DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Interpretation

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: rich operating system, trusted operating system, and communication agent configured to (render the common control, render the secure control, transfer information, perform measurement, perform layout, draw, transfer address, access the first surface, distinguish): in claims 10-16.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Han et al. (Pub 20160294826) (hereafter Han) in view of EP2648129A1 (11/30/2012) (hereafter Ryu)

As per claim 1, Han teaches:
A method for displaying a user interface on a terminal device, comprising: 
rendering, by a rich operating system, a common control in a user interface of a client application (CA) to obtain a first surface, wherein the terminal device comprises a trusted execution environment (TEE) and a rich execution environment (REE), the rich operating system and the CA run in the REE, a trusted operating system runs in the TEE, and the user interface comprises the common control and a secure control; ([Paragraph 30], For example, execution environments in the application processor 110 may be divided into a rich execution environment (REE) and a trusted execution environment (TEE). That is, the application processor 110 may have an REE in which a rich operating system executes an application and a TEE in which a trusted operating system executes an application.  [Paragraph 5], An embodiment includes an electronic system comprising: a point of sales (POS) terminal configured to provide a payment service using a communication network; and an electronic device configured to perform a payment process using coupon credential through data communication with the POS terminal, wherein the electronic device comprises: a secure element configured to store the coupon credential, user information, and payment information; and an application processor configured to perform data communication with the secure element for data processing related to a coupon management service and the payment service, wherein the application processor is further configured to set up a secure channel through mutual authentication with the secure element and perform the data communication with the secure element through the secure channel.  [Paragraph 99] Referring to FIG. 5, the mobile device 500 may include a control unit 510, a secure element (SE) 520, a communication module 530, a key input unit 540, a memory 550, an audio processing unit 560, and a display unit 570.  [Paragraph 156], In operation S1214, the POS terminal 300 may process and display the information on the actual payment amount received from the CRM server 200. )
Although Han silently discloses rendering an user interface.
Han does not explicitly disclose rendering, by a rich operating system, a common control in a user interface of a client application (CA) to obtain a first surface, and the user interface comprises the common control and a secure control;
rendering, by the trusted operating system, the secure control in the user interface to obtain a second surface; 

compositing, by the trusted operating system, the first surface and the second surface to obtain a composited surface that comprises the common control and the secure control; and 
displaying the composited surface by using a display.
Ryu also teaches rich operating system, terminal device, rich execution environment, trusted operating system, trusted execution environment ([Paragraph 7], In an exemplary non-secure (normal) world, a non-secure operating system and non-secure application programs are provided. The non-secure operating system is a regular operating system supporting overall operations of a mobile terminal or other device, and a non-secure application program is an ordinary application program . A non-secure application program running in the non-secure world is prevented from accessing secure data.  [Paragraph 66], The secure/normal world controller 161 includes a virtual secure world controller, a virtual normal world controller, and a security world switcher (not shown). The secure/normal world controller 161 corresponds to the core processor 210 of FIG. 2A. The virtual secure world controller executes a secure program on top of the secure operating system in the secure world.)
