute computer-readable program code to: …”
processing device” that executes program code to be a hardware element, thus not invoking the interpretation of claim under 35 USC 112(f).
Claim 7 recites, “The system of claim 1, wherein the nano-display further comprises a light emitting diode display configured to display prestored colored images, wherein the colored images comprise a selection of shades of the prestored colored images.”
	Examiner notes that, “the nano-display that comprises a light emitting diode display” is hardware element(s), thus not invoking interpretation of claim under 35 USC 112(f).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6-7, 8, 13-14, 15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Pat. No.: US 8919643 B2 to Ashfield (hereinafter “Ashfield”) in view of Pub. No.: US 20190377863 A1 to ZHAO et al. (hereinafter “ZHAO”), and further in view of Pat. No.: US 9230254 B1 to Sharifi Mehr (hereinafter “Mehr”).
Regarding Claim 1. Ashfield discloses A system for transient pliant encryption with indicative nano-display cards (Ashfield: FIG. 3), the system comprising:
a memory device (Ashfield: element 20 in FIG. 3); and
Ashfield: OTP generator in FIG. 3), wherein the processing device is configured to execute computer-readable program code (Ashfield, Col.4, ln.1-15: … computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks …) to:
receive and [store] user credentials for a user (Ashfield, Claim 1: … a display disposed within the body, wherein the display is configured to display a challenge to a user, wherein the challenge is generated by a challenge based algorithm that requires alpha-numeric inputs to be available … two or more input devices disposed within the body for alpha-numeric inputs, wherein the two or more input devices are configured to receive a challenge response in response to the challenge being displayed on the credit/debit card by the challenge based algorithm, and wherein the challenge response comprises two or more alpha-numeric inputs (credential) by the user; the display disposed within the body configured to display the dynamic CVV based at least in part on the received challenge response …);
However, Ashfield does not explicitly teach, but ZHAO from same or similar field of endeavor teaches:
“store user credentials (ZHAO, Para [0037]: … the kernel space is a memory space in the internal memory for storing the system kernel. Among them, the system kernel is the core part of the operating system and is part of the software used to provide secure access to computer hardware for applications. The password coordinate data includes, but is not limited to, coordinate data corresponding to the touch or click position generated by a touch operation directly on the touch screen of the terminal or by a click operation performed on the screen keyboard by the mouse when the user performs the password input. In a randomly arranged keyboard, each key has its corresponding coordinate data, and the user may touch or click the key to select according to the displayed key value of the key. The password plaintext refers to the password data that the user actually inputs for password verification. Corresponding to the random keyboard data, the password plaintext may also include only ten digits 0 to 9, or only 26 English letters, or only 26 English letters and ten digits, or 26 English letters, ten digits and commonly used punctuation marks, etc. Specifically, in the security chip, a comparison table in which the password coordinate data and the random keyboard data are in one-to-one correspondence is stored …)
double encrypt the stored user credentials, wherein double encrypting the stored user credentials further comprises the use of two different encryption algorithms (ZHAO, Para [0049-0049]: … after the password coordinate data is sent to the security chip, the password input method further includes: generating, by the security chip, the password plaintext of user input according to the password coordinate data and the random keyboard data, converting the password plaintext into a password ciphertext, and sending the password ciphertext to the user space … The password ciphertext may be the conversion data used for the next operation in the user space after the password is input … the security chip may convert the password plaintext into a password ciphertext according to a preset encryption manner, where the preset encryption method includes but is not limited to one or a combination of a symmetric encryption algorithm such as Advanced Encryption Standard (AES), one-way hash algorithm such as Message Digest Algorithm MD5, a Password-Based Key Derivation Function 2 (PBKDF2) algorithm and the like. After generating the password ciphertext, the security chip sends the password ciphertext to the user space for the next operation …; Examiner’s Interpretation: the password (i.e. user credential) is encrypted with a combination of different encryption algorithms, thus disclosing the claimed limitation);
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of ZHAO into the teachings of Ashfield because it discloses that, “by converting the password ciphertext into the password ciphertext in the security chip according to the preset encryption method, and sending the ciphertext to the user space, the password plaintext only appears in the security chip, thereby improving the difficulty of stealing or cracking the password plaintext (ZHAO: Para [0051])”.
