DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
This Office action is issued in response to the submission of the applicant filed on 4 March 2022.
Claims 1, 2, and 7 are amended by Applicant’s submission.
Claims 4, 5, and 6 are canceled by Applicant.
Claims 1-3 and 7-9 are pending and have been examined herein. 
Drawings
The drawings were received on 7 March 2017.  These drawings are acceptable.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 7 and 8 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 7 is written to depend on canceled claim 6; and claim 8 is dependent on canceled claim 6 and claim 7.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements. For purposes of examination, claim 7 is read as if it depends on claim 1; and claim 8 is read as if it depends on claims 1 and 7. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-3 and 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Ahamad, S.S. et al. "A Biometric based Secure Mobile Payment Framework"  2013 4th International Conference on Computer and Communication Technology (ICCCT) 01-Sep-2013, Page(s): 239-246, hereinafter, “AHAMAD” in further view of US 20170103388 A1 to Pillai; M.K. et al., hereinafter, “PILLAI”.
Regarding claim(s) 1,
AHAMAD discloses:
 A system for authorizing an electronic transaction, the system comprising (see, at least, AHAMAD abstract on page 239, first paragraph: Biometric based Mobile Payment Framework ("SMPB") is a secure mobile payment framework based on Biometric using wireless public key infrastructure and Universal Integrated Circuit card is a mobile payment protocol originating from a Mobile Payment Application on a Universal Integrated Circuit Card (UICC) to a Bank Server which ensures Authentication, Integrity, prevents double spending and prevents over spending): 
an information capturing and transaction device capturing biometric information of a human user (see, at least, AHAMAD page 240, paragraph 5 A. preliminaries – Mobile Biometric Application (MBA): the role of the Mobile Biometric Application is to guarantee that information can only be accessed if the legitimate phone holder is successfully authenticated. This is achieved by combining the use of the mobile phone and a biometric device. In order to do this, the MBA must receive fresh biometric data from the mobile phone.)The Mobile Biometric Application (MBA) is situated inside the secure element Universal Integrated Circuit Card (UICC); and 
a secure element in operative communication with the information capturing and transaction device  (see, at least, AHAMAD page 240, paragraph 5 A. preliminaries –The use of the mobile phone and a biometric device is combined and the Mobile Biometric Application receives fresh biometric data from the mobile phone. The Mobile Biometric Application (MBA) is situated inside the secure element Universal Integrated Circuit Card (UICC)) 
and including a secure element processing unit (see, at least, AHAMAD: page 230 first column, middle of paragraph following I. Introduction: “UICC is the Secure Element used in this protocol which is a generic platform for smart card applications”; page 240 second column, second paragraph:  signature processes are performed in the UICC  ), 
[...]
and a secure element memory unit in communication with the secure element processing unit and capable of storing at least one set of secure element-based reference biometric keys associated with the user  (see, at least, AHAMAD page 240, paragraph 5 A. preliminaries: “[...] the client has already stored his/her fingerprint template data inside the UICC”.), 
wherein the secure element processing unit is configured to be capable of (see, at least, AHAMAD: page 230 first column, middle of paragraph following I. Introduction: “UICC is the Secure Element used in this protocol which is a generic platform for smart card applications”; page 240 second column, second paragraph:  signature processes are performed in the UICC)
receiving the captured biometric information from the information capturing and transaction device (see, at least, AHAMAD page 240, paragraph 5 A. preliminaries –The use of the mobile phone and a biometric device is combined and the Mobile Biometric Application receives fresh biometric data from the mobile phone. The Mobile Biometric Application (MBA) is situated inside the secure element Universal Integrated Circuit Card (UICC)), 
processing the captured biometric information to derive at least one set of secure element-based captured biometric keys  (see, at least, AHAMAD page 240, paragraph 5 A. preliminaries Mobile Payment Application (MPA) paragraph: “After the successful authentication (using NRP and Finger print) of the client by [Mobile Biometric Application (MBA)]”; page 245 Table 1 SMPB is characterized by “Biometric Authentication [being] ensured at the client’s side”; page 242, second paragraph: using Fingerprint Template (FPT), key set Kbc is generated and stored in Mobile Payment Application of the UICC at the client end and in the bank server), 
and permitting an access to at least one application residing on the secure element based on a comparison of the set of secure element-based captured biometric keys with the set of secure element-based reference biometric keys depending on a configuration of the at least one application (see, at least, AHAMAD: page 240 column two, paragraph 6: After successful authentication using fingerprint of the client, the mobile phone sends a message to Mobile Payment Application requesting either the credit card information (which is kept by the MPA ), and 
wherein the at least one application can be used to perform at least one electronic transaction on a third-party computer system (see, at least, AHAMAD: page 240, second column, first paragraph:  A mobile payment protocol between the personalized Mobile Payment Application on UICC and the Bank Server is proposed ; page 241, second paragraph of first column: Mobile Payment Application is was installed in the UICC by the Issuer; page 240, paragraph 6 A. preliminaries – Mobile Payment Application (MPA): MPA is a separate application that realizes the function of payment; abstract: the proposed payment protocol is used to realize transactions originating from the Mobile Payment Application to the Bank Server).
