DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgments
The RCE filed on 08/29/22 is acknowledged. 

Status of Claims
Claims 1-30 are pending. 
In the Amendment filed on 08/11/22, claims 1, 3, 6, 8, 9, 11, 14, 16, 17, 19, 22, 24-26, 28 and 30 were amended, and no claims were cancelled or added.
Claims 1-30 are rejected.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/11/22 has been entered, except as indicated below.
Response to Arguments
Regarding the Objections to the Specification and the Amendments to the Specification
The amendments to the specification do not comply with 37 C.F.R. 1.121(b)(1)(ii) ("The full text of any replacement paragraph with markings to show all the changes relative to the previous version of the paragraph."). As stated in the previous Office Action (Final Office Action, issued 06/20/22), Response to Arguments, p. 3, the amendments to the specification presented by Applicant in the last Response (filed 4/13/22) were not entered. (Applicant's instant remarks (Response, pp. 14-15) fail to take notice of this point.)
Accordingly, the previous version of paragraph 0047 is not the version Applicant submitted in the last Response (filed 4/13/22), but rather the version in the original specification as filed. Consequently, the instant amendments to the specification presented by Applicant do not show the changes relative to the previous version of the paragraph. Thus, the instant amendments to the specification are non-compliant. Accordingly, the instant amendments to the specification have not been entered.
Further, the Office questions the propriety of Applicant's arguments. Applicant argues against the objection to the specification based on the previous amendments to the specification that Applicant presented which, as indicated, were not entered, on grounds of constituting new matter. See Applicant's repeated arguments based on a "typical" implementation of the client application or the like, Response, pp. 14-16. (Note: the specification does not mention a "typical" implementation of the client application.) 
Finally, in view of Applicant's remarks, the Office finds that 0019 of the original specification as filed offers resolution of the objection to the specification, as one of ordinary skill it the art will be able to understand how the content thereof may apply to 0047. Accordingly, the objection to the specification is withdrawn. To be sure, this does not negate the fact that the specification is confusing and appears hastily drafted without due attention to an organized, logical or systematic exposition of its subject matter. See, e.g., the apparent self-contradiction that gave rise to the objection to the specification, as explained in the previous Office Actions, as well as Applicant's attempts to rewrite the specification (0047) in the amendments thereto presented in Applicant's previous Response (filed 04/13/22) (reflecting that 0047 is unclear as to whether it is a detailed account of the specific steps of Fig. 3 (starting with block 302) or rather a more general overview/introduction/etc. of/to Fig. 3/etc.). 
Regarding the rejection under 35 U.S.C. 112(a)
The previous rejections have been withdrawn in view of Applicant's claim amendments and remarks.
For the record, the reader's attention is directed to the  following remarks bearing on claim construction, regarding the previous rejection under the heading "Lack of Written Description/Not in Specification" (Final Office Action, pp. 17-18), namely, the rejection of the recitation "generating a secure user interface display in a secure execution environment of the computing device in response to determining that the data input element is a vulnerable data input element." 
Applicant fails to confront head on the substance (grounds) of the rejection as set forth in the Final Office Action (pp. 17-18). In particular, the rejection indicated that the mere fact that two events occur in chronological sequence is not equivalent to and does not encompass or logically imply that the one event occurs in response to the other event (put succinctly, temporal sequence does not imply causal connection): 
It is also noted that if two events are described as occurring one after the other, this in itself does not amount to a description of the two events occurring one in response to the other. (Final Office Action, p. 19)

