`
`UNITED STATES PATENT AND TRADEMARKOFFICE
`
`UNITED STATES DEPARTMENT OF COMMERCE
`United States Patent and Trademark Office
`Address COMMISSIONER FOR PATENTS
`P.O, Box 1450
`Alexandria. Virginia 22313-1450
`WWW.USPLO.gOV
`
`CONFIRMATION NO.
`
`APPLICATION NO.
`
`15/054,020
`
`FILING DATE
`
`02/25/2016
`
`FIRST NAMED INVENTOR
`
`ATTORNEY DOCKET NO.
`
`An Liu
`
`MPS15-SP02
`
`6551
`
`Dock
`
`Docket Clerk - SAMS
`
`Al
`
`P.O. Drawer 800889
`Dallas, TX 75380
`
`“ees
`
`Dove
`
`ABEDIN, SHANTO
`
`ART UNIT
`
`2436
`
`PAPER NUMBER
`
`NOTIFICATION DATE
`
`DELIVERY MODE.
`
`O1/1 1/2018
`
`ELECTRONIC
`
`Please find below and/or attached an Office communication concerning this application or proceeding.
`
`The time period forreply, if any, is set in the attached communication.
`
`Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the
`following e-mail address(es):
`patents @ munckwilson.com
`munckwilson @gmail.com
`patent.srad @samsung.com
`
`PTOL-90A (Rev. 04/07)
`
`CARDWAREEXHIBIT 2009
`
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 1 of 52
`
`

`

`
`
`
`
`Application No.
`Applicant(s)
`LIU ET AL.
`15/054 ,020
`
`
`
`
`
`
`
`
`
` Office Action Summary
`
`
`
`
`
`
`
`
`
`AIA (First Inventorto File)
`Art Unit
`Examiner
`
`
`SHANTO M. ABEDIN
`2436
`oa
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`-- The MAILING DATEof this communication appears on the cover sheet with the correspondence address --
`
`
`
`Period for Reply
`
`
`
`
`
`
`
`
`
`
`
`
`Disposition of Claims*
`5)B Claim(s) 1-20 is/are pending in the application.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`5a) Of the above claim(s)
`is/are withdrawnfrom consideration.
`6)L] Claim(s)
`is/are allowed.
`
`
`
`
`
`7) Claim(s) 1-20 is/are rejected.
`
`
`
`
`8)L] Claim(s)
`is/are objected to.
`
`
`
`
`
`
`9)C] Claim(s)
`are subject to restriction and/or election requirement.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`* If any claims have been determined allowable, you may be eligible to benefit from the Patent Prosecution Highway program at a
`
`
`
`
`
`
`
`
`
`
`
`
`
`participating intellectual property office for the corresponding application. For more information, please see
`
`
`
`
`
`
`
`
`h/index.}sp or send an inquiry to PPHieedback@uspte.qov.
`i
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`A SHORTENED STATUTORY PERIOD FOR REPLYIS SET TO EXPIRE 03 MONTHS FROM THE MAILING DATE
`
`
`
`OF THIS COMMUNICATION.
`Extensions of time may be available under the provisions of 7 GFR 1.136{a).
`
`
`
`
`
`
`
`
`
`
`
`
`after SIX (6) MONTHS from the mailing date of this communication.
`
`
`
`
`
`
`
`
`
`
`
`-
`If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133).
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Anyreply received by the Office later than three months after the mailing date of this communication, evenif timely filed, may reduce any
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`earned patent term adjustment. See 37 CFR 1.704(b).
`
`
`
`
`
`
`
`
`
`In no event, however, may a reply be timely filed
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Status
`
`1) Responsive to communication(s) filed on 02/25/2016.
`
`
`
`
`
`
`
`
`(] A declaration(s)/affidavit(s) under 37 CFR 1.130(b) was/werefiled on
`
`
`
`
`
`
`
`
`
`2a)L] This action is FINAL.
`2b)X] This action is non-final.
`
`
`
`
`
`
`
`
`
`
`3)L] An election was madebythe applicant in response to a restriction requirementset forth during the interview on
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`___; the restriction requirement and election have been incorporated into this action.