[...]
AHAMAD does not expressly disclose the following limitations, which PILLAI however, teaches:
wherein the secure element includes a first circuitry operable to communicate with a first communication network operating in accordance with a first set of communication standards and protocols which enables radio data communication  (see, at least, PILLAI:  [26]: electronic device 100 may include a processor 102, a communications component 106, and/or a near field communication (“NFC”) component 120. NFC component 120 may include a secure element that may be configured to provide a tamper-resistant platform (e.g., as a single-chip or multiple-chip secure microcontroller) that may be capable of securely hosting applications and their confidential and cryptographic data (e.g., credential applets and associated credential keys, such as a credential key 155a′ and an access key 155a, and/or an issuer security domain (“ISD”) key 156k, [...]. As described below in more detail, a credential applet of NFC component 120 may be configured to provide sufficient detail for identifying a funding account or other financial instrument or credit source (e.g., at financial institution subsystem 350), where such a credential applet may be used by electronic device 100 in one or more communications with merchant subsystem 200 for facilitating a financial transaction. NFC component 120 may be configured to communicate such credential information as a contactless proximity-based communication 5 (e.g., near field communication) with merchant subsystem 200 (e.g., with a merchant terminal 220 of merchant subsystem 200, where the merchant terminal may be located at a brick and mortar store or any physical location at which a user of electronic device 100 may use a credential stored on electronic device 100 to conduct a financial transaction with a proximately located merchant terminal via a contactless proximity-based communication),
 and the secure element includes a second circuitry operable to communicate with a second communication network operating in accordance with a second set of communication standards and protocols which enables packet data communication (see, at least, PILLAI:  [26]: Alternatively or additionally, communications component 106 may be provided to allow device 100 to communicate any suitable data (e.g., credential information) with one or more other electronic devices or servers or subsystems (e.g., one or more subsystems or other components of system 1) using any suitable wired or wireless protocol (e.g., via one or more of communications paths 15, 65, and/or 75). Processor 102 of electronic device 100 may include any processing circuitry that may be operative to control the operations and performance of one or more components of electronic device 100. For example, processor 102 may be configured to run one or more applications on device 100 (e.g., an online resource or merchant application 113) that may at least partially dictate the way in which online-based merchant payment data communications that may include credential information of NFC component 120 may be communicated between communications component 106 of device 100 and a merchant server 210 of merchant subsystem 200 (e.g., to conduct a financial transaction with a remote merchant server of merchant subsystem 200 over the internet or any other suitable network that may be provided by communications path 15) and/or that may at least partially dictate the way in which online-based device transaction data communications 664 that may include credential information of NFC component 120 may be communicated between communications component 106 of device 100 and a commercial server 410 of commercial entity subsystem 400 (e.g., to conduct a financial transaction over the internet or any other suitable network that may be provided by communications path 65);  [137]: Communications component 106 may be provided to allow device 100 to communicate with one or more other electronic devices or servers or subsystems (e.g., one or more subsystems or other components of system 1) using any suitable communications protocol. For example, communications component 106 may support transmission control protocol/internet protocol (“TCP/IP”) (e.g., any of the protocols used in each of the TCP/IP layers) and high speed packet access (“HSPA”),
[...]
