DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/21/2022 has been entered.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Marc Boillot on December 2/25/2022. During the telephone conference, Marc Boillot has agreed and authorized the Examiner to amend Claim 9.

Claims
Replacing Claim 9 as following:
Claim 9. (Currently Amended) A chip for authenticating to a device, the chip comprising: 
a microprocessor; 
at least one memory configured to store data and a secret key; and 
an interface configured to communicate with the device, 
wherein the microprocessor of the chip is configured to:  
send, via the interface, to a device, the data stored in the at least one memory; 
that was encrypted by the chip, including or being accompanied with the encrypted credential to be decrypted;
retrieve the secret key from the at least one memory; 
decrypt the encrypted credential by using the secret key; and 
send, via the interface, to the device, as a decryption request response, the credential.

As per instant Amendment, claims 1 and 7 have been amended. Claims 1-10 have been examined and are pending. This Action is made Non-Final. 

Response to Arguments
Applicant arguments in the amendment, filed on 1/21/2022, with respect to the 35 U.S.C. § 103 rejection, have been considered but they are moot.  
The examiner further notes that similar rationale is applied to Claim 10, even though Claim 10, does not contain the amendment found in Claim 7, just the device.  The examiner notes it appears that the encrypted credential that is passed from device should be the encrypted credential (i.e., by the chip) which is now shown to be taught by Scheidt.  The examiner respectfully notes for clarity to further amend Claim 10, to ensure that is the same encrypted credential (i.e., by the chip) as found in Claim 7, see 35 U.S.C. 112(b) rejection. Therefore, this argument is moot.  



Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 10 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Regarding Claim 10; The examiner notes that Claim 10 is found to be indefinite, more specifically: 
The examiner notes that Claim 10, includes the device of Claim 7.  The examiner notes that the device of Claim 7, retrieves/sends an associated encrypted credential that was encrypted by the chip. Claim 10 recites the limitation “receive... an encrypted credential”.  The examiner notes is this the same associated encrypted credential that was encrypted by the chip by Claim 7.  The examiner suggests for better clarity to amend Claim 10, to be consistent with respect to Claim 7, and ensure the received credential is the associated encrypted credential that was encrypted by the chip, (i.e., see Claim 9).



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1 and 7-10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US 2016/0226837 A1) in view of Scheidt (US 7,111,173 B1).  

