DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This communication is in respond to the applicant’s request for continued examination filed on 12/29/2021. Claims 1, 4, 5, 10, 11, and 17 have been amended. Claims 3 and 8 have been cancelled. Claims 18 and 19 have been added. Claims 1-2, 4-7, and 9-19 are currently pending and have been examined.

Drawings
The drawings were received on 12/29/2021.  These drawings are accepted.

Claim Objections
Claim 4 is objected to because of the following informalities:  The claim recites “the step of further comprising,” which is improper grammar. Appropriate correction is requested.

Claim Rejections - 35 USC § 112
		The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 1-7 and 9-17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
	Claim 1 recites “generating, using a reversible function, a bound session cryptographic key by binding said session cryptographic key to a specific context…”
	Examiner notes that the language “said session cryptographic key” lacks antecedent basis, and therefore the claim is indefinite. For purposes of compact prosecution, Examiner will assume that the word ‘said’ is replaced by the word ‘a’ in order for the language of the limitation to read clearly.
	Claim 1 recites “the first binding preventing data selected from a group including data related to the user, data related to the transaction application, data related to the communication device, data related to limited-use thresholds, geographic data, date, time, and location.”
	One skilled in the art cannot determine the metes and bounds of the Markush claim due to an inability to envision all of the members of the Markush grouping. In other words, if a boundary cannot be drawn separating embodiments encompassed by the claim from those that are not, the claim is indefinite. See also MPEP § 2173.05(h). For purposes of compact prosecution, Examiner will assume that the applicant meant to say “consisting of” instead of “including” when denoting the list of alternatives.	
	
Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C.
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459
(1966), that are applied for establishing a background for determining obviousness under 35
U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or
nonobviousness.

Claims 1, 2, 4, 5, 10, 11, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Hird et al (US20150019442) “Hird”, Wiseman (US20050149722), and further in view of Eichholz (US20140333416) 

Regarding claim 1, Hird  teaches: A method for enhancing security of a communication device when conducting a transaction, defined by transaction data, using a transaction application of the communication device by receiving transaction session keys from a key management server via a remote server, the method comprising: 

generating, by the key management server (e.g. provisioning server), a provisioning package by:
	generating, [a] session cryptographic key by […] said session cryptographic key to a specific context defined as at least a first binding preventing data (e.g. master key), ([0084] The provisioning server 400 generates session keys from the master key and from possible values of a transaction counter maintained by both the user terminal 100 and the card issuer (block 452). The provisioning server 400 then provides the generated session keys to the user terminal 100, for example over the communication link 410 (block 456).
	the first binding preventing data selected from a group including data related to the user, data related to the transaction application, data related to the communication device, data related to limited-use thresholds, geographic data, date, time, and location (Fig. 9, Item 454).
	whereby said binding of said session cryptographic key to said first binding preventing data prevents unauthorized use or access of the session cryptographic key as any deviation from the specific context used to generate the bound session cryptographic key corrupts the session cryptographic key during a subsequent unbinding phase;
	Examiner notes that the portion of the limitation which recites “whereby said binding of said session cryptographic key to said first binding preventing data prevents unauthorized use or access of the session cryptographic key as any deviation from the specific context used to generate the bound session cryptographic key corrupts the session cryptographic key during a subsequent unbinding phase”, found in the binding step, is merely a recited intended use.  This portion is given little to no patentable weight because the limitation, or portion thereof, does not claim the function(s) as being positively recited actions or functions, and/or it does not add any meaning or purpose to the associated manipulative step(s).  See MPEP 2103 C and 2111.04.  Simply because the limitation recites something as being “for … [performing a specific functionality]”, etc. does not mean that the functions are required to be performed, or are actually performed.
	encrypting the bound session cryptographic key with the [personal identification number (PIN)]; ([0015] Encrypting the session cryptographic keys may include encrypting the plurality of session cryptographic keys with a personal identification number.)
	Examiner notes that one of ordinary skill in the art, from reading the reference, would understand that a personal identification number being hashed along with the bound session cryptographic key, would be an equivalent level of encryption and one that would be obvious to try.
	incorporating the encrypted bound session cryptographic key and the encrypted [PIN] into the provisioning package; ([0017] A provisioning server according to some embodiments includes a processor, a memory coupled to the processor, and a communication module coupled to the processor. The processor is configured to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter, and to transmit the plurality of session cryptographic keys and the transaction counter to a user terminal for use in securing a financial transaction.)
	transmitting, by the key management server, the provisioning package to the remote system; (Fig. 8, Item 410, [0082]).
		Examiner notes that one of ordinary skill in the art, from reading the reference, would understand that item 410 of Figure 8, clearly teaches that the provisioning package does not go directly to the User Terminal 100 but communicates with other, remote systems.
	transmitting, by the remote system, the provisioning package to the communication device, (Fig. 8, Item 410, [0082]).
	computing a transaction cryptogram, by the communication device (e.g. Fig. 2, Card 110 as part of User Terminal 100), (Fig. 4, Items Card 110, Cryptogram 202 and 203, 