Applicant has not addressed this ground of the rejection. 
Instead, Applicant has cited putative support in the original specification, the content of which support amounts merely to an assertion that "generating a secure user interface display in a secure execution environment of the computing device" occurs following "determining that the data input element is a vulnerable data input element." And this "following" is not a matter of one step following another consecutively, but rather of one step (314) following another (306) after numerous intervening steps. 
Accordingly, the Office deems Applicant's remarks to assert for the record (for purposes of prosecution history estoppel/ file wrapper estoppel) that the claim language "in response to" in the recitation in question means merely "following," where the following of the one event/step after the other can occur after numerous intervening events/steps. Accordingly, this claim language is deemed to read on prior art teaching (mere temporal) following, even if involving numerous intervening events/steps, and this claim language does not require a causal connection or the like. 
Clarification is provided below regarding one particular point of Applicant's argument.
At Response, p. 17, second paragraph, Applicant states: 
In one embodiment, the specification discloses that "[i]n response to the processing device determining that the data input element is a vulnerable data input element (i.e., determination block 306 = "Yes")," a process flow follows that includes that "the processing device may present a display having a data input element in block 314." Id., paragraphs [0050] and [0053] (emphasis added). (Italics in original)
Applicant's argument here is misleading. Specifically, the presenting of a "display having a data input element in block 314," as actually described in the specification (0053), occurs in response to block 306 = No, not in response to block 306 = Yes (as implied by Applicant), that is, in response to determining that the data input element is not a vulnerable data input element, not in response to determining that the data input element is a vulnerable data input element (as implied by Applicant). Note that while 0050 describes block 306 = Yes (determining that the data input element is a vulnerable data input element), it does not describe the presenting of a "display having a data input element in block 314," or the "generating a secure user interface display in a secure execution environment of the computing device" in response to the step of block 306 = Yes. 
	As for the remainder of Applicant's citations to the specification (i.e., other than 0050 and 0053, as discussed above), they describe and support merely the relationship of "following," as described above (not "in response to" in a causal sense or the like). 
Regarding the rejections under 35 U.S.C. 112(b)
The previous rejections have been withdrawn in part, in view of Applicant's claim amendments. 
Regarding the Unclear Scope rejection, specifically, the limitation "determining, in a secure execution environment and prior to presenting a user interface display via a display device, whether a data input element of the user interface display in a normal execution environment and of a client application running in the normal execution environment is a vulnerable data input element" (or the version thereof prior to the instant amendment):
Applicant argues: 
Further, one of ordinary skill in the art would know that aspects of a computer application, such as "the user interface display of a client application running in a normal execution environment," may exist on a computing device, including at a processor, at a memory, etc., in various forms, including in source code, in machine code, etc., prior to being displayed. (Response, p. 94; emphasis added)

Applicant's language ("aspects of a computer application") is unclear, and the argument is misleading and not sound. Applicant says that the same thing exists in various forms. While there is a truth to this point, the reality -- and for purposes of patent prosecution, the precision -- is that this is not a matter of the same thing; rather, it is a matter of different things -- the different "forms" are different things, different kinds of things. Computer code is not the same thing as that which is produced by executing the computer code, e.g., an entry filed displayed on a computer screen, or an action performed by running a computer program. Applicant's utterly imprecise use of language (speaking of a result as a shorthand for the computer code that generates the result) yields a slippery meaning that renders the claim scope unclear. See the rejection in the body of the Office Action for further explanation.  
Note: Applicant's discussion of "support" (Response, p. 94) is not pertinent to the rejection under 35 U.S.C. 112(b).
Regarding the "means-plus-function" rejections:
As Applicant concedes (Response, p. 22), for a computer-implemented means-plus-function limitation the disclosure must disclose not only a computer but also an algorithm for performing the function. Applicant has compiled a voluminous correspondence table (Response, pp. 23-92) purportedly showing the "corresponding disclosure in the specification" ("structure" (i.e., computer) and "algorithm") for each of the means-plus-function elements. However, the table fails to show the algorithms. For example, for claim 25, for the first means-plus-function element thereof, the algorithm is cited as block 306: "In block 306, the processing device may determine whether the data input element is a vulnerable data input element." (Response, p. 27). The cited disclosure is merely a restatement of the function of the means-plus-function element. Indeed, the cited disclosure is not even a complete statement of the function, but rather a brief and incomplete description/summary of the function. A (re)statement of the function is not an algorithm (sequence of steps) for performing the function. Due to the voluminous nature of Applicant's remarks (in the table), the Office declines to address each function of each means-plus-function element individually. As a rule, the cited corresponding disclosure in the specification fails to cite an algorithm (sequence of steps) but rather only restates the function. 
Note: regarding claim 30, the correspondence table appears to omit discussion of the means-plus-function element "presenting the secure user interface display overlaid over the non-secure display." See Remarks, pp. 81-92.
Regarding the rejections under 35 U.S.C. 103
Applicant's arguments have been fully considered but are moot in view of the new combination of prior art being used in the current rejection. 



