DETAILED ACTION
Acknowledgements
The Applicant’s application filed on 01/06/2022 is hereby acknowledged. Claims 2-18 remain pending and have been examined.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Rejection under 35 U.S.C. § 112:
Previous 112 rejection have been withdrawn based on amendment.
Rejection under 35 U.S.C. § 103:
The applicant asserts that Dai does not teach “transform the transaction data and first and second integrity check values….”, the examiner respectfully disagrees. The claim broadly recites a process to combine transaction data with other various security protocol data to generate a transformed transaction data, which is taught by Dai. The examiner agrees that encryption of Dai is not equivalent to transformation, however, the means of transformation can be any suitable technology under BRI, such as generating a scrambled bar code as disclosed by Dai [0011][0031]. 
The applicant asserts that Dai does not teach “compute first integrity check value….”, the examiner respectfully disagrees. The examiner agrees that location is not equivalent to the first integrity check value. However, Dai teaches including various secure protocols into the transaction data such as message authentication code (i.e. first integrity check value) [0043]. 
The applicant asserts that Adams does not teach “compute second integrity check value”, the examiner respectfully disagrees. Adams checks certificate for authenticating transaction (i.e. integrity check) and calculating hashes (i.e. integrity check value). The applicant also asserts that Adams does not use the hash value to transform transaction data. However, Dai teaches using various security protocol values (i.e. MAC, digital signature, public key infrastructure (PKI), etc.) for transform transaction, it would be obvious to try including hash of certificate.
The applicant also asserts that Dai in view of Adams does not teach “compute the transaction cryptogram using the transformed transaction data” because neither Dai nor Adams teaches transformation of transaction data. The examiner respectfully disagrees. As stated above, Dai in view of Adams does teach transforming transaction data with integrity check values.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 2, 6-18 are rejected under 35 U.S.C. 103 as being unpatentable over Dai (U.S. Patent Application Publication 2011/0191244) in view of Adams et al.  (US Patent Application Publication 2008/0046739) and Poovendran et al.  (US Patent Application Publication 2013/0145169).

As per claims 10-12, 
Dai discloses:
A processor; and a memory coupled to the processor and storing a transaction application, wherein the transaction application having a processing unit (Figure 2A [cpu]) and a controlling unit, the controlling unit (Figure 2A [IUCC element], paragraph 44,) having a security module, (Figure 2A [crypto engine])
the method comprising: during computation of a transaction cryptogram, operating the communication device, according to the security module of the transaction application, to: compute a first integrity check value associated with a transaction data wherein the first integrity check value is a return of a verification function of the integrity of the transaction data; (paragraph 7, 43)
receive an untransformed transaction data from an access device (paragraph 30)
apply a transformation operation to the untransformed transaction data with the first integrity check value and the second integrity check value to get in return a transformed transaction data, compute a second integrity check value […] (paragraph 11, 31)

Dai does not specifically disclose, however 
Adams et al teaches “compute a second integrity check value associated with a certificate of the transaction application wherein the second integrity check value is a return of a verification function of the integrity of the certificate; (Figure 5, paragraph 55-61 [Computation of a hash value is construed as a integrity check ])
compute the transaction cryptogram using the transformed transaction data, wherein the transaction is authorized based on at least whether the transformed transaction data matches the transaction data, if at least one of the integrity check value is a failed value the transformed transaction data is corrupted and the transaction cryptogram wrongly computed is rejected.  (paragraph 66-67 [ if the hash comparison fails then the transaction fails, this is construed as failing an integrity check])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dai with Adams et al. in order to enable the user to use the device for a particular purpose by verifying that the user has coupled an appropriate smart card to the device and that the user has a permission to use the smart card (Adams et al.,  paragraph 2).

Dai in view of Adams does not specifically disclose, however 
Poovendran teaches “wherein the transformation operation applied to the untransformed transaction data matches the transaction data used to compute the first integrity check value if both the first integrity check value and the second integrity check value were correctly computed; (Abstract)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the transaction communication device as disclosed by Dai in view of Adams to double check both integrity check values with the feature as taught by Poovendran to improve confidentiality and integrity as Poovendran suggested (paragraph 11).

