DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgments
The application filed on 11/28/19 is acknowledged. 

Status of Claims
Claims 1-30 are pending. 
Claims 1-30 are rejected.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because:
- (A) Figs. 7A, 7B, and 7C are described by 0080-0081 of the specification as filed. Here, the specification says that Fig. 7A shows secure user interface display 704 and non-secure display 702 as one overlaid over the other. However, Fig. 7A does not accurately depict the arrangement described by the specification. Specifically, in Fig. 7A, reference numeral 704 
- (B) Further, the specification says that Figs. 7B and 7C show secure user interface display 704 and non-secure display 702 as adjacent to each other. However, Figs. 7B and 7C do not accurately depict the arrangement described by the specification. Specifically, in Figs. 7B and 7C, the portion indicated by reference numeral 704 is depicted as overlaid over the portion indicated by reference numeral 702. Note that Figs. 8B and 8C appear to accurately depict the adjacent arrangement: as shown, portion 704 is adjacent to portion 702. As best understood, the portions 702 and 704 in Figs. 7B and 7C should be depicted analogously to the way they are depicted in Figs. 8B and 8C.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) or, where applicable, amendment to the specification, are 
In addition to Replacement Sheets containing the corrected drawing figure(s), applicant is required to submit a marked-up copy of each Replacement Sheet including annotations indicating the changes made to the previous version.  The marked-up copy must be clearly labeled as “Annotated Sheets” and must be presented in the amendment or remarks section that explains the change(s) to the drawings.  See 37 CFR 1.121(d)(1).  Failure to timely submit the proposed drawing and marked-up copy, or amendments to the specification, will result in the abandonment of the application.


Specification
The disclosure is objected to because of the following informalities: 
- (A) Fig. 3, block 302, is described by 0047 of the specification as filed. Here, the specification effectively says that a user may provide sensitive data to the user interface via a data input element to the client application, or that the user interface may provide sensitive data received from the user via a data input element to the client application.
Subsequently, Fig. 3, blocks 304-308, are described by 0048-0050 of the specification as filed. Here, the specification says that the processing device can recognize a data input element of the client application as vulnerable and, if so, assign it to the secure execution environment, so that data inputted via that data input element goes only to the secure execution environment, not to the client application in the normal execution environment.
The above two portions of the specification appear to
contradict each other: 0047 indicates that sensitive data is received by the client application in the normal execution environment, while 0048-0050 indicates that sensitive data is not received by the client application in the normal execution 
	The apparent contradiction renders the disclosure as filed unclear. As the above-indicated subject matter of the specification bears on claims 7, 15, 23 and 29, the apparent contraction also casts a shadow of lack of clarity on those claims. 
	- (B) The specification is also objected to for the reasons explained in the Drawings Objections above. 
Appropriate correction is required.

Examiner's Comments
Not Positively Recited
Claim 4 recites:
"wherein assigning ownership of a first data input element to the secure execution environment, assigning ownership of a data input device to the secure execution environment, and assigning ownership of the display device to the secure execution environment occur in response to determining that the first data input element is a vulnerable data input element"
Claim 5 recites:
"receiving … a user interaction with a second data input 
Claim 6 recites:
"generating … a client application that is running in the normal execution environment and configured to implement a digital payment servicer function"
The recitation of the not positively recited use of the claimed invention does not serve to differentiate the claims from the prior art. See In re Wilder, 166 USPQ 545 (CCPA 1970).

Intended Use/Functional Language
Claims 6, 14, 22 and 28 recite:
"generating …, wherein the first data input element is for a client application that is running in the normal execution environment and configured to implement a digital payment servicer function" 
Claims 9 recites:
"wherein the processor is configured to execute processor- executable instructions to perform operations comprising:"
Claims 10-16 recite:
"wherein the processor is further configured with processor-executable instructions to perform operations further comprising:" or "wherein the processor is further configured such that"
Claim 17 recites:
"A non-transitory processor-readable storage medium having stored thereon processor-executable instructions configured to cause a processor of a computing device to perform operations comprising:"
Claims 18-24 recite:
"wherein the stored processor-executable instructions are configured to cause a processor of a computing device to perform operations …"
As per MPEP 2114.II: 
[A]pparatus claims cover what a device is, not what a device does." Hewlett-Packard Co. v. Bausch & Lomb Inc., 909 F.2d 1464, 1469, 15 USPQ2d 1525, 1528 (Fed. Cir. 1990) (emphasis in original). A claim containing a "recitation with respect to the manner in which a claimed apparatus is intended to be employed does not differentiate the claimed apparatus from a prior art apparatus" if the prior art apparatus teaches all the structural limitations of the claim. Ex parte Masham, 2 USPQ2d 1647 (Bd. Pat. App. & Inter. 1987). 