Regarding Claim 1;
Kim discloses a method for authenticating to a device (FIG. 3 and FIG. 4 and [0065] - ...perform the authentication...), comprising: 
- receiving, by the device, from a chip, data (FIG. 4 – S405 and [0077] - In step S405, the terminal storage unit 222 stores the card identifier ID transmitted from the smart chip 210); 
- retrieving, by the device, based on the received data, an encrypted credential... (FIG. 4 – S407→S413 and [0081] -  In step S413, the encrypted text C is stored in the terminal storage unit 222 and [0082] -  In step S415, the terminal transceiving unit 221 reads the encrypted text C stored in the storage unit 233 for decryption to transmit the encrypted text C to the smart chip 210); 
(FIG. 4 – S415 and [0082] - -  In step S415, the terminal transceiving unit 221 reads the encrypted text C stored in the storage unit 233 for decryption to transmit the encrypted text C to the smart chip 210); 
- retrieving, by the chip, a secret key (FIG. 4 –S417 and [0083] - In step S417, the decryption unit 213 decrypts the encrypted text C by using the individual factor s corresponding to the private key and the common factor n to generate the decrypted text S. The decryption unit 213 generates the decrypted text S by S=C s (mod n)); 
- retrieving, by the chip, a secret key	(FIG. 4 –S417 and [0083] - In step S417, the decryption unit 213 decrypts the encrypted text C by using the individual factor s corresponding to the private key and the common factor n to generate the decrypted text S. The decryption unit 213 generates the decrypted text S by S=C s (mod n));
- decrypting, by the chip, the encrypted credential by using the secret key (FIG. 4 –S417 and [0083] - In step S417, the decryption unit 213 decrypts the encrypted text C by using the individual factor s corresponding to the private key and the common factor n to generate the decrypted text S. The decryption unit 213 generates the decrypted text S by S=C s (mod n));
- sending, by the chip, to the device, as a decryption request response, the credential (FIG. 4 – S419 and [0084] - In step S419, the smart chip transceiving unit 211 transmits the decrypted text S to the terminal transceiving unit 221)
- verifying, by the device, whether the credential is or is not valid (FIG. 3 and FIG. 4 and [0065] - The verification unit 225 may perform the authentication performed by the server 230. When the terminal 220 does not transmit the authentication data including the card identifier ID, the encrypted text C, and the decrypted text S to the server 230, the verification unit 225 performs the authentication operation instead and [0112] - In step S713, the authentication unit 233 compares and determines whether a card identifier after decrypting the authentication random number M' coincides with the card identifier ID stored in the server storage unit 232.); and 
- authenticating, by the device, only if the credential is valid, the chip (FIG. 3 and FIG. 4 and [0065] - The verification unit 225 may perform the authentication performed by the server 230. When the terminal 220 does not transmit the authentication data including the card identifier ID, the encrypted text C, and the decrypted text S to the server 230, the verification unit 225 performs the authentication operation instead and [0113] - In step S715, the authentication unit 233 generates approval information representing that the smart card including the smart chip is legal when the card identifier after decrypting the authentication random number M' coincides with the card identifier ID and generates non-approval information representing that the smart card including the smart chip is illegal when the card identifier after decrypting the authentication random number M' does not coincide with the card identifier ID.).
	Kim fails to explicitly disclose retrieving, by the device, ... an encrypted credential that was encrypted by the chip. 
	However, in an analogous art, Scheidt teaches 
	retrieving, by the device, based on [ ] an encrypted credential that was encrypted by the chip (Scheidt, col. 10, lines 65-col. 11, lines 13 - . A random number stored on the card may be used as a piece of information in building the key to encrypt each user's credentials. This ties the smart card to the credentials. Without the number stored on the card, decryption of a user's credentials is not possible. The user needs the card to complete session establishment before the CKM system can be used. Other pieces, such as a password, are still needed to log on to CKM. The smart card alone is not sufficient to start a session, thus defeating an adversary who has stolen or otherwise acquired a user's smart card. User credentials may be stored on the smart card. This would let the user travel to other machines that are not part of the organization's main network and still be able to use the CKM system. and col. 14, lines 20-34 - Use of the CKM system is contingent upon successful logon and decryption of user credentials. Session establishment begins when a CKM enabled program is run on a user's workstation. The workstation prompts the user to present the smart card, user biometrics, user ID and password (logon data). An encrypted channel is established between the workstation and smart card and the logon data is transferred to the smart card where a key is generated to decrypt the user's credentials. The credentials may reside on the smart card or some other location, in which case the encrypted credentials file would be sent to the smart card for decryption and use. Upon successful logon, the credentials file is re-encrypted and stored and a decrypted copy is kept in the smart card's memory for use during the session);
	sending, by the device to the chip, a decryption request for decrypting the encrypted credential including or being accompanied with the encrypted credential to be decrypted (Scheidt, col. 10, lines 65-col. 11, lines 13 - . A random number stored on the card may be used as a piece of information in building the key to encrypt each user's credentials. This ties the smart card to the credentials. Without the number stored on the card, decryption of a user's credentials is not possible. The user needs the card to complete session establishment before the CKM system can be used. Other pieces, such as a password, are still needed to log on to CKM. The smart card alone is not sufficient to start a session, thus defeating an adversary who has stolen or otherwise acquired a user's smart card. User credentials may be stored on the smart card. This would let the user travel to other machines that are not part of the organization's main network and still be able to use the CKM system. and col. 14, lines 20-34 - Use of the CKM system is contingent upon successful logon and decryption of user credentials. Session establishment begins when a CKM enabled program is run on a user's workstation. The workstation prompts the user to present the smart card, user biometrics, user ID and password (logon data). An encrypted channel is established between the workstation and smart card and the logon data is transferred to the smart card where a key is generated to decrypt the user's credentials. The credentials may reside on the smart card or some other location, in which case the encrypted credentials file would be sent to the smart card for decryption and use. Upon successful logon, the credentials file is re-encrypted and stored and a decrypted copy is kept in the smart card's memory for use during the session);
Since each individual element and its function are shown in the prior art, albeit shown in
separate references, the difference between the claimed subject matter and the prior art
rests not on any individual element or function but in the very combination itself - that is
in the substitution of retrieving, by the device, based on [ ] an encrypted credential that was encrypted by the chip of the secondary reference(s) for the encrypted “credential” of the primary reference (i.e., having the chip encrypt  the credential vs the terminal encrypting the credential).
Thus, the simple substitution of one known element for another producing a predictable
result renders the claim obvious.

