Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 1 of 25
`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 1 of 25
`
`EXHIBIT 8
`EXHIBIT 8
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 2 of 25
`
`AIRE-SAMS-00000674
`
`PATENT
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`In re of:
`Application No.:
`
`10/531,259
`
`Filing Date:
`
`April 24, 2006
`
`Examiner:
`
`Art Unit:
`
`Trang T. Doan
`
`2131
`
`First Inventor:
`
`Gisela MEISTER
`
`Customer No.:
`
`23364
`
`Attorney No.:
`
`MEIS3002/JEK
`
`Confirmation No.:
`
`4669
`
`For:
`
`METHOD FOR CARRYING OUT A SECURE ELECTRONIC
`TRANSACTION USING A PORTABLE DATA SUPPORT
`
`RESPONSE AND PROPOSED AMENDMENTS AFTER FINAL REJECTION
`(37 CFR
`
`Commissioner for Patents
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`Sir:
`
`INTRODUCTORY COMMENTS
`Reconsideration of the final rejection of the claims of this application as expressed in
`the Office Action mailed February 18, 2009 is respectfully requested. Applicant proposes to
`to clearly place the application in condition for allowance without
`further amend claim 1
`raising new issues or requiring further searching by the examiner.
`
`AMENDMENTS
`
`Amendments to the Specification
`The specification is amended as shown in the following pages under the heading
`“AMENDMENTS TO SPECIFICATION.”
`
`Amendments to the Claims
`The claims are amended as shown in the following pages under the heading “LIST OF
`CURRENT CLAIMS”. This listing of claims supersedes all prior listings of the claims
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 3 of 25
`
`AIRE-SAMS-00000675
`
`presented in this application, shows the current status of all claims in the application and
`shows currently proposed amendments to the claims.
`
`Application No.: 10/531,259
`Art Unit: 2131
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 4 of 25
`
`AIRE-SAMS-00000676
`
`Application No.: 10/531,259
`Art Unit: 2131
`
`AMENDMENTS TO THE SPECIFICATION
`On page 4, the last paragraph spanning pages 4 and 5 is amended to read:
`The portable data carrier 20 is further set up to perform at least one, but expediently a
`plurality of different quality user authentication methods. It preferably supports at least two
`authentication methods of different order with regard to the quality of authentication. It
`expediently supports at least one knowledge-based authentication method, e.g. a PIN check,
`and at least one biometric method, within which a biometric feature of the user 30 to be
`presented at the terminal 14 is checked. The biometric method inherently constitutes the
`higher-quality one here, since it presupposes the personal presence of the user 30; this is not
`ensured in the knowledge-based method since the knowledge can have been acquired by an
`unauthorized user. Accordingly the storage means 26 store at least one secret to be presented
`by the user 30, e.g. areference PIN assigned to a user 30, and at least one biometric reference
`data record assigned to a user 30. It can expediently be provided that the portable data carrier
`20 supports more than two authentication methods, in particular further biometric methods.
`Accordingly the storage means 26 in this case store further secrets and/or reference data
`records and the integrated circuit 24 is set up to perform the further authentication methods.
`
`On page 5, the last paragraph is amended to read:
`After the signature application has been started, the user 30 presents a suitable
`portable data carrier 20 to the terminal 40, step 104. The portable data carrier 20 will
`hereinafter be taken to have the form of a contact-type chip card. Further, it will hereinafter
`be assumed that the chip card 20 supports two authentication methods, namely a PIN check
`as a knowledge-based, inherently low-quality method, and a fingerprint check as a biometric,
`inherently higher-quality method.
