Acknowledgements
This communication is in response to applicant’s response filed on 08/28/2020.
Claims 1, 11, 20-21, and 25 have been amended. 
Claims 1-25 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/28/2020 has been entered.
 
Response to Arguments
Regarding applicant’s arguments under Claim Rejections - 35 USC § 103 that the combination of Murphy (US 20180018661) in view of Dolcino (US 20140324698) fails to disclose wherein the pre-certified payment application driver code is integrated with a first point of sale (POS) application which executes on the first processor (second processor) with the first memory (second memory) and 
Applicant makes a similar argument for claims 11 and 21 as claim 1 above. Examiner respectfully argues applicant’s arguments are moot for the same reasons listed above for claim 1.
Regarding applicant’s arguments under Claim Rejections - 35 USC § 103 that the combination of Murphy (US 20180018661) in view of Dolcino (US 20140324698) fails to disclose “encrypting by the payment server, the first payment data with a third encryption key and sending the first payment data encrypted with the third encryption key to a front-end server,” as in newly independent claim 20, examiner respectfully argues applicant’s argument is moot in light of the new grounds of rejection necessitated by the claim amendments.
Applicant argues dependent claims 2-10, 12-19 and 22-25 are allowable based on their dependence upon allowable base claims, examiner respectfully argues applicant’s arguments are moot in light of the new rejections necessitated by the claim amendments for claims 1, 11, and 21.

Priority
Acknowledgment is made of applicant’s claim to U.S. Provisional Application No. 62/358,745, filed on 07/06/2016. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4-5, 8-11, 14-15, 18-19, and 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Glatt (US 20140012762).