Ashfield further discloses:
“generate a colorized display mapping for the encrypted user credentials via a nano-display, wherein the nano-display comprises an array of fields indicating the encrypted user credentials (Ashfield, Col.5, ln.14-41: … A display 6 is provided for visually displaying the OTP generated by card 1. Also located on card 1 is an initiation button 10 that is depressed by the user to initiate the generation of the OTP. The rightmost half of display 6 is surrounded by visual highlighting 11 in the form of a printed outline, as an indication to the consumer that the rightmost three digits of the OTP, which would normally fall inside the highlighting are to be used as a CVV in place of the three digit code that would normally be printed on the back of a typical credit card, typically referred to as a "security code" by consumers and on-line vendors. This highlighting can be accomplished in almost infinite ways, including coloring of the display window …)”;
However, the combination of Ashfield-ZHAO does not explicitly teach, but Mehr from same or similar field of endeavor teaches:
“establish a timeout value, wherein the timeout value comprises an amount of time for which the encrypted user credentials are displayed via the nano-display (Mehr, Col.7, Ln.28-47; Col.7, ln.4-13; Col.11, ln.35-54: … The connector 210 may further be used to transmit information from the credit card reader 202 to the mobile device, such as encrypted credit card information (e.g., account holder's name, credit card account number, credit card expiration date, etc.), for transmittal to the payment processor… … Once the password has been displayed on the display unit 206 for a particular period of time, the credit card reader 202 may transmit one or more signals to the display unit 206 that, when processed by the display unit 206, cause the display unit 206 to remove this particular password from the display unit 206 after a certain period of time. For instance, the password may be removed from the display unit 206 after a few seconds have elapsed. Thus, the password may be displayed for a short period of time to prevent others from viewing the password and/or to conserve energy … the credit card reader 502 may be configured to utilize one or more mathematical algorithms after a period of time to generate a new one-time password …);
at the end of the timeout value, trigger a repetition of the double encryption (Mehr, FIG. 5; Col.12, ln.6-23; Col.7, Ln.28-47: … If the credit card reader 502 is configured to display one or more one-time passwords, the merchant may be provided with a one-time password token 510, which may also be configured to display one or more one-time passwords. The one-time password token 510 may comprise one or more hardware components that may be configured to collectively obtain and display one-time passwords. Accordingly, the one-time password token 510 may comprise a token display unit 512 that may be configured to display these one-time passwords. As with the credit card reader 502 described above, the one-time password token 510 may be configured to communicate, such as through one or more communications networks (e.g., the Internet), with a payment processor authentication server to obtain a new one-time password after a specified period of time. Alternatively, the one-time password token 510 may be configured to utilize one or more mathematical algorithms after a period of time to generate a new one-time password … The connector 210 may further be used to transmit information from the credit card reader 202 to the mobile device, such as encrypted credit card information (e.g., account holder's name, credit card account number, credit card expiration date, etc.), for transmittal to the payment processor …; Zhao already discloses the double encryption); and
generate and display an updated colorized display mapping via the nano-display (Mehr, FIG. 5; Col.11, ln.35-54: … the credit card reader 502 may be configured to transmit signals to the display unit 506 that may cause the display unit 506 to display one or more one-time passwords. Accordingly, the credit card reader 502 may comprise one or more hardware components, such as a RAM chip or a hard drive, which may be used by the credit card reader 502 to obtain a new one-time password after a period of time. For instance, the credit card reader 502 may be configured to communicate, through the mobile device or through hardware on the credit card reader 502 that enables communications through one or more communications networks, with a payment processor authentication server to obtain a new one-time password after a specified period of time …; Ashfield already discloses the colorized display).”
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Mehr into the combined teachings of Ashfield-ZHAO because it discloses that, “the password may be displayed for a short period of time to prevent others from viewing the password (Mehr: Col.7, ln.4-13)”.