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 5 of 25
`
`AIRE-SAMS-00000677
`
`Application No.: 10/531,259
`Axt Unit: 2131
`
`LIST OF CURRENT CLAIMS
`1. (Currently Amended) A method for effecting a secure electronic transaction on a
`terminal using a portable data carrier arranged to perform different quality user authentication
`methods, wherein the portable data carrier performs a user authentication using one of said
`different user authentication methods, the portable data carrier confirms the proof of
`authentication to the terminal, and the portable data carrier then performs a security-
`establishing operation within the electronic transaction, comprising the steps of creating
`authentication quality information by the portable data carrier about said hew-+the
`user authentication method used and
`attaching said authentication quality information is-attaehed-to the result of the security-
`establishing operation, wherein the difference in quality of user authentication varies between
`an inherently relatively lower quality and an inherently relatively higher quality from a
`security perspective.
`
`2. (Previously Presented) The method according to claim 1, wherein the security-
`establishing operation performed by the portable data carrier comprises creating a digital
`signature.
`
`3. (Previously Presented) The method according to claim 1, wherein the
`authentication of the user is performed by presentation of a biometric feature.
`
`4, (Previously Presented) The method according to claim 3, wherein the
`authentication of the user is performed by presentation of a physiological or behavior-based
`feature characteristic of a user.
`
`5. (Previously Presented) The method according to claim 1, wherein the
`authentication of the user is performed by proof of knowledge ofa secret.
`
`6. (Previously Presented) The method according to claim 1, wherein at least two
`different authentication methods of different quality are offered for authentication of the user.
`
`7. (Previously Presented) The method according to claim 6, wherein the particular
`authentication methods not used are disabled.
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 6 of 25
`
`AIRE-SAMS-00000678
`
`Application No.; 10/531,259
`Art Unit: 2131
`
`8. (Previously Presented) The method according to claim 6, wherein no quality
`information is produced for an authentication method.
`
`9, (Previously Presented) The method according to claim 1, wherein a user is asked to
`select an authentication method.
`
`10. (Currently Amended) A portable data carrier for performing a security-
`establishing operation within a secure electronic transaction and arranged to perform different
`quality user authentication methods, wherein the difference in quality of user authentication
`varies between an inherently relatively lower quality and an inherently relatively higher
`quality from a security perspective, whereby the portable data carrier is arranged to perform a
`user authentication using one of said implemented user authentication methods and the
`portable data carrier is arranged to confirm the authentication to a terminal, and wherein the
`data carrier is arranged to create quality information about saidstatinghowtheauthentication
`theused user authentication method used and to attach such
`ofthe
`-userwas-performed-by-
`quality information to the result of the security establishing operation.
`
`11. (Previously Presented) The data carrier according to claim 10, wherein the
`portable data carrier is set up to create a digital signature.
`
`12. (Previously Presented) The data carrier according to claim 10, wherein the data
`catrier supports at least two qualitatively different authentication methods.
`
`13. (Currently Amended) A terminal for use in connection with [[a]] the portable data
`carrier according to claim 9, said terminal including a device arranged to cause a user to
`select one of at least two possible different quality authentication methods.
`
`14. (Currently Amended) A system for effecting a secure electronic transaction within
`which the quality of authentication of a user of the system is ascertained, comprising [[a]] the
`portable data carrier according to claim 10 and [[a]] the terminal according to claim 13.
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 7 of 25
`
`AIRE-SAMS-00000679
`
`Application No.: 10/531,259
`Agt Unit: 2131
`
`REMARKS
`
`Claim Objections
`Claims 13 and 14 have been amended in the manner suggested by the examiner,
`thereby removing the basis for objection to these claims. Withdrawal of the objections to
`claims 13 and 14, accordingly, is respectfully requested.
`
`Amendments to Claims
`‘Claim 1 has been amended to clarify the intended meaning of the claim without
`affecting the scope of the claim as previously presented. The difference in quality of the user
`authentication specifically is clarified by denoting that the quality may be inherently a
`relatively lower quality or inherently a relatively higher quality from a security perspective.
`last paragraph wherein the terms “low-
`Support for the amendment is found on page 5,
`quality” and “higher-quality” are used to describe two authentication methods. The word
`“inherently” has been added for clarification to indicate that the method itself inherently
`provides less security or more security depending on the nature of the method (e.g., biometric
`versus PIN). The objective of the amendment is to better define the inherent nature of the
`user authentication method from a security perspective.
