Prosecution Insights
Last updated: July 17, 2026
Application No. 15/851,326

SECURE END-TO-END PERSONALIZATION OF SMART CARDS

Final Rejection §101§103
Filed
Dec 21, 2017
Examiner
EKECHUKWU, CHINEDU U
Art Unit
3695
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Entrust Corporation
OA Round
11 (Final)
2%
Grant Probability
At Risk
12-13
OA Rounds
0m
Est. Remaining
4%
With Interview

Examiner Intelligence

Grants only 2% of cases
2%
Career Allowance Rate
3 granted / 203 resolved
-50.5% vs TC avg
Minimal +2% lift
Without
With
+2.4%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
42 currently pending
Career history
263
Total Applications
across all art units

Statute-Specific Performance

§101
5.8%
-34.2% vs TC avg
§103
79.4%
+39.4% vs TC avg
§102
12.9%
-27.1% vs TC avg
§112
1.5%
-38.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 203 resolved cases

Office Action

§101 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is a Final Office Action in response to application 15/851,326 entitled "SECURE END-TO-END PERSONALIZATION OF SMART CARDS" with amendment filed on October 14, 2025, with claims 1-6, 8-22 and 24-26 pending. Status of Claims Claims 1, 11, 20, 22, and 24 have been amended. Claim 23 was previously cancelled. Claim 7 is newly cancelled. Claims 1-22 and 24-26 are pending and have been examined. Response to Amendment The response filed October 14, 2025, has been entered. Claims 1-22 and 24-26 remain pending in the application. Applicant’s amendments to the Specification, Drawings, and/or Claims have been noted in response to the Non-Final Office Action mailed May 12, 2025. Information Disclosure Statement The information disclosure statement (IDS) submitted on April 17, 2025, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the Examiner. Claim Interpretation The following claim limitations are interpreted by the Examiner as follows: Claims 1, 11, 20, and 22: “without requiring a concurrent [secured] connection to a card issuance device”. Claim 24: “without requiring a concurrent connection to the personalization system”. are described as being supported in the specification at [0009] and [0024]. The Remarks dated 4/30/2021 explain “that the personalization process does not require a connection to the card issuance device to create a virtual smart card in accordance with the present invention, and that the virtual smart card may be later conveyed to the card issuance device so the card issuance device may use the information in the virtual smart card for personalizing a real smart card.” Examiner interprets this as the data personalization software for either the “real” or “virtual” card exists separate and apart from the printer (card issuance device); Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-6, 8-22 and 24-26 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Please see MPEP 2106 for additional information regarding Patent Subject Matter Eligibility Guidance. Claims 1-6, 8-22 and 24-26 are directed to a system, method/process, machine/apparatus, or composition of matter, which are/is one of the statutory categories of invention. (Step 1: YES). The claimed invention is directed to an abstract idea without significantly more. Independent Claim 1 recites: “A method comprising: generating, at a personalization system, a customized dataset including personalization data of a particular user …onto a smart card, the customized dataset being generated based on an operating system of the smart card by performing a personalization process to generate a virtual smart card formatted according to the operating system and specific to an intended recipient of the smart card without requiring a concurrent connection …; … at least a portion of the customized dataset including the virtual smart card, at the personalization system, using an encryption key that is specific to the card issuance device that is separate from the personalization system, the encryption key being different from any encryption key used to secure the customized dataset when stored on the smart card; and … the virtual smart card, …, …alongside a plurality of different encrypted virtual smart cards personalized for a plurality of different intended recipients …, wherein generating the customized dataset is completed prior to …any portion of the customized dataset….” These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructions for generating, at a personalization system, a customized dataset and to generate a virtual smart card formatted recite a fundamental economic principles or practice and/or commercial or legal interactions. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic, commercial, or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea). This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of: [a card issuance device][to the card issuance device][ for installation]: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea [encrypting] [encrypted with the encryption key] [transmitting]: insignificant extra-solution activity to the judicial exception of data gathering are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For example, the Applicant’s Specification reads, [0033] “rather than use of a card issuance device such as printers106, 107, a software-based card issuance device could be used to issue a smart card to a user. As seen in Fig. 1, a mobile device, such as a smartphone112 having mobile wallet software installed thereon, can act as a card issuance device by including card issuance software capable of generating a real personalized software-implemented smart card”. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 1 is directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application) Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, the additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. The claim further defines the abstract idea and hence is abstract for the reasons presented above. The claim does not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. For the encryption step that was considered extra-solution activity and determined to be well-understood, routine, conventional activity in the field, the background does not provide any indication that the network appliance is anything other than a generic, off-the-shelf computer component that is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). The Specification reads, [0073] “An Application Load Certificate (ALC)632 can be used as well, and corresponds to a certified copy of the public key of an application provider, as well as an application header. The ALC634 can be signed using a MULTOS card authority's private key certifying key (KCK), allowing any MULTOS card that are appropriately implemented to verify the authenticity of the certificate.” For these reasons, there is no inventive concept. For causing the transmission, MPEP 2106.05(d)(II) indicates that the courts have recognized receiving or transmitting data over a network as well-understood, routine and conventional functions when claimed in a merely generic manner: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).For these reasons, there is no inventive concept. Therefore, the claim is directed to an abstract idea. Thus, the claim is not patent eligible. (Step 2B: NO. The claim does not provide significantly more) Dependent Claims recite additional elements. This judicial exception is not integrated into a practical application. In particular, the recited additional elements of Claims 2 and 3: “card issuance device”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea Claim 4: (none found: does not include additional elements and merely narrows the abstract idea) Claim 5: “card issuance device”, “mobile device”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea “card printer associated with a physical smart card”: merely applying printing technologies as a tool to perform an abstract idea Claim 6: “encrypting”: insignificant extra-solution activity to the judicial exception Claim 8: “card issuance device”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea “decrypting”: insignificant extra-solution activity to the judicial exception Claim 9: “card issuance device via the Internet”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea Claim 10: “encrypted”: insignificant extra-solution activity to the judicial exception Claim 26: “a computing device”, “card issuance device”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, the claim is directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application) Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. Dependent claims further define the abstract idea that is present in their respective independent claims and hence are abstract for the reasons presented above. The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. For the encryption step that was considered extra-solution activity and determined to be well-understood, routine, conventional activity in the field, the background does not provide any indication that the network appliance is anything other than a generic, off-the-shelf computer component that is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. For these reasons, there is no inventive concept. For causing the transmission, MPEP 2106.05(d)(II) indicates that the courts have recognized receiving or transmitting data over a network as well-understood, routine and conventional functions when claimed in a merely generic manner: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).For these reasons, there is no inventive concept. Therefore, the dependent claims are directed to an abstract idea. Thus, the dependent claims are not patent eligible. (Step 2B: NO. The claims do not provide significantly more) Independent Claim 11 recites: “A secure end-to-end smart card personalization system comprising: a personalization system comprising …cause the personalization system to: generate a customized dataset including personalization data …onto a smart card, the customized dataset being generated based on an operating system of the smart card by performing a personalization process to generate a virtual smart card formatted according to the operating system and specific to an intended recipient of the smart card without requiring a concurrent connection to a card issuance device; … at least a portion of the customized dataset including the virtual smart card, at a personalization system, using an encryption key that is specific to a card issuance device that is separate from the personalization system, the encryption key being different from any encryption key used to secure the customized dataset when stored on the smart card; and … alongside a plurality of different …virtual smart cards personalized for a plurality of different intended recipients …, wherein generating the customized dataset is completed prior to …any portion of the customized dataset…..” These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructions for generating, at a personalization system, a customized dataset and to generate a virtual smart card formatted recite a fundamental economic principles or practice and/or commercial or legal interactions. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic, commercial, or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea). This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of: [a programmable circuit communicatively connected to a memory storing computer executable instructions which, when executed] [to the card issuance device][ for installation]: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea [encrypted with the encryption key][encrypted][transmitting]: insignificant extra-solution activity to the judicial exception of data gathering are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 11 is directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application) Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, the additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. The claim further defines the abstract idea and hence is abstract for the reasons presented above. The claim does not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. For the encrypted step that was considered extra-solution activity and determined to be well-understood, routine, conventional activity in the field, the background does not provide any indication that the network appliance is anything other than a generic, off-the-shelf computer component that is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. For these reasons, there is no inventive concept. For causing the transmission, MPEP 2106.05(d)(II) indicates that the courts have recognized receiving or transmitting data over a network as well-understood, routine and conventional functions when claimed in a merely generic manner: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).For these reasons, there is no inventive concept. Therefore, the claim is directed to an abstract idea. Thus, the claim is not patent eligible. (Step 2B: NO. The claim does not provide significantly more) Dependent Claims recite additional elements. This judicial exception is not integrated into a practical application. In particular, the recited additional elements of Claims 12 and 14: (none found: does not include additional elements and merely narrows the abstract idea) Claim 15: “card issuance device”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea Claim 16: “card issuance device”, “Internet”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea Claim 17: “card issuance device”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea “smart card printer”: merely applying printing technologies as a tool to perform an abstract idea Claim 18: “card issuance device”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea Claim 19: “card issuance device”, “Internet”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, the claim is directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application) Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. Dependent claims further define the abstract idea that is present in their respective independent claims and hence are abstract for the reasons presented