SYSTEM FOR A SECURE MODULAR CLOUD-ENABLED RESOURCE EXCHANGE APPARATUS

DETAILED ACTION Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/13/2026 has been entered. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 01/20/2026 have been fully considered but they are not persuasive. Regarding claim 1, Applicant argues that the amended claim 1 is not taught by the combination of Crews and Johnson. In response, Examiner respectfully disagrees and submits that: First, the rejection is moot in view of the new interpretation/grounds of rejections. Second, to further clarify the Examiner’s position, the Applicant’s argument is addressed below: Crews discloses an ATM which has a card reader (at least column 3, line 5-7, card reader). It is admitted that the card reader in Crews does not explicitly have a sensor, detect, via the sensor, an impact to the component during use, and trigger an alarm based on detecting the impact. So, Johnson, which is an analogous art is brought in to cure the deficiencies of Crews, because Johnson discloses the above limitations. As such, contrasting to the Applicant’s arguments, the combination of Crews and Johnson discloses the limitations argue above. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 7-10, 14-16 & 20 are rejected under 35 U.S.C. 103 as being unpatentable over Crews (Patents 7, 971,783-B1-hereinafter Crews) and in view of Johnson et al. (US 2023/0222881 A1-hereinafter Johnson). Regarding claim 1, Crews discloses system for a secure modular cloud-enabled resource exchange apparatus (at least figures 1 & 3-63, automated banking machine/ATM), the resource exchange apparatus comprising: at least one non-transitory storage device (at least figures 2 & 3, memory, hard drive, data store); at least one card reader (at least column 3, line 5-7, card reader); and at least one processor coupled to the at least one non-transitory storage device (at least figure 2, CPU), wherein the at least one processor is configured to: detect that a connection to a component of the resource exchange apparatus has been established (at least column 22, line 49-column 23, line 8, i.e.: at booting, it is detected that ATM is connected to at least a component (software or hardware/computer/TPM) of the ATM); request a security certificate from the component that is being connected (at least column 22, lines 3-32, 47-59, a signed measurement of the component is requested), wherein the security certificate is signed by a trusted certificate authority using a private key (column 22, lines 6-9, the measurement is digitally signed with a private key of the trusted platform module (TPM)); receive the security certificate from the component that is being connected (at least column 22, lines 3-13; column 30, lines 19-32; at least the signed measurement is received from the computer/TPM); verify the security certificate by accessing a certificate repository hosted on a cloud server (at least column 8, lines 43-54; column 22, lines 3-6; column 30, lines 19-47, i.e.: host banking system/software application or cash dispenser device, verifies the signed measurement of the component by access a repository that stores original measurements and public key of TPM), wherein verifying the security certificate comprises: retrieving a public key from the certificate repository, wherein the public key is associated with the private key (at least column 8, lines 43-63; column 22, lines 3-9; column 30, lines 33-35, public key corresponding to the private key is retrieved); using the public key, detect that the security certificate has been digitally signed using the private key (at least column 30, lines 33-35, public key of TPM is used to verify digital signature); based on detecting that the security certificate has been digitally signed using the private key, determining that the security certificate is genuine (at least column 30, lines 33-47, once the digital certificate is successfully verified using the public key, it is determined that that the measurements are genuinely signed with the private key); at least column 8, lines 43-63; column 22, lines 26, public is retrieved based on verifying the security certificate, determine that the component is an authorized component (at least column 22, lines 47-59, compare the signed measurements, when the measurements correspond, determine that the measurements are valid); and based on determining that the component is an authorized component, grant communication and access rights to the component (column 22, line 47-column 23, line 44, when the measurements are determined to correspond, enabling the components to access and boot the ATM). Crews does not explicitly disclose the card reader having a sensor installed thereon and detect via the sensor, an impact to the component during use, and trigger an alarm based on detecting the impact. However, Johnson discloses a card reader having a sensor installed thereon (at least figure 2, [0003][0018][0021]-[0022][0024]-[0025][0036], card reader with vibration sensor), detect via the sensor to the component during use (at least background, [0023]-[0024][0027], skimmer is detected); and trigger an alarm based on detecting the impact (at least [0033]-[0034], notification is received). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention tom modify the system of Crews to include the teachings of Johnson into the system of Crews to add another layer of security to the system. Regarding claim 2, Crews and Johnson disclose the system of claim 1. Crews also discloses detect that a connection to a second component has been established (at least column 22, line 49-column 23, line 8, i.e.: at booting, it is detected that ATM is connected to a second component (software or hardware) of the ATM); request a second security certificate from the component (at least column 22, lines 3-32, 47-59, a signed measurement of the second component is requested); determine that the second security certificate is invalid or missing (at least column 22, lines 47-59, compare the signed measurements, when the measurements do not correspond, determine that the measurements are invalid); and reject the connection with to the second component (column 22, line 47-column 23, line 44, when the measurements are determined to not correspond, prevent the components from access and boot the ATM). Regarding claim 3, Crews and Johnson disclose the system of claim 1. Crews also discloses an embedded security chip (at least column 16, lines 24-41, column 23, lines 9-26, 30-44, TPM chip), wherein granting the communication and access rights to the component further comprises: query the component to verify installation of the security chip (at least column 4, lines 14-52; column 16, lines 24-41; column 22, lines 3-32, 47-59; column 23, lines 9-26, 30-44, determine if component includes TPM chip); detect a presence of the security chip within the component (at least column 4, line 14-column 5, line 34; column 16, lines 24-41; column 22, lines 3-32, 47-59; column 23, lines 9-26, 30-44, TPM chip is detected/included in component); and authorize the connection to the component (at least column 4, lines 14-52; column 16, lines 24-41; column 22, lines 3-32, 47-59; column 23, lines 9-26, 30-44, i.e.: component such as cash dispenser is allowed to carried out operations of ATM). Regarding claim 7, Crews and Johnson disclose the system of claim 1. Crews also discloses the component comprises at least one of a card reader, NFC reader, display device, or QR code scanner (at least column 14, line 59-column 15, line 7, i.e.: card reader, display device and et.). Claims 8 & 14 are rejected for the same rationale as claim 1 above. Claims 9 & 15 are rejected for the same rationale as claim 2 above. Claims 10 & 16 are rejected for the same rationale as claim 3 above. Claim 20 is rejected for the same rationale as claim 7 above. Claims 6, 13 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Crews, Johnson and further in view of Merchant (US 2025/0104661 A1-hereinafter Merchant). Regarding claim 6, Crews and Johnson discloses the system of claim 1. Crews also discloses a card reader (at least column 15, lines 4-7). Crews and Johnson do not explicitly disclose wherein the resource exchange apparatus comprises a video camera positioned to capture a video stream of a card reader installed on the resource exchange apparatus, wherein the at least one processor is further configured to: access an artificial intelligence module trained to analyze image data of the card reader; determine, using the artificial intelligence module, that at least one dimension of the card reader has changed; and trigger an alarm based on determining that the at least one dimension of the card reader has changed However, Merchant discloses access an artificial intelligence module trained to analyze image data of the card reader (at least figure 1, [0023][0026], access a trained artificial intelligence (AI) to analyze image data of an object captured in a video stream); determine, using the artificial intelligence module, that at least one dimension of the card reader has changed (at least [0017][0020] using the AI to detect change in size of the object ) and trigger an alarm based on determining that the at least one dimension of the card reader has changed (at least figure 5 [0005][0015], a notification regarding the change is sent). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Merchant into the system of Crews and Johnson to enable detecting potential changes for risk and threat assessment to the system using AI. Claims 13 & 19 are rejected for the same rationale as claim 6 above. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317. The examiner can normally be reached Monday-Friday 7 am-1 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached at (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /PHY ANH T VU/Primary Examiner, Art Unit 2438