DETAILED ACTION
Status of claims
1.	This is the first office action in response to the applicant’s arguments/remarks made in an amendment filed on 08/04/2021.
2.	Claim 1 has been amended; claims 9-20 have been canceled.
3.	Claims 1-20 are currently pending; claims 1-8 have been examined.

Continued Examination Under 37 CFR 1.114
4.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. The applicant's submission filed on 08/04/2021 has been entered.
 
Notice of Pre-AIA  or AIA  Status
5.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Response to Arguments/Remarks
6.	35 U.S.C. § 103:
The applicant’s amendments have overcome the 35 U.S.C. § 103 rejection. However, there are new grounds of rejection necessitated by the applicant’s amendments as detailed in the section of 35 U.S.C. § 103.

Claim Rejections - 35 USC § 112
7.	The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


8.	Claim 8 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant) regards as the invention.
	Claim 8 recites “wherein the mailbox mechanism is configured to isolate circuitry in the secure circuit from being accessed by processor.” First, it is unclear whether circuitry in the secure circuit is the same cryptographic circuitry as recited in claim 1. Second, it is unclear whether processor is the same processor recited in claim 1.


Claim Rejections - 35 USC § 103
9.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

10.	Claims 1-2 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Cho (US 20100088507 A1) in view of ABIDIN (US 20180332029 A1), and further in view of Xu et al. (US 20170141926 A1) and Bower et al. (US 20170109512 A1).
Claim 1:
		Cho discloses the following:
a.	a processor (i.e., central processing units). (See paragraph [0320], “[i]n addition, if the user terminal 1 is an apparatus mounted with various kinds of central processing units [CPUs] and capable of installing and executing an application and connecting to the Internet [e.g., a PC, PDA, cellular phone or the like], the digital certificate issuing system can be implemented through the application, and thus those skilled in the art can implement needed functions through programming.”)
b.	a secure circuit (i.e., a key pair creation unit) configured to generate a public key pair usable to authenticate a user of the computing device. (See paragraph [0321], “[t]he application [client] comprises a signature key-pair creation module [a key pair creation unit] for creating at least one public and private key pair.”)
memory having program instructions stored therein that are executable by the processor to perform operations. (See paragraph [0320], “[i]n addition, if the user terminal 1 is an apparatus mounted with various kinds of central processing units [CPUs] and capable of installing and executing an application and connecting to the Internet [e.g., a PC, PDA, cellular phone or the like], the digital certificate issuing system can be implemented through the application, and thus those skilled in the art can implement needed functions through programming.” This citation indicates that executable applications are stored in the computing device.)
d.	authenticating the user with a server system by sending authentication information supplied by the user to the server system. (See Figs. 4a-4b and paragraphs [0118]-[0121], “[f]irst, a user who desires issuance of a digital certificate applies for registration by submitting an issuance application form filled with personal information [info_personal] to a certificate agency [a financial institution, government office or the like] together with documents for proving identity of the user such as an identification card or the like [S401]. In response, the certificate agency confirms identity of the user based on the documents for confirming identity of the applicant [S402].”)
e.	in response to the server system verifying the authentication information, receiving a first token (i.e., user identification code) usable to register the digital certificate of the public key with the server system. (See paragraph [0078]; Fig. 4b; paragraphs [0120]-[0124], “[a]fter the identity is confirmed, the personal information [info_personal] filled in the application form is stored in the 
f.	sending, to the server system, a request to register the digital certificate of the public key for authenticating the user without the authentication infromation, wherein the request includes the first token (i.e., user identification code) and identifies a public key of the public key pair. (See Fig. 4a; paragraph [0103]; and paragraph [0126], “[t]hereafter, the user terminal transmits digital certificate issuance request data [data_request] including the public key and the user identification code to the certificate server 3 [S408].”)
g.	in response to the server system verifying the first token (i.e., user identification code), receiving, from the server system, an indication (i.e., digital certificate) generated by the server system and indicating that the server system has registered the digital certificate of the public key for authenticating the user. (See Figs. 4a-4b; paragraphs [0105]-[0106], “[t]he certificate server 3 receiving the digital certificate issuance request data [data_request] confirms whether the user requesting issuance of the digital certificate is identical to a person registered in the server as a user. The certificate server 3 can determine the identicalness based on the user identification code [code_identify] such as the reference number, authentication code or the like received from the user terminal 
h.	performing a subsequent authentication for the user via the registered digital certificate. (See paragraph [0071].)
Cho does not explicitly disclose the following:
a secure circuit including cryptographic circuitry isolated from the processor;
		the first token includes information signed by the server system;
performing a subsequent authentication for the user, wherein the subsequent authentication includes:
the secure circuit performing a biometric authentication of the user;
in response to a biometric authentication of the user, the secure circuit using a private key of the public key pair to generate a digital signature; and
sending the digital signature without sending the authentication information.
However, ABIDIN discloses performing a subsequent authentication for the user wherein the subsequent authentication includes: using a private key of the public key pair to generate a digital signature; and sending the digital signature without sending the authentication information. (See paragraphs [0013]-[0015], “receiving, at the server, a request for authentication, transmitting, from the server to the client device, a challenge data element, signing, at the client device, the challenge data element using the private key, transmitting, from the client device to the server, a signed version of the challenge data element, and authenticating, at the server, the user by validating the signed version of the challenge data element using a previously stored public key relating to the user.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cho, to incorporate with the teachings of ABIDIN, and to perform subsequent authentication with a digital signature signed by a private key, so that the user is authenticated by validating the signed version of the challenge data element using a previously registered public key relating to the user.
The combination of Cho and ABIDIN discloses the claimed invention but does not explicitly disclose the following:
a secure circuit including cryptographic circuitry isolated from the processor;
		the first token includes information signed by the server system;
the secure circuit performing a biometric authentication of the user; and
in response to a biometric authentication of the user, trigging the device performing further action.
Xu et al. discloses wherein a token includes information signed by the server system. (See paragraph [0039], “[i]n response, the server system can be 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Cho and ABIDIN, to incorporate with the teachings of Xu et al., and to sign a token that includes authentication information, so that the signature of the token can be verified prior to the token being validated.
The combination of Cho, ABIDIN, and Xu et al. discloses the claimed invention but does not explicitly disclose the following:
a secure circuit including cryptographic circuitry isolated from the processor;
the secure circuit performing a biometric authentication of the user; and
in response to a biometric authentication of the user, trigging the device performing further action.
Bower et al. discloses the following:
a.	a secure circuit including cryptographic circuitry isolated from the processor generating keys and a signature. (See Fig. 1A; Fig. 4; Fig. 5B; paragraphs [0029]-[0034], “[t]he secure element 104 may comprise a tamper-resistant platform [for example, a secure microcontroller including memory] that 
b.	a secure circuit performing a biometric authentication of the user; in response to a biometric authentication of the user, trigging the device performing further action. (See paragraph [0027]; paragraph [0054], “[t]he wearable device may provide secure user authentication based on biometric data, in accordance with some example embodiments. Moreover, this authentication may be configured to proceed without a password or PIN input by the user. For example, a user may be proximate to, or contacting, a sensor that wirelessly triggers a mobile payment transaction [and/or may for example, allow authenticated access to secured data, equipment or areas] using the sensitive data stored and retrieved in accordance with processes 200 and/or 300”; and paragraph [0072], “[w]hen the user's measured biometric matches a stored biometric signature [which may also be stored on the same device as the cryptographic key], the device may release the cryptographic key.”)