above. The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. For the encryption step that was considered extra-solution activity and determined to be well-understood, routine, conventional activity in the field, the background does not provide any indication that the network appliance is anything other than a generic, off-the-shelf computer component that is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. For these reasons, there is no inventive concept. For causing the transmission, MPEP 2106.05(d)(II) indicates that the courts have recognized receiving or transmitting data over a network as well-understood, routine and conventional functions when claimed in a merely generic manner: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).For these reasons, there is no inventive concept. Therefore, the dependent claims are directed to an abstract idea. Thus, the dependent claims are not patent eligible. (Step 2B: NO. The claims do not provide significantly more) Independent Claim 20 recites: “A secure end-to-end smart card personalization system comprising: a personalization system communicatively connected…, the personalization system configured to: generate a personalized virtual smart card including personalization data for…, the customized dataset being generated based on an operating system of the real smart card by performing a personalization process using a virtual smart card formatted according to the operating system and specific to an intended recipient of the smart card without requiring a concurrent connection …; …at least a portion of the customized dataset including the virtual smart card, at a personalization system, using a public key of a public-private key pair unique to a card issuance device and different from a public key of the real smart card; and …the virtual smart card, …with the public key, …alongside a plurality of different … virtual smart cards personalized for a plurality of different intended recipients encrypted using the encryption key, wherein generating the customized dataset is completed prior to any portion of the customized dataset being….” These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructions for generating, at a personalization system, a customized dataset and to generate a virtual smart card formatted recite a fundamental economic principles or practice and/or commercial or legal interactions. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic, commercial, or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea). This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of: [to a card issuance device][to the card issuance device]: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea [encrypt ][encrypted ][transmit ][transmitted to the card issuance device]: insignificant extra-solution activity to the judicial exception of data gathering are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 20 is directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application) Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, the additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. The claim further defines the abstract idea and hence is abstract for the reasons presented above. The claim does not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. For the encryption steps that were considered extra-solution activity and determined to be well-understood, routine, conventional activity in the field, the background does not provide any indication that the network appliance is anything other than a generic, off-the-shelf computer component that is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. For these reasons, there is no inventive concept. For causing the transmission, MPEP 2106.05(d)(II) indicates that the courts have recognized receiving or transmitting data over a network as well-understood, routine and conventional functions when claimed in a merely generic manner: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).For these reasons, there is no inventive concept. Therefore, the claim is directed to an abstract idea. Thus, the claim is not patent eligible. (Step 2B: NO. The claim does not provide significantly more) Dependent Claims recite additional elements. This judicial exception is not integrated into a practical application. In particular, the recited additional elements of Claim 21: “card issuance device”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea “encrypted”, “decrypted”: insignificant extra-solution activity to the judicial exception are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, the claim is directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application) Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. Dependent claims further define the abstract idea that is present in their respective independent claims and hence are abstract for the reasons presented above. The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. For the encryption step that was considered extra-solution activity and determined to be well-understood, routine, conventional activity in the field, the background does not provide any indication that the network appliance is anything other than a generic, off-the-shelf computer component that is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. For these reasons, there is no inventive concept. For causing the transmission, MPEP 2106.05(d)(II) indicates that the courts have recognized receiving or transmitting data over a network as well-understood, routine and conventional functions when claimed in a merely generic manner: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).For these reasons, there is no inventive concept. Therefore, the dependent claims are directed to an abstract idea. Thus, the dependent claims are not patent eligible. (Step 2B: NO. The claims do not provide significantly more) Independent Claim 22 recites: “A method of personalizing a smart card, the method comprising: receiving at a personalization system an operating system type of a smart card to be personalized; generating a customized dataset including personalization data for …the smart card to be personalized by performing a personalization process using a virtual smart card formatted according to the operating system and specific to an intended recipient of the smart card without requiring a concurrent secured connection to the card issuance device; receiving an encryption key …and …at least a portion of the customized dataset including the virtual smart card prior to …the customized dataset to the card issuance device, at the personalization system, the encryption key being different from any encryption key used to secure the customized dataset when stored on the smart card; and after the customized dataset is generated in its entirety, … the virtual smart card, …with the public key, …alongside a plurality of different …virtual smart cards personalized for a plurality of different intended recipients … using the encryption key.” These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructions for generating, at a personalization system, a customized dataset and to generate a virtual smart card formatted recite a fundamental economic principles or practice and/or commercial or legal interactions. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic, commercial, or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea). This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of: [specific to the card issuance device] [ to the card issuance device] [installation onto]: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea [encrypting][encrypted] [transmitting]: insignificant extra-solution activity to the judicial exception of data gathering are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 22 is directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application) Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, the additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. The claim further defines the abstract idea and hence is abstract for the reasons presented above. The claim does not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. For the encrypted step that was considered extra-solution activity and determined to be well-understood, routine, conventional activity in the field, the background does not provide any indication that the network appliance is anything other than a generic, off-the-shelf computer component that is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. For these reasons, there is no inventive concept. For causing the transmission, MPEP 2106.05(d)(II) indicates that the courts have recognized receiving or transmitting data over a network as well-understood, routine and conventional functions when claimed in a merely generic manner: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).For these reasons, there is no inventive concept. Therefore, the claim is directed to an abstract idea. Thus, the claim is not patent eligible. (Step 2B: NO. The claim does not provide significantly more) Independent Claim 24 recites: “A method of personalizing a smart card, the method comprising: in a first communication session…to a personalization system an operating system type of a smart card to be personalized; in a second communication session different from the first communication session, receiving, …a customized dataset including personalization data … onto the smart card to be personalized, the customized dataset including a personalized virtual smart card formatted according to the operating system and specific to an intended recipient of the smart card, wherein the customized dataset is received alongside a plurality of virtual smart cards specific to other intended recipients, and wherein the personalized virtual smart card and the plurality of virtual smart cards …with an encryption key specific …and personalizing a real smart card using the customized dataset … without requiring a concurrent connection to the personalization system, wherein generating the customized dataset is completed before any portion of the customized dataset is received…” These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructions for generating, at a personalization system, a customized dataset and to generate a virtual smart card formatted recite a fundamental economic principles or practice and/or commercial or legal interactions. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic, commercial, or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea). This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of: [at a card issuance device] [for installation][to the card issuance device][at the card issuance device]: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea [transmitting from a card issuance device] [are each encrypted]: insignificant extra-solution activity to the judicial exception of data gathering are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 24 is directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application) Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, the additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. The claim further defines the abstract idea and hence is abstract for the reasons presented above. The claim does not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. For the encryption steps that were considered extra-solution activity and determined to be well-understood, routine, conventional activity in the field, the background does not provide any indication that the network appliance is anything other than a generic, off-the-shelf computer component that is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. For these reasons, there is no inventive concept. For causing the transmission, MPEP 2106.05(d)(II) indicates that the courts have recognized receiving or transmitting data over a network as well-understood, routine and conventional functions when claimed in a merely generic manner: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).For these reasons, there is no inventive concept. Therefore, the claim is directed to an abstract idea. Thus, the claim is not patent eligible. (Step 2B: NO. The claim does not provide significantly more) Dependent Claims recite additional elements. This judicial exception is not integrated into a practical application. In particular, the recited additional elements of Claim 25: “card issuance device”: merely applying computer processing, networking, and display technologies as a tool to perform an abstract idea “decrypting”: insignificant extra-solution activity to the judicial exception are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, the claim is directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application) Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. Dependent claims further define the abstract idea that is present in their respective independent claims and hence are abstract for the reasons presented above. The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. For the encryption step that was considered extra-solution activity and determined to be well-understood, routine, conventional activity in the field, the background does not provide any indication that the network appliance is anything other than a generic, off-the-shelf computer component that is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). For support from the Applicant’s Specification, see the analysis as applied to Independent Claim 1 earlier. For these reasons, there is no inventive concept. For causing the transmission, MPEP 2106.05(d)(II) indicates that the courts have recognized receiving or transmitting data over a network as well-understood, routine and conventional functions when claimed in a merely generic manner: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network).For these reasons, there is no inventive concept. Therefore, the dependent claims are directed to an abstract idea. Thus, the dependent claims are not patent eligible. (Step 2B: NO. The claims do not provide significantly more) Examiner’s Note Independent claims have been rejected by two separate prior art rejections under 35 USC § 103. Firstly by: Johnson ("METHOD AND SYSTEM FOR PERSONALIZING SMART CARDS USING