DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on March 18, 2022 has been entered.
 
Acknowledgment
Applicant’s amendment filed on February 24, 2022 is acknowledged. Accordingly claims 1-20 remain pending and have been examined.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on all reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
However, with respect to claims 1-20 rejection under 35 U.S.C. §101, Applicant argues that the 101 rejection should be withdrawn because the examiner has failed to meet the burden of proving that the claims are directed to an abstract idea and that the claims do recite significantly more.
In response examiner respectfully disagrees and submits that the rejection under 35 U.S.C. §101, should be maintained for the following reasons: The first step in the 2019 Revised Patent Subject Matter Eligibility Guideline analysis is to "determine whether the claims at issue are directed to one of those patent-ineligible concepts," such as an abstract idea. The inquiry often is whether the claims are directed to "a specific means or method" for improving technology or whether they are simply directed to an abstract end-result. McRO, Inc. v. Bandai Namco Games Am. Inc., 837 F.3d 1299, 1314 (Fed. Cir. 2016). Here the claims are directed to an algorithm or protocol for “establishing a trusted or secure communication between two devices for purposes of conducting a transaction” as part of system of commerce- which is considered an abstract idea. The second inquiry is to determine whether the recited judicial exception is integrated into a practical application. Here the claims are not integrated into a practical application because the use of computer or technology is merely serving as a tool to implement the abstract idea. The technology here only automates the abstract idea of using an algorithm or protocol for “establishing a trusted or secure communication between two devices for purposes of conducting a transaction” and for these reasons the rejection under 35 U.S.C. §101, should be maintained.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20, are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Subject Matter Eligibility Standard
When considering subject matter eligibility under 35 U.S.C. 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter.  If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so, it must additionally be determined whether the claim is a patent-eligible application of the exception.  If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself.    Examples of abstract ideas include fundamental economic practices; certain methods of organizing human activities; an idea itself; and mathematical relationships/formulas. (Alice Corporation Pty. Ltd. v. CLS Bank International, et al. US Supreme Court, No. 13-298, June 19, 2014). 
Analysis
Step 1: In the instant case, 
claim 1 is directed to a method, which is a statutory category of invention, 
Claim 9 is directed to a method, which is a statutory category of invention and 
Claim 17 is directed to a first computing device, which is a statutory category of invention.
Step 2a: 
While claims 1, 9 and 17 are directed towards a statutory category of invention, the claims are directed towards at least one judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) without significantly more. In the instant case, the claims are directed to In the instant case, the claims are directed to an algorithm or protocol for “establishing a trusted or secure communication between two devices for purposes of conducting a transaction” Put simply the claims recites an algorithm or protocol for “establishing a trusted or secure communication between two devices for purposes of transaction” as part of system of commerce- which is considered an abstract idea. The claims recites “first device establishing communication with second device…, the communication comprising security information…. For trusted or secure communication.” See grouping of abstract ideas in prong one of step 2A (see 2019 Revised Patent Subject Matter Eligibility Guideline). Claims 1, 9 and 17 recites the art of using an algorithm or mathematical relationships/formulas for the: “first device establishing communication with second device…, the communication comprising security information…. For trusted or secure communication…,” exchanging communications between the first device and the second device…. These steps constitute an algorithm or mathematical relationships/formulas. An algorithm or protocol or mathematical relationships/formulas is not an eligible patent category.  The limitations that set forth this abstract idea include: 
“first device establishing communication with second device…, the communication comprising security information…. For trusted or secure communication…,” after establishing a the communication, the first computing device transmitting a processing options data object list…; the first computing device receiving a data command from the second computing device….; after receiving the data command…. Generating privacy protection session key….; populating buffer with privacy protection session key… exchanging communications between the first device and the second device….
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of the claim such as “the first computing device”, “second computing device”, “cryptographic method”, “public key of an asymmetric”, merely uses a computer as a tool to perform the abstract idea. The use of “the first computing device”, “second computing device”, “cryptographic method”, “public key of an asymmetric”, does no more than generally link the abstract idea to a particular field of use, the use of “the first computing device”, “second computing device”, “cryptographic method”, “public key of an asymmetric”, does not improve the functioning or performance of the processor/computer and the use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea. 
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B (See 2019 Revised Patent Subject Matter Eligibility Guidance), the additional elements of “the first computing device”, “second computing device”, “cryptographic method”, “public key of an asymmetric”, do not amount to significantly more than the abstract idea. As discussed above, taking the claim elements separately, the use of “the first computing device”, “second computing device”, “cryptographic method”, “public key of an asymmetric”, does not improve the functioning or performance of the processor/computer and the use of a processor/computer does no more than use a processor/computer to implement the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recites the concept of “first device establishing communication with second device…, the communication comprising security information…. For trusted or secure communication…,” after establishing a the communication, the first computing device transmitting a processing options data object list…; the first computing device receiving a data command from the second computing device….; after receiving the data command…. Generating privacy protection session key….; populating buffer with privacy protection session key… exchanging communications between the first device and the second device…. using a computer. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible. 
Dependent claims 2-8, 10-16, and 18-20 further recite characteristics of data or continue to perform similar actions on data to perform the abstract idea. The dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Dependent claims 2-8, 10-16, and 18-20 merely extend the abstract idea of claims 1, 9 and 17 by describing the use of computer device or processor to “first device establishing communication with second device…, the communication comprising security information…. For trusted or secure communication…,” after establishing a the communication, the first computing device transmitting a processing options data object list…; the first computing device receiving a data command from the second computing device….; after receiving the data command…. Generating privacy protection session key….; populating buffer with privacy protection session key… exchanging communications between the first device and the second device….  and only serve to add additional layers of abstraction to the abstract idea of claims 1, 9 and 17. Therefore, the dependent claims are also not patent eligible.
Conclusion
The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not effect an improvement to another technology or technical filed; the claim does not amount to an improvement to the functioning of a computer system itself; and the claim does not move beyond a general link of the use of an algorithm to a particular technological environment. 
Accordingly, the Examiner concludes that there are no meaningful limitations in the claim that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself. Thus Examiner concludes that the claims are not directed to a patent-eligible subject matter under 35 U.S.C. 101 because it does not amount to significantly more than the abstract idea.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimmerman et al (hereinafter “Zimmerman”) U.S. patent Application Publication No. 2019/0253243 A1 in view of Peart et al (hereinafter “Peart”) U.S. Patent Application Publication No. 2005/003688 A1.
 