Claim 1 recites “a request to register the public key pair for authenticating the user without the authentication information,” and “an indication generated by the server system and indicating that the server system has registered the public key pair for authenticating the user without the authentication information.” These clauses express the intended result of the claimed steps positively recited. Under MPEP 2111.04, the clause is not given patentable weight.
Claim 1 recites “indicating that the server system has registered the public key pair for authenticating the user without the authentication information.” The recited server system is out of the scope of the claimed computer device and does not have patentable weight. 


Claim 2:
Cho in view of ABIDIN, Xu et al., and Bower et al. discloses limitations shown above.
ABINDIN further discloses the following:
a.	receiving a challenge from the server system. (See paragraphs [0013]-[0015].)
b.	requesting, to generate, with the private key of the public key pair, the digital signature for the challenge. (See paragraphs [0013]-[0015].)
providing the digital signature generated to the server system in a response to the challenge. (See paragraphs [0013]-[0015].)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cho, to incorporate with the teachings of ABINDIN, and to perform subsequent authentication with a digital signature signed by a private key, so that the user is authenticated by validating the signed version of the challenge data element using a previously registered public key relating to the user.
Bower et al. discloses a cryptographic circuity generating a signature. (See Fig. 1A; Fig. 4; Fig. 5B; paragraphs [0029]-[0034]; and paragraph [0060].)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Cho and ABIDIN, to incorporate with the teachings of Bower et al., and to integrate a secure circuit into the system for generating keys and signatures, so that the secure element 104 may comprise a tamper-resistant platform (e.g., a secure microcontroller including memory) that can securely host applications and store sensitive data, keys, and/or the like.

