DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1-32 filed 2/10/21 are pending.
Claim Rejections - 35 USC § 103
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
5. 	Claims 1-12, 16-26, and 30-32 are rejected are rejected under 35 U.S.C. 103(a) as being unpatentable over Beatty et al (2018/0033255) in view of Bedier et al (2019/0172036) and Murray et al (10,326,797).
Re Claims 1, 16, 30: Beatty discloses comprising: 
a first security processor located within a first security mesh (see [0087] secure mesh that protects cores from tampering);
a second security processor located within a second security mesh (see [0004] discloses second processor with second processor data input port coupled to second data output port, security mesh that protects cores from tampering [0086-0087]);
an applications processor (see application processor (AP 108) in [0027]);
a first computer readable medium located within the first security mesh and accessible to the first security processor and storing instructions which, when executed by the first security processor cause the device to (see [0060] discloses microprocessor where computer readable medium can be any type of device that stores data or instructions for processor):
a second computer readable medium located within the second security mesh and accessible to the second security processor and storing instructions which, when executed by the second security processor cause the device to (see [0060] discloses microprocessor where computer readable medium can be any type of device that stores data or instructions for processor):
transmit a first certificate signing request from the first security processor to the applications processor (see [0112] certificate authority may sign a certificate signing request from first security processor to applications processor); 

receive a signed second certificate from the applications processor at the first security processor (see [0112] certificate authority may sign a certificate signing request from first security processor to applications processor); 
receive a signed first certificate from an external certificate authority in response to the first certificate signing request (see [0105] discloses certificate, certification authority, encrypted or private key);
receive a signed second certificate from the external certificate authority (see [0105] discloses certificate, certification authority, encrypted or private key);
verify the signed first certificate and the signed second certificate at the first security processor (see [0109] persistent identity may be in form of digital public-key certificate may authenticate themselves); 
generate, subsequent to verifying the signed first certificate and the signed second certificate, a unique pre-shared key using information from the signed first certificate and the signed second certificate and to generate a unique pre-shared key independently on both the first security processor and the second security processor using an elliptic key exchange (see [0106] AP 108 may look up flash to determine whether private key exists. If key not found, flash may report that block location is empty and key needs to be created.); 
and establish a secure connection with a second security processor using the unique pre-shared key (see [0109] SP 106 and AP 108 may authenticate themselves. Key 
However, Beatty fails to disclose the following. Meanwhile, Bedier discloses:
a first casing having a connector and supporting the first security mesh a second security processor located within a second security mesh (see [0097] printer coupled to main display and secure display, such that respective display and printer housed in single housing, however printer can be housed in separate and distinct housing from main housing);
a second casing connected to the first casing via the connector and supporting the second security mesh (see [0097] printer coupled to main display and secure display, such that respective display and printer housed in single housing, however printer can be housed in separate and distinct housing from main housing).
From the teaching of Bedier, it would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to modify Beatty’s invention with Bedier’s disclosure of casings in order for “… suitable transaction-related business functionality (see Bedier [0020]).”
However, Beatty and Bedier fail to disclose the following. Meanwhile, Murray discloses:
generate a first certificate signing request which includes a first global unique identifier associated with the first security mesh (see col.4 line 40 to col.5 line 13, generation of secure connection can be based on secret data set called “seed” within cryptographic key can be generated. Seed can be any set of secret data, like truly randomly generated number. Seed can 
generate the second certificate signing request which includes a second global unique identifier associated with the second security mesh (see col.4 line 40 to col.5 line 13, generation of secure connection can be based on secret data set called “seed” within cryptographic key can be generated. Seed can be any set of secret data, like truly randomly generated number. Seed can be associated or mapped to another set of data, such as device identifier or device in system. Seed mapped in this way can be designated a device secret and can be combined with device identifier to augment key generation. Device can be assigned device identifier from multiple sources including unique identifier); 
From the teaching of Murray, it would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to modify Beatty’s and Bedier’s inventions with Murray’s disclosure of global unique identifier in order for “… provisioning a secure connection… (see Murray Abstract).”
Re Claims 2, 17: Beatty discloses further comprising:
a universal serial bus; 
a universal serial bus abstraction layer on the applications processor to form a universal serial bus connection via the universal serial bus;

