DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This office action is in response to the applicant’s amendment received on August 2, 2022 (“Amendment”).
Instant publication, US 20210150520 A1 will be referred to as “Specification” hereinafter.

Claim Status
Claims 1, 2, 4, and 7-9 have been amended.
Claim 5 was previously canceled.
Claims 1-4 and 6-9 are pending.

Claim/Specification Objection
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required: an application of a general processing unit.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-4 and 6-9 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 1 recites “… wherein signing comprises, before effectively signing, verifying, by said secure processing unit, that the application [e.g. application of the general processing unit] is authorized to request signatures of data, so that an unauthorized application is unable to request signing from said secured processing”.
The examiner has reviewed the Specification for support for this limitation, however, was not able to find support. For example, verifying is mentioned six times in the Specification. However, this verifying steps in the Specification are all in the context of verifying the user device by the terminal device and vice versa.
Fig. 2 also depicts the process within the communication terminal that resembles the flow as recited in the claim. In the Figure and its corresponding section in the specification, data to be signed (Das) and an identifier of the communication terminal (UiD) are sent to a secured processing unit (UTS) by a general processing unit (UTG), the UTS and UTG both being part of the terminal. The UTS signs the Das and UiD and sends the signed Das (DS) and signed UiD (UiDs) to the UTG. See Fig. 2 and its corresponding section in the Specification.
There is no support “before effectively signing, verifying, by said secure processing unit, that the application [e.g. application of the general processing unit] is authorized to request signatures of data, so that an unauthorized application is unable to request signing from said secured processing”. In other words, there is no support in the specification that the UTS prior to signing the Das and UiD, data that was received from the UTG, verifying that the UTG is authorized to request signatures of data so that an unauthorized application is unable to request signing from said UTS.
Fig. 3 also depicts the communications terminal as claimed in claim 1, specifically that the communication terminal comprises a memory 31, general processing unit 32 equipped with a microprocessor and managed by a computer program 33, and a secured processing unit 34 managed by a computer program 35. These processing unit 34 implements the method of authentication (e.g. between the user device and the communication terminal). At initialization, the computer program 35 (program of the secured processing unit) is loaded into a memory and then executed by the processor of the secured processing unit as described in allowing the authentication process, e.g. sign the received data, and provide to the signed data to the general processing unit so that the general processing unit can transmit the signed data to the customer/user device for authentication.
There is no support “before effectively signing, verifying, by said secure processing unit, that the application [e.g. application of the general processing unit] is authorized to request signatures of data, so that an unauthorized application is unable to request signing from said secured processing”.

Even if this is supported in the Specification, in arguendo, the examiner finds that there is no algorithm as to how the secured processing unit of said communications terminal verifies said secure processing unit, that the application [e.g. application of the general processing unit] is authorized to request signatures of data, so that an unauthorized application is unable to request signing from said secured processing, given that the function is a computer-implemented function and that the claim states that the application of the general processing unit merely performs functions of obtaining the piece of data and the identifier of the communications terminal prior to the signing of the piece of data and the identifier.

The other independent claims 8 and 9 are significantly similar in scope, hence they too are rejected.
The dependent claim(s) are rejected as they depend on claim 1 and fail to cure the identified deficiencies.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4 and 6-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Per claim 1, the claim recites “… wherein signing comprises, before effectively signing, verifying by said secured processing unit, that the application is authorized to request signatures of data, so that an unauthorized application is unable to request signing from said secured processing unit”. Here, one of ordinary skill in the art would appreciate that by obtaining the identifier of said communications terminal and the piece of data to be signed by the application of a general processing unit and transmitting by the general processing unit the piece of data to be signed and the identifier to the secured processing unit, it is the application that is requesting the signing from the secured processing unit. In other word, the secured processing unit verifies that the application is authorized to request signatures of data upon receiving the request. The claim, however, suggests that the verifying of the application’s authorization somehow prohibits application(s) from requesting. To described another way, the claim suggests that the verification is performed after the request is received but somehow prohibits the request that has been received already.
The other independent claims include same deficiencies, hence are rejected.
The dependent claims are rejected as they depend on the claim(s) above.

Response to the Argument
The claim objection in the previous final action dated 10/8/2021 is withdrawn in view of the amendment. The claims, however, remain rejected for the reasons outlined above.
112 (a)
The applicant points to page 8, lines 18-27 and page 9, lines 14-21 and asserts that “the application as filed describes that: 1) the key (used to sign the piece of data to be signed) is only available to the secured processing unit, and 2) the secured processing unit keep this key and make it accessible to only a limited number of trusted applications, including the application of the claimed method.” The applicant further asserts that “[A]s a consequence, the secured processing unit is able to, when an application of the communication terminal requests a signature to the secured processing unit, verify that the application is authorized to request said signature.” (see pages 7-8 of the Amendment). Initially, the applicant is reminded that the rejection is not of enablement rejection rather the rejection is due to the claims containing subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 

The sections that the applicant submits are found below for convenience:
Page 8, lines 18-27
It is assumed that the merchant's terminal (it is a telephone, a tablet or a PC) is not secured
as such but has securing resources. These securing resources can for example take the form
of a "Secure Element - SE" or a "Trusted Execution Environment - TEE" or again another
dedicated hardware or software component. It is assumed, for the explanations that follow,
that the payment application of the merchant's terminal is called TPC and that it comprises
a verification (identification) module called V (it is for example an SE, a TEE or more
generally a secured processing unit). It is also assumed that there is a payment application
on the user's device DU and that the user's device (DU) comprises a proof module (to
confirm identity) called P (it is for example an SE, a TEE or more generally a secured
processing unit).