Regarding Claims 1 and 11, Glatt teaches a method, comprising: configuring a payment application driver code as a pre-certified payment application driver code to satisfy requirements of a particular level of a credit card data security certification compliance (Paragraphs 0028 and 0030 teach by providing an embedded electronic payment (EEP) chip, appliance (i.e. devices generally) manufacturers can add electronic payment acceptance to any appliance with a printed circuit board and standard chip implementation design; the EEP chip is prequalified (i.e., pre-certified) by the electronic payment transaction  generating a first integrated application executing on a first processor of a system with a first memory of the system by integrating the pre-certified payment application driver code with a first point of sale (POS) application which executes on the first processor with the first memory and does not satisfy the requirements of the particular level of the credit card data security certification compliance (Paragraphs 0026, 0029, and 0048 teach by providing the EEP chip, engineers can add the EEP chip to the device hardware configuration along with interfaces to card readers, security programming, and networks, thereby embedding merchant account payment transaction ability into a variety of devices; for example, a vending machine can be adopted to take credit card payments by incorporating the EEP chip on a circuit board in the vending machine, essentially making the vending machine a merchant; the vending machine manufacturer can add the electronic payment functionality with built-in approval by the acquirer, by virtue of using the EEP chip; the EEP module can be embodied as an integrated circuit (IC) or application specific integrated circuit (ASIC) for use on printed circuit boards (PCB) as part of a device or appliance); in response to the first POS application initiating a first payment transaction, enabling by the first integrated application, a first payment terminal to share a first encryption key with a payment server (Paragraphs 0059-0060 teach entitlement control is accomplished by seeding a unique encrypted public key (EPK) into each device's SE at the time of manufacture of the EEP chip itself or at the time of assembly into an appliance via a  receiving by the first integrated application, first payment data encrypted with the first encryption key (Paragraphs 0029 and 0061 teach an interface for reading credit card data can be added to the outside of the vending machine and connected to the circuit board to feed transaction data; the EEP chip creates encrypted approval request data to be sent to the acquirer; specifically, the embedded electronic payment chip will encrypt Transaction Data (TD) when authorized according to the entitlement keys (EKs)); transmitting by the first integrated application, the encrypted first payment data to the payment server for processing the first payment transaction using the encrypted first payment data (Paragraph 0029 teaches the vending machine is connected via a suitable network to the electronic payment transaction acquirer, and the EEP chip creates sends encrypted approval request data to the acquirer); receiving by the first integrated application, a processing result of the first payment transaction from the payment server and communicating the processing result to the first POS application (Paragraph 0029 teaches when the acquirer approves the transaction, the acquirer sends encrypted acquirer transaction data to  performing by the first integrated application, operations as required by the particular level of the credit card data security certification compliance (Paragraph 0066 teaches the EEP chip includes a card interface that provides interfaces for various payment instrument devices; the card interface includes an EMV PED Interface; EMV stands for EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions); generating a second integrated application executing on a second processor of the system with a second memory of the system by integrating the pre-certified payment application driver code with a second POS application which executes on the second processor with the second memory and does not satisfy the requirements of the particular level of the credit card data security certification compliance (Paragraph 0039 teaches as shown in FIG. 2, another example is an EEP-enabled map kiosk in the middle of a mountain trail for the purchase of selling hiking maps; the kiosk with EEP is essentially a merchant, with a merchant account, much like any retail store; the kiosk includes a printed circuit board (PCB) embedded with an EEP chip; a card reader is connected to the PCB to provide transaction data); in response to the second POS application initiating a second payment transaction, enabling by the second integrated application, a second payment terminal to share a second encryption key with the payment server (Paragraphs 0059-0060 teach  receiving by the second integrated application, second payment data encrypted with the second encryption key (Paragraphs 0029 and 0061 teach an interface for reading credit card data can be added to the outside of the vending machine and connected to the circuit board to feed transaction data; the EEP chip creates encrypted approval request data to be sent to the acquirer; specifically, the embedded electronic payment chip will encrypt Transaction Data (TD) when authorized according to the entitlement keys (EKs)); transmitting by the second integrated application, the encrypted second payment data to the payment server for processing the second payment transaction using the encrypted second payment data (Paragraph 0029 teaches the vending machine is connected via a suitable network to the electronic payment transaction acquirer, and the EEP chip creates sends encrypted approval request data to the acquirer); receiving by the second integrated application, a processing result of the second payment transaction from the payment server and communicating the processing result of the second payment transaction to the second POS application (Paragraph 0039 teaches if the transaction is approved by the acquirer, approval information is transmitted to the PCB, which then triggers the map dispenser to dispense a map); and -6-performing by the second integrated application, operations as required by the particular level of the credit card data security certification compliance (Paragraph 0066 teaches the EEP chip includes a card interface that provides interfaces for various payment instrument devices; the card interface includes an EMV PED Interface; EMV stands for EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions), wherein the pre-certified payment application driver code supports multiple payment terminal vendors (Paragraphs 0034 and 0048 teach an integrated circuit (IC), for use in embedded applications can be implemented in the circuitry of devices/appliances to allow that device to “take” an electronic payment from a user (e.g., a personal computer (PC), a washing machine, a vending machine, a television set-top box, a telephone, an entryway access control device, a jukebox, an automobile, a train, an arcade, etc.)).
It would have been obvious to one of ordinary skill in the art at the time of invention to duplicate the steps of receiving…payment data encrypted with the second encryption key; and transmitting the encrypted…payment data to the payment server for processing the payment transaction using the 
There is motivation to combine because the mere duplication of parts has no patentable significance and does not produce new and unexpected results. For example, by duplicating the steps of receiving second payment data encrypted with the second encryption key; and transmitting the encrypted second payment data to the payment server for processing the second payment transaction using the encrypted second payment data in the second integrated application does not produce new and unexpected results because same the EEP chip is embedded in the vending machine and the map kiosk; and even though each EEP chip is provided with a unique encryption key, the EEP chip performs the payment transaction using the same method steps regardless of which payment terminal vendor it is embedded in. See MPEP 2144.04 VI B; In re Harza, 124 USPQ 378 (CCPA 1960).
Regarding Claim 1, Glatt teaches a system, comprising: a first processor and a first memory (Paragraph 0029 teaches the vending machine comprises a circuit board); and a second processor and second memory (Paragraph 0039 teaches the kiosk includes a printed circuit board (PCB); a chip with an embedded electronic payment chip is connected to the PCB).