`4)[] Since this application is in condition for allowance except for formal matters, prosecution as to the merits is
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`closed in accordance with the practice under Ex parte Quayle, 1935 C.D. 11, 453 O.G. 213.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Application Papers
`10)Z The specification is objected to by the Examiner.
`
`
`
`
`
`
`
`
`
`
`11)EX] The drawing(s) filed on 02/25/2016 is/are: a) accepted or b)] objected to by the Examiner.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a).
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d).
`
`
`
`
`
`
`
`Priority under 35 U.S.C. § 119
`12)[_] Acknowledgmentis madeof a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or(f).
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Certified copies:
`a)L] All
`)[] Some** c)LJ Noneof the:
`
`
`
`
`
`
`
`1.1] Certified copies of the priority documents have been received.
`
`
`
`
`
`
`
`
`
`
`2.-] Certified copies of the priority documents have been received in Application No.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`3.1] Copiesof thecertified copies of the priority documents have been receivedin this National Stage
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`application from the International Bureau (PCT Rule 17.2(a)).
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`** See the attached detailed Office action for a list of the certified copies not received.
`
`
`
`
`
`
`Attachment(s)
`
`
`1) | Notice of References Cited (PTO-892)
`3) C] Interview Summary (PTO-413)
`
`
`
`
`
`
`
`
`
`
`
`
`
`:
`:
`‘
`Paper No(s)/Mail Date.
`
`
`
`2) xX Information Disclosure Statement(s) (PTO/SB/08a and/or PTO/SB/08b)
`
`
`
`
`
`
`
`Paper No(s)/Mail Date 02/25/16: 03/01/16: 09/01/16 and 02/06/17.
`4) LJ other:_.- CARDWAREEXHIBIT 2009
`
`
`
`
`
`
`
`
`
`
`
`Teena
`oc Aston suman
`CARDWARE.V,.SAMSUNG
`
`
`
`PGR2023-00013
`Page 2 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 2 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`
`Page 2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`The present application, filed on or after March 16, 2013, is being examined underthefirst
`
`
`
`
`
`
`
`inventorto file provisions of the AIA.
`
`
`
`
`DETAILED ACTION
`
`
`
`
`
`I,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`This office action is in response to the communication filed on 02/25/2016. Claims 1-20 are
`
`
`
`
`
`
`
`
`
`
`
`
`pending in the application. Claims 1-20 have been rejected.
`
`
`
`Information Disclosure Statement
`
`
`
`
`2:
`
`
`
`
`
`
`
`
`
`
`The information disclosure statements (IDS) submitted on 02/25/2016, 03/01/2016,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`09/01/2016 and 02/06/2017 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the
`
`
`
`
`
`
`
`
`
`
`
`information disclosure statement are being considered by the examiner.
`
`
`
`
`
`
`
`Claim Rejections - 35 USC § 101
`
`
`
`
`
`
`
`
`
`35 U.S.C. 101 reads as follows:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this
`title.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`There are two criteria for determining subject matter eligibility under 35 U.S.C. 101 and both
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`must be satisfied. The claimed invention (1) must be directed to one of the four statutory categories,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`and (2) must not be wholly directed to subject matter encompassing a judicially recognized
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`exception, as defined below. The following two step analysis is used to evaluate thesecriteria.
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWAREV. SAMSUNG
`PGR2023-00013
`Page 3 of 52
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 3 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`
`Page 3
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Step 1 analysis: Is the claim directed to one of the four patent-eligible subject matter
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`categories: process, machine, manufacture, or composition of matter? The subject matter of the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`claim mustbe directed to one of the four subject matter categories.If it is not, the claim is not
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`eligible for patent protection and should be rejected under 35 U.S.C. 101, for at least this reason.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Step 2 analysis: Following the decision in Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 134 S.Ct.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`2347 (2014) (citing Mayo Collaborative Services v. Prometheus Labs., Inc., 132 S.Ct. 1289, 1300
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(2012)), the claims are analyzed where the abstract idea judicial exception to the categories of
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`statutory subject matteris at issue using the following two-part analysis set forth in Mayo:1, e.g.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`step 2A) Determine whether the claim is directed to an abstract idea; and 2 e.g. step 2B) if an
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`abstract idea is present in the claim, determine whether any element, or combination of elements, in
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the claim is sufficient to ensure that the claim amountsto significantly more than the abstract idea
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`itself. See Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 134 S.Ct. at 2350.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`For a detailed discussion of the analysis required to determine whether a claim is directed to
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`patent-eligible subject matter, MPEP 2106 Patent Subject Matter Eligibility [R-07.2015] for detail
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`explanations; and also the 2014 Interim Guidance on Patent Subject Matter Eligibility, 79 Fed. Reg.