The examiner submits that one of ordinary skill in the art would appreciate that the instant claims are directed to the merchant’s terminal and steps/functions performed by the terminal’s components (see preamble in claim 1, specifically describing a method implemented during a payment transaction taking place between a merchant’s communication terminal and a user device, and the body of claim that describes actions performed by components of said communication terminal). Page 8, lines 18-27 discloses that the merchant’s terminal (such as telephone, a tablet, or a PC) is not secured but instead has securing resource, i.e., Secured Element (SE) or Trusted Execution Environment, a dedicated hardware or software component. The section also describes that the payment application is called TPC and it (?) (potentially the TPC or the merchant terminal) comprises a verification (identification) module called V, i.e., SE, a TEE or more generally a secured processing unit.
This section does not provide description of “1) the key (used to sign the piece of data to be signed) is only available to the secured processing unit, and 2) the secured processing unit keep this key and make it accessible to only a limited number of trusted applications, including the application of the claimed method”

page 9, lines 12-21
There is a reason for which this assumption is made: the inventors have had the idea
of making the key (for example public key) of a signature (of V) directly accessible to the
securing resources of the merchant's terminal. In one embodiment for example, the securing 
resources [ of the merchant terminal] keep this key and they [the securing resources] make it 
[the key] accessible to only a limited number of trusted applications (for example only one 
application: the payment application installed on the merchant's terminal). Besides, the "secure 
element" itself carries out the encryption operations on behalf of the payment application of 
the merchant's terminal. Thus, in the first step, before the transmission of the challenge to the 
user's communications terminal, the challenge is signed by the securing resources by using the 
key of V (the key of the payment application). According to one particular characteristic, this key 
is a public key.

Page 9, lines 12-21 describes that the securing resources, i.e., Secured Element (SE) or Trusted Execution Environment, a dedicated hardware or software component, keep this key (i.e., public key of a signature of V), and makes the public key of the signature V assessible to only a limited number of trusted applications (for example only one application, i.e., the payment application installed on the merchant’s terminal). The section also describes that the “secure element” carries out the encryption operations on behalf of the payment application of the merchant’s terminal. The section also discloses that the before the transmission of the challenge to the user’s communications terminal, the challenge is signed by the securing resources, i.e., Secured Element (SE) or Trusted Execution Environment, a dedicated hardware or software component, by using the key of V (the key of the payment application). 
While this section provide description of “1) the key (used to sign the piece of data to be signed) is only available to the secured processing unit”, the section does not show support for “2) the secured processing unit keep this key and make it accessible to only a limited number of trusted applications, including the application of the claimed method” as alleged by the applicant. For example, this section does not describe that the application, i.e., payment application, is one of the trusted applications. On the contrary in page 8, lines 18-27, the section describes that the payment application is not secured. One of ordinary skill in the art would appreciate that an application that is not secured should not be “trusted”.
Moreover, even if the applicant’s assertions are supported in the sections, these two descriptions, i.e., 1) the key (used to sign the piece of data to be signed) is only available to the secured processing unit and 2) the secured processing unit keep this key and make it accessible to only a limited number of trusted applications, including the application of the claimed method, do not find support that the secure resource such as secured processing unit of the merchant terminal verifies that the application is authorized to request signatures of data so that unauthorized application is unable to request signing from the secured processing unit prior to the secured processing unit signing the piece of data and the identifier.

Even if this is supported in the Specification, in arguendo, the examiner finds that there is no algorithm as to how the secured processing unit of said communications terminal verifies said secure processing unit, that the application [e.g. application of the general processing unit] is authorized to request signatures of data, so that an unauthorized application is unable to request signing from said secured processing, given that the function is a computer-implemented function and that the claim states that the application of the general processing unit merely performs functions of obtaining the piece of data and the identifier of the communications terminal prior to the signing of the piece of data and the identifier.

In regards to 112(b) rejections, the applicant fails to address or provide arguments to all the deficiency(s) as identified in the previous office action.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Applied Cryptography discloses mutual authentication using digital signatures.
US Patent No. 10,332,087 discloses a Sales Device connected to a mobile device through NFC communication for performing transactions. The Sales Device is equipped with a secured element that encrypts payment information along with payment terminal identification using a Master key. This encrypted information is sent to the mobile device for transaction.
US 20140222688 A1 discloses a secure element that is disposed in a client device an/or merchant device in performing transaction using NFC;
US 20020144117 A1 discloses mutual authentication used in challenge response by utilizing signatures.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN S KIM whose telephone number is (571)270-5287.  The examiner can normally be reached on Monday -Friday: 7:00 - 3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on 571-272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/STEVEN S KIM/Primary Examiner, Art Unit 3685