`Claim 10 has been amended so that it is consistent with claim 1.
`Claims 10 and 13 have been amended so they are consistent with amended claim 1.
`
`Amendment to the Specification
`The specification has been amended so that the language thereof is consistent with the
`language of the amended claims.
`
`Claim Rejections — 35 USC §103
`It is respectfully submitted that the examiner’s reasoning with regard to the rejection
`of claims 1, 3-8, 10, 12 and 14 as reciting subject matter considered to be obvious in view of
`Mimura as modified by Kao is legally flawed. Mimura pure and simple requires a two step
`authentication procedure involving first a fingerprint verification of the user and thereafter an
`electronic authentication using a secret key that has been activated upon the fingerprint
`information submitted by the user matching fingerprint information stored in the system
`memory.
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 8 of 25
`
`AIRE-SAMS-00000680
`
`Application No.: 10/531,259
`Art Unit: 2131
`
`The examiner equates the Mimura system with the system recited i claim 1 of this
`application with the exception of teaching that
`the user may use one of different
`In the first place, Mimura fails to disclose or
`authentication methods to authenticate the user.
`teach a method for securing an electronic transaction wherein the quality of the transaction
`used is determined and then information about the authentication quality is attached to the
`result of the security-establishing operation. Mimura simply is concerned with a two stage
`authentication procedure involving first a fingerprint matching process followed by the
`typical electronic signature authentication process, wherein the second procedure is
`There simply is no
`authorized only upon the user passing the first authentication test.
`disclosure, suggestion or teaching in any form that information about the quality of the
`method used for authentication in accordance with Mimura may be attached to the result of a
`security establishing operation. Accordingly, at the very outset the examiner has failed to
`establish a prima facie basis for rejecting the claims on grounds of obviousness due to a
`significant missing element in the basic reference Mimura.
`Recognizing that Mimura fails to specifically disclose that the user may use one of
`different user authentication methods for authentication, the examiner contends that a person
`skilled in the art would recognize from Kao that a user may use one of different user
`authentication methods to authenticate a user. The examiner concludes from this that the
`skilled person could readily modify the Mimura system by providing the user with the
`opportunity to use one of different user authentication methods to authenticate the user. The
`critical factor not explained by the examiner is that if Mimura is modified in the manner
`suggested by the examiner, the Mimura system would be defeated!
`Specifically, Mimura requires a two step authentication procedure involving first a
`fingerprint matching process followed by an electronic signature process, wherein the
`the fingerprint procedure
`electronic signature process is not authorized unless and until
`reveals that the user is authenticated based on a biometric measurement.
`Mimura is clear that both a biometric measurement procedure and an electronic
`signature or key procedure is required in accordance with the security system of Mimura.
`If Mimura is modified in accordance with Kao so that only one or another security
`identification system is used, then the two step process of Mimura is defeated and it will not
`function for its intended purpose, namely a two stage security authentication process.
`is intended to provide two or more
`reading of Kao reveals that
`it
`A careful
`independent authentication modes depending on the authentication procedure demanded by
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 9 of 25
`
`AIRE-SAMS-00000681
`
`Application No.: 10/531,259
`Art Unit: 2131
`
`In accordance with the examples given in Kao, such parties would
`the party to be accessed.
`be a bank and a broker. The system of Kao recognizes which client is to be accessed and
`adapts the GUI of the user’s computer to reflect which program based on the client to be
`accessed is in use. The user then proceeds to obtain authentication and access to the client’s
`computer after satisfying the authentication requirements of the specific client being
`accessed,
`For example, if the client is a bank, a smart card authentication may be required and
`the GUI is adapted for such a procedure, prompting the user to enter the data required for the
`smart card authentication.
`For a different client, such as a brokerage house, a uset/password authentication may
`be required, wherein different modes of operation, i-e., a biometric fingerprint authentication,
`may be required.