Ryu teaches rendering, by a rich operating system, a common control in a user interface of a client application (CA) to obtain a first surface, and the user interface comprises the common control and a secure control;
rendering, by the trusted operating system, the secure control in the user interface to obtain a second surface; 
compositing, by the trusted operating system, the first surface and the second surface to obtain a composited surface that comprises the common control and the secure control; and 
displaying the composited surface by using a display. ([Paragraph 75], The control unit 160 configures security settings for touch input, in step 330. For example, the control unit 160 may set the security attribute of a region of the storage unit 140 and the touchscreen 120 related to touch input to "secure". The control unit 160 controls the display unit 121 to output a secured input screen by displaying a secured screen above a non-secured screen as an overlay, in step 340. Here, the secured screen is rendered in the secure overlay frame buffer, the non-secured screen is rendered in the non-secure overlay frame buffer, and the secured screen is displayed above the non-secured screen as an overlay to form the secured input screen.  [Paragraph 66], The secure/normal world controller 161 includes a virtual secure world controller, a virtual normal world controller, and a security world switcher (not shown). The secure/normal world controller 161 corresponds to the core processor 210 of FIG. 2A. The virtual secure world controller executes a secure program on top of the secure operating system in the secure world.  [Paragraph 7], In accordance with an aspect of the present invention, an apparatus for securely inputting a touch (e.g. through a touch panel of an electronic device) is provided. The apparatus includes: a first (e.g. secure) overlay frame buffer for rendering a first screen ; a second (e.g. non-secure) overlay frame buffer for rendering a second screen; a display unit for outputting an input screen (e.g. a secure input screen); and a control unit for controlling the display unit to display the first screen as an overlay above the second screen so as to produce the input screen.  [Paragraph 31], In particular, when the mobile terminal 100 outputs particular screens on the touchscreen 120, it renders, in separate worlds (i.e. , the secure and non-secure worlds), screens to be overlaid. Specifically, the mobile terminal 100 renders a secured screen 10 in the secure world and renders a non-secured screen 20 in the non-secure world. The mobile terminal 100 displays the secured screen 10 on the non-secured screen 20 in an overlay form . In one exemplary embodiment of the present invention, the secured screen 10 is a screen on which a virtual input pad is displayed. Here, the input pad may be a keypad having alphanumeric and special keys, or a drawing pad for drawing lines and images.  [Paragraph 32], Hence, a hacking program running in the nonsecure world cannot access at least one of (i) information displayed on the secured screen 10, and (ii) a touch signal input through the secured screen 10. It is difficult for a hacking program to predict information input through the touchscreen 120. As a result, embodiments of the present invention may contribute to prevention of theft of information input through the touchscreen 120.)
It would have been obvious to a person with ordinary skill in the art, before the effective filing date of the invention, to combine the teachings of Han wherein a user interface on a terminal device is used to display application by a rich operating system, the terminal device comprises TEE, REE and CA, and the REE which the rich operating system executes the CA and the TEE, into teachings of Ryu wherein the terminal device comprises TEE, REE and CA, common control in a user interface is rendered to display CA to obtain a first surface and the user interface comprises the common control and secure control (i.e. non-secure and secure program/display/application), because this would enhance the teachings of Han wherein by overlaying secure display/application over the non-secure display/application, it allows separation of secure/non-secure environments which are displayed on the same display.  Furthermore, hacking program running within a non-secure environment cannot access the information within the secure environment.

As per claim 2, rejection of claim 1 is incorporated:
Ryu teaches wherein the rendering, by the rich operating system, the common control in the user interface comprises: performing a measurement operation on the common control to determine a size of the common control; 
performing a layout operation on the common control to determine a display position of the common control; and 
drawing the common control based on the determined size and display position of the common control to obtain the first surface, wherein the first surface is in a frame buffer of the rich operating system. ([Paragraph 75], The control unit 160 configures security settings for touch input, in step 330. For example, the control unit 160 may set the security attribute of a region of the storage unit 140 and the touchscreen 120 related to touch input to "secure". The control unit 160 controls the display unit 121 to output a secured input screen by displaying a secured screen above a non-secured screen as an overlay, in step 340. Here, the secured screen is rendered in the secure overlay frame buffer, the non-secured screen is rendered in the non-secure overlay frame buffer, and the secured screen is displayed above the non-secured screen as an overlay to form the secured input screen.  [Paragraph 66], The secure/normal world controller 161 includes a virtual secure world controller, a virtual normal world controller, and a security world switcher (not shown). The secure/normal world controller 161 corresponds to the core processor 210 of FIG. 2A. The virtual secure world controller executes a secure program on top of the secure operating system in the secure world.  [Paragraph 7], In accordance with an aspect of the present invention, an apparatus for securely inputting a touch (e.g. through a touch panel of an electronic device) is provided. The apparatus includes: a first (e.g. secure) overlay frame buffer for rendering a first screen ; a second (e.g. non-secure) overlay frame buffer for rendering a second screen; a display unit for outputting an input screen (e.g. a secure input screen); and a control unit for controlling the display unit to display the first screen as an overlay above the second screen so as to produce the input screen.  [Paragraph 31], In particular, when the mobile terminal 100 outputs particular screens on the touchscreen 120, it renders, in separate worlds (i.e. , the secure and non-secure worlds), screens to be overlaid. Specifically, the mobile terminal 100 renders a secured screen 10 in the secure world and renders a non-secured screen 20 in the non-secure world. The mobile terminal 100 displays the secured screen 10 on the non-secured screen 20 in an overlay form . In one exemplary embodiment of the present invention, the secured screen 10 is a screen on which a virtual input pad is displayed. Here, the input pad may be a keypad having alphanumeric and special keys, or a drawing pad for drawing lines and images.  [Paragraph 51], The touchscreen 120 includes a display unit 121 and a touch panel 123. The touchscreen 120 may be configured so that the touch panel 123 covers the display unit 121 . The size of the touchscreen 120 may be determined by the size of the touch panel 123. The touchscreen 120 displays application screens in the secure and non-secure worlds, and senses a touch with an object. In particular, the touchscreen 120 displays a Graphical User Interface (GUI) for touch input, and obtains a touch input corresponding to touch of a user object (e.g. finger or stylus) , and obtains other information through the GUI.  [Paragraph 42], In the present example according to an embodiment of the present invention, a non-secure program cannot identify the layout or elements of the secured screen that is rendered in the secure overlay frame buffer…)

As per claim 3, rejection of claim 1 is incorporated:
Ryu teaches further comprising: transferring, by the rich operating system, information about the secure control to the trusted operating system by invoking a client application programming interface (Client API) provided by the TEE. ([Paragraph 75], The control unit 160 configures security settings for touch input, in step 330. For example, the control unit 160 may set the security attribute of a region of the storage unit 140 and the touchscreen 120 related to touch input to "secure". The control unit 160 controls the display unit 121 to output a secured input screen by displaying a secured screen above a non-secured screen as an overlay, in step 340. Here, the secured screen is rendered in the secure overlay frame buffer, the non-secured screen is rendered in the non-secure overlay frame buffer, and the secured screen is displayed above the non-secured screen as an overlay to form the secured input screen.  [Paragraph 66], The secure/normal world controller 161 includes a virtual secure world controller, a virtual normal world controller, and a security world switcher (not shown). The secure/normal world controller 161 corresponds to the core processor 210 of FIG. 2A. The virtual secure world controller executes a secure program on top of the secure operating system in the secure world.  [Paragraph 7], In accordance with an aspect of the present invention, an apparatus for securely inputting a touch (e.g. through a touch panel of an electronic device) is provided. The apparatus includes: a first (e.g. secure) overlay frame buffer for rendering a first screen ; a second (e.g. non-secure) overlay frame buffer for rendering a second screen; a display unit for outputting an input screen (e.g. a secure input screen); and a control unit for controlling the display unit to display the first screen as an overlay above the second screen so as to produce the input screen.  [Paragraph 31], In particular, when the mobile terminal 100 outputs particular screens on the touchscreen 120, it renders, in separate worlds (i.e. , the secure and non-secure worlds), screens to be overlaid. Specifically, the mobile terminal 100 renders a secured screen 10 in the secure world and renders a non-secured screen 20 in the non-secure world. The mobile terminal 100 displays the secured screen 10 on the non-secured screen 20 in an overlay form . In one exemplary embodiment of the present invention, the secured screen 10 is a screen on which a virtual input pad is displayed. Here, the input pad may be a keypad having alphanumeric and special keys, or a drawing pad for drawing lines and images.  [Paragraph 83], The PIN UI program 148 is executed, at step (1). In response to user input, the PIN UI program 148 sends a secure 1/0 request to the agent 410, at step (2). For example, when the user enters a button for electronic payment after finishing online shopping, the PIN UI program 148 sends a secure 1/0 request to the agent 410. In return , the agent 410 invokes the secure touch backend, in step (3), thereby initiating the PIN code input security module 144 in the secure world. More specifically, the agent 410 requests a transition from the non-secure world to the secure world by invoking a Secure Monitor Call (SMC). Upon SMC invocation, a transition occurs from the non-secure world to the secure world, and the TrustZone monitor 420 is executed.)