Re Claims 3, 18: Beatty discloses wherein:
establishing the secure connection with the second security processor uses an authenticated and confidential channel establishment (ACCE) protocol (see [0042] discloses SSL, TLS, IPsec).
Re Claims 4, 19: Beatty discloses wherein: 
the ACCE protocol is a transport layer secure (TLS) establishment protocol (see [0042] ACCE protocol is TLS establishment protocol).
Re Claims 5, 20: Beatty discloses further comprising:
a touch display that sends touch coordinates to the applications processor in an unsecure mode and sends touch coordinates to the first security processor in a secure mode (see [0028, 0054] discloses touch screen).
However, Beatty fails to disclose the following. Meanwhile, Bedier discloses:
a first casing supporting the touch display and the first security processor (see [0097] printer coupled to main display and secure display, such that respective display and printer housed in single housing, however printer can be housed in separate and distinct housing from main housing); and
a connector on the first casing configured to be joined to a second casing (see [0103] wired communication module).
From the teaching of Bedier, it would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to modify Beatty’s invention with Bedier’s 
Re Claim 6: However, Beatty fails to disclose the following. Meanwhile, Bedier discloses further comprising:
a wire inside the connector (see [0033] secure connection formed over wire, wired connection);
wherein the secure connection is formed over the wire (see [0033] secure connection formed over wire, wired connection); and
wherein the second casing is an interchangeable base (see [0051] both secure and main processor can be concurrently connected to secure input processor, [0110] discloses payment terminal operable in desktop ode when coupled to dock).
From the teaching of Bedier, it would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to modify Beatty’s invention with Bedier’s disclosure of wiring in order for “… suitable transaction-related business functionality (see Bedier [0020]).”
Re Claims 7, 22: However, Beatty fails to disclose the following. Meanwhile, Bedier discloses further comprising:
a second computer readable medium accessible to the applications processor and storing instructions which, when executed by the applications processor, cause the device to:
receive capabilities information from the second security processor (see [0038] receive sensitive information, separate information, process information, secure processor can be dynamically update or adjusted in any suitable manner); and 

From the teaching of Bedier, it would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to modify Beatty’s invention with Bedier’s disclosure of capabilities information in order for “… suitable transaction-related business functionality (see Bedier [0020]).”
Re Claims 8, 23: However, Bedier and Beatty fail to disclose the following. Meanwhile, Murray discloses further comprising: 
a second computer readable medium accessible to the applications processor and storing instructions which, when executed by the applications processor, cause the device to: transfer, using the secure connection and the applications processor, messages from the second security processor located in a second security mesh to the first security processor (see col.10, lines 20-49 discloses encrypting received information and controlling transfer of information out of secure element 122. First device 120 configured to transmit digital information to second device 130 using secure connection 111). 
From the teaching of Murray, it would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to modify Beatty’s and Bedier’s inventions with Murray’s disclosure of a second computer readable medium in order for “… provisioning a secure connection… (see Murray Abstract).”

Re Claims 10, 25: However, Bedier and Beatty fail to disclose the following. Meanwhile, Murray discloses wherein: the unique pre-shared key is generated independently in the first security mesh and a second security mesh using a Diffie-Hellman key exchange protocol (discloses Diffie-Hellman key exchange in col.4, lines 16-39). From the teaching of Murray, it would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to modify Beatty’s and Bedier’s inventions with Murray’s disclosure of a Diffie-Hellman key exchange protocol in order for “… provisioning a secure connection… (see Murray Abstract).”
Re Claim 11: However, Bedier and Beatty fail to disclose the following. Meanwhile, Murray discloses wherein: 
the first certificate signing request includes a first global unique identifier associated with the first security mesh; 
and the signed second certificate includes a second global unique identifier associated with a second security mesh (see col.4 line 40 to col.5 line 13, generation of secure connection can be based on secret data set called “seed” within cryptographic key can be generated. Seed 
From the teaching of Murray, it would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to modify Beatty’s and Bedier’s inventions with Murray’s disclosure of global unique identifier in order for “… provisioning a secure connection… (see Murray Abstract).”
Re Claims 12, 26: Beatty discloses further comprising: a second computer readable medium accessible to the applications processor and storing instructions which, when executed by the applications processor, cause the device to: receive, at the applications processor, a second certificate signing request from the second security processor; receive, at the applications processor, the first certificate signing request; bundle the first certificate signing request and the second certificate signing request into a combined certificate signing request; and transfer the combined certificate signing request to an external certificate authority (see [0027] discloses applications processor, [0105] discloses certificate, certification authority, encrypted or private key).
Re Claim 21: Beatty discloses: wherein the second casing comprises a mechanical keypad; and wherein the mechanical keypad is communicatively connected to the second security processor (see [0068] voice activated interface or standard key pad).

