DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to application 17/176,011 filed on 2/15/2021.
Claims 1-20 have been examined and are pending in this application.
The examiner notes the IDSs filed on 10/18/2021 and 5/27/2022 have been considered.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1, 9, and 17 are rejected on the ground of nonstatutory double patenting as being unpatentable over Claim 1 of U.S. Patent No. 10,958,640.  Although the claims at issue are not identical, they are not patentably distinct from each other because:

The examiner notes that Claim 1 of U.S. patent No. 10,958,640 recites substantially similar subject matter, more specifically: 
A method comprising: establishing a virtual channel between a server and a client device; receiving, by the server, from the client device, and via a personal computer/smart card (PC/SC) protocol, a message comprising an identifier of a smart card associated with the client device, wherein the identifier comprises answer to reset (ATR) data; replacing, by a PC/SC redirection layer of the server, the identifier with a substitute identifier of the smart card, wherein the substitute identifier comprises substitute ATR data retrieved using a PC/SC hook of the server; based on the substitute identifier, determining, by the server and among a plurality of cryptographic service providers, a cryptographic service provider to use for one or more cryptographic operations associated with the smart card, wherein the determining the cryptographic service provider comprises querying a database for an association between the substitute identifier and the cryptographic service provider; and transmitting, via the determined cryptographic service provider, via the virtual channel, and to the client device, one or more requests for a cryptographic operation involving the smart card.
The examiner notes that the features emphasized above are obvious variants to that claimed in the limitations of Claims 1, 9 and 17 of the Instant Application.

Claims 2-8, 10-16, and 18-20 depend from respective independent Claims 1, 9, and 17; thus, would respectfully inherit the Double Patenting rejection.










Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim (s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sachdeva et al. (US 2009/0064301 A1) in view of Vajravel et al. (US 2018/0115613 A1) and Prabdial et al. (US 2014/0310785 A1) 

