DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Interpretation
The claims 1, 3-5, 7-11, 13 in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
Claims 1, 3-5, 7-11, 13 invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The claim has no support for means in the specification. Therefore, claims 1-13 (claims 2-13 are dependent claims) are indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph;
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-11 are rejected under 35 U.S.C. 103 as being unpatentable over Nativel et al (Pub. No. US 2011/0199308) in view of Ganz (Pub. No. US 20220187771).
As per claim 1, Nativel discloses a connected terminal configured to execute a secure operation (Network communications are communicated into and out of integrated circuit via a physical layer circuitry, and communication interface…There are several different ways the financial transaction can be conducted, but in each case sensitive financial information is entered into the POS terminal, par.8-29), the terminal comprising: an application processor configured to initiate the secure operation (Second integrated circuit remains in this mode until the second integrated circuit receives a request to start a secure transaction. The request is received from first integrated circuit (First integrated circuit includes a network communication interface, a memory controller, a Central Processing Unit (CPU), par. 29) via USB bus…par.40), a secure element for executing the secure operation (see second integrated circuit with security supervisor, par. 38), - a display (fig.4; TFT LCD) accessible via a wired bus (fig. 4; LCD BUS; The circuitry is hardwired, par. 33) and configured to receive, from the application processor, image data to be displayed to a user (The untrusted information passes across LCD bus, through input terminals, through display information input interface, across conductors, through multiplexer, through display information output interface, through output terminals, and across LCD bus, to display. Untrusted video or images or other information can be displayed on display, par. 36). Nativel does not explicitly disclose means controlled by the secure element and configured to, at the request of the secure element and at least during the execution of the secure operation, alternately apply to the wired bus of the display image data provided by the application processor and image data provided by the secure element, such that the image data provided by the secure element replace image data provided by the application processor and form a secure image embedded in a non-secure image provided by the application processor, the secure image extending in at least one determined region of the display, and means controlled by the secure element for indicating to the user a location and extent of the region in which the embedded secure image is displayed. However Ganz discloses means controlled by the secure element and configured to, at the request of the secure element and at least during the execution of the secure operation, alternately apply to the wired bus of the display image data provided by the application processor and image data provided by the secure element, such that the image data provided by the secure element replace image data provided by the application processor and form a secure image embedded in a non-secure image provided by the application processor, the secure image extending in at least one determined region of the display, and means controlled by the secure element for indicating to the user a location and extent of the region in which the embedded secure image is displayed (…The SMU (interpreted as secure element) has a two-stage, cascaded architecture with two at least logically separate units or computing components which can optionally be designed in the form of shared hardware, for example an integrated circuit. However, an embodiment with two physically separate computing components, in particular a first FPGA and a separate second FPGA, is preferred. The computing components or FPGA are in particular used for the computer processing of image data, as well as calculation of check codes. The first FPGA has a input for image data from PC (interpreted as application processor) and an output for image data to the display (LVDS transmitter). The second FPGA only has one input for image data, meaning that it cannot change the display…see par. 122, 129, fig. 4A-4B). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Ganz in Nativel for including the above limitations because one ordinary skill in the art would recognize it would further ensure display of safety-relevant information, and safety-relevant entries made on the user interface, see par. 4-6.
As per claim 2, the combination of Nativel and Ganz discloses comprising at least one light indicator activated by the secure element when the secure element embeds a secure image in a non-secure image provided by the application processor (Ganz: see par. 52).
As per claim 3, the combination of Nativel and Ganz discloses wherein the means for indicating the location and extent of the region in which the embedded secure image is displayed comprise a row of light indicators controlled by the secure element and arranged along an edge of the display (Ganz: see par. 135).
As per claim 4, the combination of Nativel and Ganz discloses wherein the means for indicating the location and extent of the region in which the embedded secure image is displayed comprise: a region of the display that is permanently under the control of the secure element, and that displays a determined appearance, and a border of the region in which the embedded secure image is displayed, which has the same appearance as the region of the display that is permanently under the control of the secure element (Ganz: see par. 129-132).
As per claim 5, the combination of Nativel and Ganz discloses wherein the means configured to alternately apply to the wired bus of the display image data provided by the application processor and image data provided by the secure element, comprise: a multiplexer receiving on a first input the image data provided by the application processor and on a second input the image data provided by the secure element, and a control circuit of the multiplexer, configured to control the multiplexer according to a configuration data provided by the secure element (Nativel: see par. 33-35).
As per claim 6, the combination of Nativel and Ganz discloses wherein the control circuit is configured to control the multiplexer with a determined embedding granularity of the image data provided by the secure element, said embedding granularity being at a scale of a line or at a scale of a pixel of the image data provided by the application processor (Nativel: see par. 36).
