DETAILED ACTION

Priority
Acknowledgment is made of applicant’s claim for domestic benefit under 35 U.S.C. 119 (e). This application claims the domestic benefit of U.S. provisional patent application 62/841,949 filed on 05/02/2019.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 07/08/2020 and 08/09/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Response to Arguments
Applicant's arguments ("REMARKS") filed 02/07/2022, with respect to the rejections(s) of claim(s) 1-20 under 35 U.S.C. §102 and 35 U.S.C. §103 have been fully considered and are persuasive. Therefore, the rejections have been withdrawn. However, upon further consideration, a new ground of rejection is made in view of Kim et al., US 2016/0065378 A1 (hereinafter, “Kim ‘378”). 
See Re: Rejection of claims under 35 U.S.C. §102, Re: Rejection of claims under 35 U.S.C. §103, and Claim Rejections – 35 USC §103 below for details.
Claims 1, 5-8, 11, 14-17, 19, and 20 were amended. Claims 3 and 13 were canceled. Claims 1-2, 4-12, and 14-20 are pending. 

Re: Duplicate Claims


Re: Claim Objections
The objection to claim 13 is now moot in view of the cancelation of claim 13. 
The objections of claims 5-8 and 14-20 due to minor informalities have been withdrawn in view of the amendments.

Re: Claim Interpretation
The 112(f) claim interpretation of claim 13 is now moot in view of the cancelation of claim 13.
Acknowledgment is made of Applicant’s amendment to claim 11 to avoid interpretation under 112(f). In particular, on p. 6 of the response, Applicant states that claim 11 is amended to recite that the “transfer processing device” includes a “computing device” to further add structure to the “transfer processing device”. The Examiner, however, does not find this argument persuasive. A “computing device” is still a generic placeholder that does not provide sufficient structure for the “transfer processing device” to perform the recited functions. 
Thus, the 112(f) interpretation of claim 11 is maintained. The 112(f) interpretations of claims 14, 17, and 19-20 are maintained for the same reasons.  

Re: Rejections under 35 U.S.C. §112
The rejection of claims 3 and 13 under 35 U.S.C. § 112(b) are now moot in view of the cancelation of claims 3 and 13.


Re: Rejection of claims under 35 U.S.C. §102
The rejection of claims 3 and 13 under 35 U.S.C. §102 as being anticipated by Ross ‘599 is now moot in view of the cancelation of claims 3 and 13. 
Applicant argues that on p. 8 line 10 that Ross et al., US 2016/0134599 A1 (hereinafter, “Ross ‘599), fails to disclose the limitation “selecting a verification datum inherent to the receptacle device, wherein the verification datum is generated by a physically unclonable function (PUF) of the receptacle device; and associating the verification datum with the user” of claims 1 and 11, as amended. 
Applicant's arguments have been found persuasive. Therefore, the rejections of claims 1 and 11 under 35 U.S.C. §102 as being anticipated by Ross ‘599 have been withdrawn. The rejection of claims 4-10 and 14-20 under 35 U.S.C. §102 as being anticipated by Ross ‘599 has also been withdrawn by virtue of their dependencies on claims 1 and 11, respectively.
However, upon further consideration, a new ground of rejection is made in view of Kim ‘378. See Claim Rejections – 35 USC §103 below for details.

Re: Rejections of claims under 35 U.S.C. §103
Applicant argues that on p. 9 line 2 that Ross ‘599 in view of Aabye et al., US 2015/0120472 A1 (hereinafter, “Aabye ‘472”), fails to disclose the limitation “selecting a verification datum inherent to the receptacle device, wherein the verification datum is generated by a physically unclonable function (PUF) of the receptacle device; and associating the verification datum with the user” of claims 1 and 11, as amended, from which claims 2 and 12 depend upon, respectively. 