`The important consideration here is that in accordance with Kao, a user simply
`attempts to contact a client such as a bank or a brokerage house, and thereafter the system
`prompts the user to authenticate himself/herself using whichever authentication procedure is
`required by the client’s program. No weight whatsoever is given to the authentication
`procedure in accordance with Kao, and further in accordance with Kao, no information
`regarding the quality of the authentication is attached to the result of the security establishing
`operation. Simply put, there is nothing in Kao to suggest that any of the client programs
`the quality of the authentication
`bank, brokerage house, etc.) cares one whit about
`information apart from the fact that the user must satisfy the authentication procedure
`imposed by the client program.
`Accordingly, the examiner’s suggestion that Mimura in view of Kao results in a
`method corresponding to the rejected claims is legally defective and fails to establish a prima
`facie basis of obviousness due to fundamental missing elements in both Mimura and Kao.
`Both Mimura and Kao fail to suggest to a skilled person that the quality of authentication
`information may be attached to the result of a security-establishing operation, and
`furthermore modification of Mimura in accordance with the teachings of Kao would virtually
`defeat Mimura for its intended purpose,a result that entirely contradicts the proposition that a
`person skilled in the art would be motivated to modify Mimura in accordance with Kao to
`arrive at a process which the examiner equates with the rejected claims.
`It is important for the examiner to understand that the method recited in claim 1, as
`described in the written description of this application, provides many advantages over prior
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 10 of 25
`
`AIRE-SAMS-00000682
`
`Application No.: 10/531,259
`Art Unit: 2131
`
`art authentication methods due to the fact that the recipient of the security message following
`authentication receives through the quality information contained in the message a statement
`last paragraph). For
`on the quality of the authentication performed by the user (page 8,
`example, quality information is joined firmly with a created digital signature to form a
`security message expediently within the secure messaging mechanism using the previously
`negotiated session keys. (Page 8, third full paragraph.) This system enables the user to use
`both lower quality and higher quality authentication procedures and as an additional
`important feature, attaches information about the quality of the authentication procedure with
`the results of the security establishing operation.
`None of the prior art shows or teaches the methods recited in the rejected claims and
`withdrawal of the rejection of claims 1, 3-8, 10, 12 and 14 under 35 USC §103(a) as being
`unpatentable over Mimura in view of Kao is appropriate and the same is respectfully
`requested,
`It is respectfully submitted that entry of the proposed amendments is appropriate
`under 37 CFR 1.116, as the amendments do not raise any further issues or require further
`searching by the examiner, moreover, the amendments are responsive to the new grounds for
`rejection expressed in the Action. Finally, the legal deficiency of the final rejection of claims
`1, 3-8, 10, 12 and 14 as expressed above warrants withdrawal of the rejection of these claims
`on the grounds contended by the examiner.
`With regard to claims 2, 9, 11 and 13, these claims are patentable at least on the basis
`of claims 1 and 10 from which they depend.
`In the event that the examiner maintains the final rejection of the claims of this
`application, entry of the amendments for purposes of appeal is respectfully requested.
`
`BACON & THOMAS, PLLC
`625 Slaters Lane, 4" Floor
`Alexandria, VA 22314-1176
`Phone: (703) 683-0500
`Facsimile: (703) 683-1080
`Date: May 18, 2009
`
`an
`
`submitted,
`
`eons
`
`Ky
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 11 of 25
`
`AIRE-SAMS-00000730
`
`Application/Control Number: 10/531 ,259
`Art Unit: 2431
`
`Page 2
`
`DETAILED ACTION
`
`1.
`
`2.
`
`This action is in response to the amendment filed on 12/1/2009.
`Claims 1-14 are pending for consideration.
`
`Response to Arguments
`Applicant's arguments with respect to claims 1-14 have been considered but are
`3.
`moot in view of the new ground(s) of rejection.
`
`4.
