DETAILED ACTION
Acknowledgements
This office action is in response to the claims filed 03/27/2026.
Claims 1-2 are pending.
Claims 1-2 have been examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed 08/28/2025 have been fully considered but they are not persuasive.
101
Applicant argues the claims achieve “the method of amended claim 1 involves the additional elements that can achieve the purpose of greatly enhancing the protection/security strength of the payment key and thereby strengthening data security.” Examiner disagrees.
First, the technology recited in the claims is the “terminal device”, the payment key acts as data, it’s existence does not change the nature of the claims, the payment key is not used as a payment key, it is passed around and decrypted, it’s “protection/security strength” is never enhanced in the claims. Additionally, the improvement is not to the strength or security of the technology used in the claims, the communication channel appears to be used to receive and send data, it is unclear whether the terminal device is capable of establishing the channel or simply using it. Additionally, it is unclear where, in the claims, “data security” is strengthened, whether this is achieved when data the read, sent, received or decrypted. The claims do not appear to recite the terminal device strengthening data security of the payment key.
Applicant’s amendments provide descriptions of processes not performed by the claimed terminal device. The description of how the plaintext is encrypted is not the technology being claimed. The limitations describe “reading” the ciphertext, sending it, receiving somehow, a ciphertext of a decrypted payment key and then decrypting the ciphertext.
While white box cryptography is encoded in computer base technology, the root of it is mathematical, and decrypting using keys is mathematical. Simply including the decryption of information to a claim does not automatically overcome the abstract idea. Especially, in this case, where the claims are directed to the receiving, sending and receiving information, just to decrypt it.
The rejection is maintained.
112
The claims do not clearly convey the concept that there are sequential encryptions and therefore sequential decryptions. Somehow, the ciphertext of the payment key is decrypted, and there still remains, the ciphertext of a decrypted payment key without any essential information about the layers of encryption that require layers of decryption. See disclosure 66, 97.
103
Matsushima teaches wherein a SM4 white box secret key, an AES key, and a SM2 public key are used to encrypt a plaintext of the payment key issued by an electronic payment system to generate the ciphertext of the payment key (Abstract; Fig 10; ¶ 89, 149-161, 173-176)
Matsushima – The encryption parameters 1201 have a data structure including six pieces of data: a master key length 1201 a, master key algorithm 1201 b, changing method 1201 c, designated secret key algorithm 1201 d, designated public key algorithm 1201 e, and changed strength level 1201 f…The master key algorithm 1201 b is data indicating the encryption algorithm when using the master key sent in S3506. The data indicates RSA, ECC, AES, or the like. (¶ 149, 151)
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-2 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Subject Matter Eligibility Standard
When considering subject matter eligibility under 35 U.S.C. § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter (101 Analysis: Step 1). Even if the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) (101 Analysis: Step 2a(Prong 1), and if so, Identify whether there are any additional elements recited in the claim beyond the judicial exception(s), and evaluate those additional elements to determine whether they integrate the exception into a practical application of the exception. (101 Analysis: Step 2a (Prong 2). If additional elements does not integrate the exception into a practical application of the exception, claim still requires an evaluation of whether the claim recites additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception. If the claim as a whole amounts to significantly more than the exception itself (there is an inventive concept in the claim), the claim is eligible. If the claim as a whole does not amount to significantly more (there is no inventive concept in the claim), the claim is ineligible. (101 Analysis: Step 2b).
The 2019 PEG explains that the abstract idea exception includes the following groupings of subject matter: a) Mathematical concepts b) Certain methods of organizing human activity and c) Mental processes
Analysis
In the instant case, claim 1 is directed to a method.
Step 2a.1– Identifying an Abstract Idea
The claims recite the steps of “reading…ciphertext… sending… and decrypting… receiving… and decrypting ….” The recited limitations fall within the certain methods of organizing human activity grouping of abstract ideas, specifically, fundamental economic principles, for example, mitigating risk on information being exposed for a transaction. Accordingly, the claims recites an abstract idea.
See MPEP 2106.
Step 2a.2 – Identifying a Practical Application
The claim does not currently recite any additional elements or combination of additional elements that integrate the judicial exception into a practical application.
According to the disclosure(¶ 88-91) , “the saved ciphertext of the payment key is read out… it is necessary to read the ciphertext of the payment key from the private file”. It is unclear from the disclosure but the “reading” appears to be directed as data retrieval of data from a file, an insignificant extra-solution activity of a generic computing device. Additionally, decrypting data is a mathematical formulation and therefore abstract.
Accordingly, even in combination, these elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
Mere instructions to apply the exception using generic computer components and limitations to a particular field of use or technological environment do not amount to practical applications. The claim in directed to an abstract idea.