wherein the step of computing a transaction cryptogram comprises:
	receiving the provisioning package from the remote server; (Fig. 8, Item 410, [0082]).
	recovering the bound session cryptographic key received in the provisioning package using the recovered [PIN]; ([0007] Camouflaging the plurality of session cryptographic keys may include encrypting the plurality of session cryptographic keys in such a manner that decrypting any of the plurality of session cryptographic keys with an incorrect personal identification number produces a valid session cryptographic key.
	Examiner notes that one of ordinary skill in the art, from reading the reference, would understand that the PIN in Hird is a direct substitute for the transport key that is used to recover the bound session cryptographic key that was transmitted in the package.
	wherein the transaction is authorized or rejected based on whether the computed transaction  Amendment dated December 27, 2021cryptogram is an expected transaction cryptogram or a not expected transaction cryptogram ([0045] Referring to FIG. 3, in the process of conducting the transaction, the card 110 may generate a cryptogram 126, which is an encrypted message that is a form of transaction digest that can be used to authenticate the transaction to the card issuer 30.)

Hird does not explicitly teach a reversible binding function, however, Wiseman teaches at least a reversible binding function:
	generating, using a reversible function, a bound session cryptographic key by binding said session cryptographic key to a specific context defined as at least a first binding preventing data, ([0031] The service provider 225 validates the service key  	
	determining first unbinding preventing data; ([0032] The service provider has confidence in the protection of the session key because it has verified that, even though the client has the private key that can decrypt the session key, the TPM will not do so unless the platform's configuration matches the configuration attested to by the CertifyKey for the service key.)
	whereby a determined unbinding preventing data not equal to the binding preventing data results in a corrupted unbound session cryptographic key whereas a determined preventing data equal to the binding preventing data results in an unbound session cryptographic key that is not corrupted; 
	Examiner notes that the portion of the limitation which recites “whereby a determined unbinding preventing data not equal to the binding preventing data results in a corrupted unbound session cryptographic key whereas a determined preventing data equal to the binding preventing data results in an unbound session cryptographic key that is not corrupted”, found in the unbinding step, is merely a recited intended use.  This portion is given little to no patentable weight because the limitation, or portion thereof, does not claim the function(s) as being positively recited actions or functions, and/or it does not add any meaning or purpose to the associated manipulative step(s).  See MPEP 2103 C and 2111.04.  Simply because the limitation 
	computing the transaction cryptogram using a one-way cryptographic hash function to the transaction data using the unbound session cryptographic key, (Fig. 3, [0045] The cryptogram is generated by encoding transaction data 122 using a cryptographic key 120 stored in the user terminal 100.)
	unbinding the session cryptographic key from the specific context using the determined first unbinding preventing data using an inverse function of the reversible function, ([0032] For TCG operations, an encryption operation by an entity outside of a TPM is a "Bind" operation and a decryption operation within the TPM is an "Unbind" operation. The Bind operation is an encrypt operation of the session key using the public portion of the service key. Under an embodiment of the invention, the private portion of the service key cannot be used to decrypt (unbind) the session unless the platform's configuration (as represented by the appropriate set of PCRs) matches the restrictions placed on the usage of the key.)
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman. It would therefore be obvious and advantageous to ensure that all data is securely encrypted from end to end and confirmed that the information has not been tampered with during the process such as by a ‘man in the middle’ attack. 