Regarding Claim 6. The combination of Ashfield-ZHAO-Mehr discloses the system of claim 1, Ashfield further discloses, “wherein the array of fields indicated the encrypted user credentials further comprises multiple colorized fields (Ashfield, Col.5, ln.14-41:  The rightmost half of display 6 is surrounded by visual highlighting 11 in the form of a printed outline, as an indication to the consumer that the rightmost three digits of the OTP, which would normally fall inside the highlighting are to be used as a CVV in place of the three digit code that would normally be printed on the back of a typical credit card, typically referred to as a "security code" by consumers and on-line vendors)”, Mehr further discloses, “wherein a color displayed on the multiple colorized fields indicates an alphanumeric character (Mehr, Col.3, Ln.11-13: … The one-time passwords may comprise a series of numbers, an alphanumeric string, an alphabetic string and the like …).”
The motivation to further combine Mehr remains same as in claim 1.
Regarding Claim 7. The combination of Ashfield-ZHAO-Mehr discloses the system of claim 1, Mehr further discloses, “wherein the nano-display further comprises a light emitting diode display configured to display prestored colored images, wherein the colored images comprise a selection of shades of the prestored colored images (Mehr, Col.2, Ln.50-60; Col.13, Ln.44-56: … the payment processor may configure the credit card reader to display an image or string of characters familiar to the merchant (e.g., provided by the merchant or provided to the merchant by the payment processor). Thus, the merchant may view the display and, if the password or other credential information displayed is correct … User interface output devices 614 may include a display subsystem, a printer, or non-visual displays such as audio output devices, etc. The display subsystem may be a cathode ray tube (CRT), a flat-panel device such as a liquid crystal display (LCD), light emitting diode (LED) display …).”
The motivation to further combine Mehr remains same as in claim 1.
Regarding Claims 8 and 15. These claims contain all the same or similar limitations as claim 1, hence they are similarly rejected as claim 1.
Regarding Claims 13 and 19. These claims contain all the same or similar limitations as claim 6, hence they are similarly rejected as claim 6.
Regarding Claims 14 and 20. These claims contain all the same or similar limitations as claim 7, hence they are similarly rejected as claim 7.
Claims 2, 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Pat. No.: US 8919643 B2 to Ashfield (hereinafter “Ashfield”) in view of Pub. No.: US 20190377863 A1 to ZHAO et al. (hereinafter “ZHAO”) and Pat. No.: US 9230254 B1 to Sharifi Mehr (hereinafter “Mehr”), as applied to claim 1 above, and further in view of Pat. No.:  US 9418208 B2 to Diehl (hereinafter “Diehl”)
Regarding Claim 2. The combination of Ashfield-ZHAO-Mehr discloses the system of claim 1, however it does not explicitly teach, but Diehl from same or similar field of endeavor teaches, “wherein the array of fields maps to encrypted user credentials and values indicating the one or more encryption algorithms used to encrypt the user credentials (Diehl, Claim 4: A device for processing digital content, the device comprising a processor configured to: receive content scrambled using a control word; receive, via a user interface, a user code, wherein a user identifier and the control word are concatenated and encrypted in the user code based on a secret key; decrypt the user identifier and the control word from the user code using the secret key; descramble the scrambled content using the control word; generate a watermark based on the user identifier such that the watermark is uniquely associated with the user identifier; insert the watermark into the descrambled content; and output the watermarked content, wherein the decrypt comprises the processor configured to: obtain an intermediate code from the user code; and decrypt the control word and the user identifier from the intermediate code).”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Diehl into the combined teachings of Ashfield-ZHAO-Mehr because it discloses that, “Encryption using passwords overcomes the necessity to handle licenses, but a problem with it is that once the user has obtained the password, the password may be spread to other users without authorization. This problem does not exist, or is at least much less pronounced, in the cases where decryption is controlled using a license or a physical token … It can thus be appreciated that there is a need for a solution that makes the decryption using a password more secure. The present invention provides such a solution (Diehl: Col.2, ln.4-11)”.
Regarding Claims 9 and 16. These claims contain all the same or similar limitations as claim 2, hence they are similarly rejected as claim 2.