Step 2b
The claim limitations recite “reading…ciphertext… sending… and decrypting… receiving… and decrypting ….” are not additional elements and they amount to no more than mere instructions to apply the exception using a generic computer component. For the same reason these elements are not sufficient to provide an inventive concept. This is also determined to be well-understood, routine and conventional activity in the field. The Symantec, TLI, and OIP Techs, court decision cited in MPEP 2106.05(d)(II) indicates that mere receipt or transmission of data over a network is a well-understood, routine and conventional function when it is claimed in a merely generic manner, as it is here. Therefore, when considering the additional elements alone, and in combination, there is no inventive concept in the claim and thus the claim is not eligible.
Viewed as a whole, instructions/method claims recite the concept of a fundamental economic practice as performed by a generic computer. The claims do not currently recite any additional elements or combination of additional elements that amount to significantly more than the judicial exception. The elements used to perform the claimed judicial exception amount to no more than mere instructions to implement the abstract idea in a network, and/or merely uses a network as a tool to perform an abstract idea and/or generally linking the use of the judicial exception to a particular environment.
Dependent claim 2 describes functions in more descriptive detail of the steps geared toward the abstract idea. As such, these elements do not provide the significantly more to the underlying abstract idea necessary to render the invention patentable.
The claims do not, for example, purport to improve the functioning of the computer itself. Nor do they effect an improvement in any other technology or technical field. Therefore, based on case law precedent, the claims are claiming subject matter similar to concepts already identified by the courts as dealing with abstract ideas. See Alice Corp. Pty. Ltd., 573 U.S. 208 (citing Bilski v. Kappos, 561, U.S. 593, 611 (2010)).
The claims at issue amount to nothing significantly more than an instruction to apply the abstract idea using some unspecified, generic computer. See Alice Corp. Pty. Ltd., 573 U.S. 208. Mere instructions to apply the exception using a generic computer component and limitations to a particular field of use or technological environment cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Conclusion
The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not affect an improvement to another technology or technical filed; the claim does not amount to an improvement to the functioning of a computer system itself; and the claim does not move beyond a general link of the use of an abstract idea to a particular technological environment.
Accordingly, the Examiner concludes that there are no meaningful limitations in the claim that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself.
Dependent claims do not resolve the deficiency of independent claims and accordingly stand rejected under 35 USC 101 based on the same rationale.
Dependent claim 2 is also rejected.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1 and 2 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “A decryption method for a payment key implemented by a terminal device, comprising:… decrypting, by the back-end system, the ciphertext of the payment key for a first time by using a SM2 private key stored in a host security module thereof….” The claim is unclear and indefinite. The scope of the claims are implemented by the terminal device but the claim recites the function of a “back-end system” that uses a private key “stored in a host security module thereof”. The scope of the claims are unclear and indefinite. Dependent claim 2 is also rejected.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 and 2 are rejected under 35 U.S.C. 103 as being unpatentable over Abdalla et al. (US 20180295114) (“Abdalla”), in view of Collinge et al. (US 20180025353) (“Collinge”) and further in view of Matsushima et al. (US 20110081017) (“Matsushima”).
Regarding claim 1, Abdalla discloses reading a conserved ciphertext of a payment key by an electronic payment application of the terminal device (Abstract; ¶ 45-51)
Abdalla – initiator (e.g., client) device, may generate an ephemeral public key via, for example, a canonical key exchange protocol (e.g., a canonical 2-party key exchange protocol) and transmit the ephemeral public key to device B, which in this example is the responder (e.g., server) device. (¶ 49)
sending, by the electronic payment application of the terminal device, the ciphertext of the payment key to a back-end system through a secure encryption channel established between the electronic payment application of the terminal device and the back-end system, and (Abstract; ¶ 13, 21-24, 42, 49-52, 95)
Abdalla – and transmit the ephemeral public key to device B, which in this example is the responder (e.g., server) device... In particular, some private mutually authenticated key exchange protocols (e.g., affiliation-hiding authenticated key exchange (AH-AKE), credential-based authenticated key exchange (CAKE), and language-based authenticated key exchange (LAKE)) may allow for implementation of different types of policies for device attributes, without revealing these attributes to unauthorized users. (Abstract; ¶ 13, 49)
decrypting, by the back-end system, the ciphertext of the payment key for a first time by using a SM2 private key stored in a host security module thereof (Abstract; ¶ 21-24, 52-61)