Neither Hird nor Wiseman explicitly teach ‘transport key’ or ‘static key’, however, Eichholz teaches at least  ‘transport key’ and ‘static key’:
	generating a transport key; ([0020] Optionally, further a transport key is computed for encrypting the identification data to be transmitted, and the identification data are encrypted 
	encrypting the bound session cryptographic key (e.g. identification data) with the transport key; ([0020] Optionally, further a transport key is computed for encrypting the identification data to be transmitted, and the identification data are encrypted with the transport key. The encryption of the identification data with a transport key can be omitted optionally, since they are stored in the data memory in encrypted form anyway.)
	encrypting the transport key with a static key (e.g. data key) stored on the communication device (e.g. terminal) or retrievable by the communication device; (  Amendment dated December 27, 2021 ([0021] Optionally, in the key reading step, before the data key is transmitted to the terminal, an authentication process is carried out--that is referred to as "second" authentication process for the sake of differentiability--, wherein at least one authentication is carried out between the microprocessor chip and the terminal. Preferably, a key-transport key is computed additionally for encrypting the data key to be transmitted, and the data key is encrypted with the key-transport key before it is transmitted to the terminal. Optionally, the data key is stored in the key memory in unencrypted form, and should thus be encrypted before transmission to the terminal. If the data key is stored in the key memory in encrypted form, the additional encryption with the key-transport key can be omitted optionally. However, then the key for decrypting the data key must be made known to the terminal.)
	incorporating the encrypted bound session cryptographic key and the encrypted transport key into the provisioning package; ([0023] Optionally, in the data reading step, a transport key is computed that is employed optionally only for encrypting the identification data for the data reading step, optionally only for encrypting the data key for the key reading step, optionally for both the encryption of the identification data and the encryption of the data key, respectively before the transmission of the data in question to the terminal.)
	retrieving the static key (e.g. data key); ([0039] FIG. 3 shows a key reading step according to an embodiment of a method according to the invention. The key reading step comprises an authentication process carried out via the short-range interface 13, wherein a mutual authentication and Diffie-Hellman key agreement is carried out between the microprocessor P and the terminal 20, according to the PACE protocol, chapter 4.2 of the BSI TR-03110. [0040] Now the terminal decrypts the encrypted identification data ID with the decrypted data key KD.)
	recovering the transport key by decrypting the encrypted transport key received in the provisioning package using the static key; ([0039] The data key KD encrypted with the transport key KT-KD is transmitted by the microprocessor P via the short-range interface 12 to the terminal 20 and decrypted at the terminal 20.)
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman and the levels of encryption of Eichholz. It would therefore be obvious and advantageous to ensure that all data is securely encrypted from end to end and confirmed that the information has not been tampered with during the process such as by a ‘man in the middle’ attack. 
	In regards to claim 10 and claim 11, system claim 10 and claim 11 corresponds generally to method claim 1, and recites similar features in system form, and therefore are rejected under the same rationale.
	Regarding claim 11, claim 11 teaches limitations not found in claims 1 or 10. 
Specifically:
	the transaction application further comprising a controlling unit, the controlling unit comprising a security module; (Hird [0039] As noted above, the electronic payment credentials in the card 110 may include cryptographic keys that are used to digitally sign transaction data for verification/authentication purposes. For security purposes, it 
	the processing unit [being operated to] transmit, to the security module of the controlling unit, the encrypted bound session cryptographic key bound to the specific context; (Hird [0069] According to some embodiments, the provisioning server or the user terminal 100 iterates through a number of possible values of the transaction counter (possibly including all possible values of the ATC), and generates a number of session keys using the transaction counter values and the master key (block 304). In some embodiments, the session keys may be pre-generated by, for example, a provisioning server operated by the card issuer 30, and subsequently provided to the user terminal 100. Thus, the user terminal 100 need not actually generate the session keys, and the master key may not be stored on the user terminal 100, thereby increasing the security of the master key.)

Regarding claim 2, Hird teaches: The method according to previous claim 1, wherein the binding of the session key to a specific context of the session key comprises the following step: 
	obfuscating the session key with said binding preventing data for unauthorized use or access of the session cryptographic key ([0007] Camouflaging the plurality of session cryptographic keys may include encrypting the plurality of session cryptographic keys in such a manner that decrypting any of the plurality of session cryptographic keys with an incorrect personal identification number produces a valid session cryptographic key.)