Claim 4:
Cho in view of ABIDIN, Xu et al., and Bower et al. discloses limitations shown above.
ABIDIN discloses the following:
a biosensor configured to collect biometric information from the user. (See paragraph [0034].)
b.	generating a digital signature. (See paragraphs [0013]-[0015].)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cho, to incorporate with the teachings of ABIDIN, and perform subsequent authentication with a digital signature signed by a private key, so that the user is authenticated by validating the signed version of the challenge data element using a previously registered public key relating to the user.
Bower et al. discloses the secure circuit performing a biometric authentication of the user and generating a signature; comparing the collected biometric information with previously stored biometric information. (See Fig. 1A; Fig. 4; Fig. 5B; paragraph [0027]; paragraphs [0029]-[0034]; paragraph [0054]; paragraph [0060]; and paragraph [0072].)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Cho and ABIDIN, to incorporate with the teachings of Bower et al., and to integrate biometric verification into the authentication process, so that the device may release the cryptographic key if the user has been biometrically authenticated.

11.	Claims 3 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over  Cho (US 20100088507 A1) in view of ABIDIN (US 20180332029 A1), and further in .
Claim 3:
Cho in view of ABIDIN, Xu et al., and Bower et al. discloses limitations shown above.
Cho further discloses wherein the received indication is the second token (i.e., a digital certificate). (See Figs. 4a-4b; paragraphs [0105]-[0106]; paragraphs [0108]-[0110]; and paragraphs [0131]-[0132], “[t]hen, the certificate server 3 issues a digital certificate to the user [S411], and the user acquires the digital certificate through the client and selects a user select image [S412].”)
None of Cho, ABIDIN, Xu et al., and Bower et al. discloses providing a second token in the subsequent authentication.
However Kirllin et al. discloses providing a second token (i.e., a device certificate) in the subsequent authentication. (See paragraph [0031], “[a]uthorized mobile device 110 can store a device certificate 112 in its memory. As a part of device authentication, authorized mobile device 110 can send the device certificate 112 stored in memory of the authorized mobile device 110 along with a device token received from push notification server 130 to bank server 120. Bank server 120 can then authenticate the authorized mobile device 110 using the device certificate and device token by comparing the device certificate and device token to linked device information 124 accessible in a data store by bank server 120”; Fig. 3; paragraph [0046]; Fig. 5A; and paragraph [0054].)


Claim 5:
Cho in view of ABIDIN, Xu et al., and Bower et al. discloses limitations shown above.
Cho discloses sending the authentication information to authenticate a user/device. (See Figs. 4a-4b and paragraphs [0118]-[0121].)
ABIDIN discloses a subsequent authentication. (See paragraphs [0013]-[0015].)
None of Cho, ABIDIN, Xu et al., and Bower et al. discloses performing a first exchange with the server system to facilitate a first purchase for the user, wherein the authentication information is sent during the first exchange; and performing a second exchange with the server system to facilitate a second purchase for the user, wherein the subsequent authentication is performed during the second exchange.
However, Kirline et al. discloses the following:
	performing a first exchange with the server system to facilitate a first bank operation (i.e., a payment merchant) for the user, wherein the authentication information is sent during the first exchange. (See paragraphs [0025]-[0026]; Fig. 3; paragraphs [0039]-[0046]; and paragraph [0060]. These citations indicate registering a device first if the device is not registered yet during a process, such as the first exchange.)
b.	performing a second exchange with the server system to facilitate a second bank operation (i.e., a payment to a merchant) for the user, wherein a subsequent authentication is performed during the second exchange. (See Fig. 5A; paragraphs [0051]-[0055], “[a]uthorized client device 501 can validate the server certificate and in response send a device certificate stored in the memory of authorized client device 501 to bank server [AD] 503. Bank server [AD] 503 can validate the device certificate, and upon validation, a TLS can be established”; and paragraph [0060].)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Cho, ABIDIN, Xu et al., and Bower et al., to incorporate with the teachings of Kirllin et al., and to require authentication information for a first purchase and perform the subsequent authentication for a second purchase, so that the server can authenticate the user/device with different approaches based on the authentication status of the user/device.