`
`Claim Rejections - 35 USC § 102
`The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that
`form the basis for the rejections under this section made in this Office action:
`A person shall be entitled to a patent unless —
`(e) the invention was described in (1) an application for patent, published under section 122(b), by
`another filed in the United States before the invention by the applicant for patent or (2) a patent
`granted on an application for patent by another filed in the United States before the invention by the
`applicant for patent, except that an international application filed under the treaty defined in section
`351(a) shall have the effects for purposes of this subsection of an application filed in the United States
`only if the international application designated the United States and was published under Article 21(2)
`of such treaty in the English language.
`Claims 1-6 and 8-14 are rejected under 35 U.S.C. 102(e) as being anticipated by
`5.
`Russo et al. (Pub. No. 20030101348) (hereinafter Russo).
`Regarding claims 1 and 10, Russo discloses a method for effecting a secure
`6.
`electronic transaction on a terminal using a portable data carrier arranged to perform
`different quality user authentication methods, wherein the portable data carrier performs
`a user authentication method, the portable data carrier confirms the proof of
`authentication to the terminal, and the portable data carrier then performs a security-
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 12 of 25
`
`AIRE-SAMS-00000731
`
`Page 3
`
`Application/Control Number: 10/531 ,259
`Art Unit: 2431
`establishing operation within the electronic transaction, comprising the step of creating
`quality information by the portable data carrier about said user authentication method
`used and attaching said authentication quality information to the result of the security-
`establishing operation, wherein the difference in quality of user authentication varies
`between an inherently relatively lower quality and an inherently relatively higher quality
`from a security perspective (Russo: paragraph 0046: Token includes trust metric. The
`trust metric has three possible values (i.e., low, medium, and high confidence);
`paragraph 0053: token also includes a digital signature; and paragraphs 0058-0060: if
`the signature verification succeeds, then the server determines its confidence in the
`transaction).
`Regarding claim 2 and 11, Russo discloses wherein the security-establishing
`7.
`operation performed by the portable data carrier comprises creating a digital signature
`(Russo: paragraph 0024: token...comprising an envelope and a seal. The envelope
`comprises...a trust metric. The seal contains a digital signature).
`Regarding claim 3, Russo discloses wherein the authentication of the user is
`8.
`performed by presentation of a biometric feature (Russo: paragraph 0051: biometric
`such as fingerprint, voiceprint, or face recognition).
`Regarding claim 4, Russo discloses wherein the authentication of the user is
`9.
`performed by presentation of a physiological or behavior-based feature characteristic of
`a user (Russo: paragraph 0051: biometric such as fingerprint, voiceprint, or face
`recognition).
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 13 of 25
`
`AIRE-SAMS-00000732
`
`Page 4
`
`Application/Control Number: 10/531 ,259
`Art Unit: 2431
`Regarding claim 5, Russo discloses wherein the authentication of the user is
`10.
`performed by proof of knowledge of a secret (Russo: paragraph 0039: a secret...such
`as a private key or password).
`11. |Regarding claims 6 and 12, Russo discloses wherein at least two different
`authentication methods of different quality are offered for authentication of the user
`(Russo: paragraph 0051: low confidence level is assigned to authentication using a PIN
`or password...an authentication trust metric indicating a high confidence level is
`assigned authentication requiring use of a biometric).
`Regarding claim 8, discloses wherein no quality information is produced for an
`12.
`authentication method (Russo: paragraph 0059: no confidence in the authenticity of the
`associated transaction).
`Regarding claims 9 and 13, discloses wherein a user is asked to select an
`13.
`authentication method (Russo: paragraph 0044).
`Regarding claim 14, discloses a system for effecting a secure electronic
`14.
`transaction within which the quality of authentication of a user of the system is
`ascertained, comprising a portable data carrier according to claim 10 and a terminal
`according to claim 13 (Russo: paragraph 0051: a physical token such as...smart card).
`
`15.
`
`Claim Rejections - 35 USC § 103
`The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all
`obviousness rejections set forth in this Office action:
`(a) A patent may not be obtained though the invention is not identically disclosed or described as set
`forth in section 102 of this title, if the differences between the subject matter sought to be patented and
`the prior art are such that the subject matter as a whole would have been obvious at the time the
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 14 of 25
`
`AIRE-SAMS-00000733
`
`Application/Control Number: 10/531 ,259
`Art Unit: 2431
`
`Page 5
`
`invention was made to a person having ordinary skill in the art to which said subject matter pertains.
