DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1. The following is a Final Office Action in response to applicant’s arguments filed on April 6, 2022
Claims 1-9 are cancelled
Claims 19-23 are newClaims 10-23 are pending 

Response to Arguments

1.) Applicant’s remarks filed on 4/6/2022 regarding 35 U.S.C. 103 rejection of claim 10 have been fully considered, but is not persuasive.
 	In the remarks, applicant argues:
a) Wentker does not teach a means for detecting threats by the card manager since an external command is necessary to implement a threat detection means.
b) Chan does not teach that the “applet invalidated” warning condition does not occur between a card platform and an applet and does not include an exchange of threat information. Furthermore, the “applet invalidated” warning does not indicate a threat condition.

The examiner respectfully disagrees with the applicant. In regards to argument “a”, paragraph 0063 of Wentker discloses specifically discloses that the card manager is operable to set an application to lock if it detects a threat from within the card that’s associated with a particular application.
In regards to argument “b”, the examiner respectfully disagrees with the  applicant. Chan discloses in figure 9, steps 602 and 604 that an application detects a problem that triggers the application to issue a “card block” request to the card domain. Implicitly, in the broadest reasonable interpretation, the warning, “applet invalidated”, may be indicative of a threat condition that forces remedial action to be taken.




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


1.) Claims 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over US 20020040936, Wentker in view of US 6005942, Chan

	In regards to claim 10, Wentker teaches an embedded device incorporating Java Card technology including a Java Card platform and at least one applet, and including both Java Card platform security features and applet security features, comprising: 
a) a threat detection means, installed with either or both of the Java Card platform and the applet(see US 20020040936, Wentker, para. 0041, where a software card manager is installed on a Java card for managing an application run-time environment and security[i.e. threat detection]), and constructed to detect events of threat occurring at the embedded device(see US 20020040936, Wentker, para. 0057, where the card manager is configured to detect internal or external threats); and wherein b) an interface means constructed to: 
receive, from the threat detection means, a threat notification on a detected event of threat(see US 20020040936, Wentker, para. 0050, 0057 and 0063, where the card manager Locked state informs[notifies] the card manager of a threat posed by an application, wherein the applications on the smart card communicate directly with an API); and, 	Wentker does not teach in reaction to a received threat notification, establish or operate a communication channel between the Java Card platform and the applet and exchange threat information on the detected event of threat between the Java Card platform and the applet 	However, Chan teaches in reaction to a received threat notification, establish or operate a communication channel between the Java Card platform and the applet and exchange threat information on the detected event of threat between the Java Card platform and the applet (see US 6005942, Chan, fig. 9, steps 602, 604 and col. 22, lines 45-53, where an application implicitly uses a channel to communicate with the card to send a block request in response to detecting a problem[e.g. threat], wherein an “applet invalidated” warning condition may be returned when the card is blocked).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wentker with the teaching of Chan because a user would have been motivated to enhance the security process of loading new applications on a smart card, taught by Wentker, by permitting applications from different entities to be loaded by using unique card information to derive cryptographic keys(see Chan, col. 6, lines 18-30)
 	In regards to claim 11, the combination of Wentker and Chan teach the embedded device according to claim 10, wherein said interface means (IM) is an Application Programing Interface API(see US 20020040936, Wentker, para. 0050, where the application on a smart card communicate via an API).  
 	In regards to claim 12, the combination of Wentker and Chan teach the embedded device according to claim 11, wherein said Application Programing Interface API is a proprietary API especially established for events of threat(see US 20020040936, Wentker, para. 0050, where the API[110] enable access to unique system services and security domains[i.e. threat mitigation]).  
 	In regards to claim 13, the combination of Wentker and Chan teach the embedded device according to claim 11, wherein said Application Programing Interface API is a standard API in combination with specific parameter values indicative of events of threat(see US 20020040936, Wentker, para. 0057 and fig. 3, item 122, where the hardware API [e.g. standard API] interfaces with applications that may present a threat).  
 	In regards to claim 14, the combination of Wentker and Chan teach the embedded device according to claim 10, wherein said interface means is an exception mechanism agreed upon between the Java Card platform and the applet(see US 20020040936, Wentker, para. 0050 and 0057, where applications communicate with the card manager via an API, wherein the card manager may be configured in a locked state to disable all applications except for the card manager)  