Title
The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. 
The following title is suggested: "Secure User Interface Comprising Combined Secure Display and Non-secure Display and Generated Using Secure Execution Environment and Normal Execution Environment." MPEP 606, 606.01

Examiner's Comments
Not Positively Recited
Claim 4 recites:
"wherein assigning ownership of the data input element to the secure execution environment, assigning ownership of the data input device to the secure execution environment, and assigning ownership of the display device to the secure execution environment occur in response to determining that the data input element is a vulnerable data input element"
The recitation of the not positively recited use of the claimed invention does not serve to differentiate the claims from the prior art. See In re Wilder, 166 USPQ 545 (CCPA 1970).

Optional Language/Contingent Limitations
Claim 4 recites "wherein assigning ownership of the data input element to the secure execution environment, assigning ownership of the data input device to the secure execution environment, and assigning ownership of the display device to the secure execution environment occur in response to determining that the data input element is a vulnerable data input element." The referenced determining step (base claim 1) may result in either of two outcomes (determining that the data input element is a vulnerable data input element; determining that the data input element is not a vulnerable data input element). The operations of the wherein clause occur only if the former outcome occurs (determining that the data input element is a vulnerable data input element).
Claim 5 recites "responding to the data input signal in response to determining that the data input signal represents the user interaction with the data input element owned by the secure execution environment; and providing the data input signal to the client application running in the normal execution environment in response to determining that the data input signal does not represent the user interaction with the data input element owned by the secure execution environment." This claim language recites two mutually exclusive conditions ("in response to determining that … represents …"; "in response to determining that … does not represent …"). Accordingly, the claim does not require that both operations ("responding …"; "providing …") be performed -- indeed does not permit both operations to be performed together with a single instance of the preceding steps ("receiving, …"; "determining …"). Thus, the claim reads on prior art teaching only one of the operations ("responding …"; "providing …").
Claim 7 recites "preventing presentation of the vulnerable data input element by the client application in response to determining that the data input element is a vulnerable data input element." The referenced determining step (base claim 1) may result in either of two outcomes (determining that the data input element is a vulnerable data input element; determining that the data input element is not a vulnerable data input element). The preventing step occurs only if the former outcome occurs (determining that the data input element is a vulnerable data input element).
As per MPEP 2103.I.C.:
Language that suggests or makes a feature or step optional but does not require that feature or step does not limit the scope of a claim under the broadest reasonable claim interpretation. [For example:] 
(A) statements of intended use or field of use, including statements of purpose or intended use in the preamble,  
(B) "adapted to" or "adapted for" clauses,
(C) "wherein" or "whereby" clauses,
(D) contingent limitations,
(E) printed matter, or
(F) terms with associated functional language.

As per MPEP 2111.04.II.
The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met. For example, assume a method claim requires step A if a first condition happens and step B if a second condition happens. If the claimed invention may be practiced without either the first or second condition happening, then neither step A or B is required by the broadest reasonable interpretation of the claim. If the claimed invention requires the first condition to occur, then the broadest reasonable interpretation of the claim requires step A. If the claimed invention requires both the first and second conditions to occur, then the broadest reasonable interpretation of the claim requires both steps A and B.


Therefore, the above claim language, which is optional/ contingent limitations, does not limit the scope of the claim under the broadest reasonable interpretation to require both method steps.

Note: In the interest of compact prosecution, prior art is cited for the aforementioned claimed subject matter that does not differentiate the claims from the prior art/does not limit the scope of the claims. See rejection under 35 U.S.C. 103 below.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”), namely, claims 25-30, are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 U.S.C. § 112 
The following is a quotation of 35 U.S.C. 112(b):


(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-30 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 