Regarding Claim 1;
Sachdeva discloses a method comprising: 
establishing a ... channel between a server and a client device (FIG. 3 – Smart Card Resource Manager and 103 FIG. 9a-9b Remote server and Smart Card and [0027] - ...host computer 103); 
receiving, by the server, from the client device, a message comprising answer to reset (ATR) data of a smart card associated with the client device (FIG. 3 and FIG. 9a-9b and [0027] and [0030] and [0067]-[0069] - . The smart card resource manager (PC/SC) 107 provides APIs and events so that the smart card resource manager web-browser application interface program 303 can monitor card insertion and removal through an event-loop. The smart card resource manager 107 transmits a request for the smart card 104 to do an answer to reset (ATR) 905. The smart card 104 responds with the ATR 907, which is transmitted to the web-browser 203; specifically to the smart card resource manager web-browser application interface program 303, step 909. If the smart card resource manager web-browser application interface program 303 can determine that the appropriate card-specific driver 301 has already been loaded, step 911, the web-browser 203 can proceed with the communication with the card, step 913. Otherwise, the ATR is transmitted to the remote server 511.); 
[transmitting a card specific driver] of a ... smart card ([0069] and [0070] – transmit the card specific driver 302 back to host computer 103 and [0073]-[0075] - The remote server 511 determines from the result whether the smart card 104 is known and has a supported driver, step 935. If the remote server 511 determines that the smart card 104 answered as the smart card 104 that the server 511 was testing for, the server 511 transmits the card-specific driver 301 back to the host computer 103, step 937.); 
determining, [based on the card specific driver], a cryptographic service provider ([0069] and [0070] – transmit the card specific driver 302 back to host computer 103 and [0073]-[0075] - That particular application 101 would then be developed on the smart card resource manager wrapper extension 303 via the card-specific driver 301 (loaded using the bootstrapping script 900) to directly access those cryptography capabilities and [0081]-[0082] -- The SMail server 151 looks up the database to determine the corresponding smart card specific PKCS#11 JavaScript Module (i.e., in the terminology used hereinabove, the card-specific driver 301) for the smart card 104 and sends it back in response to the previous request, step 169. Once the card specific driver 301 is downloaded it starts communicating with the smart card 104 (using the smart card resource manager web-browser application interface program 303). Secure communication is ensured by requiring that encrypted messages are sent to the smart card 104 from the server 511);
and transmitting, via the determined cryptographic service provider, via the ... channel, and to the client device, one or more requests for a cryptographic operation involving the smart card ([0069] and [0070] – transmit the card specific driver 302 back to host computer 103 and [0073]-[0075] - That particular application 101 would then be developed on the smart card resource manager wrapper extension 303 via the card-specific driver 301 (loaded using the bootstrapping script 900) to directly access those cryptography capabilities and [0081]-[0082] -- The SMail server 151 looks up the database to determine the corresponding smart card specific PKCS#11 JavaScript Module (i.e., in the terminology used hereinabove, the card-specific driver 301) for the smart card 104 and sends it back in response to the previous request, step 169. Once the card specific driver 301 is downloaded it starts communicating with the smart card 104 (using the smart card resource manager web-browser application interface program 303). Secure communication is ensured by requiring that encrypted messages are sent to the smart card 104 from the server 511).
Sachdeva fails to disclose:
establishing a virtual channel between a server and a client device;
substituting the ATR data of the smart card with proxy ATR data of a proxy smart card.
... proxy ATR data...;
However, in an analogous art, Vajravel teaches
 establishing a virtual channel between a server and a client device (Vajravel, [0007]-[0008] and [0017]);and 
concepts of ATR data and a proxy smart card (Vajravel, [0033]-[0037] – smart card proxy).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Vajravel to the channel and card of Sachdeva to include establishing a virtual channel between a server and a client device and concepts of ATR data and a proxy smart card 
One would have been motivated to combine the teachings of Vajravel to Sachdeva to do so as it provides / allows a full set of APIs to be available when a smart card is redirected (Vajravel [0031]). 
Further, in an analogous art, Prabdial teaches substituting the ... data of the ... card with proxy... data of a proxy ... card. (Prabdial, [0089] – When the SIM first communicates.... forwards information to the service platform regarding... information of the SIM and the devices that are attempting to connect... The service platform may send a command through the network to the SIM to change unique identifiers to a new unique identifier and [0061] – This message includes the IMSI (read from the card) and [0097] – add a new IMSI... . The IMSI may be deleted from the priority list but remain stored on the SIM to allow for it to be easily placed back at a later time or it may be purged from the SIM entirely. Both deletion and purge may occur upon instruction from the service platform);
A person of ordinary skill in the art before the effective filing data of the claimed invention would have recognized the substituting of data with proxy data of a proxy card and use of proxy card data of Prabdial could be substituted for [transmitting a card specific driver] of a ... “proxy” smart card and determining, [based on the card specific driver], a cryptographic service provider steps of the combination of Sachdeva and Vajravel as the proxy data and use of a card specific driver are both used for identification purposes, see Sachdeva [0081]-[0082] and Prabdial, [0089].  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute teachings according to known methods to yield the predictable result of providing a means to identify based on proxy “ATR” data that has been substituted for a proxy “smart” card based on substituting and combining features from Sachdeva and Vajravel and Prabdial.

Regarding Claim 2;
Sachdeva in view of Vajravel and Prabdial disclose the method to Claim 1.
Sachdeva further discloses wherein the receiving the message comprises receiving the message via a personal computer/smart card (PC/SC) protocol ([0030] - Host (PC) applications connect to smart cards 104 via a dedicated communication layer called PC/SC in the host operating system.).
	Vajravel additionally further teaches wherein the receiving the message comprises receiving the message via a personal computer/smart card (PC/SC) protocol (Vajravel, [0066]).
Regarding Claim 3;
Sachdeva in view of Vajravel and Prabdial disclose the method to Claim 1.
	Sachdeva further discloses answer to reset (ATR) data ([0067]-[0069])
Vajravel further teaches ATR data is performed by a personal computer/smart card (PC/SC) redirection layer of the server (Vajravel, FIG. 6 – Server w/ Smart Card Stub 401 and [0030] and [0033]-[0037] – smart card proxy and [0066] – PC/SC and [0074]-[0078] – intercepting, by a smart card stub that executes within the remote session, an API call for accessing the redirected smart card that was made by an application executing with the remote session).
Similar rationale and motivation is noted for this combination, as per Claim 1, above.
Prabdial teaches wherein substituting the ... data of the ... card with proxy... data of a proxy ... card. (Prabdial, [0089] – When the SIM first communicates.... forwards information to the service platform regarding... information of the SIM and the devices that are attempting to connect... The service platform may send a command through the network to the SIM to change unique identifiers to a new unique identifier and [0061] – This message includes the IMSI (read from the card) and [0097] – add a new IMSI... . The IMSI may be deleted from the priority list but remain stored on the SIM to allow for it to be easily placed back at a later time or it may be purged from the SIM entirely. Both deletion and purge may occur upon instruction from the service platform).
Similar rationale and motivation is noted for this combination, as per Claim 1, above.