`
`
`
`
`
`
`
`
`
`74618 (December 16, 2014) and related materials available at www.uspto.gov /patent/laws-and-
`
`
`
`regulations/examination-policy/2014- interim-guidance-subject-matter-eligibility-0.
`
`
`
`3)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Claims 15-20 are rejected under 35 USC 101 as the claimed inventionis directed to non-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of
`
`
`
`
`
`
`
`
`
`
`
`
`
`patent eligible subject matter because of the reasons explained as bellows:
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 4 of 52
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 4 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`
`Page 4
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claims 15-20, they are directed to a ‘system’ comprising a processor and a
`
`
`
`
`
`
`
`
`
`communication interface configured to perform the claimed functionalities.
`
`
`
`
`
`
`
`
`
`
`
`
`However,at the time of invention, software implementation of a processor (Note US
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`2007/0204153 Al, Tomeet al, and US 2013/0007114 Al, WEEetal: virtual or software
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`processor) and a communication interface (Note US 2016/0080468, Lambert et al, Para 0331:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`virtual NIC; and US 2016/0036892, Twitchell, JR, Para 114: virtual network interface) were also
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`well knownin the art. Furthermore, according to the specification (please see applicant’s
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`specification Para 010: implementation using software and/ or firmwareetc.), the claimed
`
`
`
`
`
`
`
`
`
`
`
`
`
`processor/ controller and communication system could optionally be implemented in software/
`
`
`
`
`firmware only.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Therefore, the claimed system is interpreted as software only implemented system,or
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`program perse product, and consequently fails “step 1” of the subject matter eligibility test. See
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`MPEP 2106 Patent Subject Matter Eligibility [R-07. 2015]: non-limiting examples of non-statutory
`
`
`
`
`
`
`
`
`
`
`categories to include computer program per se products.
`
`
`
`
`
`
`
`
`Claim Rejections - 35 USC§103
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`The following is a quotation of 35 U.S.C. 103 which formsthe basis for all obviousness
`
`
`
`
`
`
`
`
`
`rejections set forth in this Office action:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`disclosed as set forth in section 102, if the differences between the claimed invention and thepriorart are suchthat
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the claimed invention as a whole would have been obvious before the effectivefiling date of the claimed invention to
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by
`the mannerin which the invention was made.
`
`
`
`
`
`
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWAREV. SAMSUNG
`PGR2023-00013
`Page 5 of 52
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 5 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`
`Page 5
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(1966), that are applied for establishing a background for determining obviousness under35 U.S.C.
`
`
`
`
`
`
`
`
`103 are summarized as follows:
`
`
`
`
`
`
`
`
`
`
`1, Determining the scope and contents ofthe priorart.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`2. Ascertaining the differences betweenthe prior art and the claimsat issue.
`
`
`
`
`
`
`
`
`
`
`
`
`
`3. Resolving the level of ordinary skill in the pertinentart.
`
`
`
`
`
`
`
`
`
`
`
`
`
`4, Considering objective evidence present in the application indicating obviousness or
`
`
`
`nonobviousness.