wherein the at least one application is executable and operable by the user through a device user interface of the information capturing and transaction device to access third-party contents residing on the third-party computer system (see, at least, PILLAI:  [73]: As shown in FIG. 4C, output display component 112a may be configured to provide screen 190c in response to receiving user selection of a credential from credential selection prompt 493 of screen 190b of FIG. 4B. Screen 190c of FIG. 4C may prompt a user to interact with device 100 in one or more ways to authenticate the user and its intent to utilize the selected credential. This may include prompting the user (e.g., with an authentication prompt 495) to enter user authentication via personal identification number (“PIN”) entry or via user interaction with a biometric sensor in order to access the secure element of device 100 and, thus, the credential to be used for the purchase. [...] As just one example of step 611, applet 153b of access SSD 154b may be configured to determine intent and local authentication of a user of device 100 (e.g., via one or more input components 110, such as a biometric input component 110i of FIG. 4, as may be used by a user interacting with application 113 via GUI 180) and, in response to such a determination, may be configured to enable another particular SSD for conducting a payment transaction (e.g., with a credential of credential SSD 154a). In some embodiments, after such a determination, but before such enablement, output display component 112a may be configured to provide screen 190d of FIG. 4D that may prompt a user (e.g., with a payment prompt 497) to interact with device 100 in one or more ways to finally initiate payment to merchant subsystem 200 according to potential transaction data 660 using the selected and authenticated credential.)
via any of a first communication network and the second communication network depending on a configuration of the third-party computer system (see, at least, PILLAI:  [26]: a credential applet of NFC component 120 may be configured to provide sufficient detail for identifying a funding account or other financial instrument or credit source (e.g., at financial institution subsystem 350), where such a credential applet may be used by electronic device 100 in one or more communications with merchant subsystem 200 for facilitating a financial transaction; [26]: Alternatively or additionally, communications component 106 may be provided to allow device 100 to communicate any suitable data (e.g., credential information) with one or more other electronic devices or servers or subsystems (e.g., one or more subsystems or other components of system 1) using any suitable wired or wireless protocol (e.g., via one or more of communications paths 15, 65, and/or 75));
It would have been obvious to one of ordinary skill in the art at the time of filing to combine/modify the system/method of AHAMAD, which discloses a   biometric based secure mobile payment framework AHAMAD (page 239, 2nd column, lines 17-20) with the technique of PILLAI, which teaches a system and method of communicating secure element data using an electronic device over multiple paths for online payments (PILLAI  [4]), in order to provide a seamless user experience for securely and efficiently conducting online payments with a merchant subsystem on a user device (PILLAI  [44]).
Regarding claim(s) 2,
 AHAMAD and PILLAI teaches the limitations of claims 1, as shown, above. 
AHAMAD further discloses:
wherein the at least one application comprises a plurality of applications residing on the secure element (see, at least, AHAMAD: page 240, second column III. Preliminaries and Assumptions A. Preliminaries Mobile Biometric Application (MBA): MBA is a separate application realizing the function of biometric authentication situated inside the UICC and Mobile Payment Application (MPA): Mobile Payment Application module (MPA) is a separate application realizing the function of payment situated inside the UICC.)
Regarding claim(s) 3,
 AHAMAD and PILLAI teaches the limitations of claims 1 and 2, as shown, above.
AHAMAD further discloses:
wherein the plurality of applications are selectively activatable (see, at least, AHAMAD: page 244 first column, 2nd paragraph: The UICC can host a number of different applications, each defining and controlling its own application(s). UICC is personalized by the client and client’s credentials are stored in the WIM [(Wireless Identity Module)] of UICC.; page 240, second column, second to last paragraph: the mobile phone (MP) sends a message to this Application requesting credit card information according to the APDU [application protocol data unit] command; page 241, second column personalization is initiated by keeping a client’s finger pressed on the finger print scanner which causes the finger print scanner to send the captured finger print template to the Mobile Biometric Application).