Regarding Claim 4;
Sachdeva in view of Vajravel and Prabdial disclose the method to Claim 1.
	Sachdeva further discloses answer to reset (ATR) data ([0067]-[0069])
Vajravel further teaches retrieving, via a personal computer/smart card (PC/SC) hook of the server, the ATR ... data (Vajravel, FIG. 6 – Server w/ Smart Card Stub 401 and [0030] and [0033]-[0037] – smart card proxy and [0036] – smart card stub can include hooking and [0066] – ATR... The PC/SC specification (which governs smart card integration in computing environments) requires that smart cards be identifiable using attributes such as the ATR and device name).
Similar rationale and motivation is noted for this combination, as per Claim 1, above.
Prabdial teaches wherein substituting the ... data of the ... card with proxy... data, comprises retrieving... the proxy .... data (Prabdial, [0089] – When the SIM first communicates.... forwards information to the service platform regarding... information of the SIM and the devices that are attempting to connect... The service platform may send a command through the network to the SIM to change unique identifiers to a new unique identifier and [0061] – This message includes the IMSI (read from the card) and [0097] – add a new IMSI... . The IMSI may be deleted from the priority list but remain stored on the SIM to allow for it to be easily placed back at a later time or it may be purged from the SIM entirely. Both deletion and purge may occur upon instruction from the service platform).
Similar rationale and motivation is noted for this combination, as per Claim 1, above.



Regarding Claim 5;
Sachdeva in view of Vajravel and Prabdial disclose the method to Claim 1.
	Sachdeva further discloses ATR data and querying a database for an association between [card specific driver] and the cryptographic service provider ([0069] and [0070] – transmit the card specific driver 302 back to host computer 103 and [0073]-[0075] - That particular application 101 would then be developed on the smart card resource manager wrapper extension 303 via the card-specific driver 301 (loaded using the bootstrapping script 900) to directly access those cryptography capabilities and [0081]-[0082] -- The SMail server 151 looks up the database to determine the corresponding smart card specific PKCS#11 JavaScript Module (i.e., in the terminology used hereinabove, the card-specific driver 301) for the smart card 104 and sends it back in response to the previous request, step 169. Once the card specific driver 301 is downloaded it starts communicating with the smart card 104 (using the smart card resource manager web-browser application interface program 303). Secure communication is ensured by requiring that encrypted messages are sent to the smart card 104 from the server 511).
Vajravel further additionally teaches ATR data (Vajravel, [0066]).
Similar rationale and motivation is noted for this combination, as per Claim 1, above.
Prabdial teaches wherein proxy... data of a proxy ... card. (Prabdial, [0089] – When the SIM first communicates.... forwards information to the service platform regarding... information of the SIM and the devices that are attempting to connect... The service platform may send a command through the network to the SIM to change unique identifiers to a new unique identifier and [0061] – This message includes the IMSI (read from the card) and [0097] – add a new IMSI... . The IMSI may be deleted from the priority list but remain stored on the SIM to allow for it to be easily placed back at a later time or it may be purged from the SIM entirely. Both deletion and purge may occur upon instruction from the service platform).
Similar rationale and motivation is noted for this combination, as per Claim 1, above.