Regarding Claim(s) 7; claim(s) 7 is/are directed to a device associated with the method claimed in claim(s) 1. Claim(s) 7 is/are similar in scope to claim(s) 1, and is/are therefore rejected under similar rationale.


Regarding Claim 8;
Kim discloses the device to Claim 7.
	Kim further discloses wherein the authentication device is at least one element comprised in a group including: - a hardware security module type device; - a mobile device; - a mobile phone; - a user terminal; - a Personal Computer; - a tablet; - a computing device (FIG. 1 – Smart Phone and [0041]).

Regarding Claim(s) 9; claim(s) 9 is/are directed to a chip associated with the method claimed in claim(s) 1. Claim(s) 9 is/are similar in scope to claim(s) 1, and is/are therefore rejected under similar rationale.

Regarding Claim 10;
Kim discloses an authentication system, wherein, the system including at least one device and at least one chip, the at least one device includes the authentication device according to claim 7 (see Claim 1, rejection) and the at least one chip is configured to:
send, to a device, data (FIG. 4 – S405 and [0077] - In step S405, the terminal storage unit 222 stores the card identifier ID transmitted from the smart chip 210); 
receive, from the device, a decryption request for decrypting an encrypted credential including or being accompanied with the encrypted credential to be decrypted (FIG. 4 – S415 and [0082] - -  In step S415, the terminal transceiving unit 221 reads the encrypted text C stored in the storage unit 233 for decryption to transmit the encrypted text C to the smart chip 210); 
retrieving, by the chip, a secret key (FIG. 4 –S417 and [0083] - In step S417, the decryption unit 213 decrypts the encrypted text C by using the individual factor s corresponding to the private key and the common factor n to generate the decrypted text S. The decryption unit 213 generates the decrypted text S by S=C s (mod n)); 
retrieve a secret key (FIG. 4 –S417 and [0083] - In step S417, the decryption unit 213 decrypts the encrypted text C by using the individual factor s corresponding to the private key and the common factor n to generate the decrypted text S. The decryption unit 213 generates the decrypted text S by S=C s (mod n))
decrypt the encrypted credential by using the secret key (FIG. 4 –S417 and [0083] - In step S417, the decryption unit 213 decrypts the encrypted text C by using the individual factor s corresponding to the private key and the common factor n to generate the decrypted text S. The decryption unit 213 generates the decrypted text S by S=C s (mod n)); and 
send, to the device, as a decryption request response, the credential (FIG. 4 – S419 and [0084] - In step S419, the smart chip transceiving unit 211 transmits the decrypted text S to the terminal transceiving unit 221).




















Claim 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US 2016/0226837 A1) in view of Scheidt (US 7,111,173 B1) and further in view of Ureche (US 10,078,747 B2).

Regarding Claim 2;
Kim view of Scheidt discloses the method to Claim 1.
Kim view of Scheidt fails to explicitly disclose wherein, to ascertain that the credential is valid, the device decrypts successfully a predetermined encrypted key by using the credential, a key, as a decrypted encrypted key, having been used for encrypting at least one resource that belongs to either a chip user who is authorized to access the at least one resource or a role which a chip user has and authorizes to access the at least one resource, the device decrypts at least one encrypted resource by using the key, in order to access the at least one resource.
However, in analogous art, Ureche fails to explicitly disclose wherein, to ascertain that the credential is valid, the device decrypts successfully a predetermined encrypted key by using the credential, a key, as a decrypted encrypted key, having been used for encrypting at least one resource that belongs to either a chip user who is authorized to access the at least one resource or a role which a chip user has and authorizes to access the at least one resource, the device decrypts at least one encrypted resource by using the key, in order to access the at least one resource  (Ureche, col. 2, lines 19-33 - For network oriented accounts, such as an e-mail account or a cloud storage service account, a user device may use the user credentials to encrypt cached information of the user, such as authentication tokens, connection information, and state data. Upon an initial login, the user provides a user credential that the user device uses to decrypt the cached information. The cached information may include a data protection key. The data protection key may unlock any data encrypted to the user, such as passwords to various sites or authentication tokens for various services. Applications using a user's passwords and tokens may use the data protection key to decrypt this sensitive information. Since the data protection key is encrypted to a user credential, the user device may restrict access to the sensitive information to a particular user with knowledge of the user credential).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Ureche to the steps of authenticating of Kim view of Scheidt to include wherein, to ascertain that the credential is valid, the device decrypts successfully a predetermined encrypted key by using the credential, a key, as a decrypted encrypted key, having been used for encrypting at least one resource that belongs to either a chip user who is authorized to access the at least one resource or a role which a chip user has and authorizes to access the at least one resource, the device decrypts at least one encrypted resource by using the key, in order to access the at least one resource  
One would have been motivated to combine the teachings of Ureche to Kim view of Scheidt to do so as it provides / allows control access to the user resource via the use of credentials (Ureche, col. 1, lines 5-16).