2.) Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over US 20020040936, Wentker in view of US 6005942, Chan and further in view of US 20130332999, Montemayor

In regards to claim 15, the combination of Wentker and Chan teach the 
embedded device according to claim 10. The combination of Wentker and Chan do not teach wherein said communication channel is constructed as either one of: (1) a unidirectional communication channel from the Java Card platform to the applet; (2) a unidirectional communication channel from the applet to the Java Card platform; (3) a bidirectional communication channel between the Java Card platform and the applet. 	However, Montemayor teaches wherein said communication channel is constructed as either one of: (1) a unidirectional communication channel from the Java Card platform to the applet; (2) a unidirectional communication channel from the applet to the Java Card platform; (3) a bidirectional communication channel between the Java Card platform and the applet (see US 20130332999, Montemayor, para. 0036, where a channel formed between an applet and servlet, wherein implicitly, a channel may either be unidirectional or bidirectional).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Wentker and Chan with the teaching of Montemayor because a user would have been motivated to enhance the functionality of the Java card, taught by the combination of Wentker and Chan, by using a Java Servlet, taught by Montemayor, in order to provide web based application development (see Montemayor, para. 0006)3.) Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over US 20020040936, Wentker in view of US 6005942, Chan and further in view of US 8522350, Davenport
 	In regards to claim 16, the combination of Wentker and Chan teach the embedded device according to claim 10. The combination of Wentker and Chan do not teach wherein the threat information exchanged between the Java Card platform and the applet comprises a threat type information indicating a type of the detected event of threat 	However, Davenport teaches wherein the threat information exchanged between the Java Card platform and the applet comprises a threat type information indicating a type of the detected event of threat(see US 8522350, Davenport, col. 9, line 63-col. 10, line 11, where an alert may identify the type of attack).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Wentker and Chan with the teaching of Davenport because a user would have been motivated to enhance security protection for applications running on a Java platform, taught by the combination of Wentker and Chan, from Java script runtime attacks by receiving content and applying a function to expose at least one vulnerability of the computer and implementing protections to mitigate the attack(see Davenport, col. 3, lines 9-18)


4.) Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over US 20020040936, Wentker in view of US 6005942, Chan and further in view of US 8522350, Davenport and further in view of US 20080235796, Buhr

 	In regards to claim 17, the combination of Wentker, Chan, and Davenport teach the embedded device according to claim 16. The combination of Wentker, Chan, and Davenport do not teach wherein the threat type information is or comprises one or several of a light flash attack detected at the Java Card platform, a data integrity error detected at the applet or at the Java Card platform, a bytecode jump detected at the applet,Atty. Docket: 19838.441 7/8 an execution flow control error detected at the applet or at the Java Card platform 	However, Buhr teaches wherein the threat type information is or comprises one or several of a light flash attack detected at the Java Card platform, a data integrity error detected at the applet or at the Java Card platform, a bytecode jump detected at the applet,Atty. Docket: 19838.441 7/8 an execution flow control error detected at the applet or at the Java Card platform(see US 20080235796, Buhr, para. 0069, where an attack may be a light flash attack).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Wentker, Chan and Davenport with the teaching of Buhr because a user would have been motivated to enhance the system protection, taught by the combination of Wentker, Chan, and Davenport, by making circuit modifications in order to mitigating attacks based on electromagnetic radiation(see Buhr, para. 0002)
5.) Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over US 20020040936, Wentker in view of US 6005942, Chan and further in view of US 20150350177, Sharp

 	In regards to claim 18, the combination of Wentker and Chan teach the embedded device according to claim 10. The combination of Wentker and Chan do not teach wherein the threat information exchanged between the Java Card platform and the applet comprises or is accompanied by at least one command including instructions to establish or change security features, the command being either a command from the Java Card platform to the applet, and including instructions to establish or change applet security features, or a command from the applet to the Java Card platform, and including instructions to establish or change Java Card platform security features.  	However, Sharp teaches wherein the threat information exchanged between the Java Card platform and the applet comprises or is accompanied by at least one command including instructions to establish or change security features, the command being either a command from the Java Card platform to the applet, and including instructions to establish or change applet security features, or a command from the applet to the Java Card platform, and including instructions to establish or change Java Card platform security features (see US 20150350177, Sharp, para. 0046, where an applet may be configured to provide local functionality to modify activation state of security domain elements). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Wentker and Chan with the teaching of Sharp because a user would have been motivated to enhance a user’s experience on the system, taught by the combination of Wentker and Chan, by enabling a user of the system greater flexibility to modify and/or delete credential information when utilizing a online credential management system, taught by Sharp(Sharp, para. 0021)


