DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the application filed on 02/18/2021. Claims 1-3 are amended. Claims 1-23 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
                                        EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via email by Jared DuJack (Reg. No.72646) on 05/05/2021. 
 The application has been amended as follows:
Please replace claim 1 with:
1.	(Currently Amended) A method for producing a secure communication channel for a terminal, the method having the following steps of:
-	setting up a secure communication channel between a communication partner and a backend by a communication protocol, an item of channel binding information respectively being stipulated for the backend and for the communication partner by the communication protocol, wherein the item of channel binding information comprises at least one of: an identifier for the secure communication channel, an identifier of a transmitter of the secure communication channel, an identifier of the receiver of the secure communication channel, negotiated communication security information, a time stamp, and a nonce;
-	producing a communication channel between the communication partner and the terminal;
-	transmitting the channel binding information relating to the secure communication channel to the terminal by the communication partner, wherein the channel binding information is part of a request for the terminal to generate a license request;
-	storing the channel binding information on the terminal;
-	sending the license request to the backend via the communication partner; 
-	checking the license request and, in response, creating a data structure and a first digital signature across the data structure by the backend using a first private key, the first digital signature being able to be checked using a first public key, wherein the data structure is a license ticket, and wherein the data structure comprises the channel binding information;
-	sending the data structure and the first digital signature from the backend to the terminal; and
-	checking authenticity of the data structure using a checking algorithm for verifying the first digital signature using the public key by the terminal and/or by the communication partner;
-	sending security information and identity information relating to the terminal from the terminal to the communication partner;
-	sending the security information and identity information relating to the terminal from the communication partner to the backend via the secure communication channel;
wherein the terminal has a second key pair, in the form of a second public key and a second private key, used to generate a second digital signature for the security information from the terminal, and 
wherein the communication partner checks second authenticity of the security information using the second public key.

Please cancel claim 2.

Please replace claim 4 with:
4.	(Currently Amended) The method as claimed in claim 1, wherein a signal [[being]] is provided by the terminal and/or by the communication partner if the checking algorithm determines invalid authenticity.

Please replace claim 5 with:
5.	(Currently Amended) The method as claimed in claim 1, wherein the first public key [[being]] is provided for the terminal, a certification authority or the backend, in particular, providing the first public key.

Please replace claim 6 with:
6.	(Currently Amended) The method as claimed in claim 3, wherein the basic information from the backend comprises an item of configuration information, the configuration information comprising, in particular, an item of licensing information and/or program code for executing a command which is executed by the terminal on the terminal.

Please cancel claims 7-8.

Please replace claim 9 with:
9.	(Currently Amended) The method as claimed in claim [[2]] 1, wherein the security information has at least one of a nonce and an identifier of a certificate of the at least one of the terminal and only a fingerprint of the second public key.

Please replace claim 10 with:
10.	(Currently Amended) The method as claimed in claim [[2]] 1, wherein the security information and/or the channel binding information and/or the identity information is 

Please replace claim 11 with:
11.	(Currently Amended) The method as claimed in claim 1, wherein the data structure and/or the first digital signature comprises an item of legitimacy information which causes the terminal to switch on particular programming.

Please replace claim 12 with:
12.	(Currently Amended) The method as claimed in claim 1, wherein the data structure [[being]] is expanded with the first digital signature.

Please replace claim 13 with:
13.	(Currently Amended) The method as claimed in claim [[2]] 1, wherein the data structure additionally comprises the security information and/or identity information from the terminal.

Please replace claim 14 with:
14.	(Currently Amended) The method as claimed in claim 1, wherein the checking algorithm additionally checks the stored channel binding information and the channel binding information in order to determine the authenticity, wherein the checking algorithm [[being]] is executed, on at least one of the terminal and the communication partner.

Please replace claim 15 with:
15.	(Currently Amended) The method as claimed in claim [[2]] 1, wherein the communication partner concomitantly sends 

Please replace claim 16 with:
16.	(Currently Amended) The method as claimed in claim 1, wherein the first public key [[being]] is concomitantly sent during the sending of the data structure.