Regarding Claims 4 and 14, Glatt teaches all the limitations of claims 1 and 11 above; and Glatt further teaches wherein the pre-certified payment application driver code is an application programming interface (API) (Paragraph 0024 teaches a programmable transaction module that can be 

Regarding Claims 5 and 15, Glatt teaches all the limitations of claims 1 and 11 above; and Glatt further teaches explicitly teach wherein the pre-certified payment application driver code is a shared library stored in at least one of the first memory or the second memory (Paragraphs 0035 and 0049-0050 teach the solution also can be implemented as a design module available to be added to the design of another chip, much like an ALU or memory is a library module that a chip designer can add to an Application Specific Integrated Chip (ASIC); the EEP module can be embodied as a design element in a design element library for design into other integrated circuits, e.g. a microcontroller, so that the embedded payment function can be part of that chip; or the EEP module can be embodied as a library element that can be “burned” into a programmable logic device such as those available from Altera or Xilinx, which allow for flexible design of PCBs as required by the over system engineer, as typical where programmable logic is used, even on demand).

Regarding Claims 8 and 18, Glatt teaches all the limitations of claims 1 and 11 above; and Glatt further teaches in response to the first payment terminal reading the first payment data, the first integrated application is configured to encrypt the first payment data (Paragraphs 0029 and 0061 teach an interface for reading credit card data can be added to the outside of the vending machine and connected to the circuit board to feed transaction data; the 

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 9 and 19, Glatt teaches all the limitations of claims 1 and 11 above; and Glatt further teaches the first payment data includes data selected from the group consisting of tender data, magnetic card reader (MSR) data, personal identification number (PIN) data, or Europay, MasterCard, or Visa (EMV) data (Paragraph 0066 teaches the EEP chip includes a card interface that provides interfaces for various payment instrument devices; the card interface includes an EMV PED Interface; EMV stands for EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions).

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

Regarding Claim 10, Glatt teaches all the limitations of claim 1 above; and Glatt further teaches sharing by the payment server, the first encryption key with the first payment terminal via a first hardware security module (HSM) (Paragraphs 0056-0057 and 0060 teach a preferred embodiment of an embedded electronic payment (EEP) chip includes a tamperproof security element (SE), which also can be referred to as the security module; the SE performs entitlement control and transaction data encryption and decryption; an electronic payment transaction acquirer provides a private key (PVK) to the EEP chip; the private key is stored in the security element and can decrypt the encrypted public key (EPK) to create a decrypted public key or more-simply a public key (PK); the private key is generated with public key and is kept by the acquirer).