ASYMMETRIC KEY CRYPTOGRAPHY", U.S. Publication Number: US 20080005567 A1), in view of Tamblyn ("METHOD AND APPARATUS FOR PRINTING A SECURITY CARD", U.S. Publication Number: US 20180086125 A1),in view of Kobayashi (“NETWORK PRINTING SYSTEM”, Japanese Publication Number: JP2000181645A) Secondly by: Lee ("Personalization of smart cards", U.S. Patent Number: US 6367011B1), in view of Tamblyn ("METHOD AND APPARATUS FOR PRINTING A SECURITY CARD", U.S. Publication Number: US 20180086125 A1) Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 2, 5, 8, 11, 20, 21, 22, and 24-26 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson ("METHOD AND SYSTEM FOR PERSONALIZING SMART CARDS USING ASYMMETRIC KEY CRYPTOGRAPHY", U.S. Publication Number: US 20080005567 A1),in view of Tamblyn ("METHOD AND APPARATUS FOR PRINTING A SECURITY CARD", U.S. Publication Number: US 20180086125 A1),in view of Kobayashi (“NETWORK PRINTING SYSTEM”, Japanese Publication Number: JP2000181645A) Regarding Claim 1, Johnson teaches, A method comprising: generating, at a personalization system, a customized dataset including personalization data of a particular user for installation onto a smart card, (Johnson [0031] data 14 to be used by the application, such as, for example, the personalization data, can be passed to the application Johnson [0032] permit smart card personalization data to be encrypted) the customized dataset being generated based on an operating system of the smart card by performing a personalization process (Johnson [0028] permit a smart card using Java Card™ technology, MULTOS™ technology or any other type of proprietary technology to be personalized in a secure way using asymmetric cryptography. A smart card can consist of, for example, a secure microcontroller implemented in hardware, firmware containing an operating system and/or Java Card Runtime Environment implementation Johnson [0039] the various perso_descriptors 544 can be formatted into a data structure called the plaintext_KTU Examiner notes the Applicant's invention also utilizes MULTOS operating system as Johnson (i.e., the operating systems are equivalent) The Applicant’s Specification in the instant application reads: [0025] Examples of operating systems include MULTOS, GlobalPlatform, and a variety of proprietary or native operating systems [0072] system 600 for secure personalization of a smart card using a first operating system, such as the MULTOS operating system. [0073] can be signed using a MULTOS card authority's private key certifying key (KCK), allowing any MULTOS card that are appropriately implemented to verify the authenticity of the certificate. ) to generate a virtual smart card formatted according to the operating system (Johnson [0010] During personalization, the smart card is generally loaded ... with data that allows the card to be used in a payment system, for example. Personalization data may include file information, application information, a maximum value for an application or of the card and a personal identification number (PIN) or other cardholder information. Also included may be the currency in which the card or application is valid, the expiration date of the card or application, and a variety of cryptographic keys and algorithm information for the card or applications on the card.) Examiner notes the Applicant's invention also utilizes MULTOS operating system and formatting as Johnson (i.e., the operating systems are equivalent) The Applicant’s Specification in the instant application reads: [0025] Examples of operating systems include MULTOS, GlobalPlatform, and a variety of proprietary or native operating systems [0072] system 600 for secure personalization of a smart card using a first operating system, such as the MULTOS operating system. [0073] can be signed using a MULTOS card authority's private key certifying key (KCK), allowing any MULTOS card that are appropriately implemented to verify the authenticity of the certificate.) and specific to an intended recipient of the smart card (Johnson [0010] After a card is initialized, it is then typically personalized. During personalization, the smart card is generally loaded with data that uniquely identifies the card for that end user...Personalization data may include file information...and a personal identification number (PIN) or other cardholder information.) encrypting at least a portion of the customized dataset including the virtual smart card, at the personalization system including the virtual smart card, (Johnson [0010] a variety of cryptographic keys and algorithm information for the card or applications on the card Johnson [0006] The encryption is generally accomplished by manipulating or transforming the message using a cipher key or keys. Johnson [0016] a plurality of keys are provided to the device including device-related keys, provider-specific keys, and transfer keys. Personalization instructions can be directed to a selected application in the device Johnson [Claim 5] for encrypting the personalization instruction Johnson [0010] a variety of cryptographic keys and algorithm information for the card or applications on the card) [transmitting] the virtual smart card, encrypted with the encryption key, (Johnson [0016] a smart card using Java Card.TM. technology, MULTOS.TM. technology or any other type of proprietary technology to be personalized...including device-related keys, provider-specific keys, and transfer keys. Johnson [0028] Certain embodiments of the present invention permit a smart card using Java Card™ technology, MULTOS™ technology or any other type of proprietary technology ... A smart card can consist of, for example,...firmware containing an operating system and/or Java Card Runtime Environment implementation, and … software programs or other executable code and their associated data. Johnson [0030] The term application … is not meant to limit the type of executable code that can be loaded onto the smart card.) alongside a plurality of different encrypted virtual smart cards personalized for a plurality of different intended recipients encrypted using the encryption key, (Johnson [0003] personalizing smart cards or other devices ... for personalizing smart cards using asymmetric key cryptography. Johnson [0012] master keys to communicate with a large number of cards in a system. Johnson [0037] The application provider 10 may maintain a repository of keys 108 associated with a plurality of smart cards Johnson [0007] provided to users of the system Johnson [0016] proprietary technology to be personalized...including device-related keys, provider-specific keys, and transfer keys.) wherein generating the customized dataset is completed prior to transmitting any portion of the customized dataset to the card issuance device. (Johnson [0009] goes through an initialization and a personalization process....During the initialization process, a manufacturer or other card supplier embeds an integrated circuit chip into the plastic card body. The chip is loaded with at least one application program, such as...a file structure may be initialized with default values, and initial cryptographic keys may be stored for transport security. Johnson [0010] After a card is initialized, it is then typically personalized. During personalization, the smart card is generally loaded with data that uniquely identifies the card for that end user Johnson [0012] Derived card keys are derived from master keys stored in the security module (of the personalization facility) using derivation data unique to each card. The derivation data is encrypted with a suitable algorithm using a master key to produce a derived card key for a particular card. ...the master key can be used with derivation data from the card to independently regenerate the derived card key.) Johnson implicitly teaches “without requiring a concurrent connection to a card issuance device” because the “transfer key” to encrypt the personalization instruction being sent to the smart card application, without an online secured link established between the application on the smart card and the application provider (i.e., a secure channel). Johnson teaches in [0014] that in related arts personalization requires a secure channel between the application on the smart card and the application provider. Johnson states in [0007] secure channels are impractical and expensive. Johnson does not explicitly teach using an encryption key that is specific to the card issuance device that is separate from the personalization system, the encryption key being different from any encryption key used to secure the customized dataset when stored on the smart card; without requiring a concurrent connection to a card issuance device; transmitting the virtual smart card, encrypted with the … key to the card issuance device. Tamblyn teaches, using an encryption key that is specific to the card issuance device …, the encryption key being different from any encryption key used to secure the customized dataset when stored on the smart card; (Tamblyn [0012] using a decryption key stored local to the printer being used to print the security image prior to printing the visual security image. Tamblyn [0079] The decryption key may for example only be accessed or used by certain printers (identified by unique properties to that printer) Tamblyn [0025] may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so. When authorised to print ... using a decryption key stored local to the printer prior to printing the security image.) transmitting the virtual smart card, encrypted with the encryption key to the card issuance device. (Tamblyn [0020] Such a printer enables a security card to be printed, where the security card has a primary image (for example an image of the card bearer, and/or some other identifying data pertaining to the card bearer) together with a visual security image that identifies the card as being a genuine Tamblyn [0012] an encryption key Tamblyn [0052] The VSI can be customised, by the printer manufacturer, so that it is a specific image chosen by the end user. This will typically be a corporate logo, a government logo, or other image which is proprietary to the end user. In this case when the VSI is a custom image, the ability to print that image may be programmed into each individual printer. Tamblyn [Abstract] A security image is printed onto the receiving layer of a dye receptive reverse transfer film, which can then be applied to the card and bonded with the card. The printing of the security image occurs by transferring overcoat material from an overcoat panel of the dye carrying film onto the receiving layer of the dye receptive reverse transfer film in a pattern, which forms the visual security image. .... in a reverse transfer printing method to provide a security card having a primary image and a security image. Tamblyn [0012] The visual security image may be encrypted with an encryption key for preventing unauthorised printing of the visual security image. As such, printing of a visual security image may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so. When authorised to print the encrypted visual security image, receiving a visual security image to be printed may comprise receiving the encrypted visual security image, and decrypting the encrypted visual security image using a decryption key stored local to the printer being used to print the security image prior to printing the visual security image.) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the card printer encryption key teachings of Tamblyn that is “using a decryption key stored local to the printer.” (Tamblyn [0012]). The modification would have been obvious, because it is merely applying a known technique (i.e. card printer encryption key) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so” Tamblyn [0025]) Tamblyn suggests the VSI is received from a remote entity (Tamblyn [0052] “VSI can be customized, by the printer manufacturer” ) does not teach without requiring a concurrent connection to a card issuance device; While Johnson also implies personalizing a card without requiring a concurrent connection to a card issuance device (Johnson [0042] “application may be personalized by sending commands directly from personalization equipment such as a smart card reader, point of sale terminal, ATM or smart card printer/encoder or other such equipment …The personalization commands can be passed to the smart card platform from the on-card application by using an application program interface (API) provided by the smart card operating system” ), Johnson is not explicit about “a personalization process … without requiring a concurrent connection to a card issuance device.” Kobayashi explicitly teaches, without requiring a concurrent connection to a card issuance device (Kobayashi [0005] Since the job data is absorbed into various buffers existing between the personal computer and the network printer, the next print processing is started even though the print processing is not actually completed....the buffer processing and the asynchronous processing are necessary for efficient processing Kobayashi [0006] unprocessed data is minimized and the number of connections is effectively used. Kobayashi [0015] The print spooler 209 creates a queue for the port monitor 210 and processes each job. There is no flow control function between the print daemon 204 and the port monitor 210.) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the asynchronous network printing system teachings of Kobayashi where “job data is absorbed into various buffers.” (Kobayashi [0005]). The modification would have been obvious, because it is merely applying a known technique (i.e. asynchronous network printing) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “buffer processing and the asynchronous processing are necessary for efficient processing” Kobayashi [0005]) Regarding Claim 2, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 1 as described earlier. Johnson teaches, wherein the encryption key comprises a public key of a public-private key pair, wherein a private key of the public-private key pair (Johnson [0034] smart card 12 (MCD) can maintain an asymmetric key pair, including a public key 124 (MKD_PK) and a private key) Johnson does not teach is maintained at the card issuance device or a key repository. Tamblyn teaches, [the key] is maintained at the card issuance device or a key repository. (Tamblyn [0012] using a decryption key stored local to the printer being used to print the security image prior to printing the visual security image. Tamblyn [0079] The decryption key may for example only be accessed or used by certain printers (identified by unique properties to that printer) Tamblyn [0025] may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so. When authorised to print ... using a decryption key stored local to the printer prior to printing the security image.) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the card printer encryption key teachings of Tamblyn that is “using a decryption key stored local to the printer.” (Tamblyn [0012]). The modification would have been obvious, because it is merely applying a known technique (i.e. card printer encryption key) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so” Tamblyn [0025]) Regarding Claim 5, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 1 as described earlier. Johnson teaches, wherein the card issuance device comprises at least one of a card printer associated with a physical smart card or a mobile device onto which an electronic smart card is installed. (Johnson [Abstract] permit a smart card to be personalized Johnson [0042] the application may be personalized by sending commands directly from personalization equipment such as a smart card reader, point of sale terminal, ATM or smart card printer/encoder or other such equipment Johnson [0058] personalization equipment includes smart card readers, point of sale terminals, ATMs and smart card printers.) Regarding Claim 8, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 1 as described earlier. Johnson teaches, using a secured communication session established using one or more encryption keys of the smart card, the one or more encryption keys being different from the key specific to the card issuance device. (Johnson [0014] the establishment of a session key, and (3) then secured communication of many personalization commands through the established secure channel. Johnson [0016] a plurality of keys are provided to the device including device-related keys, provider-specific keys, and transfer keys. Personalization instructions can be directed to a selected application in the device. The selected application is typically identified and the personalization instructions can be encrypted using different ones of the plurality of keys. Johnson [0017] The plurality of keys can also include transfer keys used to secure the personalization instruction through encryption. In certain embodiments, the plurality of keys includes a device-specific secret key and a device-specific public key.) Johnson does not teach decrypting the encrypted at least a portion of the customized dataset received at the card issuance device using a key specific to the card issuance device; based on the customized dataset, personalizing the smart card. Tamblyn teaches, decrypting the encrypted at least a portion of the customized dataset received at the card issuance device using a key specific to the card issuance device; based on the customized dataset, personalizing the smart card. (Tamblyn [0012] decrypting the encrypted visual security image using a decryption key stored local to the printer being used to print the security image prior to printing the visual security image.) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the card printer encryption key teachings of Tamblyn that is “using a decryption key stored local to the printer.” (Tamblyn [0012]). The modification would have been obvious, because it is merely applying a known technique (i.e. card printer encryption key) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so” Tamblyn [0025]) Claim 11 is rejected on the same basis as Claim 1. Claim 20 is rejected on the same basis as Claim 1. Claim 21 is rejected on the same basis as Claim 8. Regarding Claim 22, Johnson teaches, A method of personalizing a smart card, the method comprising: receiving at a personalization system an operating system type of a smart card to be personalized; (Johnson [0028] Certain embodiments of the present invention permit a smart card using Java Card™ technology, MULTOS™ technology or any other type of proprietary technology to be personalized in a secure way using asymmetric cryptography. A smart card can consist of, for example, a secure microcontroller implemented in hardware, firmware containing an operating system and/or Java Card Runtime Environment implementation, and volatile and non-volatile memory for the storage and processing of software programs or other executable code and their associated data Johnson [0030] executable code can be loaded into non-volatile memory of the smart card …. The executable code 16 of the application 18 may use any type run-time environment technology, for example Java Card™, MULTOS™, a proprietary technology, and the like. The term application …. is not meant to limit the type of executable code that can be loaded onto the smart card) generating a customized dataset including personalization data for installation onto the smart card (Johnson [0031] data 14 to be used by the application, such as, for example, the personalization data, can be passed to the application Johnson [0032] permit smart card personalization data to be encrypted) to be personalized by performing a personalization process using a virtual smart card formatted according to the operating system (Johnson [0028] permit a smart card using Java Card™ technology, MULTOS™ technology or any other type of proprietary technology to be personalized in a secure way using asymmetric cryptography. A smart card can consist of, for example, a secure microcontroller implemented in hardware, firmware containing an operating system and/or Java Card Runtime Environment implementation Johnson [0039] the various perso_descriptors 544 can be formatted into a data structure called the plaintext_KTU Examiner notes the Applicant's invention also utilizes MULTOS operating system: [0025] Examples of operating systems include MULTOS, GlobalPlatform, and a variety of proprietary or native operating systems [0072] system 600 for secure personalization of a smart card using a first operating system, such as the MULTOS operating system. [0073] can be signed using a MULTOS card authority's private key certifying key (KCK), allowing any MULTOS card that are appropriately implemented to verify the authenticity of the certificate.) and specific to an intended recipient of the smart card (Johnson [0010] After a card is initialized, it is then typically personalized. During personalization, the smart card is generally loaded with data that uniquely identifies the card for that end user...Personalization data may include file information...and a personal identification number (PIN) or other cardholder information.) at the personalization system (Johnson [0057] Certain embodiments of the invention provide methods for remotely personalizing an electronically addressable device that comprise providing one or more secured personalization instructions and a ciphertext_KTU to remote personalization equipment) transmitting the virtual smart card, encrypted with the encryption key, to the card issuance device (Johnson [0057] remotely personalizing an electronically addressable device that comprise providing one or more secured personalization instructions and a ciphertext_KTU to remote personalization equipment Johnson [0003] personalizing smart cards...personalizing smart cards using asymmetric key cryptography. Johnson [0016] a smart card using Java Card.TM. technology, MULTOS.TM. technology or any other type of proprietary technology to be personalized...including device-related keys, provider-specific keys, and transfer keys. Johnson [0058] providing additional secured personalization instructions to the remote personalization equipment,....personalization equipment includes... smart card printers. Johnson [0006] sending a message from a sender to a receiver over a medium so that the message is secure... This process is typically referred to as enciphering..... This process is typically referred to as deciphering. So long as only the sender and receiver have knowledge of the cipher key, such an encrypted transmission is secure. Johnson [Abstract] whereby the personalized instructions can be encrypted) alongside a plurality of different encrypted virtual smart cards personalized for a plurality of different intended recipients encrypted using the encryption key, (Johnson [0003] personalizing smart cards or other devices ... for personalizing smart cards using asymmetric key cryptography. Johnson [0012] master keys to communicate with a large number of cards in a system. Johnson [0037] The application provider 10 may maintain a repository of keys 108 associated with a plurality of smart cards Johnson [0007] provided to users of the system Johnson [0016] proprietary technology to be personalized...including device-related keys, provider-specific keys, and transfer keys.) Johnson does not teach without requiring a concurrent secured connection to the card issuance device; receiving an encryption key specific to the card issuance device and encrypting at least a portion of the customized dataset including the virtual smart card prior to transmitting the customized dataset to the card issuance device; the encryption key being different from any encryption key used to secure the customized dataset when stored on the smart card; and after the customized dataset is generated. Tamblyn teaches, receiving an encryption key specific to the card issuance device and encrypting at least a portion of the customized dataset including the virtual smart card prior to transmitting the customized dataset to the card issuance device (Tamblyn [0025] The visual security image may be encrypted with an encryption key for preventing unauthorised printing of the visual security image. As such, printing of a visual security image may be limited to a particular printer ...When authorised to print the encrypted visual security image, the controller may be configured to decrypt the encrypted visual security image using a decryption key stored local to the printer prior to printing the security image. Tamblyn [0012] When authorised to print the encrypted visual security image, receiving a visual security image to be printed may comprise receiving the encrypted visual security image, and decrypting the encrypted visual security image using a decryption key stored local to the printer being used to print the security image prior to printing the visual security image.) the encryption key being different from any encryption key used to secure the customized dataset when stored on the smart card; (Tamblyn [0012] using a decryption key stored local to the printer being used to print the security image prior to printing the visual security image. Tamblyn [0079] The decryption key may for example only be accessed or used by certain printers (identified by unique properties to that printer) Tamblyn [0025] may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so. When authorised to print ... using a decryption key stored local to the printer prior to printing the security image.) and after the customized dataset is generated in its entirety (Tamblyn [0025] The visual security image may be encrypted with an encryption key for preventing unauthorised printing of the visual security image.) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the card printer encryption key teachings of Tamblyn that is “using a decryption key stored local to the printer.” (Tamblyn [0012]). The modification would have been obvious, because it is merely applying a known technique (i.e. card printer encryption key) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so” Tamblyn [0025]) Tamblyn suggests the VSI is received from a remote entity (Tamblyn [0052] “VSI can be customized, by the printer manufacturer” ) does not teach without requiring a concurrent connection to a card issuance device; While Johnson also implies personalizing a card without requiring a concurrent connection to a card issuance device (Johnson [0042] “application may be personalized by sending commands directly from personalization equipment such as a smart card reader, point of sale terminal, ATM or smart card printer/encoder or other such equipment …The personalization commands can be passed to the smart card platform from the on-card application by using an application program interface (API) provided by the smart card operating system” ), Johnson is not explicit about “a personalization process … without requiring a concurrent connection to a card issuance device.” Kobayashi explicitly teaches, without requiring a concurrent secured connection to a card issuance device (Kobayashi [0005] Since the job data is absorbed into various buffers existing between the personal computer and the network printer, the next print processing is started even though the print processing is not actually completed....the buffer processing and the asynchronous processing are necessary for efficient processing Kobayashi [0006] unprocessed data is minimized and the number of connections is effectively used. Kobayashi [0015] The print spooler 209 creates a queue for the port monitor 210 and processes each job. There is no flow control function between the print daemon 204 and the port monitor 210.) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the asynchronous network printing system teachings of Kobayashi where “job data is absorbed into various buffers.” (Kobayashi [0005]). The modification would have been obvious, because it is merely applying a known technique (i.e. asynchronous network printing) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “buffer processing and the asynchronous processing are necessary for efficient processing” Kobayashi [0005]) Regarding Claim 24, Johnson teaches, in a first communication session, transmitting from a card issuance device ( Johnson [0035] “Application provider 10 receives (33) the MKD_PKC 204 of a particular target smart card 12 which includes an application that requires personalization data.” ( Johnson [Figure 1]: PNG media_image1.png 792 578 media_image1.png Greyscale Card-specific Public Key 124 sent from the smart card 12 to Application Provider 10. Johnson [0042] application may be personalized by sending commands directly from personalization equipment such as a smart card reader, point of sale terminal, ATM or smart card printer/encoder or other such equipment) to a personalization system an operating system type of a smart card to be personalized; (Johnson [0028] Certain embodiments of the present invention permit a smart card using Java Card™ technology, MULTOS™ technology or any other type of proprietary technology to be personalized in a secure way using asymmetric cryptography. A smart card can consist of, for example, a secure microcontroller implemented in hardware, firmware containing an operating system and/or Java Card Runtime Environment implementation, and volatile and non-volatile memory for the storage and processing of software programs or other executable code and their associated data Johnson [0035] Application provider 10 receives (33) the MKD_PKC 204 of a particular target smart card 12 which includes an application that requires personalization data.) in a second communication session different from the first communication session (Johnson [Figure 1, at step 114] PNG media_image1.png 792 578 media_image1.png Greyscale Smart Card 12 receives personalization commands for specific smart card from Application Provider 10. Johnson [0041] “In certain embodiments of the invention, the encrypted personalization commands, ciphertext_KTU 52 and KTU_sig 50 can be transported to the location where the data can be loaded into the smart card. This transportation does not require any security, as the personalization data is encrypted with a public key and may only be decrypted within the smart card containing a correct private key.”) receiving, at a card issuance device, a customized dataset including personalization data for installation onto the smart card to be personalized, (Johnson [0042] application may be personalized by sending commands directly from personalization equipment such as a smart card reader, point of sale terminal, ATM or smart card printer/encoder or other such equipment Johnson [0011] The personalization device generally provides data which, when installed on a card) the customized dataset including a personalized virtual smart card (Johnson [0042] application may be personalized by sending commands directly from personalization equipment such as a smart card reader, point of sale terminal, ATM or smart card printer/encoder or other such equipment Johnson [0011] The personalization device generally provides data which, when installed on a card Johnson [0010] During personalization, the smart card is generally loaded ... with data that allows the card to be used in a payment system, for example. Personalization data may include file information, application information, a maximum value for an application or of the card and a personal identification number (PIN) or other cardholder information. Also included may be the currency in which the card or application is valid, the expiration date of the card or application, and a variety of cryptographic keys and algorithm information for the card or applications on the card.) formatted according to the operating system; (Johnson [0028] Certain embodiments of the present invention permit a smart card using Java Card™ technology, MULTOS™ technology or any other type of proprietary technology to be personalized in a secure way using asymmetric cryptography. A smart card can consist of, for example, a secure microcontroller implemented in hardware, firmware containing an operating system and/or Java Card Runtime Environment implementation, and volatile and non-volatile memory for the storage and processing of software programs or other executable code and their associated data) and specific to an intended recipient of the smart card, (Johnson [0010] After a card is initialized, it is then typically personalized. During personalization, the smart card is generally loaded with data that uniquely identifies the card for that end user...Personalization data may include file information...and a personal identification number (PIN) or other cardholder information.) wherein the customized dataset is received alongside a plurality of virtual smart cards specific to other intended recipients, (Johnson [0003] personalizing smart cards or other devices ... for personalizing smart cards using asymmetric key cryptography. Johnson [0012] master keys to communicate with a large number of cards in a system. Johnson [0037] The application provider 10 may maintain a repository of keys 108 associated with a plurality of smart cards Johnson [0007] provided to users of the system Johnson [0016] proprietary technology to be personalized...including device-related keys, provider-specific keys, and transfer keys.) Johnson implicitly teaches “without requiring a concurrent connection to the personalization system” because the “transfer key” to encrypt the personalization instruction being sent to the smart card application, without an online secured link established between the application on the smart card and the application provider (i.e., a secure channel). Johnson teaches in [0014] that in related arts personalization requires a secure channel between the application on the smart card and the application provider. Johnson states in [0007] secure channels are impractical and expensive. Therefore, Johnson does not explicitly teach personalizing a real smart card using the customized dataset at the card issuance device without requiring a concurrent connection to the personalization system, wherein, when received at the card issuance device, the customized dataset is encrypted with an encryption key specific to the card issuance device. Tamblyn teaches, personalizing a real smart card using the customized dataset at the card issuance device (Tamblyn [0020] Such a printer enables a security card to be printed, where the security card has a primary image (for example an image of the card bearer, and/or some other identifying data pertaining to the card bearer) together with a visual security image that identifies the card as being a genuine) wherein, when received at the card issuance device, the customized dataset is encrypted with an encryption key specific to the card issuance device. (Tamblyn [0012] using a decryption key stored local to the printer being used to print the security image prior to printing the visual security image. Tamblyn [0079] The decryption key may for example only be accessed or used by certain printers (identified by unique properties to that printer) Tamblyn [0025] may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so. When authorised to print ... using a decryption key stored local to the printer prior to printing the security image.) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the card printer encryption key teachings of Tamblyn that is “using a decryption key stored local to the printer.” (Tamblyn [0012]). The modification would have been obvious, because it is merely applying a known technique (i.e. card printer encryption key) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so” Tamblyn [0025]) Tamblyn suggests the VSI is received from a remote entity (Tamblyn [0052] “VSI can be customized, by the printer manufacturer” ) does not teach explicitly without requiring a concurrent connection to the personalization system; Tamblyn does not explicitly teach without requiring a concurrent connection to the personalization system. Kobayashi teaches, without requiring a concurrent connection to the personalization system (Kobayashi [0005] Since the job data is absorbed into various buffers existing between the personal computer and the network printer, the next print processing is started even though the print processing is not actually completed....the buffer processing and the asynchronous processing are necessary for efficient processing Kobayashi [0006] unprocessed data is minimized and the number of connections is effectively used. Kobayashi [0015] The print spooler 209 creates a queue for the port monitor 210 and processes each job. There is no flow control function between the print daemon 204 and the port monitor 210) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the asynchronous network printing system teachings of Kobayashi where “job data is absorbed into various buffers.” (Kobayashi [0005]). The modification would have been obvious, because it is merely applying a known technique (i.e. asynchronous network printing) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “buffer processing and the asynchronous processing are necessary for efficient processing” Kobayashi [0005]) Regarding Claim 25, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 24 as described earlier. Johnson does not teach the method further comprising decrypting the customized dataset using a decryption key of the card issuance device. Tamblyn teaches, the method further comprising decrypting the customized dataset using a decryption key of the card issuance device. (Tamblyn [0012] decrypting the encrypted visual security image using a decryption key stored local to the printer being used to print the security image prior to printing the visual security image.) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the card printer encryption key teachings of Tamblyn that is “using a decryption key stored local to the printer.” (Tamblyn [0012]). The modification would have been obvious, because it is merely applying a known technique (i.e. card printer encryption key) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “may be limited to a particular printer (to guarantee authenticity of the security image being printed for applying to cards) that is authorised to do so” Tamblyn [0025]) Regarding Claim 26, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 1 as described earlier. Johnson teaches, wherein the personalization system comprises a computing device communicatively connectable to the card issuance device, and wherein the card issuance device comprises a card printer. (Johnson [0058] providing additional secured personalization instructions to the remote personalization equipment,....personalization equipment includes... smart card printers.) Claims 3 is rejected under 35 U.S.C. 103 as being unpatentable over Johnson, Tamblyn, and Kobayashi in view of Bjerrum ("METHOD OF TRANSFERRING DATA, BETWEEN COMPUTER SYSTEMS USING ELECTRONIC CARDS", U.S. Publication Number: US RE36310 E) Regarding Claim 3, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 1 as described earlier. Johnson does not teach generating, at the personalization system, a second customized dataset including personalization data of a second user for installation onto a second smart card; encrypting at least a portion of the second customized dataset, at the personalization system, using the encryption key, and transmitting the second customized dataset to the card issuance device, wherein the second customized dataset is secured on the second smart card using a second set of encryption keys that are different from either the encryption key or any encryption key used to secure the customized data set stored on the smart card Bjerrum teaches, generating, at the personalization system, a second customized dataset including personalization data of a second user for installation onto a second smart card; encrypting at least a portion of the second customized dataset, at the personalization system, using the encryption key, and transmitting the second customized dataset to the card issuance device, wherein the second customized dataset is secured on the second smart card using a second set of encryption keys that are different from either the encryption key or any encryption key used to secure the customized data set stored on the smart card. (Bjerrum [Col 21, Lines 26-28] ensures that only the holder of the Batch card can personalize cards and that the batch card holder only can personalize cards Bjerrum [Col 4, Lines 62-64] a second set of data being generated in said second electronic card, said second set of data being input into and stored in said internal storage of said second electronic card Bjerrum [Col 5, Lines 58-60] a second combination of said second set of data received in encrypted form Bjerrum [Col 8, Lines 7-9] said second electronic card or said encryption key(s) stored in said internal storage of said second electronic card Bjerrum [Col 17, Lines 47-49] especially as different keys are used for different transfers) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the data transfer and end-to-end encryption teachings of Bjerrum such that “transferring data, an electronic document or the like from a first computer system to a second computer system via a data transmission line.” (Bjerrum [Col 1, Lines 9-12]). The modification would have been obvious, because it is merely applying a known technique (i.e. data transfer and end-to-end encryption) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “ensured that it will not be possible for either of the parties or for a third party to interfere with the data or document transfer.” Bjerrum [Col 2, Lines 12-14]) Claims 6, 13, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson, Tamblyn, and Kobayashi in view of Irisawa ("METHOD OF ISSUING IC CARD, IC CARD ISSUING SYSTEM, AND IC CARD", Japanese Publication Number JP2007206765A) Regarding Claim 6, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 2 as described earlier. Johnson does not teach wherein the customized dataset comprises a plurality of Application Protocol Data Units (APDUs), and wherein encrypting at least a portion of the customized dataset comprises encrypting at least one or more