Means-Plus-Function
Claim 25 recites:
means for determining, in a secure execution environment and prior to presenting a user interface display on the display device, whether a data input element of the user interface display in a normal execution environment and of a client application running in the normal execution environment is a vulnerable data input element; 
means for generating a secure user interface display in the secure execution environment of the computing device in response to determining that the data input element is a vulnerable data input element; 
means for generating a non-secure display in a normal execution environment of the computing device; 
means for combining the secure user interface display and the non-secure display into a combined display; and 
means for presenting the combined display on the display device.
Claim 26 recites:
means for assigning ownership of the data input element to the secure execution environment; 
means for assigning ownership of the data input device to the secure execution environment; and 
means for assigning ownership of the display device to the secure execution environment,
wherein means for generating the secure user interface display in the secure execution environment comprises means for generating the secure user interface display having the data input element owned by the secure execution environment.
Claim 27 recites:
means for receiving, in the secure execution environment, a data input signal via the data input device owned by the secure execution environment; 
means for determining whether the data input signal represents a user interaction with the data input element owned by the secure execution environment; 
means for responding to the data input signal in response to determining that the data input signal represents the user interaction with the data input element owned by the secure execution environment; and 
means for providing the data input signal to the client application running in the normal execution environment in response to determining that the data input signal does not represent the user interaction with the data input element owned by the secure execution environment.
Claim 28 recites:
wherein: means for generating the secure user interface display in the secure execution environment comprises means for generating the secure user interface display having the data input element owned by the secure execution environment, wherein the client application running in the normal execution environment includes a digital payment servicer function; and 
means for generating the non-secure display in the normal execution environment comprises means for generating the non-secure display for the client application or an operating system.
Claim 29 recites:
means for preventing presentation of the vulnerable data input element by the client application in response to determining that the data input element is a vulnerable data input element.
Claim 30 recites:
wherein means for presenting the combined display via the display device comprises one of: means for presenting the secure user interface display and the non-secure display adjacent to each other; means for presenting the secure user interface display overlaid over the non-secure display; or means for presenting an integrated secure user interface display and non-secure display.
The above-indicated claim limitations invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed functions and/or to clearly link the structure, material, or acts to the functions. In this regard, the most pertinent portion of Applicant's specification appears to be the description of Figs. 3-6, i.e., 0046-0078. However, this portion of the specification appears to be devoid of the requisite structure (viz., the requisite algorithm) that performs the (computer-implemented) functions in the claims. At best, this portion of the specification appears to merely restate some of the functions. Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claims 26-30 are also rejected by virtue of their dependency from a rejected base claim.

Unclear Scope
Claims 1, 9, 17 and 25 recite "determining, in a secure execution environment and prior to presenting a user interface display via a display device, whether a data input element of the user interface display in a normal execution environment and of a client application running in the normal execution environment is a vulnerable data input element." 
- (A) The recitation is ambiguous. For example, it could be read as: 
(i) "determining … whether a data input element [a] of the user interface display in a normal execution environment and [b] of a client application running in the normal execution environment is a vulnerable data input element."
(ii) "determining … whether a data input element of the user interface display [a] in a normal execution environment and [b] of a client application running in the normal execution environment is a vulnerable data input element." 
Since the recitation admits of two meanings, the meaning and claim scope are not clear. 
- (B) It is not clear what meaning is added by the language "in a normal execution environment" (first instance), which was added in the instant amendment. The apparent redundancy renders the claim confusing and unclear. 
- (C) The language "data input element of the user interface display in a normal execution environment" and the language "data input element of the user interface display of a client application running in the normal execution environment" are understood as referring to a data input element that is displayed (e.g., on a screen). Since as per the recitation the displayed data input element does not exist at the time of the determining, the determining cannot occur and it does not make sense to speak of the determining. In fact, Applicant is using the language "data input element" as a shorthand for the code therefor: the aspect of Applicant's claimed invention in question is really about analyzing code and detecting a portion of code for (instantiating) a data input element, as Applicant's remarks (Response, p. 94) and specification (0048-0049, 0055) make clear. Thus, the claim language used means one thing on its face but in fact is being used as a shorthand for another thing. As such, the recitation is not clear and renders the claim scope unclear.
An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed (See In re Zletz, 893 F.2d 319,321 (Fed. Cir. 1989)).
Claims 2-8, 10-16, 18-24 and 26-30 are rejected by virtue of their dependency from a rejected claim.


Claim Rejections - 35 U.S.C. § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-30 under 35 U.S.C. 103 as being unpatentable over Ninomiya et al. (U.S. Patent Application Publication No. 2016/0042201 A1), hereafter Ninomiya, in view of Zhang et al. (U.S. Patent Application Publication No. 2022/0245878 A1), hereafter Zhang.