Regarding Claim 21, Glatt teaches a system (Paragraph 0029 teaches a vending machine), comprising: a processor and a memory (Paragraph 0029 teaches the vending machine comprises a circuit board); and a pre-certified payment application driver code executable by the processor and configured to satisfy requirements of a particular level of a credit card data security certification compliance (Paragraphs 0028 and 0030 teach by providing an embedded electronic payment (EEP) chip, appliance (i.e. devices generally) manufacturers can add electronic payment acceptance to any appliance with a printed circuit board and standard chip implementation design; the EEP chip is prequalified (i.e., pre-certified) by the electronic payment transaction acquirer, meaning the appliance manufacture does not need to have the particular appliance approved by the acquirer because the chip carries the certification making the , wherein the pre-certified payment application driver code is integrated with a first point of sale (POS) application which executes on the processor with the memory and does not satisfy the requirements of the particular level of the credit card data security certification compliance, to generate a first integrated application executing on the processor with the memory (Paragraphs 0026, 0029, and 0048 teach by providing the EEP chip, engineers can add the EEP chip to the device hardware configuration along with interfaces to card readers, security programming, and networks, thereby embedding merchant account payment transaction ability into a variety of devices; for example, a vending machine can be adopted to take credit card payments by incorporating the EEP chip on a circuit board in the vending machine, essentially making the vending machine a merchant; the vending machine manufacturer can add the electronic payment functionality with built-in approval by the acquirer, by virtue of using the EEP chip; the EEP module can be embodied as an integrated circuit (IC) or application specific integrated circuit (ASIC) for use on printed circuit boards (PCB) as part of a device or appliance), the first integrated application configured to: enable, in response to the first POS application initiating a first payment transaction, a first payment terminal to share a first encryption key with a payment server (Paragraphs 0059-0060 teach entitlement control is accomplished by seeding a unique encrypted public key (EPK) into each device's SE at the time of manufacture of the EEP chip itself or at the time of assembly into an appliance via a secure interface; an electronic payment transaction acquirer provides a private key (PVK) to the EEP chip, which is stored in a security element; the private key can  receive first payment data encrypted with the first encryption key (Paragraphs 0029 and 0061 teach an interface for reading credit card data can be added to the outside of the vending machine and connected to the circuit board to feed transaction data; the EEP chip creates encrypted approval request data to be sent to the acquirer; specifically, the embedded electronic payment chip will encrypt Transaction Data (TD) when authorized according to the entitlement keys (EKs)); transmit the encrypted first payment data to the payment server for processing the first payment transaction using the encrypted first payment data (Paragraph 0029 teaches the vending machine is connected via a suitable network to the electronic payment transaction acquirer, and the EEP chip creates sends encrypted approval request data to the acquirer); and receive a processing result of the first payment transaction from the payment server and communicate the processing result to the first POS application (Paragraph 0029 teaches when the acquirer approves the transaction, the acquirer sends encrypted acquirer transaction data to the EEP chip; the EEP chip decrypts the encrypted acquirer transaction data and approves the transaction; the EEP chip instructs the vending machine to dispense the goods), wherein the first integrated application is configured to perform operations as required by the particular level of the credit card data security certification compliance (Paragraph 0066 teaches the EEP chip includes a card interface that provides interfaces for various payment instrument devices; the card interface includes an EMV PED Interface; EMV stands for EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions), wherein the pre-certified payment application driver code supports multiple payment terminal vendors (Paragraphs 0034 and 0048 teach an integrated circuit (IC), for use in embedded applications can be implemented in the circuitry of devices/appliances to allow that device to “take” an electronic payment from a user (e.g., a personal computer (PC), a washing machine, a vending machine, a television set-top box, a telephone, an entryway access control device, a jukebox, an automobile, a train, an arcade, etc.)).

Regarding Claim 22, Glatt teaches all the limitations of claim 21 above, and Glatt further teaches wherein the pre-certified payment application driver code is an application programming interface (API) (Paragraph 0024 teaches a programmable transaction module that can be programmed via a programming interface and an application programming interface (API) to implement a desired specific protocol).

Claims 2, 12, and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over Glatt (US 20140012762) in view of Dolcino (US 20140324698).

Regarding Claims 2 and 12, Glatt teaches all the limitations of claims 1 and 11 above; however Glatt does not explicitly teach wherein the pre-certified payment application driver code includes configurable authentication identifiers to selectively implement (1) an authentication to use the same authentication identifier across all implementations of the pre-certified payment application driver code, (2) an authentication to use authentication identifiers for individual independent software vendors (ISVs), (3) an authentication to use authentication identifiers for individual merchants, or (4) an authentication to use authentication identifiers for individual applications.
Dolcino from same or similar field of endeavor teaches wherein the pre-certified payment application driver code includes configurable authentication identifiers to selectively implement an authentication to use authentication identifiers for individual merchants (Paragraphs 0096-0097 teach the acquirer loads a specific payment applet in the secure element, the specific payment applet being selected according to an appropriate configuration for the user of the (point of sale enabled) mobile device, then the acquirer activates the payment applet; specifically, a mutual authentication is performed between the acquirer and the payment applet; and a secured communication is established between them (over the secured communication channel already established between the Acquirer and the secure element); then, the acquirer loads cryptographic certificates and private keys in the payment applet; and the acquirer loads configuration data specific to the user of the (point of sale enabled) mobile 
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Glatt to incorporate the teachings of Dolcino for the pre-certified payment application driver code to include configurable authentication identifiers to selectively implement an authentication to use authentication identifiers for individual merchants.
There is motivation to further combine Dolcino into Glatt because in order to ensure security during the financial transactions, security standards such as the Europay, MasterCard, and Visa (EMV) transaction standard have been developed and used to certify both the payment terminals and the payment cards. However, due to various factors, including the technical complexity required to meet the security standards, payment terminals that are used to conduct secured financial transactions are usually devices that are solely dedicated to the conduct of financial transactions (Dolcino Paragraph 0004). By integrating the secure element into the POS device the financial transaction is secured and compliant with the EMV transaction standard and the applicable PCI SSC standards. The applicable PCI SSC standards may be one of the Payment Application Data Security Standard (PA-DSS), PIN Transaction Security (PTS) and/or Point-to-Point Encryption (P2PE). In other embodiments, the transaction may be compliant with other secured transaction standards (Dolcino Paragraph 0043).