`Patentability shall not be negatived by the manner in which the invention was made.
`Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Russo in
`16.
`view of Miyashita (US 7403765) (hereinafter Miyashita).
`
`17.
`
`Regarding claim 7, Russo does not disclose wherein the particular authentication
`methods not used are disabled. However, Miyashita discloses wherein the particular
`authentication methods not used are disabled (Miyashita: see figure 1, item S301; and
`column 5 lines 40-67). Therefore, it would have been obvious to a person skilled art at
`the time the invention was made to have included in Russo the feature of Miyashita as
`discussed above because the plural authenticating means of the PIN input
`authentication and the fingerprint authentication can be used in combination, so that
`plural security levels can be implemented by combining the plural authenticating means
`(Miyashita: column 6, lines 40-45).
`
`Conclusion
`Any inquiry concerning this communication or earlier communications from the
`examiner should be directed to TRANG DOAN whose telephone number is (571)272-
`0740. The examiner can normally be reached on Monday-Friday.
`If attempts to reach the examiner by telephone are unsuccessful, the examiner's
`supervisor, William R. Korzuch can be reached on (571) 272-7589. The fax phone
`number for the organization where this application or proceeding is assigned is 571-
`273-8300.
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 15 of 25
`
`AIRE-SAMS-00000734
`
`Page 6
`
`Application/Control Number: 10/531 ,259
`Art Unit: 2431
`Information regarding the status of an application may be obtained from the
`Patent Application Information Retrieval (PAIR) system. Status information for
`published applications may be obtained from either Private PAIR or Public PAIR.
`Status information for unpublished applications is available through Private PAIR only.
`For more information about the PAIR system, see http://pair-direct.uspto.gov. Should
`you have questions on access to the Private PAIR system, contact the Electronic
`Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a
`USPTO Customer Service Representative or access to the automated information
`system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
`
`[Trang Doan/
`Examiner, Art Unit 2431
`[Syed Zia/
`Primary Examiner, Art Unit 2431
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 16 of 25
`
`AIRE-SAMS-00000751
`
`PATENT
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`In re of:
`Application No.:
`
`10/531,259
`
`Filing Date:
`
`April 24, 2006
`
`Examiner:
`
`Art Unit:
`
`First Inventor:
`
`Gisela MEISTER
`
`Customer No.:
`
`Trang T. Doan
`
`2131
`
`23364
`
`Attorney No.:
`
`MEIS3002/JEK
`
`Confirmation No.:
`
`4669
`
`For:
`
`METHOD FOR CARRYING OUT A SECURE ELECTRONIC
`TRANSACTION USING A PORTABLE DATA SUPPORT
`
`RESPONSE TO OFFICE ACTION MAILED MARCH 2, 2010
`
`Commissioner for Patents
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`Sir:
`
`INTRODUCTORY COMMENTS
`This is responsive to the Office Action mailed March 2, 2010 with regard to the above
`identified application. Reconsideration of this application is requested in view of the
`amendments and comments presented below.
`
`AMENDMENTS
`
`Amendments to the Claims
`The claims are amended as shown in the following pages under the heading “LIST OF
`CURRENT CLAIMS”. This listing of ‘claims supersedes all prior listings of the claims
`presented in this application, shows currently proposed amendments to the claims and shows
`the status of all claims in the application.
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 17 of 25
`
`AIRE-SAMS-00000752
`
`Application No.: 10/531,259 |
`Art Unit: 2131
`
`LIST OF CURRENT CLAIMS
`1. (Previously Presented) A method for effecting a secure electronic transaction on a
`terminal using a portable data carrier arranged to perform different quality user authentication
`methods, wherein the portable data carrier performs a user authentication using one of said
`different user authentication methods, the portable data carrier confirms the proof of
`authentication to the terminal, and the portable data carrier then performs a security-
`establishing operation within the electronic transaction, comprising the steps of creating
`authentication quality information by the portable data carrier about said user authentication
`method used and attaching said authentication quality formation to the result of the
`security-establishing operation, wherein the difference in quality of user authentication varies
`between an inherently relatively lower quality and an inherently relatively higher quality
`from a security perspective.