However, upon further consideration, a new ground of rejection is made in view of Kim ‘378. See Claim Rejections – 35 USC §103 below for details.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 

(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language 
“… a transfer processing device is … configured to …” in claims 11, 14, 17, and 19-20.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 4-11, and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ross ‘599 in view of Kim ‘378.

As per claim 1: Ross ‘599 discloses: 
A method of using hardware-secured receptacle devices, the method comprising: 
storing, by a transfer processing device (Internet user devices 102, 104, 106; Internet user devices 102, 104, 106 utilize communications interface modules A 130 and B 135 to transfer and store various data [Ross ‘599 ¶¶43-44; Fig. 1]), transfer method data associated with a user (user device identity records, authentication tokens, history of transmitted authentication requests by users, and records for Internet services provided to users by relying parties (RPs), such as the transfer of data) [Ross ‘599 ¶¶44, 46, 48; Fig. 1, Fig. 7]) on an at least a cryptographically secured receptacle device (identity provider (IDP) service cores 150; the IDP service cores 150 serve as repositories and store user data sent by Internet user devices 102, 104, 106, where the IDP service cores are encrypted and cryptographically secure [Ross ‘599 ¶¶42, 46-49, 83-84; Fig. 1, Fig. 3]),
wherein storing (storing user device identity records, authentication tokens, history of transmitted authentication requests by users, and records for Internet services provided to users by RPs,  by the transfer processing device (Internet user devices 102, 104, 106, where the Internet user devices 102, 104, 106 uses the dID app 750 to communicate and perform actions with IDP service cores 150 [Ross ‘599 ¶¶43, 46; Fig. 1]) comprising: 
selecting a verification datum (authentication tokens; dID app 750 generates authentication tokens, where the authentication tokens include key pairs used to securely communicate with IDP service cores 150 [Ross ‘599 ¶¶79, 82-84]) inherent to the receptacle device (the authentication token is bound to a pseudorandom string generated by the IDP service core 150, where the authentication token is registered with the IDP service core 150 [Ross ‘599 ¶¶79-80]), 

associating the verification datum with the user (the authentication token is specific to a user identifier or credential [Ross ‘599 ¶¶79-80]);
receiving, by the transfer processing device (Internet user devices 102, 104, 106 [Ross ‘599 ¶43; Fig. 1]), user authentication credentials from the user (user credentials from users; Internet user devices 102, 104, 106 use an identity provider application, such as the device identity provider application (dID app) 750, to receive user credentials from users [Ross ‘599 ¶¶29, 66, 72; Fig. 6C, Fig. 7, Fig. 11]); 
authenticating, by the transfer processing device (Internet user devices 102, 104, 106 [Ross ‘599 ¶43; Fig. 1]), user identity as a function of the user authentication credentials (Internet user devices 102, 104, 106 utilize the identity provider application, such as the dID app 750, to verify user identity based on authentication of user credentials [Ross ‘599 ¶¶29, 66, 72; Fig. 6C, Fig. 7, Fig. 11]); 
retrieving, by the transfer processing device (Internet user devices 102, 104, 106 [Ross ‘599 ¶43; Fig. 1]), a transfer authorization (a validation of an authentication challenge message that authorizes the transfer of data between Internet user devices 102, 104, 106 and RP servers 160, such as the transfer of data from accessing Internet services provided by RPs [Ross ‘599 ¶¶36, 44, 48, 102-105; Fig. 5G, Fig. 7]) from the at least a cryptographically secured receptacle device (IDP service cores 150; authentication engine 120 of IDP service cores 150 directs the validation of authentication challenge messages to Internet user devices 102, 104, 106 [Ross ‘599 ¶¶103-105; Fig. 5G, Fig. 7]) as a function of the transfer method data (the validation is based on the stored user device identity records, authentication tokens, history of transmitted authentication requests by users, or records for Internet services provided to users by RPs, such as the transfer of data, in IDP service cores 150 [Ross ‘599 ¶¶44, 48, 96, 99, 103-105]); and 
generating, by the transfer processing device (Internet user devices 102, 104, 106 [Ross ‘599 ¶43; Fig. 1]), a transfer (the transfer of data between Internet user devices 102, 104, 106 and RP servers 160, such as the transfer of data from accessing Internet services provided by RPs) [Ross ‘599 ¶¶36, 44, 48, 89-94, 102-105; Fig. 1, Fig. 5G, Fig. 7]) as a function of the transfer authorization (the transfer of data, such as the transfer of data from accessing Internet services by Internet user devices 102, 104, 106, is authorized based on the validation of authentication challenge messages [Ross ‘599 ¶¶36, 44, 48, 102-105; Fig. 5G, Fig. 7]).