As per claims 1, 9 and 17, Zimmerman discloses a method for a first computing device to establish trusted communication with a second computing device in a transaction process, the method comprising, during a transaction process: 
the first computing device establishing a communication channel with the second computing device (see abstr., which discloses “a) establishing a communication channel between the first IoT device and the second IoT device through the IoT service and the mobile device;”); 
after establishing the communication channel, the first computing device transmitting a processing options data object list (PDOL) to the second computing device via the communication channel, the PDOL including a public exponent indicator tag and a public key modulus tag; 
the first computing device receiving a data command from the second computing device, the data command including the PDOL with the public exponent indicator tag populated by the second computing device with an exponent associated with an asymmetric cryptographic method and the public key modulus tag populated by the second computing device with a public key modulus associated with the asymmetric cryptographic method;
after receiving the data command, the first computing device generating an encrypted payload by: 
generating a privacy protection session key for use with a further cryptographic method (0141, which discloses that “In one embodiment, the encryption engine 1660 of the IoT service 120 sends a command to the HSM 1630 (e.g., which may be such as a CloudHSM offered by Amazon®) to generate a session public/private key pair.”);
generating a buffer having a size of the public key modulus (0207, which discloses that “The value for each characteristic may be stored within a 20-byte buffer identified by the characteristic ID in accordance with the current BT standard. However, the underlying principles of the invention are not limited to any particular buffer size.”);
populating the buffer with the privacy protection session key and a value indicating the number of privacy protection session keys included in the buffer (0209, which discloses that “If the key 1701 is greater than 20 bytes (the maximum buffer size in some current implementations), then it may be written in 20-byte portions.”; 0210), and 
encrypting the buffer with the asymmetric cryptographic method based on the public key modulus and the exponent indicated by the public exponent indicator tag (0089, which discloses that “ Similarly, the IoT hub 110 and IoT service 120 may perform a secure symmetric key exchange and then use the exchanged symmetric keys to encrypt communications.”);
the first computing device providing a secure communication to the second computing device, the secure communication comprising encrypted payload for the second computing device to decrypt using a private key of the asymmetric cryptographic method (0093, which discloses that “A different set of keys may be used to encrypt communication from the IoT device 101 to the IoT hub 110 and to the IoT service 120. For example, using a public/private key arrangement, in one embodiment, the security logic 602 on the IoT device 101 uses the public key of the IoT hub 110 to encrypt data packets sent to the IoT hub 110. The security logic 612 on the IoT hub 110 may then decrypt the data packets using the IoT hub's private key. Similarly, the security logic 602 on the IoT device 101 and/or the security logic 612 on the IoT hub 110 may encrypt data packets sent to the IoT service 120 using the public key of the IoT service 120 (which may then be decrypted by the security logic 613 on the IoT service 120 using the service's private key).”); and 
after providing the secure communication to the second computing device, the first computing device communicating with the second computing device for trusted communication using the further cryptographic method using the privacy protection session key (0266, which discloses that “ The data exchanged in the session info and session info response messages is used as a shared secret for subsequent transactions.”)
What Zimmerman does not explicitly teach is:
after establishing the communication channel, the first computing device transmitting a processing options data object list (PDOL) to the second computing device via the communication channel, the PDOL including a public exponent indicator tag and a public key modulus tag; 
the first computing device receiving a data command from the second computing device, the data command including the PDOL with the public exponent indicator tag populated by the second computing device with an exponent associated with an asymmetric cryptographic method and the public key modulus tag populated by the second computing device with a public key modulus associated with the asymmetric cryptographic method;
Peart discloses the method comprising:
after establishing the communication channel, the first computing device transmitting a processing options data object list (PDOL) to the second computing device via the communication channel, the PDOL including a public exponent indicator tag and a public key modulus tag (0105, which discloses that “The READ APPLICATION DATA command may contain a "GET PROCESSING OPTIONS" command, which prompts the card 100 to present to the reader 702, the appropriate directory or data location to be used during the initiated transaction”); 
the first computing device receiving a data command from the second computing device, the data command including the PDOL with the public exponent indicator tag populated by the second computing device with an exponent associated with an asymmetric cryptographic method and the public key modulus tag populated by the second computing device with a public key modulus associated with the asymmetric cryptographic method (0104, which discloses that “Once the appropriate application is selected (step 703), the merchant system 704 then provides the card 100 with a "READ APPLICATION DATA" command (step 705), to retrieve the data objects pertinent to user or issuer authentication (e.g., certification authority public key index, issuer public key certificate, issuer public key exponent, signed static application data, and issuer public key remainder data), and transaction completion (e.g., account or card expiration date, cardholder name, address, issuer identification code, acquirer identification code, etc.)”);
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the first computing device of Zimmerman and incorporate after establishing the communication channel, the first computing device transmitting a processing options data object list (PDOL) to the second computing device via the communication channel, the PDOL including a public exponent indicator tag and a public key modulus tag; the first computing device receiving a data command from the second computing device, the data command including the PDOL with the public exponent indicator tag populated by the second computing device with an exponent associated with an asymmetric cryptographic method and the public key modulus tag populated by the second computing device with a public key modulus associated with the asymmetric cryptographic method in view of the teachings of Peart in order to facilitate transaction and enhance security