Regarding Claims 23, 24, 25, Glatt teaches all the limitations of claims 1, 11, and 21 above; however Glatt does not explicitly teach wherein the pre-certified payment application driver code is a software development kit (SDK).
Dolcino further teaches wherein the pre-certified payment application driver code is a software development kit (SDK) (Paragraphs 0072 and 0090-0092, and 0096 teach the integration of the secure element on a control circuit still requires the device to go through, at least partially, the EMV certification process to be EMV transaction certified; a Trusted Service Manager (TSM) is a third-party managing a Security Domain (ISD or SSD) for a client in a secure element (e.g. SIM card, embedded secure element, MicroSD card); the TSM has a proper infrastructure to securely store and use the encryption keys to access the Security Domains, to store the software and data, and to remotely access the secure elements; the TSM enables a trusted and remote deployment of software and data on the secure element without having physical access to the device; instead of the TSM, a financial institution server or a third party server may be used, to manage the secure storage and the secure deployment of the software and data to be loaded in the secure element; load/update/configure processes are performed via a generally non-secured network (e.g. a cellular data network), using one of the communication interfaces (e.g. wifi, bluetooth, or cellular data) of the mobile device; thus, the load/update/configure processes need to be secured, as will be further illustrated in relation to FIG. 12; the load/update/configure processes are generally performed in accordance with a specific (secured) protocol, for instance the GlobalPlatform protocol; in an alternative embodiment (not represented in FIG. 
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Glatt to incorporate the teachings of Dolcino for the pre-certified payment application driver code to be a software development kit (SDK).
There is motivation to combine Dolcino into Glatt for the same reasons listed above for claims 2 and 12.

Claims 3, 6-7, 13, and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Glatt (US 20140012762) in view of Murphy (US 20180018661).

Regarding Claims 3 and 13, Glatt teaches all the limitations of claims 1 and 11 above; however Glatt does not explicitly teach during the transmission of the encrypted first payment data and the reception of the processing result of the first payment transaction, the first integrated application is further configured to communicate transaction information including the encrypted first payment data with the payment server using a transport layer security (TLS) protocol.
Murphy from same or similar field of endeavor teaches during the transmission of the encrypted first payment data and the reception of the processing result of the first payment transaction, the first integrated application is further configured to communicate transaction information including the encrypted first payment data with the payment server using a transport layer security (TLS) protocol (Paragraphs 0065 and 0069-0070 teach the virtual POS engine, host system, and merchant web server can communicate with one another using, for example, transport layer security (TLS); the host system can communicate with the virtual POS engine using, for example, TLS).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Glatt to incorporate the teachings of Murphy for the first integrated application to be further configured to communicate transaction information including the encrypted first payment data with the payment server using a transport layer security (TLS) protocol during the transmission of the encrypted first payment data and the reception of the processing result of the first payment transaction.
There is motivation to combine Murphy into Glatt because TLS protocol provides a private or secure connection by encrypted transaction data transmitted between the first integrated application and payment server.