`
`
`
`4.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Claims 1-5, 7-12, 14-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`US 2014/0122873 Al (hereinafter DEUTSCHet al) in view of US 2011/0022835 Al (hereinafter
`
`
`
`Schibuk)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claim 1, DEUTSCHetal teaches a method for exchanging encrypted information
`
`
`
`
`
`
`
`
`
`by an electronic device, the method comprising:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`generating one or more device certificates and one or more device keys, the one or more
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`device certificates signed using a device unique keythat is pre-stored on the electronic device (Note
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Para 034, 043, 073, 126: generated device certificates signed by attestation identity key, AIK);
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`transmitting the one or more devicecertificates to a token service provider (TSP) server
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(Note Figure 2A.207 and Figure 3.315; and Para 021, 126-127: trust broker sending certificate to the
`
`
`
`
`
`
`
`
`
`
`
`
`
`service provider; note, trust broker is interpreted as token service provider);
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWAREV. SAMSUNG
`PGR2023-00013
`Page6 of 52
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 6 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`
`Page 6
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`receiving one or more TSPcertificates from the TSP server (Note Figure 2A.208; and Para
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`126-127: client receiving certificate from the trust broker; note, trust brokeris interpreted as token
`
`
`
`
`
`service provider, TSP);
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`identifying one or more TSP public keys of the TSP server based on the one or more
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`received TSP certificates (Note Para 020, 073, 127-129: affirming mutual attestation between service
`
`
`
`
`
`
`providerand client); and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`transmitting a message including(i) the information encrypted based on the one or more
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`identified TSP keys and(ii) a signature of the electronic device (Note Para 034, 039, 061, 127, 130:
`
`
`
`
`
`
`
`
`
`
`
`
`
`transmitting signed certificate, and providing service/ information encrypted by AIK key)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DEUTSCHet al fails to teach expressly the one or more device certificates signed using a
`
`
`
`
`
`
`
`
`
`
`
`
`
`device unique private key; and transmitting a message including the information encrypted based on
`
`
`
`
`
`
`
`
`
`
`the one or more identified TSP public keys.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`However, Schibuk teaches the one or more device certificates signed using a device unique
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`private key (Note Para 037, 057, 079: public key certificate associated with client/ device; may
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`signed by the server); and transmitting a message including the information encrypted based on the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`one or more identified TSP public keys (Note Para 066, 092-093, 099: encrypted communication
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`between client and server using asymmetric keys) Examiner notes, Schibuk further teaches
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`authenticating a certificate from a token facility or credit issuer (Note Para 025, 076, 086, 093) that
`
`
`
`
`
`
`
`
`can also be interpreted as TSP.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Schibuk and DEUTSCHetal are from the samefield of art of managing and authenticating
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`secure transactionsutilizing digital certificates. Therefore, at the time of invention, it would have
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`been obvious to a person of ordinary skill in the art to combine the teaching of Schibuk with
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 7 of 52
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 7 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`
`Page 7
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DEUTSCHet al to implement a method further comprising the features of the one or more device
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`certificates signed using a device unique private key, and transmitting a message including the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`information encrypted based on the one or more identified TSP public keys in order to provide users
`
`
`
`
`
`
`
`
`
`
`
`
`
`with alternative and well-known authentication mechanism utilizing public key based device
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`certificates instead of AIK key based certificates (Note Schibuk, Para 003, 007)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claim 2, it is rejected applying as same motivation andrationale applied above
`
`
`
`
`
`
`
`
`
`
`
`
`rejecting claim 1, furthermore, Schibuk teaches the method, wherein:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a certificate of the device unique private key is signed using a rootcertificate authority (CA)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`private key of a manufacturer of the electronic device (Note Para 019, 057, 099: client device
`
`
`
`
`
`
`
`
`
`
`
`
`
`receiving public key certificate from certificate authority; determining rootcertificate), and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the device unique private key is stored on the electronic device by the manufacturer for
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`access by a trusted application of the electronic device (Note Para 057, 099: private key tied to the
`
`
`
`
`
`
`
`public key of the certificate)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claim 3, it is rejected applying as same motivation and rationale applied above
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`rejecting claim 2, furthermore, Schibuk teaches the method wherein a public key for the root CA
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`private key of the manufacturer of the electronic device is provided to the TSP by the manufacturer
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`of the electronic device priorto the generating of the one or more devicecertificates and the one or
`
`
`
`
`
`
`
`
`
`
`more device public private key pairs (Note Para 057, 099)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claim 4, DEUTSCHetal teaches the method of claim 1, wherein identifying the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`one or more TSP public keys of the TSP server based on the one or more received TSP certificates
