EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Eric Sophir (Reg. No. 48,499) on 06/14/2021.

The application has been amended as follows: Please enter the amendments filed 12/14/2020 and include the following amendments:

1. (Currently Amended) A method for initialization and activation of a secure element for use in a terminal device, the method comprising: 
generating, by at least one service provider server, a set of encryption keys associated with the secure element; 
transmitting, by the at least one service provider server, the set of encryption keys associated with the secure element to a key injection facility server; 
receiving, by the at least one service provider server, a service provider certificate from a certification authority server; 
transmitting, by the at least one service provider server via the key injection facility server, the service provider certificate, the set of encryption keys, and one or more attributes associated with the secure element to the secure element; 

receiving, by the at least one service provider, an activation request from the secure element at a time later than transmitting the service provider certificate, the set of encryption keys, and one or more attributes to the secure element; 
authenticating, by the at least one service provider server, an identity of the secure element by: 
extracting the public key from the secure element and determining whether the extracted public key corresponds to one or more parameters of the service provider certificate; 
generating, by the at least one service provider server, a session with the secure element based on mutual authentication with the secure element using at least the service provider certificate, wherein the service provider server transmits an activation certificate to the secure element; and 
validating, by the processor of the secure element, the activation certificate by determining that the activation certificate is associated with the certification authority server; 
in response to the processor of the secure element validating the activation certificate, loading, by the at least one service provider server, at least a master key and a working key into the memory of the secure element.

2. (Previously presented) The method according to claim 1, wherein the one or more attributes associated with the secure element comprises a manufacture ID of a vendor of the secure element, whereby the at least one service provider server uses the one or more attributes to 

3. (Original) The method according to claim 1, further comprising uploading, by the at least one service provider server, a firmware of a vendor of the secure element into the memory of the secure element.

4. (Cancelled)

5. (Previously Presented) The method according to claim 1, wherein the set of encryption keys comprises a private key and a public key, and wherein the private key is stored in a database of a service provider.

6. (Previously presented) The method according to claim 1, wherein the activation certificate comprises a subject field with the one or more parameters associated with a service provider server, whereby the processor of the secure element validates the activation certificate by determining whether the subject field comprises a domain address associated with the certification authority server.

7. (Cancelled)

8. (Previously Presented) The method according to claim 1, wherein the secure element is a printed circuit board of the terminal device, wherein the terminal device is selected from a group consisting of a card reader, a mobile phone, a vending machine, a wearable device, or an internet of things (IOT) device.

9. (Original) The method according to claim 1, wherein the secure element is detachably connected to the terminal device, and wherein the secure element comprises a processor and a memory for storing data.

10. (Cancelled)

11. (Cancelled)

12. (Currently Amended) A system for initialization and activation of a secure element for use in a terminal device, the system comprising: 
a service provider server comprising a processor and a non-transitory computer-readable medium containing instructions that when executed by the processor causes the processor to perform operations comprising: 
generate a set of encryption keys associated with the secure element; 
transmit the set of encryption keys associated with the secure element to a key injection facility server; 
receive a service provider certificate from a certification authority server;
transmit, via the key injection facility server, the service provider certificate, the set of encryption keys, and one or more attributes associated with the secure element to the secure element; 
receive an activation request from the secure element at a time later than transmitting the service provider certificate, the set of encryption keys, and one or more attributes to the secure element; 
authenticate an identity of the secure element by: 
extracting a public key from the secure element and determining whether the extracted public key corresponds to one or more parameters of the service provider certificate; 
generate a session with the secure element based on mutual authentication with the secure element using at least the service provider certificate, wherein the service provider server transmits an activation certificate to the secure element; and 
in response to the processor of the secure element validating the activation certificate, load at least a master key and a working key into the memory of the secure element; and 
wherein the secure element comprises a second non-transitory computer-readable medium containing instructions that when executed by the processor of the secure element causes the processor of the secure element to perform operations comprising: 
generate the public key corresponding to the service provider certificate and the set of encryption keys; 
validate the activation certificate by determining that the activation certificate is associated with the certification authority server.

13. (Cancelled)

14. (Previously Presented) The system according to claim 12, wherein the secure element is a printed circuit board of the terminal device, wherein the terminal device is selected from a group consisting of a card reader, a mobile phone, a vending machine, a wearable device, or an internet of things device.

15. (Original) The system according to claim 12, wherein the secure element is detachably connected to the terminal device, and wherein the secure element comprises a processor and a memory for storing data.