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

Regarding Claims 6 and 16, Glatt teaches all the limitations of claims 1 and 11 above; however Glatt does not explicitly teach in response to enabling the first payment terminal, the first integrated application is configured to disable other listener processes in the system from connecting with the first payment terminal.
Murphy from same or similar field of endeavor teaches in response to enabling the first payment terminal, the first integrated application is configured to disable other listener processes in the system from connecting with the first payment terminal (Paragraph 0072 teaches the host system can include instructions executable to create, access and maintain a Base Derivation Key (BDK), wherein the BDK can be used to create an Initial PIN Encryption Key (IPEK) which, accompanied by a key serial number, can be provided to the portable device; a TRSM module of the portable device is provided in compliance with the ISO 9564 standard and can contain a unique cryptographic key, e.g. IPEK, based on the HSM module BDK, wherein the IPEK can be provided to the portable device at the point of manufacture such that each portable device can have a unique cryptographic key, e.g. an IPEK accompanied by a key serial number (i.e., enabling the portable device with the unique cryptographic key disables other listeners)).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Glatt to incorporate the teachings of Murphy for the first integrated application to be configured to disable other listener processes in the system from connecting with the first payment terminal in response to enabling the first payment terminal.


Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 7 and 17, the Glatt teaches all the limitations of claims 1 and 11 above; however Glatt does not explicitly teach the first integrated application is configured to maintain the first memory to be free of any decryption keys corresponding to the first encryption key and any unencrypted data of the first payment data.
Murphy from same or similar field of endeavor teaches the first integrated application is configured to maintain the first memory to be free of any decryption keys corresponding to the first encryption key and any unencrypted data of the first payment data (Paragraphs 0072-0073 and 0039 teach the BDK can be used to create an Initial PIN Encryption Key (IPEK) which, accompanied by a key serial number, can be provided to the portable device, and the transaction payment program code (e.g. firmware) of the portable device can create a secure session between the virtual POS engine and the host system, which has the HSM containing the BDK; a secure session can ensure a validity of the virtual POS engine, ensure message transport encryption, e.g. 3DES, per ANSI 
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Glatt to incorporate the teachings of Murphy for the first integrated application to be configured to maintain the first memory to be free of any decryption keys corresponding to the first encryption key and any unencrypted data of the first payment data.
There is motivation to combine Murphy into Glatt because consumer’s sensitive transaction data is protected because bad actors do not have access to decryption keys that can decrypt the encrypted transaction data or the unencrypted transaction data itself. 

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Glatt (US 20140012762) in view of Reno (US 20110295753).	