As stated above, Ross ‘599 does not explicitly disclose: “selecting a verification datum … wherein the verification datum is generated by a physically unclonable function (PUF) of the receptacle device”. 
Kim ‘378, however, discloses:
wherein the verification datum (selecting a unique key that identifies the corresponding apparatus [Kim ‘378, ¶¶9, 15, 21, 25, 73]) is generated by a physically unclonable function (PUF) of the receptacle device (the unique key is generated using a PUF of the apparatus, where the unique key is associated with a user, or user information, of the apparatus during the authentication process [Kim ‘378, ¶¶9, 15, 21, 47, 50]).
Ross ‘599 and Kim ‘378 are analogous art because they are from the same field of endeavor, namely that of authentication methods with respect to secure hardware devices. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ross ‘599 and Kim ‘378 before them, to modify the method in Ross ‘599 to include the teachings of Kim ‘378, namely to generate authentications tokens, as disclosed in Ross ‘599, using a physically unclonable function (PUF) of the IDP service core 150, and selecting the PUF-generated authentications token to be associated with a user. The motivation for doing so would be to ensure the integrity of devices containing sensitive data by authentication a unique identifier of the device, such as an authentication token or a unique key, where the unique identifier is generated using an unpredictable value such as through the PUF of the device (see Kim ‘378, ¶¶7-9).

As per claim 4: Ross ‘599 in view of Kim ‘378 discloses all limitations of claim 1, as stated above, from which claim 4 is dependent upon. Furthermore, Ross ‘599 discloses:
 wherein storing (storing user device identity records, authentication tokens, history of transmitted authentication requests by users, and records for Internet services provided to users by RPs, such as the transfer of data, on IDP service cores 150 [Ross ‘599 ¶¶44, 46, 48; Fig. 1, Fig. 7]) further comprises encryption of the transfer method (user device identity records, authentication tokens, history of transmitted authentication requests by users, and records for Internet services provided to .

As per claim 5: Ross ‘599 in view of Kim ‘378 discloses all limitations of claims 1 and 4, as stated above, all from which claim 5 is dependent upon. Furthermore, Ross ‘599 discloses:
wherein encryption further comprises encryption using a public key (encryption using public key portion of the authentication token [Ross ‘599 ¶83]) linked to transfer processing device (the public key portion of the authentication token is generated on Internet user devices 102, 104, 106 using the dID app 750 [Ross ‘599 ¶¶37, 42, 55]).

As per claim 6: Ross ‘599 in view of Kim ‘378 discloses all limitations of claims 1 and 4, as stated above, all from which claim 6 is dependent upon. Furthermore, Ross ‘599 discloses:
wherein transfer method data is encrypted using a key linked to at least a verified device (encryption using public key portion of the authentication token, where the public key portion of the authentication token is generated on registered and verified Internet user devices 102, 104, 106 [Ross ‘599 ¶¶37, 42, 44, 52, 55, 83]).