As per claim 4, rejection of claim 3 is incorporated:
Ryu teaches wherein the rendering, by the trusted operating system, the secure control in the user interface to obtain a second surface comprises: 
performing, by the trusted operating system, a measurement and layout operation on the secure control based on the information about the secure control, to determine a size and a display position of the secure control; 
and drawing the secure control based on the determined size and display position of the secure control to obtain the second surface, wherein the second surface is in a frame buffer of the trusted operating system. ([Paragraph 75], The control unit 160 configures security settings for touch input, in step 330. For example, the control unit 160 may set the security attribute of a region of the storage unit 140 and the touchscreen 120 related to touch input to "secure". The control unit 160 controls the display unit 121 to output a secured input screen by displaying a secured screen above a non-secured screen as an overlay, in step 340. Here, the secured screen is rendered in the secure overlay frame buffer, the non-secured screen is rendered in the non-secure overlay frame buffer, and the secured screen is displayed above the non-secured screen as an overlay to form the secured input screen.  [Paragraph 66], The secure/normal world controller 161 includes a virtual secure world controller, a virtual normal world controller, and a security world switcher (not shown). The secure/normal world controller 161 corresponds to the core processor 210 of FIG. 2A. The virtual secure world controller executes a secure program on top of the secure operating system in the secure world.  [Paragraph 7], In accordance with an aspect of the present invention, an apparatus for securely inputting a touch (e.g. through a touch panel of an electronic device) is provided. The apparatus includes: a first (e.g. secure) overlay frame buffer for rendering a first screen ; a second (e.g. non-secure) overlay frame buffer for rendering a second screen; a display unit for outputting an input screen (e.g. a secure input screen); and a control unit for controlling the display unit to display the first screen as an overlay above the second screen so as to produce the input screen.  [Paragraph 31], In particular, when the mobile terminal 100 outputs particular screens on the touchscreen 120, it renders, in separate worlds (i.e. , the secure and non-secure worlds), screens to be overlaid. Specifically, the mobile terminal 100 renders a secured screen 10 in the secure world and renders a non-secured screen 20 in the non-secure world. The mobile terminal 100 displays the secured screen 10 on the non-secured screen 20 in an overlay form . In one exemplary embodiment of the present invention, the secured screen 10 is a screen on which a virtual input pad is displayed. Here, the input pad may be a keypad having alphanumeric and special keys, or a drawing pad for drawing lines and images.  [Paragraph 51], The touchscreen 120 includes a display unit 121 and a touch panel 123. The touchscreen 120 may be configured so that the touch panel 123 covers the display unit 121 . The size of the touchscreen 120 may be determined by the size of the touch panel 123. The touchscreen 120 displays application screens in the secure and non-secure worlds, and senses a touch with an object. In particular, the touchscreen 120 displays a Graphical User Interface (GUI) for touch input, and obtains a touch input corresponding to touch of a user object (e.g. finger or stylus) , and obtains other information through the GUI.  [Paragraph 42], In the present example according to an embodiment of the present invention, a non-secure program cannot identify the layout or elements of the secured screen that is rendered in the secure overlay frame buffer…)

As per claim 5, rejection of claim 2 is incorporated:
Ryu teaches wherein the compositing, by the trusted operating system, the first surface and the second surface to obtain a composited surface that comprises the common control and the secure control comprises: 
obtaining, by the trusted operating system, the first surface that is sent by the rich operating system by using a communications agent; and 