Regarding Claim 20, Glatt teaches a method comprising: configuring a payment application driver code as a pre-certified payment application driver code to satisfy requirements of a particular level of a credit card data security certification compliance (Paragraphs 0028 and 0030 teach by providing an embedded electronic payment (EEP) chip, appliance (i.e. devices generally) manufacturers can add electronic payment acceptance to any appliance with a printed circuit board and standard chip implementation design; the EEP chip is prequalified (i.e., pre-certified) by the electronic payment transaction acquirer, meaning the appliance manufacture does not need to have the particular appliance approved by the acquirer because the chip carries the certification making the certification process simple); generating a first integrated application executing on a first processor of a system with a first memory of the system by integrating the pre-certified payment application driver code with a first point of sale (POS) application which does not satisfy the requirements of the particular level of the credit card data security certification compliance (Paragraphs 0026, 0029, and 0048 teach by providing the EEP chip, engineers can add the EEP chip to the device hardware configuration along with interfaces to card readers, security programming, and networks, thereby embedding merchant account payment transaction ability into a variety of devices; for example, a vending machine can be adopted to take credit card payments by incorporating the EEP chip on a circuit board in the vending machine, essentially in response to the first POS application initiating a first payment transaction, enabling by the first integrated application, a first payment terminal to share a first encryption key with a payment server (Paragraphs 0059-0060 teach entitlement control is accomplished by seeding a unique encrypted public key (EPK) into each device's SE at the time of manufacture of the EEP chip itself or at the time of assembly into an appliance via a secure interface; an electronic payment transaction acquirer provides a private key (PVK) to the EEP chip, which is stored in a security element; the private key can decrypt the encrypted public key (EPK) to create a decrypted public key or more-simply a public key (PK); entitlement messages (EM) determine which transactions the embedded electronic payment chip is entitled to process on behalf of the electronic payment transaction acquirer; encrypted entitlement messages (EEM) contain decrypted entitlement keys or more simply Entitlement Keys (EK) and are decrypted in the security element using the decrypted public key); receiving by the first integrated application, first payment data encrypted with the first encryption key (Paragraphs 0029 and 0061 teach an interface for reading credit card data can be added to the outside of the vending machine and connected to the circuit board to feed transaction data; the EEP chip creates encrypted approval request data to be sent to the acquirer; specifically, the embedded electronic payment chip will encrypt Transaction Data transmitting by the first integrated application, the encrypted first payment data to the payment server for processing the first payment transaction using the encrypted first payment data (Paragraph 0029 teaches the vending machine is connected via a suitable network to the electronic payment transaction acquirer, and the EEP chip creates sends encrypted approval request data to the acquirer); receiving by the first integrated application, a processing result of the first payment transaction from the payment server and communicating the processing result to the first POS application (Paragraph 0029 teaches when the acquirer approves the transaction, the acquirer sends encrypted acquirer transaction data to the EEP chip; the EEP chip decrypts the encrypted acquirer transaction data and approves the transaction; the EEP chip instructs the vending machine to dispense the goods); performing by the first integrated application, operations as required by the particular level of the credit card data security certification compliance (Paragraph 0066 teaches the EEP chip includes a card interface that provides interfaces for various payment instrument devices; the card interface includes an EMV PED Interface; EMV stands for EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions); generating a second integrated application executing on a second processor of the system with a second memory of the system by integrating the pre-certified payment application driver code with a second POS application which does not satisfy the requirements of the particular level of the credit card data security certification compliance (Paragraph 0039 teaches as shown in FIG. 2, another example is an EEP-enabled map kiosk in the middle of a mountain trail for the purchase of selling hiking maps; the kiosk with EEP is essentially a merchant, with a merchant account, much like any retail store; the kiosk includes a printed circuit board (PCB) embedded with an EEP chip; a card reader is connected to the PCB to provide transaction data); in response to the second POS application initiating a second payment transaction, enabling by the second integrated application, a second payment terminal to share a second encryption key with the payment server (Paragraphs 0059-0060 teach entitlement control is accomplished by seeding a unique encrypted public key (EPK) into each device's SE at the time of manufacture of the EEP chip itself or at the time of assembly into an appliance via a secure interface; an electronic payment transaction acquirer provides a private key (PVK) to the EEP chip, which is stored in a security element; the private key can decrypt the encrypted public key (EPK) to create a decrypted public key or more-simply a public key (PK); entitlement messages (EM) determine which transactions the embedded electronic payment chip is entitled to process on behalf of the electronic payment transaction acquirer; encrypted entitlement messages (EEM) contain decrypted entitlement keys or more simply Entitlement Keys (EK) and are decrypted in the security element using the decrypted public key); receiving by the second integrated application, second payment data encrypted with the second encryption key (Paragraphs 0029 and 0061 teach an interface for reading credit card data can be added to the outside of the vending machine and connected to the circuit board to feed transmitting by the second integrated application, the encrypted second payment data to the payment server for processing the second payment transaction using the encrypted second payment data (Paragraph 0029 teaches the vending machine is connected via a suitable network to the electronic payment transaction acquirer, and the EEP chip creates sends encrypted approval request data to the acquirer); receiving by the second integrated application, a processing result of the second payment transaction from the payment server and communicating the processing result of the second payment transaction to the second POS application (Paragraph 0039 teaches if the transaction is approved by the acquirer, approval information is transmitted to the PCB, which then triggers the map dispenser to dispense a map); performing by the second integrated application, operations as required by the particular level of the credit card data security certification compliance (Paragraph 0066 teaches the EEP chip includes a card interface that provides interfaces for various payment instrument devices; the card interface includes an EMV PED Interface; EMV stands for EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions); sharing by the payment server, the first encryption key with the first payment terminal via a first hardware security module (HSM) 