As per claim 7: Ross ‘599 in view of Kim ‘378 discloses all limitations of claim 1, as stated above, from which claim 7 is dependent upon. Furthermore, Ross ‘599 discloses:
wherein authenticating the user identity (Internet user devices 102, 104, 106 utilize the identity provider application, such as the dID app 750, to verify user identity based on authentication of user credentials [Ross ‘599 ¶¶29, 66, 72; Fig. 6C, Fig. 7, Fig. 11]) further comprises performing a biometric authentication of the user (authentication requiring biometric factor [Ross ‘599 ¶¶36-37, 55]).

As per claim 8: Ross ‘599 in view of Kim ‘378 discloses all limitations of claim 1, as stated above, from which claim 8 is dependent upon. Furthermore, Ross ‘599 discloses:
wherein the transfer authorization (a validation of an authentication challenge message that authorizes the transfer of data between Internet user devices 102, 104, 106 and RP servers 160, such as the transfer of data from accessing Internet services provided by RPs [Ross ‘599 ¶¶36, 44, 48, 102-105; Fig. 5G, Fig. 7]) includes a secure timestamp (authentication challenge message includes a digitally signed timestamp or time identifier [Ross ‘599 ¶¶66, 102]).

As per claim 9: Ross ‘599 in view of Kim ‘378 discloses all limitations of claim 1, as stated above, from which claim 9 is dependent upon. Furthermore, Ross ‘599 discloses:
 wherein generating the transfer (the transfer of data between Internet user devices 102, 104, 106 and RP servers 160, such as the transfer of data from accessing Internet services provided by RPs) [Ross ‘599 ¶¶36, 44, 48, 102-105; Fig. 1, Fig. 5G, Fig. 7]) further comprises digitally signing, by the transfer processing device (Internet user devices 102, 104, 106, using the dID app 750, digitally signs authentication challenge messages [Ross ‘599 ¶¶37, 102]), the transfer authorization (a validation of an authentication challenge message that authorizes the transfer of data between Internet user devices 102, 104, 106 and RP servers 160, such as the transfer of data from accessing Internet services provided by RPs [Ross ‘599 ¶¶36, 44, 48, 102-105; Fig. 5G, Fig. 7]).

As per claim 10: Ross ‘599 in view of Kim ‘378 discloses all limitations of claim 1, as stated above, from which claim 10 is dependent upon. Furthermore, Ross ‘599 discloses:
 wherein generating the transfer (the transfer of data between Internet user devices 102, 104, 106 and RP servers 160, such as the transfer of data from accessing Internet services provided by RPs) [Ross ‘599 ¶¶36, 44, 48, 102-105; Fig. 1, Fig. 5G, Fig. 7]) further comprises transmitting transfer transaction details (the transfer of data between Internet user devices 102, 104, 106 and RP servers 160 includes the transfer of detailed information regarding the transfer, such as the specific Internet service requested, the user’s identifier data, validation tokens based on information stored in IDP service cores 150, and URL information [Ross ‘599 ¶¶44, 48, 89-94, 105; Fig. 1, Fig. 5G, Fig. 7]).

As per claim 11: Ross ‘599 discloses: 
A system (system 200 [Ross ‘599 ¶52; Fig. 2]) for using hardware-secured receptacle devices, the system comprising 
a transfer processing device, including a computing device (Internet user devices 102, 104, 106 [Ross ‘599 ¶43; Fig. 1]), configured to: 
store (Internet user devices 102, 104, 106 utilize communications interface modules A 130 and B 135 to transfer and store various data [Ross ‘599 ¶¶43-44; Fig. 1]) transfer method data associated with a user (user device identity records, authentication tokens, history of transmitted authentication requests by users, and records for Internet services provided to users by RPs, such as the transfer of data) [Ross ‘599 ¶¶44, 46, 48; Fig. 1, Fig. 7]) on an at least a cryptographically secured receptacle device (IDP service cores 150; the IDP service cores 150 serve as repositories and store user data sent by Internet user devices 102, 104, 106, where the IDP service cores are encrypted and cryptographically secure [Ross ‘599 ¶¶42, 46-49, 83-84; Fig. 1, Fig. 3]),
wherein storing (storing user device identity records, authentication tokens, history of transmitted authentication requests by users, and records for Internet services provided to users by RPs, such as the transfer of data, on IDP service cores 150 [Ross ‘599 ¶¶44, 46, 48; Fig. 1, Fig. 7]) by the transfer processing device (Internet user devices 102, 104, 106, where the Internet user devices 102, 104, 106 uses the dID app 750 to communicate and perform actions with IDP service cores 150 [Ross ‘599 ¶¶43, 46; Fig. 1]) comprising: 
selecting a verification datum (authentication tokens; dID app 750 generates authentication tokens, where the authentication tokens include key pairs used to securely communicate with IDP service cores 150 [Ross ‘599 ¶¶79, 82-84]) inherent to the receptacle device (the authentication token is bound to a pseudorandom string generated by the IDP service core 150, where the authentication token is registered with the IDP service core 150 [Ross ‘599 ¶¶79-80]), 