compositing, by the trusted operating system, the second surface onto the first surface to obtain the composited surface, wherein the composited surface is in the frame buffer of the trusted operating system. ([Paragraph 75], The control unit 160 configures security settings for touch input, in step 330. For example, the control unit 160 may set the security attribute of a region of the storage unit 140 and the touchscreen 120 related to touch input to "secure". The control unit 160 controls the display unit 121 to output a secured input screen by displaying a secured screen above a non-secured screen as an overlay, in step 340. Here, the secured screen is rendered in the secure overlay frame buffer, the non-secured screen is rendered in the non-secure overlay frame buffer, and the secured screen is displayed above the non-secured screen as an overlay to form the secured input screen.  [Paragraph 66], The secure/normal world controller 161 includes a virtual secure world controller, a virtual normal world controller, and a security world switcher (not shown). The secure/normal world controller 161 corresponds to the core processor 210 of FIG. 2A. The virtual secure world controller executes a secure program on top of the secure operating system in the secure world.  [Paragraph 7], In accordance with an aspect of the present invention, an apparatus for securely inputting a touch (e.g. through a touch panel of an electronic device) is provided. The apparatus includes: a first (e.g. secure) overlay frame buffer for rendering a first screen ; a second (e.g. non-secure) overlay frame buffer for rendering a second screen; a display unit for outputting an input screen (e.g. a secure input screen); and a control unit for controlling the display unit to display the first screen as an overlay above the second screen so as to produce the input screen.  [Paragraph 31], In particular, when the mobile terminal 100 outputs particular screens on the touchscreen 120, it renders, in separate worlds (i.e. , the secure and non-secure worlds), screens to be overlaid. Specifically, the mobile terminal 100 renders a secured screen 10 in the secure world and renders a non-secured screen 20 in the non-secure world. The mobile terminal 100 displays the secured screen 10 on the non-secured screen 20 in an overlay form . In one exemplary embodiment of the present invention, the secured screen 10 is a screen on which a virtual input pad is displayed. Here, the input pad may be a keypad having alphanumeric and special keys, or a drawing pad for drawing lines and images.  [Paragraph 51], The touchscreen 120 includes a display unit 121 and a touch panel 123. The touchscreen 120 may be configured so that the touch panel 123 covers the display unit 121 . The size of the touchscreen 120 may be determined by the size of the touch panel 123. The touchscreen 120 displays application screens in the secure and non-secure worlds, and senses a touch with an object. In particular, the touchscreen 120 displays a Graphical User Interface (GUI) for touch input, and obtains a touch input corresponding to touch of a user object (e.g. finger or stylus) , and obtains other information through the GUI.  [Paragraph 42], In the present example according to an embodiment of the present invention, a non-secure program cannot identify the layout or elements of the secured screen that is rendered in the secure overlay frame buffer…   [Paragraph 83], The PIN UI program 148 is executed, at step (1). In response to user input, the PIN UI program 148 sends a secure 1/0 request to the agent 410, at step (2). For example, when the user enters a button for electronic payment after finishing online shopping, the PIN UI program 148 sends a secure 1/0 request to the agent 410. In return , the agent 410 invokes the secure touch backend, in step (3), thereby initiating the PIN code input security module 144 in the secure world. More specifically, the agent 410 requests a transition from the non-secure world to the secure world by invoking a Secure Monitor Call (SMC). Upon SMC invocation, a transition occurs from the non-secure world to the secure world, and the TrustZone monitor 420 is executed.)