secure channel keys used in generating the customized dataset. Irisawa teaches, wherein the customized dataset comprises a plurality of Application Protocol Data Units (APDUs), and wherein encrypting at least a portion of the customized dataset comprises encrypting at least one or more secure channel keys used in generating the customized dataset. (Irisawa [page 5] The data field of the command APDU of the encryption write command 111 transmitted from the IC card issuer 3 to the IC card 1 includes at least the EEPROM 21. The physical or logical of the EEPROM 21 that writes the ciphertext 111c in which the data to be written is encrypted with the session key Irisawa [page 6] the encrypted text contained in the command APDU is decrypted with the decrypted session key) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the IC card issuing system teachings of Irisawa that is “capable of issuing an IC card at high speed even if the IC card is implemented with a virtual machine.” (Irisawa [Abstract]). The modification would have been obvious, because it is merely applying a known technique (i.e. IC card issuing system) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “the time required for the virtual machine 10 to operate can be reduced and the time to issue the IC card 1 can be shortened” Irisawa [Abstract]) Claim 13 is rejected on the same basis as Claim 6. Regarding Claim 18, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 13 as described earlier. Johnson teaches, wherein the personalization system is located remotely from the card issuance device. (Johnson [0058] providing additional secured personalization instructions to the remote personalization equipment,....personalization equipment includes... smart card printers. Johnson [0057] remotely personalizing an electronically addressable device that comprise providing one or more secured personalization instructions and a ciphertext_KTU to remote personalization equipment.) Claims 10 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson, Tamblyn, Kobayashi, Irisawa, and Bjerrum Regarding Claim 10, Johnson does not teach wherein the encrypted at least a portion of the customized dataset is included in one or more virtual application protocol data units (APDUs) created using an encryption key of a virtual smart card, and wherein generation of the customized dataset includes performing mutual authentication with the virtual smart card. Irisawa teaches, wherein the encrypted at least a portion of the customized dataset is included in one or more virtual application protocol data units (APDUs) created using an encryption key (Irisawa [page 5] The data field of the command APDU of the encryption write command 111 transmitted from the IC card issuer 3 to the IC card 1 includes at least the EEPROM 21. The physical or logical of the EEPROM 21 that writes the ciphertext 111c in which the data to be written is encrypted with the session key Irisawa [page 6] the encrypted text contained in the command APDU is decrypted with the decrypted session key) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the IC card issuing system teachings of Irisawa that is “capable of issuing an IC card at high speed even if the IC card is implemented with a virtual machine.” (Irisawa [Abstract]). The modification would have been obvious, because it is merely applying a known technique (i.e. IC card issuing system) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “the time required for the virtual machine 10 to operate can be reduced and the time to issue the IC card 1 can be shortened” Irisawa [Abstract]) Irisawa does not teach of a virtual smart card, and wherein generation of the customized dataset includes performing mutual authentication with the virtual smart card. Bjerrum teaches, of a virtual smart card, and wherein generation of the customized dataset includes performing mutual authentication with the virtual smart card. (Bjerrum [Col 20, Lines 40-51] micro processor, data and program storage and an I/O gate, secret information and protected information being hidden or stored in a data memory....For encryption and decryption, the Data Encryption Standard (DES) is used. In addition to the operating system for the micro processor the program memory also contains the encryption algorithm DES. Bjerrum [Col 12, Lines 37-39] Such an encrypted data transmission presupposes, however, that the transmitter and the receiver can agree to establishing a mutual set of encryption/decryption keys, as the parties involved, transmitter and receiver, invariably have to reveal details concerning security levels, etc. Such an agreement requires, however, that both transmitter and receiver fully trust the other party) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the data transfer and end-to-end encryption teachings of Bjerrum such that “transferring data, an electronic document or the like from a first computer system to a second computer system via a data transmission line.” (Bjerrum [Col 1, Lines 9-12]). The modification would have been obvious, because it is merely applying a known technique (i.e. data transfer and end-to-end encryption) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “ensured that it will not be possible for either of the parties or for a third party to interfere with the data or document transfer.” Bjerrum [Col 2, Lines 12-14]) Regarding Claim 14, Johnson, Tamblyn, Kobayashi , and Irisawa teach the virtual smart card personalization of Claim 13 as described earlier. Johnson does not teach wherein the customized dataset further comprises one or more session keys, and wherein the at least a portion of the customized dataset comprises the one or more session keys Bjerrum teaches, wherein the customized dataset further comprises one or more session keys, and wherein the at least a portion of the customized dataset comprises the one or more session keys. (Bjerrum [Col 29, Lines 18-24] generating a first set of data in said first electronic card, inputting and storing said first set of data in said internal storage of said first electronic card, and encrypting said first set of data in said first electronic card by means of said encryption/decryption means of said first electronic card and said encryption key(s) Bjerrum [Col 17, Lines 47-49] especially as different keys are used for different transfers) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Strater to incorporate the data transfer and end-to-end encryption teachings of Bjerrum such that “transferring data, an electronic document or the like from a first computer system to a second computer system via a data transmission line.” (Bjerrum [Col 1, Lines 9-12]). The modification would have been obvious, because it is merely applying a known technique (i.e. data transfer and end-to-end encryption) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “ensured that it will not be possible for either of the parties or for a third party to interfere with the data or document transfer.” Bjerrum [Col 2, Lines 12-14]) Claims 4 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson, Tamblyn, and Kobayashi in view of Briscoe ("CLIENT CUSTOMIZED VIRTUAL OR PHYSICAL CARD FOR USE WITH SELECTED MERCHANTS", U.S. Publication Number: US 20110178924 A1) Regarding Claim 4, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 1 as described earlier. Johnson does not teach wherein the customized dataset comprises a personalized virtual smart card. Briscoe teaches, wherein the customized dataset comprises a personalized virtual smart card (Briscoe [0002] A stored value card, which may be a physical and/or virtual card, represents money on deposit with the issuer of the card or an affiliate of the issuer. Briscoe [0005] method and system for customizing a physical or virtual card for a card recipient.) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the virtual and physical card teachings of Briscoe such that “Cards such as credit cards, debit cards, and stored value cards are widely used by cardholders (e.g., consumers) to purchase products and services from merchants.” (Briscoe [0001]). The modification would have been obvious, because it is merely applying a known technique (i.e. virtual and physical card) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “allows the client to design and provide a prototype card, either physical form or virtual form, or both.” Briscoe [0027]) Regarding Claim 9, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 1 as described earlier. Johnson does not teach wherein the personalization system is communicatively connected to the card issuance device via the Internet. Briscoe teaches, wherein the personalization system is communicatively connected to the card issuance device via the Internet. (Briscoe [0033] monitor, printer,....and other output devices known in the art.... the client interface 110 further includes a memory for storing instructions and a processor for executing the stored instructions and Internet access. ) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the virtual and physical card teachings of Briscoe such that “Cards such as credit cards, debit cards, and stored value cards are widely used by cardholders (e.g., consumers) to purchase products and services from merchants.” (Briscoe [0001]). The modification would have been obvious, because it is merely applying a known technique (i.e. virtual and physical card) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “allows the client to design and provide a prototype card, either physical form or virtual form, or both.” Briscoe [0027]) Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Johnson, Tamblyn, and Kobayashi in view of Calvert ("SYSTEM AND METHOD FOR POST-ISSUANCE ENABLEMENT OF ASYMMETRIC-KEY APPLICATION LOADING ON SMARTCARDS ISSUED AS SYMMETRIC-KEY APPLICATION-LOADING SMARTCARDS", WIPO Publication Number: US WO2015/177310 A1) Regarding Claim 12, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 11 as described earlier. Johnson does not teach wherein the customized dataset comprises an application load unit. Calvert teaches, wherein the customized dataset comprises an application load unit. (Calvert [0011] Applications to be loaded onto the smartcard are encrypted into an Application Load Unit (ALU) Calvert [0015] transporting application programs onto an IC card from a source located outside the card. A secret key and public key pair is stored on the card. The application provider sends an application load unit (ALU) to the card. The ALU includes an application unit (AU) and a key transformation unit (KTU).) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the application load unit card teachings of Calvert such that “Applications to be loaded onto the smartcard are encrypted into an Application Load Unit (ALU) .” (Calvert [0011]). The modification would have been obvious, because it is merely applying a known technique (i.e. application load unit ) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “The ALU includes an application unit (AU) and a key transformation unit (KTU). The AU contains both the program code and associated data which is to be loaded onto the card of the card user. ” Calvert [ 0015 ]) Claims 15, 16, 17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson, Tamblyn, Kobayashi, Irisawa, and Briscoe. Regarding Claim 15, Johnson, Tamblyn, Kobayashi and Irisawa teach the virtual smart card personalization of Claim 13 as described earlier. Johnson does not teach further comprising a card issuance device communicatively connected to the personalization system Briscoe teaches, further comprising a card issuance device communicatively connected to the personalization system. (Briscoe [0002] A stored value card, which may be a physical and/or virtual card, represents money on deposit with the issuer of the card or an affiliate of the issuer. Briscoe [0035] The processor communicates the data received from the client 102 to the card creator 112. The card creator 112 prints a physical card and/or creates a virtual card according to the received client-specified data...the card creator 112 prints the selected background and the selected logo on the physical card or creates a virtual card including the selected background and the selected logo for a display for a mobile device. The card creator 112 then dispenses the printed physical card to the client 102 or transfers the virtual card .... Alternatively or in addition, the creator 112 includes a link which transmits the virtual card and/or prints a document for the client 102 including a listing of the selected merchants. Briscoe [0029] it is contemplated that part or all of the databases may be remotely located from the kiosk 104 and connected by a network such as the Internet. Briscoe [0033] the client interface 110 further includes a memory for storing instructions and a processor for executing the stored instructions and Internet access… when the card is a virtual card, the interface 110 may be connected to network, such as the Internet or a 3G cellular network) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson Johnson to incorporate the virtual and physical card teachings of Briscoe such that “Cards such as credit cards, debit cards, and stored value cards are widely used by cardholders (e.g., consumers) to purchase products and services from merchants.” (Briscoe [0001]). The modification would have been obvious, because it is merely applying a known technique (i.e. virtual and physical card) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “allows the client to design and provide a prototype card, either physical form or virtual form, or both.” Briscoe [0027]) Regarding Claim 16, Johnson, Tamblyn, and Kobayashi teach the virtual smart card personalization of Claim 15 as described earlier. Johnson does not teach a card issuance computing system communicatively connected between the card issuance device and the personalization system, wherein the card issuance computing system is local to the card issuance device and is communicatively connected to the personalization system via the Internet Briscoe teaches, further comprising a card issuance computing system