Regarding Claims 1, 9, 17 and 25
Ninomiya teaches:
generating the secure user interface display (Fig. 1A, 29B) in the secure execution environment (Figs. 3 and 4, 41) of the computing device …; (0073; secure user interface display is generated by 115, which is part of 41)
generating a non-secure display (Fig. 1A, 29A) in a normal execution environment (Figs. 3 and 4, 21) of the computing device; (0064; non-secure user interface display is generated by 109, which is part of 21)
combining the secure user interface display and the non-secure display into a combined display; and (0075, 0078, Figs. 1A, 2A, 5A)
presenting the combined display via the display device. (0078, Figs. 1A, 2A, 5A)
(claim 9) a display device (Figs. 1A-5A); and a processor coupled to the display device and configured to execute instructions within a secure execution environment and a normal execution environment, wherein the processor is configured to execute processor-executable instructions to perform operations comprising: (Figs. 3 and 4)
(claim 17) A non-transitory processor-readable storage medium having stored thereon processor-executable instructions configured to cause a processor of a computing device to perform operations comprising: (Figs. 3 and 4)
(claim 25) a display device; (Figs. 1A-5A)
Ninomiya, e.g., 0009, 0010, 0071, 0082-0083, 0091-0092, 0106, teaches setting coordinates of specific areas -- effectively, entry fields (data input elements) -- of a touchscreen surface for secure (vulnerable) elements and non-secure elements, respectively. Accordingly, Ninomiya implicitly teaches determining the locations of vulnerable and non-vulnerable data input elements, and hence determining whether a given data input element is a vulnerable data input element. However, Ninomiya does not explicitly disclose the following limitations. Nonetheless Zhang teaches:
determining, in a secure execution environment and prior to presenting a user interface display via a display device, whether a data input element of the user interface display in a normal execution environment and of a client application running in the normal execution environment is a vulnerable data input element; (0096, 0099, 0119-0123, 0125-0129 e.g., TEE and REE agree (teaches "determine") which areas in display template are to be provided by TEE (e.g., password input area) and which areas are to be provided by REE (the former areas are "vulnerable data input elements"), TEE sends identification (teaches "determination") of the display template to REE (step 306, which can occur before steps 304, 305), note that these determinations occur (or can occur) prior to the actual displaying, by TEE and REE, of the areas on the screen (steps 305, 308); see 0091-0138, steps 301-308, for context)
… in response to determining that the data input element is a vulnerable data input element; (0091-0138, see explanation above)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Ninomiya's systems and methods for user interfaces comprising both secure and non-secure input and display areas, by incorporating therein these teachings of Zhang, because Ninomiya implicitly teaches them and (at least in part) requires them to operate successfully, as explained above (e.g., determination and division of secure (vulnerable) and non-secure areas is necessary in order to assign responsibility for displaying each particular area to the proper EE (i.e., REE or TEE) in order to achieve the aimed-for security (i.e., vulnerable/secure areas should be under control of/displayed by TEE). In addition, the combination in question is a matter of combining prior art elements according to known methods to yield predictable results. MPEP 2143.I.A.

Regarding Claims 2, 10 and 18
Ninomiya in view of Zhang teaches base claims 1, 9 and 17. Ninomiya further teaches:
assigning ownership of the data input element to the secure execution environment; (0071 e.g., range of coordinates of 27B are assigned to 113 (of 41), 0091, 0050, 0052, 0067, 0009, 0010, 0073, 0083)
assigning ownership of a data input device to the secure execution environment; and (0073, 0083 e.g., 27, 27B are assigned to 113 (of 41) by 117 and 114, Figs. 3, 4, 5B, 113, 117, 114, 0071, 0091, 0050, 0052, 0067, 0009, 0010, 0043)
assigning ownership of the display device to the secure execution environment. (0072 e.g., 29, 29B are assigned to 115 (of 41) by 118 and 116, 0092 e.g., coordinates of 29B are set as secure display area, 0048, 0052, 0067, 0009, 0010, 0041, Figs. 3, 4, 5A, 115, 118, 116, 29)


Regarding Claims 3, 11 and 19
Ninomiya in view of Zhang teaches base claims 1, 9 and 17 and intervening claims 2, 10 and 18. Ninomiya further teaches:
wherein generating the secure user interface display in the secure execution environment comprises generating the secure user interface display having the data input element owned by the secure execution environment. (0095)