See also MPEP 2103.I.C.:
Language that suggests or makes a feature or step optional but does not require that feature or step does not limit the scope of a claim under the broadest reasonable claim interpretation. [For example:] 
(A) statements of intended use or field of use, including statements of purpose or intended use in the preamble,  
(B) "adapted to" or "adapted for" clauses,
(C) "wherein" or "whereby" clauses,
(D) contingent limitations,
(E) printed matter, or
(F) terms with associated functional language.



Optional Language/Contingent Limitations
Claim 4 recites "determining whether the first data input element is a vulnerable data input element, wherein assigning ownership of a first data input element to the secure execution environment, assigning ownership of a data input device to the secure execution environment, and assigning ownership of the display device to the secure execution environment occur in response to determining that the first data input element is a vulnerable data input element." The determining step may result in either of two outcomes (determining that a first data input element is a vulnerable data input element; determining that a first data input element is not a vulnerable data input element). The operations of the wherein clause step occur only if the former outcome occurs (determining that a first data input element is a vulnerable data input element).
Claim 5 recites "responding to the data input signal in response to determining that the data input signal represents the user interaction with the first data input element owned by the secure execution environment; and providing the data input 
Claim 7 recites "determining whether a first data input element of a client application running in a normal execution environment is a vulnerable data input element; and preventing presentation of the vulnerable first data input element by the client application in response to determining that the first data input element is a vulnerable data input element." The determining step may result in either of two outcomes (determining that a first data input element of a client application running in a normal execution environment is a vulnerable data input element; determining that a first data input element of a client application running in a normal 
As per MPEP 2103.I.C.:
Language that suggests or makes a feature or step optional but does not require that feature or step does not limit the scope of a claim under the broadest reasonable claim interpretation. [For example:] 
(A) statements of intended use or field of use, including statements of purpose or intended use in the preamble,  
(B) "adapted to" or "adapted for" clauses,
(C) "wherein" or "whereby" clauses,
(D) contingent limitations,
(E) printed matter, or
(F) terms with associated functional language.

As per MPEP 2111.04.II.
The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met. For example, assume a method claim requires step A if a first condition happens and step B if a second condition happens. If the claimed invention may be practiced without either the first or second condition happening, then neither step A or B is required by the broadest reasonable interpretation of the claim. If the claimed invention requires the first condition to occur, then the broadest reasonable interpretation of the claim requires step A. If the claimed invention requires both the first and second conditions to occur, then the broadest reasonable interpretation of the claim requires both steps A and B.


Therefore, the above claim language, which is optional/ 

Note: In the interest of compact prosecution, prior art is cited for the aforementioned claimed subject matter that does not differentiate the claims from the prior art/does not limit the scope of the claims. See rejection under 35 U.S.C. 102 and 103 below.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”), namely, claims 25-30, are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, 
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 U.S.C. § 112 
35 USC § 112(a)
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.


The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.


Claims 5, 6, 9-24, 27 and 28 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.

Lack of Algorithm
Claims 5, 13, 21 and 27 recite "receiving, in the secure execution environment, a data input signal representing a user interaction with a second data input element via the data input device owned by the secure execution environment; determining whether the data input signal represents the user interaction with the first data input element owned by the secure execution environment; responding to the data input signal in response to determining that the data input signal represents the user 
Claims 6, 14, 22 and 28 recite "generating … a client application that is … configured
Claims 9-24 recite that a "processor" or "processor-executable instructions" are "configured …," but the specification does not provide details on what this action (configuring) comprises or how it is performed.
Thus, with regard to the claimed subject matter indicated above, as per MPEP 2161.01.I: 
"the specification does not sufficiently describe how the function is performed or the result is achieved. … the algorithm or steps/procedure for performing the computer function are not explained at all or are not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient). In other words, the algorithm or steps/procedure taken to perform the function must be [but is not] described with sufficient detail so that one of ordinary skill in the art would understand how the inventor intended the function to be performed. See MPEP §§ 2163.02 and 2181, subsection IV.