Claims 4 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Pat. No.: US 8919643 B2 to Ashfield (hereinafter “Ashfield”) in view of Pub. No.: US 20190377863 A1 to ZHAO et al. (hereinafter “ZHAO”) and Pat. No.: US 9230254 B1 to Sharifi Mehr (hereinafter “Mehr”), as applied to claim 1 above, and further in view of Pub. No.:  US 20020019939 A1 to Yamamoto et al. (hereinafter “Yamamoto”)
Regarding Claim 4. The combination of Ashfield-ZHAO-Mehr discloses the system of claim 1, however the combination of Ashfield-ZHAO-Mehr does not explicitly teach, but Yamamoto from same or similar field of endeavor teaches:
“wherein the nano-display comprises a display with a height of less than 1 millimeter (Yamamoto, Para [0017]: … As shown in FIG. 1, an encryption display card 1 has a main body 9 of a thin plate of the size of a credit card (width: 54 mm, length: 85 mm, thickness: 0.7 mm), and its surface is provided with a power source switch 8, a plurality of input keys 7, a display panel 6 that displays alphanumeric characters of up to a certain digit number (for example, 12 digits), etc. …; Examiner interprets the thickness in Yamamoto as the recited height).”
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Yamamoto into the combined teachings of Ashfield-ZHAO-Mehr because it discloses that, “the main body 9 of the encryption display card 1 is a thin plate of the size of a credit card. Thus, it can be placed in a card case, such as a pass holder, and readily carried around. Hence, different from the case where the encryption is managed by using the personal computer, the encryption display card 1 has excellent carryability. Moreover, the number of pairs of labels and encryptions stored in the RAM 3 of the encryption display card 1 is not especially limited. Thus, the user can add pairs as necessary, thereby making the encryption display card 1 particularly useful for individuals who have to manage a large number of private encryptions (Yamamoto: Para[0034])”.
Regarding Claim 11. This claim contain all the same or similar limitations as claim 4, hence they are similarly rejected as claim 4.
Claims 5, 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Pat. No.: US 8919643 B2 to Ashfield (hereinafter “Ashfield”) in view of Pub. No.: US 20190377863 A1 to ZHAO et al. (hereinafter “ZHAO”) and Pat. No.: US 9230254 B1 to Sharifi Mehr (hereinafter “Mehr”), as applied to claim 1 above, and further in view of Pub. No.:  US 20190132299 A1 to Tucker et al. (hereinafter “Tucker”)
Regarding Claim 5. The combination of Ashfield-ZHAO-Mehr discloses the system of claim 1, Mehr further discloses, “wherein double encrypting the stored user credentials at a specified interval of time (Mehr, Col.12, Ln.35-46: … as illustrated in FIG. 5, the credit card reader 502 and the one-time password token 510 may display the same one-time password, in this case "25RS03RW," for a period of time. Both the credit card reader 502 and the one-time password token 510 may be synchronized such that, after twelve seconds, a new one-time password is displayed on both devices. Since the credit card reader 502 and the one-time password token 510 may be configured to utilize the same mathematical algorithm and/or communicate with a payment process authentication service to obtain a new one-time password, both devices may display the same one-time password after twelve seconds have elapsed … the merchant or other user may have been provided with a one-time password token which may be configured to obtain new one-time passwords at a particular time interval and to operate synchronously with the credit card reader …)” further comprises;
The motivation to further combine Mehr remains same as in claim 1.
ZHAO discloses:
“selecting two encryptions algorithms from a repository of stored encryptions algorithms (ZHAO, Para [0049]: … where the preset encryption method includes but is not limited to one or a combination of a symmetric encryption algorithm such as Advanced Encryption Standard (AES), one-way hash algorithm such as Message Digest Algorithm MD5, a Password-Based Key Derivation Function 2 (PBKDF2) algorithm and the like. After generating the password ciphertext, the security chip sends the password ciphertext to the user space for the next operation …);” and
The motivation to further combine ZHAO remains same as in claim 1.