12.	Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Cho (US 20100088507 A1) in view of ABIDIN (US 20180332029 A1), and further in view of Xu et al. (US 20170141926 A1), Bower et al. (US 20170109512 A1), and Sela et al. (US 20120005526 A1).
Claim 6:
Cho in view of ABIDIN, Xu et al., and Bower et al. discloses limitations shown above.
None of Cho, ABIDIN, Xu et al., and Bower et al. discloses performing the subsequent authentication after a restart of the computing device.
However, Sela et al. discloses performing the subsequent authentication after a restart of the computing device. (See paragraph [0021], “[f]or example, according to the RSA mutual authentication scheme described above, the storage device 100 stores the host device's public key after first phase of the authentication process. [As noted above, the storage device 100 preferably stores the host device's public key in a storage area that is accessible only to the storage device's controller 110 and is integrity protected from any change in public key data.] In this way, in case of a power loss to the memory device 100 at any time after phase one of the authentication process, the host device's public key remains available on the storage device 100. Accordingly, upon power up of the storage device 100, when the host device 50 re-initiates the log-in process with the storage device 100, assuming the storage device 100 verifies that the public key has not been tampered with, the storage device 100 can resume the 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Cho, ABIDIN, Xu et al., and Bower et al., to incorporate with the teachings of Sela et al., and to perform the subsequent authentication after the restart of the computing device, so as to prevent the authentication process from repeating.

13.	Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Cho (US 20100088507 A1) in view of ABIDIN (US 20180332029 A1), Xu et al. (US 20170141926 A1), Bower et al. (US 20170109512 A1), and CHENNA (US 20140351589 A1).
Claim 7:
Cho in view of ABIDIN, Xu et al., and Bower et al. discloses limitations shown above.
None of Cho, ABIDIN, Xu et al., and Bower et al. discloses wherein the authentication information includes a value derived from a user name and the password of the user.
However, CHENNA et al. discloses wherein the authentication information includes a value derived from a user name and password of the user. (See paragraph [0032], “[a]s shown, the method 200 begins at step 205, where an application [again, referred to as the relying application] receives an access request from a user. The request may include a proffered set of credentials, e.g., 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Cho, ABIDIN, Xu et al., and Bower et al., to incorporate with the teachings of CHENNA et al., and to include value derived from a user name and a password as credentials in the authentication information, so that the user can be validated by the credentials.
Claim 7 recites “wherein the authentication information includes a value derived from a user name and the password of the user.” This describes the characteristics of the authentication information. However, the recited characteristics are not processed or used to carry out any steps or functions that rely on these particular characteristics recited in the claims. Therefore, this claim recites nonfunctional descriptive material. When descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from prior art in terms of patentability. It has been held that where the printed matter is not functionally related to the substrate, the printed matter will not distinguish the invention from the prior art in terms of patentability. The critical question is whether there exists any new and unobvious functional relationship between the printed matter and the substrate (In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); .

14.	Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Cho (US 20100088507 A1) in view of ABIDIN (US 20180332029 A1), Xu et al. (US 20170141926 A1), Bower et al. (US 20170109512 A1), and Polzin et al. (US 20140089617 A1).
Claim 8:
Cho in view of ABIDIN, Xu et al., and Bower et al. discloses limitations shown above.
Cho discloses generating the public key pair. (See Fig. 4b; paragraph [0125]; and paragraph [0321].)
Bower et al. discloses wherein the secure circuit is configured to receive a signal to generate the public key pair and to generate the public key pair. (See Fig. 5B and paragraph [0060].)
None of Cho, ABIDIN, Xu et al., and Bower et al. discloses a mailbox mechanism included in the secure circuit, wherein the mailbox mechanism is configured to isolate circuitry in the secure circuit from being accessed by processor.
Polzin et al. discloses a mailbox mechanism, wherein the mailbox mechanism is configured to isolate circuitry in the secure circuit form being accessed by processor. (See paragraph [0006], “[a]n SOC that implements a security enclave processor [SEP] is described herein. The SEP may be an SOC within an SOC, in some embodiments, including a processor and one or more 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Cho, ABIDIN, Xu et al., and Bower et al., to incorporate with the teachings of Polzin et al., and to integrate the mailbox mechanism to generate a public key pair, so that the CPUs/APs can only access a mailbox location in the SEP.

Conclusion
15.	 The prior art, made of record and not relied upon, is considered pertinent to the applicant’s disclosure.
Le Saint et al. (US 20180167208 A1) discloses registering a public key and provisioning data to an authenticated user device.
Mardikar (US 20180218358 A1) discloses crypto secure elements for loading and storing authentication data. 


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, an applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel, can be reached at 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.D./Examiner, Art Unit 3685  
/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685