See also MPEP 2163.03.V.
35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):


(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-30 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite 

Lack of Antecedent Basis 
The claims are replete with problems of antecedent basis -- lack of antecedent basis and unclear antecedent basis. Selected salient examples of these problems are set forth below. The following is not necessarily an exhaustive list. Applicant needs to review the entire claim set with careful attention to these issues and correct all problematic instances so as to render the claims definite. 
Claims 1, 9, 17 and 25 recite "combining the secure user interface and …." The underlined words lack antecedent basis. (Note: the underlined words are understood to refer back to "the secure user interface display" in the first step.)
Claims 5, 13, 21 and 27 recite "determining … the user interaction with the first data input element owned by the secure execution environment; responding … the user interaction with the first data input element owned by the secure execution environment; and providing … the user interaction with the first data input element owned by the secure execution environment." The underlined words lack antecedent basis. No such user 
Claims 7, 15, 23 and 29 recite "preventing … the vulnerable first data input element …." The underlined words lack antecedent basis.  
Claims 2-8, 10-16, 18-24 and 26-30 are (also) rejected by virtue of their dependency from a rejected claim.

Means Plus Function
Claim 25 recites:
"means for generating a secure user interface display in a secure execution environment of the computing device;"
"means for generating a non-secure display in a normal execution environment of the computing device;"
"means for combining the secure user interface and the non-secure display into a combined display;"
Claim 26 recites:
"means for assigning ownership of a first data input element to the secure execution environment;"
"means for assigning ownership of the data input device to the secure execution environment;"
"means for assigning ownership of the display device to the secure execution environment,"
"wherein means for generating a secure user interface 
Claim 27 recites:
"means for receiving, in the secure execution environment, a data input signal representing a user interaction with a second data input element via the data input device owned by the secure execution environment;"
"means for determining whether the data input signal represents the user interaction with the first data input element owned by the secure execution environment;"
"means for responding to the data input signal in response to determining that the data input signal represents the user interaction with the first data input element owned by the secure execution environment;"
"means for providing the data input signal to a client application running in the normal execution environment in response to determining that the data input signal does not represent the user interaction with the first data input element owned by the secure execution environment."



Claim 28 recites:
"wherein: means for generating a secure user interface display in a secure execution environment comprises means for generating the secure user interface display having the first data input element owned by the secure execution environment, wherein the first data input element is for a client application that is running in the normal execution environment and configured to implement a digital payment servicer function;"
"means for generating a non-secure display in a normal execution environment comprises means for generating the non-secure display for the client application or an operating system."
Claim 29 recites:
"means for determining whether a first data input element of a client application running in a normal execution environment is a vulnerable data input element;"
Claim 30 recites:
"wherein means for presenting the combined display via a display device comprises one of: means for presenting the secure user interface display and the non-secure display adjacent to each other; means for presenting the secure user interface display overlaid over the non-secure display; or means for presenting an integrated secure user 
The above-indicated claim limitations invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed functions and/or to clearly link the structure, material, or acts to the functions. In this regard, the most pertinent portion of Applicant's specification appears to be the description of Figs. 3-6, i.e., 0046-0078. However, this portion of the specification appears to be devoid of any structure (viz., requisite algorithm) that performs the functions in the claims. At best, this portion of the specification appears to merely restate some of the functions. Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c) Amend the written description of the specification such 
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claims 26-30 are also rejected by virtue of their dependency from a rejected base claim.

Unclear Scope
Claims 1, 3 and 8 are inconsistent in reciting sometimes a "secure user interface display" and sometimes a "secure user interface." Both terms are understood to refer to the same thing; if so, the terminology should be consistent. The use of different terms with different meanings to refer to the same thing renders the claims unclear. Corresponding claims 9, 11, and 16; 17, 19 and 24; and 25, 26 and 30 are unclear for the same reasons. 
Claim 13 recites "receiving, in the secure execution environment, a data input signal representing a user interaction with a second data input element via the data input device owned by the secure execution environment; determining whether the data input signal represents the user interaction with the first data input element owned by the secure execution environment; responding to the data input signal in response to determining that the data input signal represents the user interaction with the first data input element owned by the secure execution environment; and providing the data input signal to a client application running in the normal execution environment in response to determining that the data input signal does not represent the user interaction with the first data input element owned by the secure execution environment." Claim 9, from which claim 13 depends, is directed to a computing device, comprising 
Claim 20 recites "the stored processor-executable instructions are configured to cause a processor of a computing device to perform operations further configured with processor-executable instructions to perform operations further comprising …." The underlined words do not make sense and appear to be an extended typographical/clerical error. As best understood, the underlined words should be deleted.
Claim 21 recites "receiving, in the secure execution environment, a data input signal representing a user interaction with a second data input element via the data input device owned by the secure execution environment; determining whether the data input signal represents the user interaction with the first data input element owned by the secure execution environment; responding to the data input signal in response to determining that the data input signal represents the user interaction with the first data input element owned by the secure execution environment; and providing the data input signal to a client application running in the normal execution environment in response to determining that the data input signal does not represent the user interaction with the first data input element owned by the secure execution environment." Claim 17, from which 
Claim 27 recites "means for receiving, in the secure execution environment, a data input signal representing a user interaction with a second data input element via the data input device owned by the secure execution environment; means for determining whether the data input signal represents the user interaction with the first data input element owned by the secure execution environment; means for responding to the data input signal in response to determining that the data input signal represents the user interaction with the first data input element owned by the secure execution environment; and means for providing the data input signal to a client application running in the normal execution environment in response to determining that the data input signal does not represent the user interaction with the first data input element owned by the 
An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed (See In re Zletz, 893 F.2d 319,321 (Fed. Cir. 1989)).
Claims 2-8, 10-16, 18-24 and 26-30 are (also) rejected by virtue of their dependency from a rejected claim.