However, the combination of Ashfield-ZHAO-Mehr does not explicitly teach, but Tucker from same or similar field of endeavor teaches:
“Page 26 of 31AttyDktNo. 9002US1.014033.003469ensuring that encrypted output from the two selected encryption algorithms does not produce an identical value for an identical field on the nano-display as compared to the immediately preceding encryption output (Tucker, Para [0089]: … one or more initialization vectors may be used in encryption methods. An initialization vector will cause multiple copies of the same encrypted data to yield different cipher text output …).”
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Tucker into the combined teachings of Ashfield-ZHAO-Mehr because it discloses that, “An initialization vector will cause multiple copies of the same encrypted data to yield different cipher text output, preventing both replay and cryptanalytic attacks. This will also prevent an attacker from decrypting any data even with a stolen encryption key if the specific initialization vector used to encrypt the data is not known (Tucker: Para [0089])”.
Regarding Claims 12 and 18. These claims contain all the same or similar limitations as claim 5, hence they are similarly rejected as claim 5.
Allowable Subject Matter
Claims 3, 10 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
As allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with.  See 37 CFR 1.111(b) and MPEP § 707.07(a).
Reasons for allowance will be furnished upon allowance.
Pertinent Prior Arts: The following prior arts made of record and not relied upon are considered pertinent to applicant's disclosure.
	US-PGPUB 20140330726 A1, Ball et al.: Ball discloses a smartcard that enables a one-time pin code offline security authentication with a card reader. This is achieved by generating a one-time pin code when the user inputs their pin code. The inputted pin code is encrypted and matched with the encrypted user correct pin code. If there is a match the one-time pin code is stored in memory and the transaction can proceed.
	This invention relates to security authentication devices. In particular, the invention relates to smartcards, smart credit cards and a method for enabling offline security authentication with a card reader, and to a microprocessor program product for a smartcard.
	US-PGPUB 20210209582 A1, PALIWAL et al.: PALIWAL’s disclosure focuses on performing banking operation at kiosk unit (an ATM) without the use of conventional physical smart cards. A special type of card called a Virtual Smart Card (V.S.C) is deployed by the bank authority which is portable on any smart device which a user possesses and this V.S.C is such that it can be only accessed in the presence of an interface provided by the bank authority. We later depict as of how a V.S.C can emulate normal physical smart cards for performing banking operation and also as of how this V.S.C can be used for making payment to merchants or on the websites when user desires. A special type of V.S.C and interface called merchant V.S.C and S-interface is provided to merchants by the bank authority such that it can be deployed easily on multiple devices such that multiple agents working under a merchant can use it for collecting payment. The payment is done by user by just scanning the QR code on the special interface which a merchant possesses and confirming the transaction amount. Moreover when user desires to make payment on the website the user need not enter card credentials; here transaction is processed in such a manner that user credentials are never exposed. The V.S.C is deployed such that the user can update the credentials of the V.S.C by accessing the interface at the kiosk unit. In general the invention focuses on emulating physical smart cards and depicting how online transactions and transactions at the kiosk can be performed using Virtual Smart cards.
Present Invention relates to a method of performing banking and payment related transaction and operation at the kiosk unit, merchant device and web server interface with the help of a virtual smart card, an interface and an electronic device.
US-PGPUB 20120325905 A1, Kim: Kim discloses a card (e.g., identification, debit card, credit card, smart card, etc.) having a dynamic information display panel integrated therein. The display panel is typically activated when user uses the card. This can occur when the card is swiped, and/or is powered up via an integrated energy panel (e.g., by an external light source). Alternatively, the card can be powered by RFID coupling, smart IC contact, battery, etc. Upon powering up, displayed information is used to: identify the user; and/or show private information to user only. Along these lines, displayed information can remain in card memory and/or on the display until next transaction, or it can be deleted after a programmed duration.
US-PAT 9418326 B1, Narayanaswami: Narayanaswami discloses a method for validating a quick response code includes steps or acts of: receiving a captured enhanced quick response code that included a static component and a dynamic component; validating the quick response code in the static component using the auxiliary data in the dynamic component; and returning a token when the quick response code is validated.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434