As per claims 2 and 8, 
Dai in view of Adams and Poovendran discloses the system according to claim 11,
wherein the computation of the first integrity check value associated with the transaction data comprises the following steps: the processing unit being operated to apply an integrity algorithm to the transaction data with the application certificate to provide a first integrity data, (Adams; paragraph 61[  hash calculation is construed as “integrity check” ], 57)
the processing unit being operated to transmit to the security module of the controlling unit the first integrity data, (Dai; paragraph 69)
during computation of the transaction cryptogram, the security module being operated to apply the integrity algorithm to a decrypted transaction data provided by the controlling unit with the application certificate to provide a second integrity data, (Adams et al. paragraph 66-67 [Examiner notes that Dai discloses at paragraph 43 different techniques for providing transaction integrity, Adams et al.  discloses a hashing function, Examiner submits that it would be obvious to one of ordinary skill in the art at the time of the filing of the invention that a hash function as taught by Adams et al. could be included as a method for providing transaction security  ]) 
during computation of the transaction cryptogram, the security module being operated to apply a comparison operation on the first integrity data and the second integrity data to provide the first integrity check value.  (Adams et al. paragraph 66-67)

As per claim 6,
Dai in view of Adams and Poovendran discloses the system according to claim 2,
wherein the device fingerprint is a PUF value generated with a physically unclonable function (PUF) circuit.(Adams paragraph 21, 23)  

As per claim 7,
Dai in view of Adams and Poovendran discloses the system according to claim 2,
wherein the device fingerprint is generated once and stored in a secure storage of the communication device or stored as hardcoded data into the code of both the controlling unit and the processing unit.  (Adams et al.; paragraph 63)

As per claim 9,
Dai in view of Adams and Poovendran discloses the transaction application according to claim 8,
wherein the embedded key and the second authentication data previously generated are stored as hardcoded data into the code of the security module.  (Adams paragraph 20, 61)

As per claims 13 and 16,
Dai in view of Adams and Poovendran discloses the transaction application according to claim 12,
wherein the security module is a white box cryptography or a Trusted Execution Environment. (Dai; paragraph 44, 82) 

As per claims 14 and 17,
Dai in view of Adams and Poovendran discloses the transaction application according to claim 12,
wherein the processing unit and the controlling unit are in the form of a software developer kit integrated into the transaction application. (Dai; paragraph 46)  

As per claims 15 and 18,
Dai in view of Adams and Poovendran discloses the transaction application according to claim 12,
wherein the processing unit is implemented in platform independent code and the controlling unit is implemented in native code.(Dai;  paragraph 80)     

Claims 3-5 are rejected under 35 U.S.C. 103 as being unpatentable over Dai (U.S. Patent Application Publication 2011/0191244) in view of Adams et al.  (US Patent Application Publication 2008/0046739) and Poovendran et al.  (US Patent Application Publication 2013/0145169) and Toh et al.  (US Patent Application Publication 2002/0048372)

As per claim 3, 
Dai in view of Adams and Poovendran discloses the system according to claim 2,
wherein computation of the decrypted transaction data provided by the controlling unit is produced by the following steps: the processing unit being operated to encrypt the transaction data with a generated device fingerprint key to provide a first encrypted data, (Dai paragraph 55 [each user device has a unique key]  ) 
the processing unit being operated to encrypt the first encrypted data with a key to provide a second encrypted data, (Dai; paragraph 56-58)
the processing unit being operated to transmit to the controlling unit the second encrypted data.  (Dai; paragraph 42)
the controlling unit being operated to decrypt the second encrypted data with a key (Dai; paragraph 57-58)
the controlling unit being operated to decrypt the first decrypted data with a generated device fingerprint key to provide a decrypted transaction data, (Adams paragraph 21)
the controlling unit being operated to transmit to the security module the decrypted transaction data.  (Dai; paragraph 43)
Dai in view of Adams and Poovendran does not specifically disclose, however 
Toh  al teaches a key derived from a generated timestamp to provide a second  decrypted data; a key derived from a generated timestamp to provide a first decrypted data, (Toh;   Figure 1, paragraph 51)

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dai in view of Adams et al. with Toh et al.  in order to create a universal signature object that can bind digital signatures to digital data, regardless of the file format allowing people and businesses to more easily exchange documents and countersign data, such as contracts, without reverting to hard copies.   (Adams et al., paragraph 16).

As per claim 5,
Dai in view of Adams and Poovendran discloses the system according to claim 3,wherein the device fingerprint is generated by inputting information pertaining to hardware characteristics of the communication device into a one-way cryptographic function that generates a unique sequence of data, the hardware characteristic being a serial number or other assigned hardware identifier of components of the communication device.  (Adams paragraph 21)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZESHENG XIAO whose telephone number is (571)272-6627.  The examiner can normally be reached on 8:30-5 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Z.X./Examiner, Art Unit 3685                                                                                                                                                                                                        
/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3685