6.) Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over US 20020040936, Wentker in view of US 6005942, Chan and further in view of US 20080235796, Buhr
 	In regards to claim 19, the combination of Wentker and Chan teach the embedded device according to claim 10. The combination of Wentker and Chan do not teach wherein the threat detection means comprises a light sensor installed with the Java Card platform 	However, Buhr teaches wherein the threat detection means comprises a light sensor installed with the Java Card platform (see US 20080235796, Buhr, para. 0069, where an attack may be a light flash attack).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Wentker and Chan with the teaching of Buhr because a user would have been motivated to enhance the system protection, taught by the combination of Wentker and Chan by making circuit modifications in order to mitigating attacks based on electromagnetic radiation(see Buhr, para. 0002).  

7.) Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over US 20020040936, Wentker in view of US 6005942, Chan and further in view of US 20030028363, Nobili 	In regards to claim 20, the combination of Wentker and Chan teach the embedded device according to claim 10. The combination of Wentker and Chan do not teach wherein the threat detection means comprises an integrity check routine installed with the applet. 	However, Nobili teach wherein the threat detection means comprises an integrity check routine installed with the applet(see US 20030028363, Nobili, para. 0124, where integrity checking is based on a java applet).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Wentker and Chan with the teaching of Nobili because a user would have been motivated to enhance the portability of the java code, taught by the combination of Wentker and Chan, in order to permit greater code independence when interfacing with other platforms(see Nobili, para. 0010)  
8.) Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over US 20020040936, Wentker in view of US 6005942, Chan and further in view of US 8522350, Davenport
 	In regards to claim 21, the combination of Wentker and Chan teach the embedded device according to claim 10. The combination of Wentker and Chan do not teach wherein the threat information comprises a threat type 	However, Davenport teaches wherein the threat information comprises a threat type (see US 8522350, Davenport, col. 9, line 63-col. 10, line 11, where an alert may identify the type of attack).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Wentker and Chan with the teaching of Davenport because a user would have been motivated to enhance security protection for applications running on a Java platform, taught by the combination of Wentker and Chan, from Java script runtime attacks by receiving content and applying a function to expose at least one vulnerability of the computer and implementing protections to mitigate the attack(see Davenport, col. 3, lines 9-18).  

9.) Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over US 20020040936, Wentker in view of US 6005942, Chan and further in view of US 20160239663, Healy
 	In regards to claim 22, the combination of Wentker and Chan teach the embedded device according to claim 10. The combination of Wentker and Chan do not teach wherein the threat detection means is configured to detect hardware attacks at the embedded device 	However, Healy teaches wherein the threat detection means is configured to detect hardware attacks at the embedded device (see US 20160239663, Healy, para. 0014, where an attack is detected in a DRAM device with embedded ECC).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Wentker and Chan with the teaching of Healy because a user would have been motivated to enhance the security of hardware elements used by the combination of Wentker and Chan by providing DRAM protection for hardware element in order to prevent malicious cryogenic attacks(see Healy, para. 0002). 

10.) Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over US 20020040936, Wentker in view of US 6005942, Chan and further in view of US 20140020114, Bhatia 	In regards to claim 23, the combination of Wentker and Chan teach the embedded device according to claim 10. The combination of Wentker and Chan do not teach wherein the threat detection means comprises a light sensor installed with the Java Card platform and an integrity check routine installed with the applet 	However, Bhatia teaches wherein the threat detection means comprises a light sensor installed with the Java Card platform(see US 20140020114, Bhatia, para. 0031, where light sensors may be used to detect a security threat when a package is opened) and an integrity check routine installed with the applet(see US 20140020114, Bhatia, para. 0032, where cryptographic operations may be performed to guarantee the integrity of code and data). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Wentker and Chan with the teaching of Bhatia because a user would have been motivated by methods of optimizing integration of a secure element into system, taught by Bhatia, in order to provide more efficient function operation of the Java card platform, taught by the combination of Wentker and Chan(see Bhatia, para. 0006)



CONCLUSION

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469.  The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/GREGORY A LANE/ Examiner, Art Unit 2438


/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438