Please replace claim 17 with:
17.	(Currently Amended) The method as claimed in claim 1, wherein the first public key is made available to the terminal at an earlier time, the earlier time being, the manufacturing time of the terminal, the public key being protected, from being changed on the terminal.

Please replace claim 18 with:
18.	(Currently Amended) The method as claimed in claim 1, wherein the first private key [[being]] is a secret which is known to the backend, the secret being known, exclusively to the backend.

Please replace claim 19 with:
19.	(Currently Amended) The method as claimed in claim 1, wherein the terminal has only non-security-critical information.

Please replace claim 20 with:
20.	(Currently Amended) The method as claimed in claim 1, wherein the secure communication channel [[being]] is produced by a symmetrical method, the symmetrical method uses authentication with a username and a password, or the secure communication channel [[being]] is produced by an asymmetrical method, the asymmetrical method using a digital certificate.

Please replace claim 21 with:
21.	(Currently Amended) The method as claimed in claim 4, wherein the signal [[being]] is evaluated by the backend or a further communication partner.

Please replace claim 22 with:
22.	(Currently Amended) The method as claimed in claim 1, wherein the secure communication channel meets security requirements stipulated by the backend, wherein the terminal checks the first signature in order to determine whether the communication channel actually meets the security requirements of the backend.


Please replace claim 23 with:
23.	(Currently Amended) The method as claimed in claim 1, wherein the first public key [[being]] is checked by the communication partner before the first public key is forwarded to the terminal, the public key being a certificate, the certificate being validated, in particular, against a known issuer, the validation of the certificate comprising a validity and/or a rejection status.


Allowable Subject Matter
Claims 1, 3-6, and 9-23 are allowed.

The present invention is relates to a  method, system, backend, terminal, and computer program product are disclosed for producing a secure communication channel for a terminal, the method having the following method steps. A first method step for setting up a secure communication channel between a communication partner and a backend by a communication protocol. A second method step for producing a communication channel between the communication partner and the terminal. A third method step for transmitting the channel binding information. A fourth method step for storing the channel binding information on the terminal. A fifth method step for creating a data structure and a first digital signature across the data structure y. A sixth method step for sending the data structure and the digital signature from the backend to the terminal. A seventh method step for checking authenticity of the data structure.
Regarding claim 1, although the prior art of record teaches setting up a secure communication channel between a communication partner and a backend by a communication protocol, an item of channel binding information respectively being stipulated for the backend and for the communication partner by the communication protocol; producing a communication channel between the communication partner and the terminal; transmitting the channel binding information relating to the secure communication channel to the terminal by the communication partner, wherein the channel binding information is part of a request for the terminal to generate a license request; storing the channel binding information on the terminal; sending the license request to the backend via the communication partner; checking the license request and, in response, creating a data structure and a first digital signature across the data structure by the backend using a first private key, the first digital signature being able to be checked using a first public key; checking authenticity of the data structure using a checking algorithm for verifying the first digital signature using the public key by the terminal and/or by the communication partner.
	None of the prior art, alone or in combination teaches wherein the item of channel binding information comprises at least one of: an identifier for the secure communication channel, an identifier of a transmitter of the secure communication channel, an identifier of the receiver of the secure communication channel, negotiated communication security information, a time stamp, and a nonce; wherein the data structure is a license ticket, and wherein the data structure comprises the channel binding information; sending security information and identity information relating to the terminal from the terminal to the communication partner; sending the security information and identity information relating to the terminal from the communication partner to the backend via the secure communication channel; wherein the terminal has a second key pair, in the form of a second public key and a second private key, used to generate a second digital signature for the security information from the terminal, and  wherein the communication partner checks second authenticity of the security information using the second public key  in view of the other limitations of claim 1.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207.  The examiner can normally be reached on Monday-Friday, 8:30am-5:30pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SHAHRIAR ZARRINEH/Examiner, Art Unit 2497