As per claim 6, rejection of claim 2 is incorporated:
Ryu teaches wherein the compositing, by the trusted operating system, the first surface and the second surface to obtain a composited surface that comprises the common control and the secure control comprises: 
obtaining, by the trusted operating system, an address that is of the frame buffer of the rich operating system and that is sent by the rich operating system by using a communications agent; 
accessing, by the trusted operating system, the first surface in the frame buffer of the rich operating system based on the address; and 
compositing the first surface and the second surface to obtain the composited surface, wherein the composited surface is in the frame buffer of the trusted operating system. ([Paragraph 75], The control unit 160 configures security settings for touch input, in step 330. For example, the control unit 160 may set the security attribute of a region of the storage unit 140 and the touchscreen 120 related to touch input to "secure". The control unit 160 controls the display unit 121 to output a secured input screen by displaying a secured screen above a non-secured screen as an overlay, in step 340. Here, the secured screen is rendered in the secure overlay frame buffer, the non-secured screen is rendered in the non-secure overlay frame buffer, and the secured screen is displayed above the non-secured screen as an overlay to form the secured input screen.  [Paragraph 66], The secure/normal world controller 161 includes a virtual secure world controller, a virtual normal world controller, and a security world switcher (not shown). The secure/normal world controller 161 corresponds to the core processor 210 of FIG. 2A. The virtual secure world controller executes a secure program on top of the secure operating system in the secure world.  [Paragraph 7], In accordance with an aspect of the present invention, an apparatus for securely inputting a touch (e.g. through a touch panel of an electronic device) is provided. The apparatus includes: a first (e.g. secure) overlay frame buffer for rendering a first screen ; a second (e.g. non-secure) overlay frame buffer for rendering a second screen; a display unit for outputting an input screen (e.g. a secure input screen); and a control unit for controlling the display unit to display the first screen as an overlay above the second screen so as to produce the input screen.  [Paragraph 31], In particular, when the mobile terminal 100 outputs particular screens on the touchscreen 120, it renders, in separate worlds (i.e. , the secure and non-secure worlds), screens to be overlaid. Specifically, the mobile terminal 100 renders a secured screen 10 in the secure world and renders a non-secured screen 20 in the non-secure world. The mobile terminal 100 displays the secured screen 10 on the non-secured screen 20 in an overlay form . In one exemplary embodiment of the present invention, the secured screen 10 is a screen on which a virtual input pad is displayed. Here, the input pad may be a keypad having alphanumeric and special keys, or a drawing pad for drawing lines and images. [Paragraph 42], In the present example according to an embodiment of the present invention, a non-secure program cannot identify the layout or elements of the secured screen that is rendered in the secure overlay frame buffer…   [Paragraph 37], The SoC includes a core processor 210, a secure Read-Only Memory (ROM) 221, a secure Random Access Memory (RAM) 223, a crypto engine 225, a TZASC (TrustZone address space controller) 231, a memory controller 233, a Dynamic RAM (DRAM) 235, a TrustZone Protection Controller (TZPC) 241, and a TrustZone Interrupt Controller (TZIC) 243. The components of the Soc are interconnected for communication through a system bus such as an Advanced extensible Interface (AXI) bus 245.  [Paragraph 41], The TZASC 231 controls memory regions including the DRAM 235. The TZASC 231 controls security of a memory region with particular addresses. For example, the TZASC 231 may set the security attribute of a given memory region of the DRAM 235 to "secure". Later, when the non-secure core processor 213 attempts to access the memory region of the DRAM 235 whose security attribute is set to "secure", the TZASC 231 rejects the access attempt. The TZASC 231 allows the secure core processor 211 to access the memory region whose security attribute is set to "secure".)