As per claim 7, the combination of Nativel and Ganz discloses wherein the secure element is configured to, before performing the secure operation, embed in a non-secure image provided by the application processor a secure image comprising information about the secure operation (Nativel: see par. 36).
As per claim 8, the combination of Nativel and Ganz discloses further comprising an input device providing touch data on a data bus, and a demultiplexer controlled by the secure element and configured to connect the data bus of the input device to a bus of the application processor or to a bus of the secure element (Ganz: see par. 144).
As per claim 9, the combination of Nativel and Ganz discloses wherein the secure element is configured to connect to the input device during a display of information about the secure operation in the secure image (Ganz: see par. 144-145).
As per claim 10, the combination of Nativel and Ganz discloses comprising a physical button actionable by the user and monitored by the secure element, wherein the secure element is configured to bypass the secure operation in the absence of a user action on the physical button (Ganz: see par. 99).
As per claim 11, the combination of Nativel and Ganz discloses wherein the secure element and the means for alternately applying to the wired bus of the display image data provided by the application processor and image data provided by the secure element, are integrated wholly or partially in a system-in- package or in a system-on-chip mounted on an interconnection support of the terminal (Ganz: see par. 121-122).
Claims 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Asokan et al (WO 03/003170) in view of Ganz (Pub. No. US 20220187771).
As per claim 14, Asokan discloses a method for conducting a secure operation using a connected terminal, in particular signing of data using a secret key (A common protection against such threats is to keep the cryptographic keys and functionality in tamper-evident devices which thus can constitute a trusted component. An example for such a trusted component is a smartcard…smartcards can store a secret key and can be connected to a personal user device, e.g. a PC or a mobile phone. The personal user device to which a smartcard is connected cannot access the stored secret keys, but it can ask the smartcard to perform a cryptographic function for which the key is needed, like calculating a digital signature or decrypting a message. The access to smartcards is moreover protected by personal identification numbers (PINs) page 2 last par. to page 3 first par.), the terminal comprising: an application processor configured to initiate the secure operation, a secure element holding a private key (The activating means preferably include a dedicated security button on the personal user device that has to be pressed by a user in order to cause a selection of the secured input/output mode. Such a security button should be clearly identifiable by a user. A security button can moreover be provided with a dedicated driver which is completely unaccessible through user-level programs. If the driver is residing in a flash memory, it is preferably signed by a root key. It is further preferred that the security is based on signed ROM (Read Only Memory) images and keys residing on CPU-ASICs (Central Processing Unit - Application Specific Integrated Circuits) . The security button could be for example the power button or a similarly implemented button that does not utilize the keyboard driver. With a security button as activating means, it is thus possible to achieve a particularly high security, page 7, par. 4). Asokan does not explicitly disclose an application processor configured to execute the secure operation, and a display accessible via a wired bus and configured to receive, from the application processor, non-secure images related to a progress of the secure operation, the method comprising: a step of providing means controlled by the secure element and configured to, at the request of the secure element, alternately apply to the wired bus of the display image data provided by the application processor and image data provided by the secure element, such that the image data provided by the secure element replace image data provided by the application processor and form said secure image embedded in the non-secure image provided by the application processor, a step of embedding, in at least one non-secure image provided by the application processor and presented on the display, a secure image provided by the secure element and inaccessible to the application processor, the secure image comprising information about the secure operation and extending in at least one determined region of the display, the embedding step being under the control of the secure element and unable to be prevented or corrupted by the application processor, and a step under the control of the secure element, of indicating to a user a location and extent of the region in which the embedded secure image is displayed, said step of indicating implementing means controlled by the secure element However Ganz discloses an application processor configured to execute the secure operation, and a display accessible via a wired bus and configured to receive, from the application processor, non-secure images related to a progress of the secure operation (…enables a safety-relevant or safety-aimed input on a graphical user interface. In this case, a computer generates pixel-formatted image data for a display, which are transmitted from the computer to the display via an image data line. When a user interface is shown on the display—at least in one operating state or context—at least one graphical control element is displayed which is associated with a safety-relevant function. The control element is selectable in a user-controlled manner using the input device, e.g., by means of a pointer or cursor…a generic monitoring unit or safety module, which is separate from the displaying computer, is connected to the image data line and reads out at least portions of the image data for a safety-aimed function…see par. 14-16), the method comprising: a step of providing means controlled by the secure element and configured to, at the request of the secure element, alternately apply to the wired bus of the display image data provided by the application processor and image data provided by the secure element, such that the image data provided by the secure element replace image data provided by the application processor and form said secure image embedded in the non-secure image provided by the application processor, a step of embedding, in at least one non-secure image provided by the application processor and presented on the display, a secure image provided by the secure element and inaccessible to the application processor, the secure image comprising information about the secure operation and extending in at least one determined region of the display, the embedding step being under the control of the secure element and unable to be prevented or corrupted by the application processor, and a step under the control of the secure element, of indicating to a user a location and extent of the region in which the embedded secure image is displayed, said step of indicating implementing means controlled by the secure element (…The SMU (interpreted as secure element) has a two-stage, cascaded architecture with two at least logically separate units or computing components which can optionally be designed in the form of shared hardware, for example an integrated circuit. However, an embodiment with two physically separate computing components, in particular a first FPGA and a separate second FPGA, is preferred. The computing components or FPGA are in particular used for the computer processing of image data, as well as calculation of check codes. The first FPGA has a input for image data from PC (interpreted as application processor) and an output for image data to the display (LVDS transmitter). The second FPGA only has one input for image data, meaning that it cannot change the display…see par. 122, 129, 144, fig. 4A-4B). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Ganz in Asokan for including the above limitations because one ordinary skill in the art would recognize it would further ensure display of safety-relevant information, and safety-relevant entries made on the user interface, see par. 4-6.