Regarding Claims 4, 12 and 20
Ninomiya in view of Zhang teaches base claims 1, 9 and 17 and intervening claims 2, 10 and 18. Ninomiya further teaches:
wherein assigning ownership of the data input element to the secure execution environment, assigning ownership of the data input device to the secure execution environment, and assigning ownership of the display device to the secure execution environment occur in response to determining that the data input element is a vulnerable data input element. (0009, 0010, 0071, 0082-0083, 0091-0092, 0106, see also citations for claims 2, 3 above)

Regarding Claims 5, 13, 21 and 27
Ninomiya in view of Zhang teaches base claims 1, 9, 17 and 25 and intervening claims 2, 10, 18 and 26. Ninomiya further teaches:
(A) receiving, in the secure execution environment, a data input signal via the data input device owned by the secure execution environment; (B) determining whether the data input signal represents a user interaction with the data input element owned by the secure execution environment; (C) responding to the data input signal in response to determining that the data input signal represents the user interaction with the data input element owned by the secure execution environment; and (D) providing the data input signal to the client application running in the normal execution environment in response to determining that the data input signal does not represent the user interaction with the data input element owned by the secure execution environment. (As per Fig. 4, all touch input is sent to secure part of second processing unit 41 (A), where it is determined whether the input represents (i) user interaction with data input element owned by secure execution environment or (ii) user interaction with data input element owned by non-secure execution environment (B), and, in response to the determination, the input is directed to the appropriate input touch processing section, 113 (secure) (C) or 107 (non-secure) (D), as explained at, e.g., 0082-0084; 0064, 0073; see also citations for claims 4, above, and 6, below)

Regarding Claims 6, 14, 22 and 28
Ninomiya in view of Zhang teaches base claims 1, 9, 17 and 25 and intervening claims 2, 10, 18 and 26. Ninomiya further teaches:
wherein: generating the secure user interface display in the secure execution environment comprises generating the secure user interface display having the data input element owned by the secure execution environment, wherein the client application running in the normal execution environment includes a digital payment servicer function; and (0088-0090, 0093-0094, 0096 secure display contents, e.g., PIN pad 80 and message urging input of PIN, are in service of payment transaction performed at least in part by application involved in performing payment transaction)
generating the non-secure display in the normal execution environment comprises generating the non-secure display for the client application or an operating system. (0088-0090, 0093-0094, 0096 non-secure display contents, e.g., message urging reading operation of payment card, are in service of payment transaction performed at least in part by application involved in performing payment transaction)

Regarding Claims 7, 15, 23 and 29
Ninomiya in view of Zhang teaches base claims 1, 9, 17 and 25. Ninomiya further teaches:
preventing presentation of the vulnerable first data input element by the client application in response to determining that the first data input element is a vulnerable data input element. (0011, 0080 e.g., unauthorized PIN pad is prevented from being displayed in secure display area) 

Regarding Claims 8, 16, 24 and 30
Ninomiya in view of Zhang teaches base claims 1, 9, 17 and 25. Ninomiya further teaches:
wherein presenting the combined display via the display device comprises one of: presenting the secure user interface display and the non-secure display adjacent to each other; presenting the secure user interface display overlaid over the non-secure display; or presenting an integrated secure user interface display and non-secure display. (Figs. 1A, 2A, 7A, 8A, 9A, 10A, 12A)

Regarding Claim 26
Ninomiya in view of Zhang teaches base claim 25. Ninomiya further teaches:
a data input device; (Figs. 1A-4, 5B)
means for assigning ownership of the data input element to the secure execution environment; (As per claim 2)
means for assigning ownership of the data input device to the secure execution environment; and (As per claim 2)
means for assigning ownership of the display device to the secure execution environment, (As per claim 2)
wherein means for generating the secure user interface display in the secure execution environment comprises means for generating the secure user interface display having the data input element owned by the secure execution environment. (As per claim 3)

Conclusion
The prior art made of record and not relied upon, as set forth in the accompanying Notice of References Cited (PTO-892), is considered pertinent to applicant's disclosure. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DOUGLAS W PINSKY whose telephone number is (571)272-4131.  The examiner can normally be reached on 8:30 am - 5:30 pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II, can be reached on 571-272-6709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DWP/
Examiner, Art Unit 3692 
/DANIEL S FELTEN/Primary Examiner, Art Unit 3692