associating the verification datum with the user (the authentication token is specific to a user identifier or credential [Ross ‘599 ¶¶79-80]);
receive user authentication credentials from the user (user credentials from users; Internet user devices 102, 104, 106 use an identity provider application, such as the dID app 750, to receive user credentials from users [Ross ‘599 ¶¶29, 66, 72; Fig. 6C, Fig. 7, Fig. 11]); 
authenticate user identity as a function of the user authentication credentials (Internet user devices 102, 104, 106 utilize the identity provider application, such as the dID app 750, to verify user identity based on authentication of user credentials [Ross ‘599 ¶¶29, 66, 72; Fig. 6C, Fig. 7, Fig. 11]); 
retrieve a transfer authorization (a validation of an authentication challenge message that authorizes the transfer of data between Internet user devices 102, 104, 106 and RP servers 160, such as the transfer of data from accessing Internet services provided by RPs [Ross ‘599 ¶¶36, 44, 48, 102-105; Fig. 5G, Fig. 7]) from the at least a cryptographically secured receptacle device (IDP service cores 150; authentication engine 120 of IDP service cores 150 directs the validation of authentication challenge messages to Internet user devices 102, 104, 106 [Ross ‘599 ¶¶103-105; Fig. 5G, Fig. 7]) as a function of the transfer method data (the validation is based on the stored user device identity records, authentication tokens, history of transmitted authentication requests by users, or records for Internet ; and 
generate a transfer (the transfer of data between Internet user devices 102, 104, 106 and RP servers 160, such as the transfer of data from accessing Internet services provided by RPs) [Ross ‘599 ¶¶36, 44, 48, 89-94, 102-105; Fig. 1, Fig. 5G, Fig. 7]) as a function of the transfer authorization (the transfer of data, such as the transfer of data from accessing Internet services by Internet user devices 102, 104, 106, is authorized based on the validation of authentication challenge messages [Ross ‘599 ¶¶36, 44, 48, 102-105; Fig. 5G, Fig. 7]).

As stated above, Ross ‘599 does not explicitly disclose: “selecting a verification datum … wherein the verification datum is generated by a physically unclonable function (PUF) of the receptacle device”. 
Kim ‘378, however, discloses:
selecting a verification datum … wherein the verification datum (selecting a unique key that identifies the corresponding apparatus [Kim ‘378, ¶¶9, 15, 21, 25, 73]) is generated by a physically unclonable function (PUF) of the receptacle device (the unique key is generated using a PUF of the apparatus, where the unique key is associated with a user, or user information, of the apparatus during the authentication process [Kim ‘378, ¶¶9, 15, 21, 47, 50]).
Ross ‘599 and Kim ‘378 are analogous art because they are from the same field of endeavor, namely that of authentication methods with respect to secure hardware devices. For the reasons stated in Claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ross ‘599 and Kim ‘378 before them, to modify the method in Ross ‘599 to include the teachings of Kim ‘378.