As per claims 2 and 10, Zimmerman further discloses the method, wherein the further cryptographic method is symmetric and trusted communication is provided by a secure channel using the symmetric further cryptographic method to protect privacy of information private to an owner or controller of at least the first computing device (0094; 0117)

As per claims 3 and 11, Zimmerman further discloses the method, wherein the symmetric further cryptographic method is AES (0094; 0117).

As per claims 4 and 12, Zimmerman further discloses the method, wherein the further cryptographic method is asymmetric and trusted communication is provided by using the asymmetric further cryptographic method to replace the asymmetric cryptographic method in one or more processes (0094; 0117).

As per claims 5 and 13, Zimmerman further discloses the method, wherein the asymmetric cryptographic method is RSA and the further asymmetric cryptographic method is ECC, and wherein ECC is used instead of RSA for digital signatures provided by the first communication device (0094).

As per claims 6 and 14, Zimmerman further discloses the method, wherein there is more than one further cryptographic method, wherein the more than one further cryptographic methods comprise a symmetric further cryptographic method and an asymmetric further cryptographic method (Zimmerman: 0093).

As per claim 7 and 15, Zimmerman further discloses the method, wherein the first and second computing devices communicate to agree a transaction for authorisation over a transaction scheme (Zimmerman: 0089; 0090). 

As per claims 8 and 16, Zimmerman further discloses the method, wherein the transaction process is a contactless transaction (Zimmerman: 0047; 0125).

As per claim 18, Zimmerman failed to explicitly disclose the first computing device, wherein the first computing device is a payment device adapted for use by a cardholder to make payments on behalf of the cardholder.
Peart discloses the first computing device, wherein the first computing device is a payment device adapted for use by a cardholder to make payments on behalf of the cardholder (0005).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the first computing device of Zimmerman and incorporate the first computing device wherein the first computing device is a payment device adapted for use by a cardholder to make payments on behalf of the cardholder in view of the teachings of Peart in order to facilitate transaction and enhance security

As per claim 19, Zimmerman failed to explicitly disclose the first computing device, wherein the payment device is a payment card. 
Peart discloses the first computing device, wherein the payment device is a payment card (0005). 
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the first computing device of Zimmerman and incorporate the first computing device wherein the payment device is a payment card in view of the teachings of Kramer in order to facilitate transaction and enhance security

As per claim 20, Zimmerman failed to explicitly disclose the first computing device, wherein the payment card is a mobile telephone.
Peart discloses the first computing device, wherein the payment card is a mobile telephone (0005).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the first computing device of Zimmerman and incorporate the first computing device wherein the payment card is a mobile telephone in view of the teachings of Kramer in order to facilitate transaction and enhance security

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Charles C. Agwumezie whose number is (571) 272-6838. The examiner can normally be reached on Monday – Friday 8:00 am – 5:00 pm.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Hayes can be reached on (571) 272 – 6708.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHINEDU C AGWUMEZIE/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        June 15, 2022