16. (Cancelled)

17. (Cancelled)

18. (Cancelled)

19. (Previously presented) The system according to claim 12, wherein the one or more attributes associated with the secure element comprises a manufacture ID of a vendor of the secure element.

20. (Currently Amended) The system according to claim 12, wherein the encryption keys comprises a private key and a public key and wherein the instructions further cause the processor of the service provider server to store the private key in a database of the service provider.
Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
The present claims disclose a method and system for initialization and activation of a secure element for use in a terminal device, comprising: generating, by at least one service provider server, a set of encryption keys associated with the secure element; transmitting, by the at least one service provider server, the set of encryption keys associated with the secure element to a key injection facility server; receiving, by the at least one service provider server, a service provider certificate from a certification authority server; transmitting, by the at least one service provider server via the key injection facility server, the service provider certificate, the set of encryption keys, and one or more attributes associated with the secure element to the secure element; generating, by a processor of the secure element, a public key corresponding to the service provider certificate and the set of encryption keys; receiving, by the at least one service provider, an activation request from the secure element at a time later than transmitting the service provider certificate, the set of encryption keys, and one or more attributes to the secure element; authenticating, by the at least one service provider server, an identity of the secure element by: extracting the public key from the secure element and determining whether the extracted public key corresponds to one or more parameters of the service provider certificate; generating, by the at least one service provider server, a session with the secure element based on mutual authentication with the secure element using at least the service provider certificate, wherein the service provider server transmits an activation certificate to the secure element; and validating, by the processor of the secure element, the activation certificate by determining that the activation certificate is associated with the certification authority server; in response to the processor of the secure element validating the activation certificate, loading, by the at least one service provider server, at least a master key and a working key into the memory of the secure element.
The closest prior art of Smith et al. (US 2013/0232083) discloses: generating, by at least one service provider server, a set of encryption keys associated with the secure element (Fig. 9-10, 0080-0081); transmitting, by the at least one service provider server, the set of encryption keys associated with the secure element to a key injection facility server (Fig. 3, 0049-0050, 0081); transmitting, by the at least one service provider server, the service provider certificate to the key injection facility server, whereby the key injection facility server stores the set of encryption keys, one or more attributes associated with the secure element, and the service provider certificate into a memory of the secure element (Fig. 3, 0049-0050, 0081, 0086-0087, 0092-0093).
Chastain et al. (US 2015/0149776) discloses generating, by the at least one service provider server, a session with the secure element based on mutual authentication with the secure element using at least the service provider certificate; and activating, by the at least one service provider server, the secure element of the terminal device by storing at least a master key and a working key into the memory of the secure element (0039, 0042).
Caceres et al. (US 2016/0344560) discloses receiving, by the at least one service provider server, a service provider certificate generated by a certification authority server (0047-0052).
Liu et al. (US 2014/0172741) discloses authenticating, by the at least one service provider server, an identity of the secure element based on one or more parameters of the service provider certificate (0077, 0105).
However, the prior art does not disclose, neither singly nor in combination, for claims 1-3, 5-6, 8-9, 12, 14-15, and 19-20: transmitting, by the at least one service provider server via the key injection facility server, the service provider certificate, the set of encryption keys, and one or more attributes associated with the secure element to the secure element; generating, by a processor of the secure element, a public key corresponding to the service provider certificate and the set of encryption keys; receiving, by the at least one service provider, an activation request from the secure element at a time later than transmitting the service provider certificate, the set of encryption keys, and one or more attributes to the secure element; authenticating, by the at least one service provider server, an identity of the secure element by: extracting the public key from the secure element and determining whether the extracted public key corresponds to one or more parameters of the service provider certificate; generating, by the at least one service provider server, a session with the secure element based on mutual authentication with the secure element using at least the service provider certificate, wherein the service provider server transmits an activation certificate to the secure element; and validating, by the processor of the secure element, the activation certificate by determining that the activation certificate is associated with the certification authority server; in response to the processor of the secure element validating the activation certificate, loading, by the at least one service provider server, at least a master key and a working key into the memory of the secure element.
Examiner additionally notes that the submitted amendments to the claims overcome the prior rejections under 35 USC 112(a) and 35 USC 112(b).
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAYLOR RAK whose telephone number is (571)270-1575.  The examiner can normally be reached on Monday-Friday 9:30-5:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571)-272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 


If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/T.R./Examiner, Art Unit 3685   

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685