Claim Rejections - 35 U.S.C. § 102 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-30 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ninomiya et al. (U.S. Patent Application Publication No. 2016/0042201 A1), hereafter Ninomiya.

Regarding Claims 1, 9, 17 and 25
Ninomiya teaches:
generating a secure user interface display (Fig. 1A, 29B) in a secure execution environment (Figs. 3 and 4, 41) of the computing device; (0073; secure user interface display is generated by 115, which is part of 41)
generating a non-secure display (Fig. 1A, 29A) in a normal execution environment (Figs. 3 and 4, 21) of the computing device; (0064; non-secure user interface display is generated by 109, which is part of 21)
combining the secure user interface and the non-secure display into a combined display; and (0075, 0078, Figs. 1A, 2A, 5A)
presenting the combined display via a display device. (0078, Figs. 1A, 2A, 5A)
(claim 9) a display device (Figs. 1A-5A); and a processor coupled to the display device and configured to execute instructions within a secure execution environment and a normal execution environment, wherein the processor is configured to execute processor-executable instructions to perform operations comprising: (Figs. 3 and 4)
(claim 17) A non-transitory processor-readable storage medium having stored thereon processor-executable instructions configured to cause a processor of a computing device to perform operations comprising: (Figs. 3 and 4)
(claim 25) a display device; (Figs. 1A-5A)

Regarding Claims 2, 10 and 18
Ninomiya teaches base claims 1, 9 and 17. Ninomiya further teaches:
assigning ownership of a first data input element to the secure execution environment; (0071 e.g., range of coordinates 
assigning ownership of a data input device to the secure execution environment; and (0073, 0083 e.g., 27, 27B are assigned to 113 (of 41) by 117 and 114, Figs. 3, 4, 5B, 113, 117, 114, 0071, 0091, 0050, 0052, 0067, 0009, 0010, 0043)
assigning ownership of the display device to the secure execution environment. (0072 e.g., 29, 29B are assigned to 115 (of 41) by 118 and 116, 0092 e.g., coordinates of 29B are set as secure display area, 0048, 0052, 0067, 0009, 0010, 0041, Figs. 3, 4, 5A, 115, 118, 116, 29)

Regarding Claims 3, 11 and 19
Ninomiya teaches base claims 1, 9 and 17 and intervening claims 2, 10 and 18. Ninomiya further teaches:
wherein generating a secure user interface display in a secure execution environment comprises generating a secure user interface having the first data input element owned by the secure execution environment. (0095)

Regarding Claims 4, 12 and 20
Ninomiya teaches base claims 1, 9 and 17 and intervening claims 2, 10 and 18. Ninomiya further teaches:
determining whether the first data input element is a vulnerable data input element, (0009, 0010, 0071, 0082-0083, 0091-0092, 0106 e.g., setting a given area/coordinates as secure input area constitutes determining that the given area/coordinates so set is/are a vulnerable data input element; e.g., assigning detected touch input in secure input area to secure touch input processing unit 113 presupposes that the secure input area has been determined to be a vulnerable data input element; information processing device distinguishes and sets areas as, e.g., secure or non-secure)
wherein assigning ownership of a first data input element to the secure execution environment, assigning ownership of a data input device to the secure execution environment, and assigning ownership of the display device to the secure execution environment occur in response to determining that the first data input element is a vulnerable data input element. (0009, 0010, 0071, 0082-0083, 0091-0092, 0106, see also citations for claims 2, 3 above)