`
`
`
`comprises:
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWAREV. SAMSUNG
`PGR2023-00013
`Page 8 of 52
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 8 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`
`Page 8
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`identifying a certificate of the TSP that is pre-stored on the electronic device for access by a
`
`
`
`
`
`
`
`
`
`
`
`trusted application of the electronic device (Note Para 020, 073, 127-129);
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`verifying authenticity of the one or more received TSPcertificates based on the certificate
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`using the trusted application (Note Para 020, 073, 127-129; affirming mutual attestation between
`
`
`
`
`
`
`
`service provider and client); and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`identifying the one or more TSP keysin responseto verifying the authenticity of the one or
`
`
`
`
`
`
`
`
`
`
`
`
`more received TSPcertificates (Note Para 020, 039, 073, 128)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DEUTSCH etal teaches authentication of the client device and the trust brokeror service
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`provider using AIK key certificate, but fails to teach expressly identifying a root certificate authority
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(CA)certificate that is pre-stored on the electronic device; verifying authenticity of the one or more
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`received certificates based on the root CA certificate; and identifying the one or more public keysin
`
`
`
`
`
`
`
`
`
`
`responseto verifying the authenticity of the certificates.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`However, Schibuk teaches identifying a root certificate authority (CA)certificate that is pre-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`stored on the electronic device (Note Para 019, 057, 099); verifying authenticity of the one or more
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`received certificates based on the root CA certificate (Note Para 057, 099: client device receiving
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`public key certificate from certificate authority; determining root certificate); and identifying the one
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`or more public keys in response to verifying the authenticity of the certificates (Note Para 019, 057,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`099: private key tied to the public key of the certificate) Schibuk further teaches authenticating a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`certificate from a token facility or credit issuer (Note Para 025, 076, 086, 093) that can also be
`
`
`
`
`
`interpreted as TSP.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claim 5, it is rejected applying as same motivation and rationale applied above
`
`
`
`
`
`
`
`
`
`
`
`rejecting claim 1, furthermore, Schibuk teaches the method, wherein:
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWAREV. SAMSUNG
`PGR2023-00013
`Page 9 of 52
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 9 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`
`Page 9
`
`
`
`
`
`
`
`
`
`
`
`
`
`the one or more device certificates include an encryption certificate and a signing certificate,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the one or more device public private key pairs include a unique signing public private key pair
`
`
`
`
`
`
`
`
`(Note Para 037, 079, 099), and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the signature of the electronic device is based on a unique signing private key of the unique
`
`
`
`
`
`
`
`
`
`
`
`
`signing public private key pair (Note Para 019, 037, 079)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claim 7, it is rejected applying as same motivation and rationale applied above
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`rejecting claim 1, furthermore, Schibuk teaches the method of claim 1, wherein the information
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`includes information for registering payment information with the TSP, the payment information
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`associated with the electronic device (Note Para 094-096: storing customer’s credit/ payment
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`information) Examiner notes, Schibuk further teaches a token facility or credit issuer (Note Para
`
`
`
`
`
`
`
`
`
`
`
`
`
`025, 076, 086, 093) that can also be interpreted as TSP.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claim 8, DEUTSCHetalteaches an electronic device for exchanging encrypted
`
`
`
`
`
`
`
`information, the electronic device comprising:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`at least one processor (Note Figure 7B.710: processor) configured to generate one or more
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`device certificates and one or more device keys, the one or more devicecertificates signed using a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`device unique key that is pre-stored on the electronic device (Note Para 034, 043, 073, 126:
`
`
`
`
`
`
`
`
`
`
`
`
`generated device certificates signed by attestation identity key, AIK); and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a transceiver (Note Figure 7B.770: connectivity component) configured to transmit the one
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`or more device certificates to a token service provider (TSP) server and receive one or more TSP
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`certificates from the TSP server (Note Figure 2A.207 and Figure 3.315; and Para 021, 126-127: trust
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`broker sending certificate to the service provider; note, trust broker is interpreted as token service
`
`
`
`provider),
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWAREV. SAMSUNG
`PGR2023-00013
`Page 10 of 52
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 10 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`Page 10
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`wherein the at least one processoris further configured to identify one or more TSP keys of
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the TSP server based on the one or more received TSPcertificates (Note Para 020, 073, 127-129:
`
`
`
`
`
`
`
`
`
`
`
`affirming mutual attestation between service provider and client), and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`wherein the at least one transceiver is configured to transmit a message including(i) the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`information encrypted based on the one or more identified TSP keys and (ii) a signature of the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`electronic device (Note Para 034, 039, 061, 127, 130: transmitting signed certificate, and providing