As per claim 7, rejection of claim 1 is incorporated:
Ryu teaches wherein the rich operating system comprises a plurality of frame buffers; and 
the rendering, by the rich operating system, the common control in the user interface to obtain a first surface comprising: 
rendering, by the rich operating system, the common control in the user interface to obtain a plurality of intermediate surfaces, wherein each intermediate surface is separately in an independent frame buffer; and 
combining, by the rich operating system, the plurality of intermediate surfaces into the first surface by invoking hardware. ([Paragraph 75], The control unit 160 configures security settings for touch input, in step 330. For example, the control unit 160 may set the security attribute of a region of the storage unit 140 and the touchscreen 120 related to touch input to "secure". The control unit 160 controls the display unit 121 to output a secured input screen by displaying a secured screen above a non-secured screen as an overlay, in step 340. Here, the secured screen is rendered in the secure overlay frame buffer, the non-secured screen is rendered in the non-secure overlay frame buffer, and the secured screen is displayed above the non-secured screen as an overlay to form the secured input screen.  [Paragraph 66], The secure/normal world controller 161 includes a virtual secure world controller, a virtual normal world controller, and a security world switcher (not shown). The secure/normal world controller 161 corresponds to the core processor 210 of FIG. 2A. The virtual secure world controller executes a secure program on top of the secure operating system in the secure world.  [Paragraph 7], In accordance with an aspect of the present invention, an apparatus for securely inputting a touch (e.g. through a touch panel of an electronic device) is provided. The apparatus includes: a first (e.g. secure) overlay frame buffer for rendering a first screen ; a second (e.g. non-secure) overlay frame buffer for rendering a second screen; a display unit for outputting an input screen (e.g. a secure input screen); and a control unit for controlling the display unit to display the first screen as an overlay above the second screen so as to produce the input screen.  [Paragraph 31], In particular, when the mobile terminal 100 outputs particular screens on the touchscreen 120, it renders, in separate worlds (i.e. , the secure and non-secure worlds), screens to be overlaid. Specifically, the mobile terminal 100 renders a secured screen 10 in the secure world and renders a non-secured screen 20 in the non-secure world. The mobile terminal 100 displays the secured screen 10 on the non-secured screen 20 in an overlay form . In one exemplary embodiment of the present invention, the secured screen 10 is a screen on which a virtual input pad is displayed. Here, the input pad may be a keypad having alphanumeric and special keys, or a drawing pad for drawing lines and images.  [Paragraph 42], with respect to the secured screen is assured. A wallpaper (or any other display features or UI elements not relating to the input of secure information) displayed behind the secured screen may be rendered in the non-secure overlay frame buffer of the DRAM 235 whose security attribute is not set.)

As per claim 8, rejection of claim 1 is incorporated:
Ryu teaches further comprising: parsing, by the rich operating system, source code or a layout file corresponding to the user interface, to determine the common control and the secure control that are comprised in the user interface. ([Paragraph 42], In one example according to an embodiment of the present invention, the DRAM 235 is equipped with a secure overlay frame buffer and a non-secure overlay frame buffer. The secure overlay frame buffer has a security attribute set to "secure" by the TZASC 231 and is accessible in the secure world. A non-secure application program is not allowed to access the secure overlay frame buffer. In the present example according to an embodiment of the present invention, a non-secure program cannot identify the layout or elements of the secured screen that is rendered in the secure overlay frame buffer.  [Paragraph 77], When a touch input is received, the control unit 160 processes the touch input in the secure world, in step 350. Here, referring to the layout (i.e., elements) of the secured screen, the control unit 160 identifies the element at which a touch is entered and identifies information entered by the user in the secure world…)

As per claim 9, rejection of claim 1 is incorporated:
Ryu teaches wherein the secure control carries a security label, and the rich operating system distinguishes the secure control from the common control based on the security label. ([Paragraph 44], TZPC 241 sets security attributes of peripheral units to  control access of the core processor 210 to the peripheral units. In particular, the TZPC 241 may set the security attribute of the touchscreen 120 to "secure". The touchscreen 120 whose security attribute is set to "secure" is inaccessible from the non-secure world. This is described later in relation with an AXI to Advanced Peripheral Bus (APB) (AXl2APB) bridge 250.)

As per claims 10-16, these are terminal device claims corresponding to the method claims 1-6 and 9.  Therefore, rejected based on similar rational.
Furthermore, as disclosed by Ryu in claim 5 would require synchronization of display surfaces (i.e. first and second surface frames) to ensure overlay of first and second screens/displays/surfaces are properly displayed/rendered within the composited surface/display.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Drozdovskyy et al. (Pub 20160142890) discloses REE, TEE, Rich Operation System, CA to display security related function to a client outside the trusted execution environment.
Kwag et al. (Pub 20140165216) discloses displaying secure application within a non-secure domain. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to DONG U KIM whose telephone number is (571)270-1313. The examiner can normally be reached 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emerson Puente can be reached on 5712723652. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DONG U KIM/Primary Examiner, Art Unit 2196