Regarding claim 4, Hird  teaches: The method according to claim 1, wherein the step of further comprising:	
	deriving, by the key management system, the [cryptographic key] from a master key and a diversifier ID; ([0014] A user terminal according to some embodiments includes a processor, a memory coupled to the processor, and a communication module coupled to the processor. The processor is configured to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter.)
	wherein the master key is stored by the communication device; and ([0014]…to store the session cryptographic keys).
	retrieving, by the communication device, the [cryptographic key] comprises deriving the [cryptographic key] from the master key and the diversifier ID (e.g. transaction counter), and ([0066] The processor is configured to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter, to store the session cryptographic keys.)
	decrypting, by the communication device, the encrypted [personal identification number] using the retrieved  [cryptographic key]; and ([0016] The processor may be configured to camouflage the plurality of session cryptographic keys in such a manner that decrypting any of the plurality of encrypted session cryptographic keys with an incorrect personal identification number produces a valid session cryptographic key.)
	deleting, by the communication device, the  [cryptographic key] after computation of the transaction cryptogram ([0014] …to transmit the cryptogram to the transaction terminal using the communication module, to update the transaction counter, and to delete the first one of the plurality of encrypted session cryptographic keys from the user terminal.)

Hird does not explicitly recite ‘static key’, however Eichholz teaches at least ‘static key’:	
	deriving the static key from the master key and the diversifier ID, and ([0039] FIG. 3 shows a key reading step according to an embodiment of a method according to the invention. The key reading step comprises an authentication process carried out via the short-range interface 13, wherein a mutual authentication and Diffie-Hellman key agreement is carried out between the microprocessor P and the terminal 20, according to the PACE protocol, chapter 4.2 of the BSI TR-03110. [0040] Now the terminal decrypts the encrypted identification data ID with the decrypted data key KD.)
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird and the levels of encryption of Eichholz. It would therefore be obvious and advantageous to ensure that all data is securely encrypted from end to end and confirmed that the information has not been tampered with during the process such as by a ‘man in the middle’ attack. 

Regarding claim 5, Hird teaches: The method according to the previous claim 1, wherein retrieving of the [personal identification number] comprises the following step: 
extracting, by the communication device, the [personal identification number] stored as hard coded text into the transaction application code or stored in a secure memory ([0059] Essentially, cryptographic camouflage operates by carefully encrypting the financial key in a manner such decrypting the key with any possible PIN will reveal a valid-looking key, with no error report. Only by attempting a transaction will an attacker find out if the correct PIN has been guessed. The card issuer can lock the account after a pre-set number of attempts, thus nullifying the brute-force attack.) 

Hird does not explicitly recite ‘static key’, however Eichholz teaches at least ‘static key’:	
extracting, by the communication device, the static key stored as hard coded text into the transaction application code or stored in a secure memory ([0039] FIG. 3 shows a key reading step according to an embodiment of a method according to the invention. The key reading step comprises an authentication process carried out via the short-range interface 13, wherein a mutual authentication and Diffie-Hellman key agreement is carried out between the microprocessor P and the terminal 20, according to the PACE protocol, chapter 4.2 of the BSI TR-03110. [0040] Now the terminal decrypts the encrypted identification data ID with the decrypted data key KD.)
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird and the levels of encryption of Eichholz. It would therefore be obvious and advantageous to ensure that all data is securely encrypted from end to end and confirmed that the information has not been tampered with during the process such as by a ‘man in the middle’ attack. 

Regarding claim 17, Hird recites: The method according to claim 1, wherein said specific context is defined by 
	a second binding preventing data selected from a group including data related to the user, data related to the transaction application, data related to the communication device, data related to limited-use thresholds, geographic data, date, time, and location, and to a second binding preventing data selected from a group including data related to the user, data related to the transaction application, data related to the communication device, data related to limited-use thresholds ((Fig. 9, Item 454), [0004] The methods include generating a plurality of session cryptographic keys from a master cryptographic key.)
	Examiner further notes that the phrase “from a group including data related to the user, data related to the transaction application, data related to the communication device, data 
	Further, Examiner considers the second set of ‘binding preventing data’ to be Mere duplication of parts has no patentable significance unless a new and unexpected result is produced (see MPEP §2144.04 VI (B)).