As per claims 14-19: Claims 14-19 define a system that recites substantially similar subject matter as the method of claims 4-9, respectively. Claims 14-19 are directed to a system comprising a transfer processing device configured to perform the method of claims 4-9, respectively. Thus, the rejections of claims 4-9 are equally applicable to claims 14-19, respectively.

As per claim 20: Ross ‘599 in view of Kim ‘378 discloses all limitations of claim 11, as stated above, from which claim 20 is dependent upon. Furthermore, Ross ‘599 discloses:
wherein the transfer processing device (Internet user devices 102, 104, 106 [Ross ‘599 ¶43; Fig. 1]) is further configured to generate the transfer (the transfer of data between Internet user devices 102, 104, 106 and RP servers 160, such as the transfer of data from accessing Internet services provided by RPs) [Ross ‘599 ¶¶36, 44, 48, 102-105; Fig. 1, Fig. 5G, Fig. 7]) by transmitting transfer transaction details (the transfer of data between Internet user devices 102, 104, 106 and RP servers 160 includes the transfer of detailed information regarding the transfer, such as the specific Internet service requested, the user’s identifier data, validation tokens based on information stored in IDP service cores 150, and URL information [Ross ‘599 ¶¶44, 48, 89-94, 105; Fig. 1, Fig. 5G, Fig. 7]).


Claims 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Ross ‘599 in view of Kim ‘378 and further in view of Aabye ‘472.

As per claim 2: Ross ‘599 in view Kim ‘378 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Ross ‘599 in view Kim ‘378 does not explicitly disclose the limitations of claim 2. 
Aabye ‘472, however, discloses: 
wherein the at least a receptacle device (mobile device 110 that contains an embedded secure element; mobile device 110 contains an embedded secure element, such as secure memory 112B, that communicates with the digital wallet application 113 and stores encrypted credentials and transaction information [Aabye ‘472 ¶¶40, 66; Fig. 2]) further comprises the transfer processing device (memory 112A that contains a digital wallet application 113; mobile device 110 includes memory 112A, where memory 112A contains a digital wallet application 113 that transfers data to the secure element on the mobile device 110, receives and authenticates credentials, and initiates transactions [Aabye ‘472 ¶¶40, 43, 65-67, 123; Fig. 2, Fig. 10]).
Ross ‘599 (modified by Kim ‘378) and Aabye ‘472 are analogous art because they are from the same field of endeavor, namely that of data storage and authentication. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ross ‘599 (modified by Kim ‘378) and Aabye ‘472 before them, to modify the method in Ross ‘599 (modified by Kim ‘378) to include the teachings of Aabye ‘472, namely to have Internet user devices 102, 104, 106 and their functionalities to be contained within IDP service cores 150. The motivation for doing so would be increased security for communication/data of Internet user devices provided by cryptographically secure devices like IDP service cores 150, as well as the convenience of having multiple devices and functions in a single entity (Aabye ‘472, ¶¶65-67, 71).

As per claim 12: Ross ‘599 in view Kim ‘378 discloses all limitations of claim 11, as stated above, from which claim 12 is dependent upon.
Claim 12 defines a system that recites substantially similar subject matter as the method of claim 2. Claim 12 is directed to a system comprising a transfer processing device configured to perform the method of claim 2. Thus, the rejection of claim 2 is equally applicable to claim 12.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Lindelsee et al., US 8,924,301 B2: mobile entities with token based authentication systems that reduce risks involving various digital transaction types.
von Behren et al., US 9,355,391 B2: mobile electronic devices containing a digital wallet that facilitates secure digital transactions.
Kreft, US 2014/0108786 A1: using hardware-based Physical Unclonable Functions (PUFs) and configuration fingerprints of FPGAs to implement tamper-resistant hardware.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LINGQIAN KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 7:30am-5:00pm EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALAN LINGQIAN KONG/Examiner, Art Unit 2494

/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494