Regarding claim(s) 7, 
AHAMAD and PILLAI teaches the limitations of claim 1, as shown, above. 
AHAMAD further discloses:
wherein the third-party computer system includes a server processing unit, a server memory unit, and a server database unit associated with the server processing unit and having pre-stored thereon a plurality of sets of server-based reference biometric keys (see, at least, AHAMAD: page 242, figure 1: “biometric server”; page 245 Table 1 SMPB is characterized by “Biometric Authentication is ensured at the Sever side”; page 243, first column, last paragraph step “c)”: issuer checks if Finger Print Template of Client matches Finger Print Template stored by Issuer).
Regarding claim(s) 8,
AHAMAD and PILLAI teaches the limitations of claims 1 and 7, as shown, above. 
AHAMAD further discloses:
wherein the third-party computer system further includes an authorization module executable by the server processing unit from the server memory unit for authorizing at least one user account associated with the user to be used for performing the at least one electronic transaction on the third-party computer system based on a comparison of the set of secure element-based reference biometric keys with each set of server- based reference biometric keys of the plurality of sets of server-based reference biometric keys and depending on the configuration of the third-party computer system  (see, at least, AHAMAD: page 242, figure 1: “biometric server”; page 245 Table 1 SMPB is characterized by “Biometric Authentication is ensured at the Sever side”; page 243, first column, last paragraph step “c)”: issuer checks if Finger Print Template of Client matches Finger Print Template stored by Issuer; page 243, column two, first paragraph: If all the checks are successful the Issuer authorizes the PI (payment instruction) and sends Message 10 (authorization of Payment Instruction) to the Payment Gateway using the Private banking Network which is very secure (see page 243 first column, second to last paragraph).
Regarding claim(s) 9,
AHAMAD and PILLAI teaches the limitations of claims 1, as shown, above. 
AHAMAD further discloses:
wherein the secure element is any one of a Universal Integrated Circuit Card (UICC), an embedded Secure Element (eSE) card, a smart Secure Digital card, a smart micro Secure Digital card, and a SIM (subscriber identity module or subscriber identification module) (see, at least, AHAMAD: page 241, second paragraph, B. Assumptions: 1)  “Client (C) is considered to have a mobile device with UICC having Mobile Payment Application installed in the UICC by the Issuer (I) and private key is stored in the tamper resistant UICC (W).”, page 240 A. Preliminaries (column two, fifth paragraph): Mobile biometric Application is situated inside the UICC; page 240, column two 6th paragraph: Mobile payment application, a separate application realizing the function of payment, is situated inside the UICC).
Response to Arguments
Claim Objections
	The arguments considering the claim objections of Claims 2 and 7 have been considered and are persuasive.  The claim objections of the previous actions are withdrawn due to Applicant’s amendments.
Prior Art/35 U.S.C. § 102 rejection
	Applicant’s arguments with respect to claim(s) 1-3 and 7-9 at pages 8-10 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
US 20150358317 (DEUTSCHMANN; Ingo) teaches using biometric data to decrypt a private key stored in secure element for use in transactions and authentications, authentication of user to third party applications, and checks against a biometric server 
US 20190156324 (FONTAINE; Sebastien) teaches using a secure element for conducting a secured transaction on a device, in particular a secured financial transaction.
US 20160364559 (BALI; Niraj) teaches isolating an untrusted application execution environment the trusted application execution environment in the context of securing biometric data
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BOLKO HAMERSKI whose telephone number is (571)270-7621. The examiner can normally be reached Monday-Friday 10:00 AM to 6:00 PM.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, BENNETT SIGMOND can be reached on (303) 297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


BOLKO HAMERSKI
Examiner
Art Unit 3694



/BOLKO M HAMERSKI/Examiner, Art Unit 3694                                                                                                                                                                                                        
/BENNETT M SIGMOND/Supervisory Patent Examiner, Art Unit 3694