Abdalla – receiving, at the first device, a message transmitted from a second device and including a hierarchical inner-product encryption (HIPE) ciphertext… a HIPE scheme may include various probabilistic polynomial-time algorithms, such as a setup algorithm (Setup), a derive algorithm (Derive), an encryption algorithm (Enc), and a decryption algorithm (Dec)… The decryption algorithm (Dec) may receive the public parameters (e.g., a master public key (mpk)), the ciphertext (e.g., ciphertext C) and secret key (e.g., secret key dw) as inputs…. if ciphertext C=Enc(mpk, p, M) for vector p, and secret decryption key dw=Derive(msk, w) for vector w, a secure HIPE scheme may guarantee that a decrypting device in possession of the secret decryption key (e.g., secret decryption key dw) may recover the message (e.g., message M) from ciphertext C… At block 216, a HIPE ciphertext may be generated, and method 200 may proceed to block 218. For example, a function (e.g., HIPE.Enc function) may generate the HIPE ciphertext HCB based on master public key (mpk), a policy vector TEB for device B, and authenticated encrypted ciphertext AECB. More specifically, HIPE.Enc(mpk, πB, AECB) may generate HIPE ciphertext HCB. For example, HIPE ciphertext HCB may be generated at device B (e.g., via processor 106). (Abstract; ¶ 21, 22, 59)
receiving, by the electronic payment application of the terminal device, a ciphertext of a first decrypted payment key, which is sent by the back-end system through the secure encryption channel established between the electronic payment application of the terminal device and the back-end system; and (Abstract; ¶ 13, 21-24, 42, 52-64, 95)
Abdalla – At block 218, data including the HIPE ciphertext may be transmitted, and method 200 may proceed to block 220. For example, in addition to including the HIPE ciphertext HCB, the data may also include the session identifier sid, and message MB. More specifically, for example, the data including the HIPE ciphertext may be transmitted from device B to device A. (¶ 60)
decrypting, by the electronic payment application of the terminal device, the ciphertext of the first decrypted payment key again by using the key and the secret key to obtain the plaintext of the payment key (Abstract; ¶ 55-78)
Abdalla – device A, which in this example is the initiator, may attempt to decrypt the HIPE ciphertext, compute the corresponding session key, and decrypt the ciphertext for the AE scheme… At block 226, the HIPE ciphertext HCB may be decrypted, and method 200 may proceed to block 228…. At block 232, the ciphertext AECB may be decrypted, and method 200 may proceed to block 234. For example, a function (e.g., AE.Dec function) may be used to decrypt the HIPE ciphertext HCB based on authenticated encryption key htk. More specifically, AE.Dec(htk, AECB) may generate AEMB. For example, the ciphertext AECB may be decrypted at device A (e.g., via processor 104). (¶ 61, 65, 68)
Abdalla does not disclose wherein a SM4 white box secret key, an AES key, and a SM2 public key are used to encrypt a plaintext of the payment key issued by an electronic payment system to generate the ciphertext of the payment key.
Collinge teaches an AES key and a SM4 white box (¶ 35, 41, 42, 53)
Collinge – In some example, the mobile payment application 210 may also include a white-box cryptography (WBC) component that operates in the user domain 200… For example, each entry in the keystore 310 may be associated with a key (and its alias) and parameters such as an encryption algorithm (such as AES, RSA, ECC . . . ), access rules, and cryptographic functions permitted in the system domain 300 (such as encrypt, decrypt, sign, and the like). (¶ 35)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Abdalla and Collinge in order to enhance transaction security through cryptographic keys (Collinge; ¶ 1).
Matsushima teaches wherein a SM4 white box secret key, an AES key, and a SM2 public key are used to encrypt a plaintext of the payment key issued by an electronic payment system to generate the ciphertext of the payment key (Abstract; Fig 10; ¶ 89, 149-161, 173-176)
Matsushima – The encryption parameters 1201 have a data structure including six pieces of data: a master key length 1201 a, master key algorithm 1201 b, changing method 1201 c, designated secret key algorithm 1201 d, designated public key algorithm 1201 e, and changed strength level 1201 f…The master key algorithm 1201 b is data indicating the encryption algorithm when using the master key sent in S3506. The data indicates RSA, ECC, AES, or the like. (¶ 149, 151)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Abdalla, Collinge and Matsushima in order to migrate private information between terminals (Matsushima; ¶ 1-9).
Regarding claim 2, Collinge teaches wherein said decrypting, by the electronic payment application of the terminal device, the ciphertext of the first decrypted payment key again by using the AES key and the SM4 white box secret key to obtain the plaintext of the payment key comprises: decrypting, by the electronic payment application of the terminal device, the ciphertext of the payment key for a second time by using the AES key, and decrypting, by the electronic payment application of the terminal device, the ciphertext of the payment key for a third time by using the SM4 white box secret key to obtain the plaintext of the payment key (¶ 48-53, 61-64).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Simu et al., (US 20220210061) teaches combined double decryption.
Bieber (US 20200275142) teaches combined double decryption and ciphertexts.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ILSE I IMMANUEL whose telephone number is (469)295-9094. The examiner can normally be reached Monday-Friday 9:00 am to 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA H PATEL can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ILSE I IMMANUEL/Primary Examiner, Art Unit 3699