Regarding claim 18, Hird teaches: The method according to claim 4, further comprising: 
	requesting, by the communication device, from the remote system, the diversifier ID ([0063] The EMV algorithm named "CSK" has been adopted by several important card specifications for the generation of session keys from the master key. The EMV CSK algorithm takes the master key MK and a transaction counter, such as the EMV-defined Application Transaction Counter (ATC), as inputs and generates a session key SK as an output by constructing various byte sequences and encrypting them with the master key, and then choosing certain output bytes to become the session key.)

Regarding claim 19, Hird teaches: The method according to claim 1, further comprising: 
	associating the transport key with at least one limited-use threshold ([0019] The plurality of secret items may be one time passwords.)


Claims 6-9 and 12-16 are rejected under 35 U.S.C. 103 as being unpatentable over Hird et al (US20150019442) “Hird”, Wiseman (US20050149722), Eichholz (US20140333416) and further in view of Flurscheim (US20160140545)

Regarding claim 6, neither Hird, Wiseman nor Eichholz explicitly teach ‘key management using thresholds’, however, Flurscheim from a same or analogous art, teaches: The method according to claim 1, wherein 
	the session cryptographic key is associated with a set of one or more limited-use thresholds that limit usage of the session cryptographic key ([0215] The transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds and/or verification of the transaction cryptogram. In some embodiments, if the token or the LUK has use restrictions that limit the usage to particular type of transactions (e.g., contactless reader transaction, magnetic stripe reader transaction, etc.), a transaction conducted via a different reader mechanism than the associated usage of the token or LUK may be declined. For example, if a token is restricted for contactless reader transactions, but is received by a magnetic stripe reader of an access device, the transaction can be denied, and vice versa).
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the threshold use of Flurscheim. It would therefore be obvious and advantageous to ensure that all data is securely 
 
Regarding claim 7, neither Hird, Wiseman nor Eichholz explicitly teach ‘key management using thresholds’, however, Flurscheim from a same or analogous art, teaches: The method according to claim 6, wherein 
	the set of one or more limited-use thresholds may include at least one of a time-to-live threshold indicating the duration of time for which the session cryptographic key is valid, a predetermined number of transactions for which the session cryptographic key is valid, and/or a cumulative transaction amount indicating the total transaction amount summed across one or more transactions for which the session cryptographic key is valid (Fig. 13 and 14, [0030] By managing the delivery and lifecycle of the limited-use account parameters between a set of network based capabilities and the portable communication device, the compromise of mobile application software and/or account credentials stored on a portable communication device becomes only a limited security risk, because stolen limited-use account parameters can at most be used for only a small number of transactions or limited monetary amount. [0047] A "limited-use threshold" may refer to a condition that limits the usage of a piece of information. A limited-use threshold may be exceeded or exhausted when the underlying condition is met. For example, a limited-use threshold may include a time-to-live that indicates an amount of time for which a piece of information is valid, and once that amount of time has elapsed, the limited-use threshold is exceeded or exhausted, and the piece of information may become invalid and may no longer be used. As another example, a limited-use threshold may include a number of times that a piece of information can be used, and once the piece of information has been used for that number of times, the limited-use threshold is exceeded or exhausted, and the piece of information may become invalid and may no longer be used. [0030] By managing the delivery and lifecycle of the 
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the threshold use of Flurscheim. It would therefore be obvious and advantageous to ensure that all data is securely encrypted from end to end and confirmed that the information has not been tampered with during the process such as by a ‘man in the middle’ attack.

Regarding claim 9, neither Hird, Wiseman nor Eichholz explicitly teach ‘key management’, however, Flurscheim from a same or analogous art, teaches: The method according to claim 1, wherein 
	after the computation of the transaction cryptogram, deleting, by the communication device, the session cryptographic key (Fig. 9, [0182] When the mobile application of portable communication device 901 receives the new set of account parameters (e.g., new LUK and new key index associated with the LUK), the mobile application delete the previous set of account parameters and associated transaction verification log details and usage tracking, and store the new set of account parameters. If the new set of account parameters has different usage limits for the set of one or more limited-use thresholds, the one or more limited-use thresholds can be updated with the new usage limits. The mobile application also increments the sequence counter for each successful account parameters replenishment. Once the mobile application has updated the set of account parameters, the mobile application of portable communication device 901 may send a confirmation 934 to MAP 980, and MAP 980 
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the deletion of potentially compromising data of Flurscheim. It would therefore be obvious and advantageous to ensure that all data is securely encrypted from end to end and confirmed that the information has not been tampered with during the process such as by a ‘man in the middle’ attack.