Regarding Claim 6;
Sachdeva in view of Vajravel and Prabdial disclose the method to Claim 1.
Sachdeva further discloses ATR data and a [card specific driver], and storing, in the database, the a [card specific driver], in association with the cryptographic service provider to use for one or more cryptographic operations with the smart card ([0069] and [0070] – transmit the card specific driver 302 back to host computer 103 and [0073]-[0075] - That particular application 101 would then be developed on the smart card resource manager wrapper extension 303 via the card-specific driver 301 (loaded using the bootstrapping script 900) to directly access those cryptography capabilities and [0081]-[0082] -- The SMail server 151 looks up the database to determine the corresponding smart card specific PKCS#11 JavaScript Module (i.e., in the terminology used hereinabove, the card-specific driver 301) for the smart card 104 and sends it back in response to the previous request, step 169. Once the card specific driver 301 is downloaded it starts communicating with the smart card 104 (using the smart card resource manager web-browser application interface program 303). Secure communication is ensured by requiring that encrypted messages are sent to the smart card 104 from the server 511).
Vajravel further additionally teaches ATR data (Vajravel, [0066]).
Similar rationale and motivation is noted for this combination, as per Claim 1, above.
However, in an analogous art, Prabdial teaches further comprising: generating the substitute identifier associated with proxy... data (Prabdial, [0089] – When the SIM first communicates.... forwards information to the service platform regarding... information of the SIM and the devices that are attempting to connect... The service platform may send a command through the network to the SIM to change unique identifiers to a new unique identifier and [0061] – This message includes the IMSI (read from the card) and [0097] – add a new IMSI... . The IMSI may be deleted from the priority list but remain stored on the SIM to allow for it to be easily placed back at a later time or it may be purged from the SIM entirely. Both deletion and purge may occur upon instruction from the service platform); and storing, in the database... (Prabdial, [0097] - Conventionally, as the IMSI and security key are intrinsically linked).

Similar rationale and motivation is noted for this combination, as per Claim 1, above.



Regarding Claim 7;
Sachdeva in view of Vajravel and Prabdial disclose the method to Claim 6.
Sachdeva further discloses wherein storing the [card specific driver] comprises storing.... as information identifying the cryptographic service provider [0069] and [0070] – transmit the card specific driver 302 back to host computer 103 and [0073]-[0075] - That particular application 101 would then be developed on the smart card resource manager wrapper extension 303 via the card-specific driver 301 (loaded using the bootstrapping script 900) to directly access those cryptography capabilities and [0081]-[0082] -- The SMail server 151 looks up the database to determine the corresponding smart card specific PKCS#11 JavaScript Module (i.e., in the terminology used hereinabove, the card-specific driver 301) for the smart card 104 and sends it back in response to the previous request, step 169. Once the card specific driver 301 is downloaded it starts communicating with the smart card 104 (using the smart card resource manager web-browser application interface program 303). Secure communication is ensured by requiring that encrypted messages are sent to the smart card 104 from the server 511).
Prabdial further teaches storing the substitute identifier in a same file as information identifying the [cryptographic operation] (Prabdial, FIG. 2 – Device 20 w/ SIM 21 and 22 depict identifiers stored w/ Ki1 representing a database (i.e. “file”) containing the identifier and operation Ki1 on same lines).
Similar rationale and motivation is noted for this combination, as per Claim 1, above.


Regarding Claim 8;
Sachdeva in view of Vajravel and Prabdial disclose the method to Claim 1.
Sachdeva further discloses wherein the ATR data comprises an identifier that identifies smart card type of the smart card ([0068] - In many cases the type of smart card 104 can be identified from a field in the ATR known as the historical bytes).






Regarding Claim(s) 9-16; claim(s) 9-16 is/are directed to a/an apparatus associated with the method claimed in claim(s) 1-8. Claim(s) 9-16 is/are similar in scope to claim(s) 1-8 and is/are therefore rejected under similar rationale.

Regarding Claim(s) 17-20; claim(s) 17-20 is/are directed to a/an medium associated with the method claimed in claim(s) 1, 5, 6 and 8. Claim(s) 17-20 is/are similar in scope to claim(s) 1, 5, 6 and 8, and is/are therefore rejected under similar rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439