Claim 3 and 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US 2016/0226837 A1) in view of Scheidt (US 7,111,173 B1) and further in view of Dong (US 2012/0304312 A1).

Regarding Claim 3;
Kim view of Scheidt discloses the method to Claim 1.
	Kim discloses decrypting the encrypted credential (FIG. 4).
	Kim view of Scheidt fails to explicitly disclose wherein, prior to .... , the chip has successfully authenticated the user.
	However, in an analogous art, Dong teaches wherein, prior to [perform an action], the chip has successfully authenticated the user. (Dong, [0021] - In this case, the UICC module would perform user authentication and would send the command to launch the selected UICC application only if user authentication is successful. The UICC module may perform authentication by prompting the user to enter a user name and/or password and by comparing the entered user name and/or password with a user name and/or password provided in the UICC applications metadata).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Dong to the steps of authenticating of Kim view of Scheidt to include wherein, prior to [perform an action], the chip has successfully authenticated the user to thereby apply such teachings (i.e., action) as the prior to decrypting the encrypted credential
One would have been motivated to combine the teachings of Dong to Kim view of Scheidt to do so as it provides / allows a more friendly way for users to access UICC and enhance further the user experience (Dong, [0005] and [0006]).
Regarding Claim 4;
Kim view of Scheidt and Dong discloses the method to Claim 3.
Dong further teaches wherein, to authenticate successfully the user, the chip requests the user to provide user authentication credentials, the chip compares the provided user authentication credentials to predetermined reference user authentication credentials and the chip ascertains that the provided user authentication credentials matches the reference user authentication credentials (Dong, [0021] - In this case, the UICC module would perform user authentication and would send the command to launch the selected UICC application only if user authentication is successful. The UICC module may perform authentication by prompting the user to enter a user name and/or password and by comparing the entered user name and/or password with a user name and/or password provided in the UICC applications metadata).










Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US 2016/0226837 A1) in view of Scheidt (US 7,111,173 B1) and further in view of Watanabe et al. (US 2002/0026574 A1).

Regarding Claim 5;
Kim view of Scheidt discloses the method to Claim 1.
	Kim discloses once the device has verified the credential... (FIG. 4).
	Kim view of Scheidt fails to explicitly disclose ...the method further comprises deleting, by the device, the credential.
	However, in an analogous art, Watanabe teaches wherein, once an entity has verified the credential, the method further comprises deleting, by the entity, the credential (Watanabe, [0039] and [0059]).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Watanabe to the steps of authenticating (i.e., once the device has verified the credential) of Kim view of Scheidt to include the method further comprises deleting by the entity, the credential
One would have been motivated to combine the teachings of Watanabe to Kim view of Scheidt to do so as it provides / allows authentication to be performed in various situations and environments in a highly reliable fashion (Watanabe, [0021]).


Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kim (US 2016/0226837 A1) in view of Scheidt (US 7,111,173 B1) and further in view of Ali et al. (US 2014/0310532 A1).

Regarding Claim 6;
Kim view of Scheidt discloses the method to Claim 1.
	Kim discloses wherein once the chip has sent the credential (FIG. 4).
	Kim view of Scheidt fails to explicitly disclose ...the method further comprises deleting, by the chip, the credential.
	However, in an analogous art, Ali teaches wherein, once the “module” has sent the credential, the method further comprises deleting, by the “module” the credential (Ali, [0039] and [0059]).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Ali to the steps of authenticating (i.e., once the chip has sent the credential) of Kim view of Scheidt to include the method further comprises deleting, by the “module” the credential
One would have been motivated to combine the teachings of Ali to Kim view of Scheidt to do so as it provides / allows enhanced protection (Ali, [0063]).





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439