`
`2. (Previously Presented) The method according to claim 1, wherein the security-
`establishing operation performed by the portable data carrier comprises creatinga digital
`signature.
`
`3. (Previously Presented) The method according to claim 1, wherein the
`authentication of the user is performed by presentation of a biometric feature.
`
`4, (Previously Presented).The method according to claim 3, wherein the
`authentication of the user is performed by presentation of a physiological or behavior-based
`feature characteristic of a user.
`
`5, (Previously Presented) The method according to claim 1, wherein the
`authentication of the user is performed by proof of knowledge of a secret.
`
`6. (Previously Presented) The method according to claim 1, wherein at least two
`different authentication methods of different quality are offered for authentication of the user,
`
`7. (Previously Presented) The method according to claim 6, wherein the particular
`authentication methods not used are disabled.
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 18 of 25
`
`AIRE-SAMS-00000753
`
`Application No.: 10/531,259
`Ast Unit: 2131
`
`8. (Previously Presented) The method according to claim 6, wherein no quality
`information is produced for an authentication method.
`
`9. (Previously Presented) The method according to claim 1, wherein a user is asked to
`select an authentication method.
`
`10, (Currently Amended) A portable data carrier for performing a security-
`establishing operation within a secure electronic transaction and arranged to perform different
`quality user authentication methods, wherein the difference in quality of user authentication
`varies between an inherently relatively lower quality and an inherently relatively higher
`quality from a security perspective, comprising: whereby the portable data carrier is arranged
`to perform a user authentication using one of said implemented user authentication methods
`and the portable data carrier is arranged to confirm the authentication to a terminal, and
`wherein the data carrier is arranged to create quality information about said user
`authentication method used and to attach such quality information to the result of the security
`establishing operation.
`
`11. (Previously Presented) The data carrier according to claim 10, wherein the
`portable data carrier is set up to create a digital signature.
`
`12. (Previously Presented) The data carrier according to claim 10, wherein the data
`carrier supports at least two qualitatively different authentication methods.
`
`13. (Currently Amended) A terminal for use in connection with the portable data
`carrier according to claim [[9]] 10, said terminal including a device arranged to cause a user
`to select one of at least two possible different quality authentication methods.
`
`14. (Previously Presented) A system for effecting a secure electronic transaction
`within which the quality of authentication of a user of the system is ascertained, comprising
`the portable data carrier according to claim 10 and the terminal according to claim 13.
`
`

`

`Case 6:21-cv-01101-ADA Document 31-8 Filed 05/19/22 Page 19 of 25
`
`AIRE-SAMS-00000754
`
`Application No.: 10/531,259
`Art Unit: 2131
`
`REMARKS
`
`Amendments to the Claims
`Claim 10 is amended to change “whereby” to “comprising:” in line 5 to more properly
`recite the inventive subject matter in terms reflecting appropriate U.S. practice. The scope
`and meaning of the claim is unchanged by the amendment.
`Claim 13 is amended to correct an obvious mistake resulting from the original claim
`referring back to claim 9 instead of claim 10. The claim has been amended to properly refer
`back to claim 10.
`
`35 USC §102
`Claim Rejections
`The rejection of claims 1-6 and 8-14 under 35 USC §102(e) as being anticipated by
`Russo (U.S. 2003/0101348 A1) is respectfully traversed. As a starting point, the scope and
`meaning of the claims are reviewed from the perspective of a person skilled in the art based
`on the written description and drawings of the application.
`Claim 1 recites a method for effecting a secure electronic transaction on a terminal
`using a portable data carrier that is capable of performin