communicatively connected between the card issuance device and the personalization system, wherein the card issuance computing system is local to the card issuance device and is communicatively connected to the personalization system via the Internet. (Briscoe [0012] FIG. 3 is a block diagram illustrating a system for allowing a client to interactively create a customized physical or virtual card based on data stored locally with respect to the client, according to one embodiment of the invention. Briscoe [0033] the client interface 110 further includes a memory for storing instructions and a processor for executing the stored instructions and Internet access… when the card is a virtual card, the interface 110 may be connected to network, such as the Internet or a 3G cellular network) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the virtual and physical card teachings of Briscoe such that “Cards such as credit cards, debit cards, and stored value cards are widely used by cardholders (e.g., consumers) to purchase products and services from merchants.” (Briscoe [0001]). The modification would have been obvious, because it is merely applying a known technique (i.e. virtual and physical card) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “allows the client to design and provide a prototype card, either physical form or virtual form, or both.” Briscoe [0027]) Claim 17 is rejected on the same basis as Claim 5. Regarding Claim 19, Johnson, Tamblyn, Kobayashi, and Irisawa teach the virtual smart card personalization of Claim 18 as described earlier. Johnson does not teach wherein the personalization system is communicatively connected to the card issuance device via the Internet. Briscoe teaches, wherein the personalization system is communicatively connected to the card issuance device via the Internet. (Briscoe [0033] monitor, printer,....and other output devices known in the art.... the client interface 110 further includes a memory for storing instructions and a processor for executing the stored instructions and Internet access. ) It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the chip-card production environment of Johnson to incorporate the virtual and physical card teachings of Briscoe such that “Cards such as credit cards, debit cards, and stored value cards are widely used by cardholders (e.g., consumers) to purchase products and services from merchants.” (Briscoe [0001]). The modification would have been obvious, because it is merely applying a known technique (i.e. virtual and physical card) to a known concept (i.e. chip-card production environment) ready for improvement to yield predictable result (i.e. “allows the client to design and provide a prototype card, either physical form or virtual form, or both.” Briscoe [0027]) Supplemental Independent Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 11, 20, 22, and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Lee ("Personalization of smart cards", U.S. Patent Number: US 6367011B1), in view of Tamblyn ("METHOD AND APPARATUS FOR PRINTING A SECURITY CARD", U.S. Publication Number: US 20180086125 A1) Regarding Claim 1, Lee teaches, A method comprising: generating, at a personalization system (154 Preparation processing device), a customized dataset including personalization data of a particular user for installation onto a smart card (col 6, lines 31-35 “Device 154, as will be described in more detail below, is used to manipulate and store cardholder data, application data, and other data such as parameter data. The cardholder data includes data such as the identification of the cardholder and the credit limit of the cardholder.”), the customized dataset being generated based on an operating system of the smart card by performing a personalization process to generate a virtual smart card formatted according to the operating system (column 6, line 63 – column 7, line 3 “Preparation processing device 154 produces output file 160, which includes data to be used in the personalization process for all cards to be personalized. File 160 is described in greater detail below in FIGS. 5A-5D. Data in output file 160 may include: data for any of a variety of applications such as credit, stored value, loyalty, etc.; derived card keys and derivation data for particular applications; public key certificates; and other data.” Column 7, lines 6-27 “output file 160 may be run through the process of FIG. 2 multiple times, each pass generating and adding information to records in the file for different applications”) and specific to an intended recipient of the smart card (Lee [Col 1, Lines 27-30] Personalization data may include file information, application information, a maximum value for an application or of the card and a personal identification number (PIN) or other cardholder information.) without requiring a concurrent connection to a card issuance device (column 6, lines 45-48 “Transport mechanism 158 may use any of the numerous, well-known file transfer methods for transferring file 160. By way of example, transfer via a floppy disk or over a secure network connection may be used.”); encrypting at least a portion of the customized dataset including the virtual smart card, (Lee [Col 1, Lines 59-62] The derivation data is encrypted with a suitable algorithm using a master key to produce a derived card key for a particular card. Lee [Col 7, Lines 47-53] a wide variety of keys and encryption algorithms may be used ...by the card itself to provide security during card manufacture, transport and personalization.) at the personalization system (column 7, lines 66-67 “a key encryption key (KEK) for sending other keys to the personalization location” Column 8, lines 17-35 “As secret data may be generated at the issuer location, instead of at the personalization location, it is preferable to protect this secret data before it is stored onto the card in some fashion. In one embodiment, secret data is encrypted under a key encryption key when generated. Once at the personalization location, HSM 152 decrypts the secret data, re-encrypts it under a personalization key known to the card and then the encrypted secret data is loaded onto the card using personalization device 150.”), using an encryption key that is specific to the card issuance device (Lee [Col 7, Lines 47-53] a wide variety of keys and encryption algorithms may be used by the card supplier, issuer, personalizer, ... to provide security during card manufacture, transport and personalization.) …the encryption key being different from any encryption key used to secure the customized dataset when stored on the smart card (column 8, lines 17-35 “In one embodiment, secret data is encrypted under a key encryption key when generated.”) ; and transmitting the virtual smart card, encrypted with the encryption key, to the card issuance device (Lee [column 7, lines 3-5] “Resulting output file 160 is then transferred to personalization device 150 via transport mechanism 158.” Lee [Col 1, Lines 59-62] The derivation data is encrypted with a suitable algorithm using a master key to produce a derived card key for a particular card.) . alongside a plurality of different encrypted virtual smart cards personalized for a plurality of different intended recipients encrypted using the encryption key, (Lee [Col 2, Lines 25-28] special and costly personalization machines are used that are able to personalize multiple cards at once. Lee [Claim 18] A system for personalizing a plurality of smart cards Lee [Col 5, Lines 60-63] personalized cards 180 are available for use by cardholders.) wherein generating the customized dataset is completed prior to transmitting any portion of the customized dataset to the card issuance device. (Lee [Col 8, Lines 20-25] As secret data may be generated at the issuer location, instead of at the personalization location, it is preferable to protect this secret data before it is stored onto the card in some fashion.) Lee suggests the output file 160, which includes secret data, may be protected by other techniques (column 8, lines 34-35), but does not specify that the encryption key is specific to the card issuance device. However, Tamblyn teaches a method for printing a security card, wherein customized data is received at a card issuance device ([0013] “The present invention also provides a method of applying a visual security image to a security card”), wherein the received customized data is encrypted ([0012] “The visual security image may be encrypted with an encryption key for preventing unauthorised printing of the visual security image.”), using an encryption key that is specific to the card issuance device that is separate from the personalization system ([0078] “Since the VSI may be customised, by the printer manufacturer, so that it is a specific image chosen by the end user (for example a corporate logo, a government logo, or other image which is proprietary to the end user), it is advantageous to use means to ensure that the VSI cannot be obtained and used fraudulently on other printers.” [0079] “As such, one mechanism that may be employed with the present invention is that the visual security image is encrypted using an encryption key. In order for the visual security image to be printed on a printer, the encrypted security image must first be decrypted. Measures may then be put in place to limit how and in what circumstances the printer may decrypt the encrypted VSI. For example, the printer may be programmed to access a decryption key local to the printer, for example a decryption key stored in the printer memory or stored on an internal company communications network. The decryption key may for example only be accessed or used by certain printers (identified by unique properties to that printer), or only accessed or used by certain printers on a particular internal company communications network (for example an internal network subdomain). Other ways of limiting access to and use by a printer for the decryption key may be apparent to those skilled in the art.”) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Tamblyn with the teachings of Lee because as Lee suggests it is advantageous to secure the personalized secret data at the time of generation (column 8, lines 34-35) and Tamblyn teaches that secret data, which includes data that is proprietary to the end user, can be protected by encrypting the data with an encryption key local to the printer or restricted to specific printers, gives the user confidence that the card is genuine ([0078]-[0079]). Similar to the logo information being proprietary data that should be protected, one of ordinary skill in the art would recognize the encryption for a specific printer would be advantageous to protect the secret data of the user. Claim 11 is rejected on the same basis as Claim 1. Claim 20 is rejected on the same basis as Claim 1. Claim 22 is rejected on the same basis as Claim 1. Claim 24 is rejected on the same basis as Claim 1. Response to Remarks Applicant's arguments filed on October 14, 2025, have been fully considered and Examiner’s remarks to Applicant’s amendments follow. Response Remarks on Claim Rejections - 35 USC § 101 The Applicant states: “To the contrary, the claimed combination of steps, including the generation of a virtual smart card, the use of an encryption scheme involving a key specific to the card issuance device, and the asynchronous transmission of batches of personalized data, represents a specific, unconventional solution to technical problems inherent in prior art smart card issuance systems. This is not an abstract business method, but a concrete improvement to computer technology. " Examiner responds: Examiner disagrees with the assertion that the Applicant’s invention, “represents a specific, unconventional solution to technical problems inherent in prior art smart card issuance systems.” Existing off-the-shelf systems permit “encryption scheme involving a key specific to the card issuance device, and the asynchronous transmission of batches of personalized data” : The prior art teaches: Johnson [0028] permit a smart card using Java Card™ technology, MULTOS™ technology or any other type of proprietary technology to be personalized in a secure way using asymmetric cryptography. A smart card can consist of, for example, a secure microcontroller implemented in hardware, firmware containing an operating system and/or Java Card Runtime Environment implementation Johnson [0039] the various perso_descriptors 544 can be formatted into a data structure called the plaintext_KTU Examiner notes the Applicant's invention also utilizes MULTOS operating system as Johnson (i.e., the operating systems are equivalent) The Applicant’s Specification in the instant application reads: [0025] Examples of operating systems include MULTOS, GlobalPlatform, and a variety of proprietary or native operating systems [0072] system 600 for secure personalization of a smart card using a first operating system, such as the MULTOS operating system. [0073] can be signed using a MULTOS card authority's private key certifying key (KCK), allowing any MULTOS card that are appropriately implemented to verify the authenticity of the certificate. In response to applicant's argument that the references fail to show certain features of the invention, it is noted that the features upon which applicant relies (i.e., “asynchronous transmission of batches of personalized data.” ) are not recited in the rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). The Applicant states: “As an initial matter, the current claims are not directed to an abstract idea at all." Examiner responds: The Applicant’s Specification states the virtual cards are directed to financial matters: [0026] Furthermore, and as noted in further detail below, the term smart card is intended to encompass not only physical smart cards (both contact smart cards and contactless cards), but also electronic smart cards, such as electronic representations of banking cards or other cards that store sensitive personal data and can be used in conjunction with trusted transactions (e.g., for access or financial