However, Glatt does not explicitly teach in response to receiving the encrypted first payment data from the first integrated application, decrypting by the payment server, the encrypted first payment data; encrypting by the payment server, the first payment data with a third encryption key and sending the first payment data encrypted with the third encryption key to a front-end server; in response to receiving the first payment data encrypted with the third encryption key, processing by the front-end server, the first payment transaction and sending a request for processing the first payment transaction to a card network; in response to receiving the processing result of the first payment transaction from the card network, forwarding by the front-end server, the processing result back to the payment server; and in response to receiving the processing result of the first payment transaction from the front-end server, forwarding by the payment server, the processing result back to the first integrated application.
in response to receiving the encrypted first payment data from the first integrated application, decrypting by the payment server, the encrypted first payment data (Paragraphs 0035 and 0008 teach the payment processor system is configured to decrypt the encrypted PIN using a second key which is the private key of the asymmetric keypair associated with the public key of the application); encrypting by the payment server, the first payment data with a third encryption key and sending the first payment data encrypted with the third encryption key to a front-end server (Paragraphs 0035 and 0008 teach the payment processor system then uses a symmetric key which adheres to industry standards for PIN encryption to provide a re-encrypted PIN using a third symmetric key to provide a PIN encrypted in a standard format usable in existing payment systems and networks, to re-encrypt the customer's PIN); in response to receiving the first payment data encrypted with the third encryption key, processing by the front-end server, the first payment transaction and sending a request for processing the first payment transaction to a card network (Paragraphs 0036 and 0020 teach the payment authorization message, including the re-encrypted PIN, is sent by the payment processor system for processing to be processed through the payment network, wherein the payment network includes, for example, a combination of one or more of a merchant account provider (MAP), an independent sales organization (ISO), a payment gateway, a payment processor, a card association or bankcard payment network such as the VISA™ and MasterCard™ payment networks, and one or more financial institutions including acquiring or merchant banks and card-issuing or issuing banks in Attorney Docket No. 111452-0103in response to receiving the processing result of the first payment transaction from the card network, forwarding by the front-end server, the processing result back to the payment server (Paragraph 0021 teaches the payment processing system is responsible for processing the payment transaction through the payment network; the payment processing system is configurable to communicate with the network including the payment network (i.e., the payment network communicates the processing result or authorization response to the payment processing system)); in response to receiving the processing result of the first payment transaction from the front-end server, forwarding by the payment server, the processing result back to the first integrated application (Paragraphs 0021 and 0036 teach the payment processing system may be further configurable to communicate with the portable payment device and return an authorization result from the payment processing system for display, which may be, for example, a message indicating the payment request has been “approved” or “denied”).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Glatt to incorporate the teachings of Reno to in response to receiving the encrypted first payment data from the first integrated application, decrypting by the payment server, the encrypted first payment data; encrypting by the payment server, the first payment data with a third encryption key and sending the first payment data encrypted with the third encryption key to a front-end server; in response to receiving the first payment data encrypted with the third encryption key, processing by the front-end 
There is motivation to combine Reno into Glatt because by providing a method and system to securely encrypt a PIN using the portable payment device, the portable payment device may be used as a replacement for a traditional point-of-sale (POS) device to securely process “PIN debit” transactions (Reno Paragraph 0007). The specific PIN encryption may be performed using algorithms and data structures that are already well-established in the industry. In this approach, the PIN encryption key is typically a symmetric key, which adheres to industry standards for PIN encryption. The encrypted PIN thus would be of a standard format, and usable in existing payment systems and networks (Reno Paragraph 0027).
It would have been obvious to one of ordinary skill in the art at the time of invention to duplicate the steps of duplicate the steps of receiving data, encrypting data, then transmitting the encrypted data; and receiving a secret, decrypting a secret to obtain clear text that represents the data, validating the data, and generating a validation result. It is well within the knowledge of one of ordinary skill to duplicate software steps in a computer.
In re Harza, 124 USPQ 378 (CCPA 1960).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:00 pm CST (M-F).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-




/C.P.J./Examiner, Art Unit 3685

/JAY HUANG/Primary Examiner, Art Unit 3685