`
`
`
`
`
`
`
`
`service/ information encrypted by AIK key)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DEUTSCHet alfails to teach expressly the one or more device certificates signed using a
`
`
`
`
`
`
`
`
`
`
`
`
`
`device unique private key; and transmitting a message including the information encrypted based on
`
`
`
`
`
`
`
`
`
`
`the one or more identified TSP public keys.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`However, Schibuk teaches the one or more device certificates signed using a device unique
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`private key (Note Para 037, 057, 079: public key certificate associated with client/ device; may
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`signed by the server); and transmitting a message including the information encrypted based on the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`one or more identified TSP public keys (Note Para 066, 092-093, 099: encrypted communication
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`betweenclient and server using asymmetric keys) Examiner notes, Schibuk further teaches
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`authenticating a certificate from a token facility or credit issuer (Note Para 025, 076, 086, 093) that
`
`
`
`
`
`
`
`
`can also be interpreted as TSP.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Schibuk and DEUTSCHetal are from the samefield of art of managing and authenticating
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`secure transactionsutilizing digital certificates. Therefore, at the time of invention, it would have
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`been obvious to a person of ordinary skill in the art to combine the teaching of Schibuk with
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DEUTSCHet al to implement a device further comprising the features of the one or more device
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`certificates signed using a device unique private key, and transmitting a message including the
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 11 of 52
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 11 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`Page 11
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`information encrypted based on the one or more identified TSP public keys in order to provide users
`
`
`
`
`
`
`
`
`
`
`
`
`
`with alternative and well-known authentication mechanism utilizing public key based device
`
`
`
`certificates instead of AIK key based certificates (Note Schibuk, Para 003, 007)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claim 9,it is rejected applying as same motivation andrationale applied above
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`rejecting claim 8, furthermore, Schibuk teaches the electronic device wherein: a certificate of the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`device unique private key is signed using a rootcertificate authority (CA) private key of a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`manufacturer of the electronic device (Note Para 019, 057, 099: client device receiving public key
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`certificate from certificate authority; determining rootcertificate), and the device unique private key
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`is stored on the electronic device by the manufacturer for access by a trusted application of the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`electronic device (Note Para 057, 099: private key tied to the public key ofthe certificate)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claim 10, it is rejected applying as same motivation and rationale applied above
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`rejecting claim 8, furthermore, Schibuk teaches the electronic device of claim 9, wherein a public
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`key for the root CA private key of the manufacturer ofthe electronic device is provided to the TSP
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`by the manufacturer of the electronic device prior to the generating of the one or more device
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`certificates and the one or more device public private key pairs (Note Para 057, 099)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Regarding claim 11, DEUTSCHetal teaches the electronic device of claim 8, wherein to
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`identify the one or more TSP public keys of the TSP server based on the one or more received TSP
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`certificates, the at least one processoris configured to: identify a certificate of the TSP that is pre-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`stored on the electronic device for access by a trusted application of the electronic device ((Note
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Para 020, 073, 127-129); verify authenticity of the one or more received TSPcertificates based on
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the TSP certificate using the trusted application (Note Para 020, 073, 127-129: affirming mutual
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`attestation between service provider and client); and identify the one or more TSP public keys in
`
`
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 12 of 52
`
`CARDWARE EXHIBIT 2009
`CARDWARE V. SAMSUNG
`PGR2023-00013
`Page 12 of 52
`
`

`

`
`
`Application/Control Number: 15/054,020
`
`
`
`Art Unit: 2436
`
`
`
`
`Page 12
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`responseto verifying the authenticity of the one or more received TSPcertificates (Note Para 020,
`
`
`
`
`039, 073, 128)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DEUTSCHet al teaches authentication of the client device and the trust broker or service
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`providerusing AIK key certificate, but fails to teach expressly identifying a root certificate authority
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(CA) certificate that is pre-stored on the electronic device; verifying authenticity of the one or more
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`received certificates based on the root CA certificate; and identifying the one or more public keys in
`
`
`
`
`
`
`
`
`
`
`response to verifying the authenticity of the certificates.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`However, Schibuk teaches identifying a root certificate authority (CA)certificate that is pre-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`stored on the electronic device (Note Para 01