transactions). [0029] Example smart card applications and/or data can include information associated with an intended user of the smart card, information regarding access rights, programming logic defining security access and/or financial account access, retail loyalty, and/or other types of applications. Accordingly, the card issuance location 102 may be a bulk card issuance facility, or may be a location at which smart cards may be issued to users in an "on demand" manner, such as at a financial institution [0032] Example types of smart cards that can be personalized by printers106, 107 can include, for example, physical smart cards including financial cards (e.g., debit cards or credit cards) Therefore, the Examiner concludes the invention is directed towards fundamental economic principles or practice and/or commercial or legal interactions that are abstract ideas. Even if the Specification disavowed any connection to financial matters, the acts of “generation and personalization of a virtual smart card… using a specific key” still falls Managing personal behavior or relationships or interactions between people and/or Mental Processing which are also abstract ideas. The Applicant states: “The focus of the claims is on how the data is generated, secured, and transmitted, which improves the underlying computer technology, not on the ultimate use of the card. The claimed invention is therefore not directed to an abstract idea under Step 2A of the Alice Mayo framework." Examiner responds: The focus of the claims is not on such an improvement in computers, encryption, nor operating systems as tools, but on certain independently abstract ideas that use computers, encryption, and operating systems as tools. The additional elements (technological components) perform as expected and are in no unusual arrangement. In the absence of unexpected results, changes or alteration of sequence do not make for a patentable invention, see Ex parte Rubin, 128 USPQ 440 (Bd. App. 1959) ; In re Burhans, 154 F.2d 690, 69 USPQ 330 (CCPA 1946); In re Gibson, 39 F.2d 975, 5 USPQ 230 (CCPA 1930) The encryption and card issuance device are merely applying such technologies. Generating the data is part of the abstract idea, the encryption and transmitting is merely insignificant extra solution activity. The technology itself is not improved since the data is merely encrypted and transmitted. Given there is no improvement to the generic technological components, there is no improvement to security in data transmission. The Applicant states: “In particular, the non- abstract nature of the claimed invention recited in each of independent claims 1, 11, 20, 22, and 24 is highlighted by the clear technical improvements described in the application over prior art smart card personalization systems, which were often inefficient and less secure due to the tight coupling of data personalization and physical card issuance. As discussed in the Specification at [0012]-[0014], conventional systems required a live, secure connection between a personalization system and a card issuance device for the entire duration of the personalization process. This created a bottleneck, limiting throughput to the speed of the slowest issuance device, and posed security risks by requiring card-specific keys to be present or transmitted during the physical issuance step. … recite a specific, non-conventional architecture that overcomes these technical problems." Examiner responds: Again, generating the data is part of the abstract idea, the encryption and transmitting is merely insignificant extra solution activity. The technology itself is not improved since the data is merely encrypted and transmitted. Furthermore, an abstract idea cannot integrate another abstract idea into a practical application. Therefore, the rejection under 35 USC § 101 remains. Response Remarks on Claim Rejections - 35 USC §103 Applicant's arguments required the application of NO new/additional prior art. The prior art references teach the amended limitations: specific to an intended recipient of the smart card: Johnson [0010] After a card is initialized, it is then typically personalized. During personalization, the smart card is generally loaded with data that uniquely identifies the card for that end user...Personalization data may include file information...and a personal identification number (PIN) or other cardholder information. Lee [Col 1, Lines 27-30] Personalization data may include file information, application information, a maximum value for an application or of the card and a personal identification number (PIN) or other cardholder information. including the virtual smart card: Johnson [0010] a variety of cryptographic keys and algorithm information for the card or applications on the card Lee [Col 1, Lines 59-62] The derivation data is encrypted with a suitable algorithm using a master key to produce a derived card key for a particular card. Lee [Col 7, Lines 47-53] a wide variety of keys and encryption algorithms may be used ...by the card itself to provide security during card manufacture, transport and personalization. using an encryption key that is specific to the card issuance device: Johnson [0016] a smart card using Java Card.TM. technology, MULTOS.TM. technology or any other type of proprietary technology to be personalized...including device-related keys, provider-specific keys, and transfer keys. Johnson [0050] In some embodiments, the device-related keys include a device-specific secret key and a device-specific public key. Johnson [0053] the device-related keys include a device-specific secret key and a device-specific public key, Johnson [0054] the device-specific secret key and the device-specific public key are provided using an asymmetric technique. Lee [Col 7, Lines 47-53] a wide variety of keys and encryption algorithms may be used by the card supplier, issuer, personalizer, ... to provide security during card manufacture, transport and personalization. encrypted with the encryption key: Johnson [0016] a smart card using Java Card.TM. technology, MULTOS.TM. technology or any other type of proprietary technology to be personalized...including device-related keys, provider-specific keys, and transfer keys. Lee [Col 1, Lines 59-62] The derivation data is encrypted with a suitable algorithm using a master key to produce a derived card key for a particular card. alongside a plurality of different encrypted virtual smart cards personalized for a plurality of different intended recipients encrypted using the encryption key: Johnson [0003] personalizing smart cards or other devices ... for personalizing smart cards using asymmetric key cryptography. Johnson [0012] master keys to communicate with a large number of cards in a system. Johnson [0037] The application provider 10 may maintain a repository of keys 108 associated with a plurality of smart cards Johnson [0007] provided to users of the system Johnson [0016] proprietary technology to be personalized...including device-related keys, provider-specific keys, and transfer keys. Lee [Col 2, Lines 25-28] special and costly personalization machines are used that are able to personalize multiple cards at once. Lee [Claim 18] A system for personalizing a plurality of smart cards Lee [Col 5, Lines 60-63] personalized cards 180 are available for use by cardholders. wherein generating the customized dataset is completed prior to transmitting any portion of the customized dataset to the card issuance device: Johnson [0009] goes through an initialization and a personalization process....During the initialization process, a manufacturer or other card supplier embeds an integrated circuit chip into the plastic card body. The chip is loaded with at least one application program, such as...a file structure may be initialized with default values, and initial cryptographic keys may be stored for transport security. Johnson [0010] After a card is initialized, it is then typically personalized. During personalization, the smart card is generally loaded with data that uniquely identifies the card for that end user Johnson [0012] Derived card keys are derived from master keys stored in the security module (of the personalization facility) using derivation data unique to each card. The derivation data is encrypted with a suitable algorithm using a master key to produce a derived card key for a particular card. ...the master key can be used with derivation data from the card to independently regenerate the derived card key. Lee [Col 8, Lines 20-25] As secret data may be generated at the issuer location, instead of at the personalization location, it is preferable to protect this secret data before it is stored onto the card in some fashion. The Applicant states: “Tamblyn is from a non-analogous field and addresses an entirely different problem, and instead discloses protecting a visual security image (VSI) from being fraudulently printed by using a key specific to a printer. Tamblyn is concerned with the authenticity of a printed visual image… A person of ordinary skill in the art, seeking to improve the secure electronic data preparation process of Johnson, would have no reason or motivation to look to a reference concerning the printing of visual security features. The Examiner's proposed combination is a classic case of hindsight, stitching together disparate elements from unrelated technologies. " Examiner responds: In response to applicant's argument of nonanalogous art, it has been held that a prior art reference must either be in the field of the inventor’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the inventor was concerned, in order to be relied upon as a basis for rejection of the claimed invention. See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992). In this case, both Johnson and Tamblyn are directed to improving security of virtual cards: Johnson [Abstract] Systems and methods are described that permit a smart card to be personalized in a secure manner using asymmetric cryptography. Tamblyn [0001] The present invention relates to methods and apparatus for printing a security card. In particular, the present invention relates to a method of printing a visual security image for applying to a security card, a method of applying a visual security image to a security card, a method of printing a security card, and a printer for printing a security card. The Applicant states: “there would be no motivation to combine Lee with Tamblyn to improve security of Lee because Lee already secures the relevant data with a different key. " Examiner responds: Lee teaches sometimes multiple keys are needed: Lee [Col 10, Lines 56-61] The card derived key may then be transferred from HSM 130 to device 154 for eventual placement into the current record. It is then determined in step 408 whether another derived key is needed as certain applications may require multiple keys In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning. But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper. See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971). In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). Therefore, the rejection under 35 USC § 103 remains. Prior Art Cited But Not Applied The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Datacard ("Datacard® XPS Card Printer Driver™ User’s Guide", October 2015) teaches “Card Printer Driver uses Microsoft XPS print technology to support printing from currently available applications. This chapter provides a task overview of what the Card Printer Driver does, and a description of the communication between the Card Printer Driver and the card printer” [page 1] Datacard User Guide, January 2017 - This manual provides user information for the Datacard® SD260L™, SD360™, and SD460™ Card Printers. The manual includes: An overview of printer components and options, and a description of the system label. How to use the printer, including how to power the printer on and off, how to use the front panel and LCD menus, card processing basics, how to print a test card, and how to load and replace supplies. Tushie ("SYSTEM AND APPARATUS FOR SMART CARD PERSONALIZATION", U.S. Publication Number: 5889941A) describes personalization equipment specifications and provides a centralized interface of inputs and outputs to a card issuing process which dynamically adjusts to changes in the issuing process to easily permit a card issuer to change data formats, card applications, card operating systems and/or personalization equipment in a card issuing process. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHINEDU EKECHUKWU whose telephone number is (571)272-4493. The examiner can normally be reached on Mon-Fri 9 AM ET to 3:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christine Behncke, can be reached on (571) 272-8103. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /C.E./Examiner, Art Unit 3695 /CHRISTINE M Tran/Supervisory Patent Examiner, Art Unit 3695
Read full office action

Prosecution Timeline

Show 25 earlier events
Oct 22, 2024
Non-Final Rejection mailed — §101, §103
Feb 04, 2025
Interview Requested
Feb 20, 2025
Examiner Interview Summary
Feb 20, 2025
Applicant Interview (Telephonic)
Feb 24, 2025
Response Filed
May 12, 2025
Non-Final Rejection mailed — §101, §103
Oct 14, 2025
Response Filed
Nov 20, 2025
Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12608747
CONDITION TREE OPTIMIZATION
5y 3m to grant Granted Apr 21, 2026
Patent 12387266
SYSTEM AND METHOD FOR PRIORITIZING TRANSMISSION OF TRADING DATA OVER A BANDWITDH-CONSTRAINED COMMUNICATION LINK
4y 10m to grant Granted Aug 12, 2025
Patent null
SYSTEM AND METHOD FOR SOCIAL NETWORK ROUTING FOR REQUEST MATCHING IN ENTERPRISE ENVIRONMENTS
Granted
Patent null
METHOD AND APPARATUS FOR COMBINING DIFFERENT KINDS OF WALLETS ON A MOBILE DEVICE
Granted
Patent null
METHODS AND SYSTEMS FOR COMMERCE ON SOCIAL MEDIA PLATFORMS
Granted
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

12-13
Expected OA Rounds
2%
Grant Probability
4%
With Interview (+2.4%)
3y 5m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 203 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month