Regarding claim 12, neither Hird, Wiseman nor Eichholz explicitly teach ‘trusted execution environment’, however, Flurscheim from a same or analogous art, teaches: The non-transitory memory storing a transaction application according to claim 11, wherein 
	the security module is a white box cryptography or a Trusted Execution Environment ([0119] The card verification results (CVR) may include information about the CVM verifying entity and the CVM verified type for the transaction. The CVM verifying entity is used to indicate which entity is performing the verification of the CVM for the transaction. The verification entity may be the access device (or terminal), a co-residing secure application, a trusted execution environment application, the mobile application itself, a remote server (e.g., the cloud), or the mobile operating system).
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the TEE or white box cryptography use of Flurscheim. It would therefore be obvious and advantageous to ensure that all data is securely encrypted from end to end and confirmed that the information has not been tampered with during the process such as by a ‘man in the middle’ attack.

Regarding claim 15, neither Hird, Wiseman nor Eichholz explicitly teach ‘trusted execution environment’, however, Flurscheim from a same or analogous art, teaches:  The non-transitory memory storing a transaction application according to claim 11, wherein 
	the processing unit and the controlling unit are in the form of a software developer kit integrated into the transaction application ([0084] According to some embodiments, mobile application 115 may include on-device cloud-based transaction software 113 (e.g., can be in the form of a software developer kit (SDK)) integrated into mobile application 115 to support cloud-based transaction functionalities).
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the use of the developer programming of Flurscheim. It would therefore be obvious and advantageous to ensure that all data is securely encrypted from end to end and confirmed that the information has not been tampered with during the process such as by a ‘man in the middle’ attack.
In regards to claim 13, system claim 13 corresponds generally to system claim 15, and recites similar features in system form, and therefore is rejected under the same rationale.

Regarding claim 16, neither Hird, Wiseman nor Eichholz explicitly teach ‘trusted execution environment’, however, Flurscheim from a same or analogous art, teaches: The transaction application according to claim 11, wherein 
	the processing unit is implemented in platform independent code and the controlling unit is implemented in native code ([0363] Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random 
	Examiner considers that one of ordinary skill in the art, from reading the reference would understand that Java TM is considered a platform independent code and C++TM is considered to be native code.
	It would be obvious to one skilled in the art before the effective filing date of the claimed invention to combine the system and process of provisioning of Hird, with the binding and unbinding methods of Wiseman , the levels of encryption of Eichholz with the use of the developer programming of Flurscheim. It would therefore be obvious and advantageous to ensure that all data is securely encrypted from end to end and confirmed that the information has not been tampered with during the process such as by a ‘man in the middle’ attack.
In regards to claim 14, system claim 14 corresponds generally to system claim 16, and recites similar features in system form, and therefore is rejected under the same rationale.


Response to Arguments
Prior 35 USC 112 (a), 112 (b), 35 USC 101 rejections have been removed, however, new rejections have been added.
	Applicant argues on pages 16-27 of the response that the Examiner has not correctly shown a 35 U.S.C. Prima Fascia case of obviousness.
	Examiner acknowledges applicant’s arguments but respectfully disagrees. Examiner has searched the prior art and has found prior art that more closely aligns with the instant application. The applicant’s arguments are moot as new grounds of rejection have been presented. The Examiner has reconsidered the prior art based on amendments to the claims, 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Each of the prior art listed in the PTO-892 and not directly recited in this office action, disclose anticipation and/or obviousness to combine concerning the applicant’s claims and are therefore included. 
	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TERRY N MURRAY whose telephone number is (313)446-6556. The examiner can normally be reached Monday-Thursday 6 AM-4 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/T.N.M./Examiner, Art Unit 3685                                                                                                                                                                                                        
/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685