Regarding Claims 5, 13, 21 and 27
Ninomiya teaches base claims 1, 9, 17 and 25 and intervening claims 2, 10, 18 and 26. Ninomiya further teaches:
(A) receiving, in the secure execution environment, a data input signal representing a user interaction with a second data input element via the data input device owned by the secure execution environment; (B) determining whether the data input signal represents the user interaction with the first data input element owned by the secure execution environment; (C) responding to the data input signal in response to determining that the data input signal represents the user interaction with the first data input element owned by the secure execution environment; and (D) providing the data input signal to a client application running in the normal execution environment in response to determining that the data input signal does not represent the user interaction with the first data input element owned by the secure execution environment. (As per Fig. 4, all touch input is sent to secure part of second processing unit 41 (A), where it is determined whether the input represents (i) user interaction with data input element owned by secure execution environment or (ii) user interaction with data input element owned by non-secure execution environment (B), and, in response to the determination, the input is directed to the appropriate input touch processing section, 113 (secure) (C) or 107 (non-secure) (D), as explained at, e.g., 0082-0084; 0064, 0073; see also citations for claims 4, above, and 6, below)


Regarding Claims 6, 14, 22 and 28
Ninomiya teaches base claims 1, 9, 17 and 25 and intervening claims 2, 10, 18 and 26. Ninomiya further teaches:
wherein: generating a secure user interface display in a secure execution environment comprises generating the secure user interface display having the first data input element owned by the secure execution environment, wherein the first data input element is for a client application that is running in the normal execution environment and configured to implement a digital payment servicer function; and (0088-0090, 0093-0094, 0096 secure display contents, e.g., PIN pad 80 and message urging input of PIN, are in service of payment transaction performed at least in part by application involved in performing payment transaction)
generating a non-secure display in a normal execution environment comprises generating the non-secure display for the client application or an operating system. (0088-0090, 0093-0094, 0096 non-secure display contents, e.g., message urging reading operation of payment card, are in service of payment transaction performed at least in part by application involved in performing payment transaction)

Regarding Claims 7, 15, 23 and 29
Ninomiya teaches base claims 1, 9, 17 and 25. Ninomiya 
(A) determining whether a first data input element of a client application running in a normal execution environment is a vulnerable data input element; and (0011, 0080 as explained below; alternatively, 0009, 0010, 0071, 0082-0083, 0091-0092, 0106 e.g., setting a given area/coordinates as non-secure input area constitutes determining that the given area/ coordinates so set is/are not a vulnerable data input element; see also citations for claim 6 above, presenting messages by client application in non-secure area presupposes that a determination was made that the data input element for receiving input in response to the message is not vulnerable)
(B) preventing presentation of the vulnerable first data input element by the client application in response to determining that the first data input element is a vulnerable data input element. (0011, 0080 e.g., unauthorized PIN pad is prevented from being displayed in secure display area (B); recognition of the PIN pad as an unauthorized PIN pad indicates that a determination has been made that it is a vulnerable data input element (A)) 

Regarding Claims 8, 16, 24 and 30
Ninomiya teaches base claims 1, 9, 17 and 25. Ninomiya further teaches:
wherein presenting the combined display via a display device comprises one of: presenting the secure user interface display and the non-secure display adjacent to each other; presenting the secure user interface display overlaid over the non-secure display; or presenting an integrated secure user interface and non-secure display. (Figs. 1A, 2A, 7A, 8A, 9A, 10A, 12A)

Regarding Claim 26
Ninomiya teaches base claim 25. Ninomiya further teaches:
a data input device; (Figs. 1A-4, 5B)
means for assigning ownership of a first data input element to the secure execution environment; (As per claim 2)
means for assigning ownership of the data input device to the secure execution environment; and (As per claim 2)
means for assigning ownership of the display device to the secure execution environment, (As per claim 2)
wherein means for generating a secure user interface display in a secure execution environment comprises means for generating a secure user interface having the first data input element owned by the secure execution environment. (As per claim 3)


Conclusion
The prior art made of record and not relied upon, as set forth in the accompanying Notice of References Cited (PTO-892), is considered pertinent to applicant's disclosure. Among the cited references:
Note that WO 2021/077882 A1 claims priority to Chinese patent applications filed on 10/24/2019 and 11/7/2019, both of which dates precede the filing date of the instant application (11/28/19), thus qualifying WO 2021/077882 A1 as prior art to the instant application.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DOUGLAS W PINSKY whose telephone number is (571)272-4131.  The examiner can normally be reached on 8:30 am - 5:30 pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II, can be reached on 571-272-6709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DWP/
Examiner, Art Unit 3692 
/ERIC T WONG/Primary Examiner, Art Unit 3692