Re Claim 31: Beatty discloses wherein: the first computer readable medium stores instructions which, when executed by the first security processor cause the device to: send a first certificate signing request to an external certificate authority (see [0105] discloses certificate, certification authority, encrypted or private key); and receive a signed first certificate in response to the sending of the first certificate signing request (see [0105] discloses certificate, certification authority, encrypted or private key); and receive a signed second certificate (see [0105] discloses certificate, certification authority, encrypted or private key); the second computer readable medium stores instructions which, when executed by the second security processor cause the device to: send a second certificate signing request to the external certificate authority (see [0105] discloses certificate, certification authority, encrypted or private key); receive the signed second certificate in response to the sending of the second certificate signing request; and receive the signed first certificate (see [0105] discloses certificate, certification authority, encrypted or private key); and the instructions stored on the first and second computer readable medium, when executed by the first and second security processors respectively, further cause the device to: verify, on both the first and second security processors, the signed first certificate and the second signed certificate as a predicate 
Re Claim 32: Beatty discloses further comprising: an applications processor, wherein the first casing supports the applications processor (see [0027]); and a third computer readable medium accessible to the applications processor and storing instructions which, when executed by the applications processor, cause the device to: receive, at the applications processor, the second certificate signing request from the second security processor (see [0105] discloses certificate, certification authority, encrypted or private key); receive, at the applications processor, the first certificate signing request (see [0105] discloses certificate, certification authority, encrypted or private key); bundle the first certificate signing request and the second certificate signing request into a combined certificate signing request (see [0105] discloses certificate, certification authority, encrypted or private key); and transfer the combined certificate signing request to the external certificate authority (see [0109] persistent identity may be in form of digital public-key certificate may authenticate themselves, SP 106 and AP 108 may authenticate themselves. Key component protected by SP 106 secure cryptographic device such that tampering with device may erase the key. Devices may not be cloned and communications remain private and authentic). 
7. 	Claims 13-15 and 27-29 are rejected are rejected under 35 U.S.C. 103(a) as being unpatentable over Beatty et al (2018/0033255) in view of Bedier et al (2019/0172036) and Murray et al (10,326,797), and further in view of Zovi et al (2018/0005230).
Re Claims 13, 27: However, Beatty, Murray, and Bedier fail to disclose the following. Meanwhile, Zovi discloses further comprising: 
a second computer readable medium accessible to the applications processor and storing instructions which, when executed by the applications processor, cause the device to: receive, at the applications processor, a second certificate signing request in a remote procedure call (RPC) certificate signing request from the second security processor; translate, using the applications processor, the RPC certificate signing request from the second security processor into a hypertext transfer protocol (HTTP) certificate signing request; and transfer the HTTP certificate signing request to an external certificate authority (see [0063] tamper detection component 80 and tamper monitoring component 70 can communication via encrypted protocol called “trusted channel” implemented on top of HTTPS). 
From the teaching of Zovi, it would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to modify Beatty’s, Murray’s, and Bedier’s inventions with Zovi’s disclosure of RPC in order “… to establish a secure communication channel between a payment object reader and a payment terminal… (see Zovi Abstract).”
Re Claims 14, 28: However, Beatty, Murray, and Bedier fail to disclose the following. Meanwhile, Zovi discloses:
wherein the HTTP certificate signing request is a JavaScript Object Notation (JSON) HTTP certificate signing request (see [0184] discloses JSON object). 

Re Claims 15, 29: However, Beatty, Murray, and Bedier fail to disclose the following. Meanwhile, Zovi discloses wherein: 
the second computer readable medium accessible to the applications processor further stores instructions which, when executed by the applications processor, cause the device to: receive, at the applications processor, the first certificate signing request in a second RPC certificate signing request from the first security processor (see [0030] generation of attestation ticket object when platform scanned for first time or every time); and translate, using the applications processor, the second RPC certificate signing request into the HTTP certificate signing request; and the HTTP certificate signing request is a combined HTTP certificate signing request (see [0063] tamper detection component 80 and tamper monitoring component 70 can communication via encrypted protocol called “trusted channel” implemented on top of HTTPS).
From the teaching of Zovi, it would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to modify Beatty’s, Murray’s, and Bedier’s inventions with Zovi’s disclosure of RPC in order “… to establish a secure communication channel between a payment object reader and a payment terminal… (see Zovi Abstract).”



Conclusion
8.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Jiang et al (A Blockchain-Based Authentication Protocol for WLAN Mesh Security Access, NPL) is found to be the most pertinent NPL prior art.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FAWAAD HAIDER whose telephone number is (571)272-7178.  The examiner can normally be reached on Mon-Fri 8 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO-supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Nathan Uber can be reached on 571-270-3923.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 

/Fawaad Haider/
Examiner, Art Unit 3687 
/DENNIS W RUHL/Primary Examiner, Art Unit 3687