As per claim 15, the combination of Asokan and Ganz discloses wherein image data in a format compatible with the display and not requiring, to be displayed, to be converted into another format are alternately applied to the wired bus of the display, and no display controller is provided between the display and the means controlled by the secure element (Asokan: see par. 8 par. 1st, 4th).
As per claim 16, the combination of Asokan and Ganz discloses comprising providing in the terminal at least one light indicator, and comprising a step of activating the light indicator by the secure element when the secure element embeds a secure image in a non-secure image provided by the application processor (Asokan: see page 15, first par.).
As per claim 17, the combination of Asokan and Ganz discloses wherein the location and extent of the region in which the embedded secure image is displayed are indicated by means of a row of light indicators controlled by the secure element and arranged along an edge of the display (Ganz: see par. 135).
As per claim 18, the combination of Asokan and Ganz discloses wherein the location and extent of the region in which the embedded secure image is displayed are indicated by means of: a region of the display that is permanently under the control of the secure element and that has a determined appearance, and a border of the region in which the embedded secure image is displayed, which has the same appearance as the region of the display permanently under the control of the secure element (Ganz: see par. 129-132).
As per claim 19, the combination of Asokan and Ganz discloses wherein the terminal comprises an input device providing touch data on a data bus, and comprising the step of connecting the input device to the secure element during the display of information about the secure operation in the embedded secure image (Ganz: see par. 129-132).
As per claim 20, the combination of Asokan and Ganz discloses wherein the terminal comprises a physical button actionable by the user and monitored by the secure element, and comprising a step of configuring the secure element such that it bypasses execution of the secure operation in the absence of a user action on the physical button (Ganz: see par. 99).
Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Nativel et al (Pub. No. US 2011/0199308) in view of Ganz (Pub. No. US 20220187771) as applied to claim 1 above, and in further view of Asokan et al (WO 03/003170).
As per claim 12, the combination of Nativel and Ganz discloses wherein the secure operation comprises data being signed using a secret key. Asokan discloses wherein the secure operation comprises data being signed using a secret key (a common protection against such threats is to keep the cryptographic keys and functionality in tamper-evident devices which thus can constitute a trusted component. An example for such a trusted component is a smartcard…smartcards can store a secret key and can be connected to a personal user device, e.g. a PC or a mobile phone. The personal user device to which a smartcard is connected cannot access the stored secret keys, but it can ask the smartcard to perform a cryptographic function for which the key is needed, like calculating a digital signature or decrypting a message. The access to smartcards is moreover protected by personal identification numbers (PINs) page 2 last par. to page 3 par. 1st). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Asokan in the combination Nativel and Ganz for including the above limitations because one ordinary skill in the art would recognize it would further improve protection against threats to keep the cryptographic keys and functionality in tamper-evident devices which can constitute a trusted component…see page 2, last paragraph.
As per claim 13, the combination of Nativel, Ganz and Asokan discloses devoid of any display controller between the display and the means controlled by the secure element, the image data alternately applied to the wired bus of the display by the means controlled by the secure element being in a format compatible with the display and not requiring, to be displayed, to be converted into another format (Asokan: see par. 8 par. 1st, 4th). The motivation for claim 13 is the same motivation as in claim 12 above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to the control of information presented to a user on a terminal screen during the execution of a secure operation.
Gancarz (Pub. No. US 2020/0028675); “System and a Method for Signing Transactions Using Air-Gapped Private Keys”;
-Teaches a secure controller is configured to manage the components of the second module and in particular to authorize a secure transaction…see par. 48.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499