DETAILED ACTION
This is an office action on the merits in response to applicant’s communication filed on 9/25/2020.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims’ Status
Claims 1 – 20 are pending and are considered in this action. 

Response to Arguments/Comments
103 Rejections
	Due to administrative procedural error (pg.3 of the Petition Decision on 12/29/2020) of the Final action filed on 6/25/2020, the Pre-Brief appeal panel remanded this office action to the Examiner and herein is the reissuance of a new non-final action.   	
	In this office action, Examiner maintains the same position and adds additional paragraphs from the same reference to further support the rejection.
The language that Applicant is relying on falls outside the scope of the claim and that even if the language were considered that Hayhow teaches that the credential can either be manually entered or read from a token.
Applicant contends Examiner’s reference (Hayhow1) that it does not disclose or suggest that, before the digital authentication certificate is installed in the pin-pad terminal, the certificate server or the terminal management server confirms that it had previously associated, with the pin-pad terminal, a credential which the pin-pad terminal received from the smartcard. Instead, Havhow1 only discloses that both the placement of the credential in the hardware token at the time of manufacture or by the merchant at the time the token is received which in either case reads on the claim as written.
Furthermore, the language appears in a limitation describing how a gateway authenticator is configured and the limitation “…receive from a pin-pad terminal, via the first computer network, an activation credential request including a first administrator credential, the pin-pad terminal receiving the first administrator credential from a hardware token interfaced with the pin-pad terminal” is only 
Applicant further contends Examiner reference (Hayhow1) does not disclose or suggest the sequence of steps (pgs.12-14 of the Arguments/Remarks) as claimed in claim 1, 10 & 20.   Examiner respectfully disagrees.  Claim 1 includes the sequence of steps as step i), followed by step ii), and then followed by step iii).  However, such sequence does not necessarily mean that it would require to follow in this specific order.  Therefore, even if Hayhow1 does not teach the same exact sequence as claim one, claim one can still be anticipated by Hayhow1 because Hayhow1 still teaches steps of i), ii) and iii); see Altiris Inc. v. Symantec Corp., 318 F.3d 1363, 1371, 65 USPQ2d 1865, 1869-70 (Fed. Cir. 2003) (Although the specification discussed only a single embodiment, the court held that it was improper to read a specific order of steps into method claims where, as a matter of logic or grammar, the language of the method claims did not impose a specific order on the performance of the method steps, and the specification did not directly or implicitly require a particular order)".  This would also apply to claim 10 & 20 due to similarity to claim 1.
Applicant further contends, pgs.15 & 16 of the Arguments/Remarks that Examiner’s suggestion on “substituting the administrator credential for the private cryptographic key would not cause the certificate server (or the lottery server) to confirm (before the digital authentication certificate is installed………………)……….. the pin-pad terminal.  In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., certificate server (or the lottery server)) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. 	Determining the scope and contents of the prior art.
2. 	Ascertaining the differences between the prior art and the claims at issue.
3. 	Resolving the level of ordinary skill in the pertinent art.
4. 	Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 1, 3, 6, 7, 9-11, 13, 16, 17, 19 & 20 are rejected under 35 U.S.C 103 as obvious over Hayhow et al.   (US20130254116A1; hereinafter, “Hayhow1”).
With respect to claim 1, 10 & 20
Hayhow1 teaches claim limitations of:
A network gateway, comprising:
a first network interface configured to interface the network gateway with a first computer network (See [0066] of Hayhow1, The primary network interface 402 interfaces the network gateway 400 with the first communications network 102);
a second network interface configured to interface the network gateway with a second computer network distinct from the first computer network (See [0066], The secondary network interface 404  and
a gateway authenticator in communication with the network interfaces and configured to (See [0066, 0067, 0068] & FIG. 4 of Hayhow1, the network gateway 400 includes a primary network interface 402, a secondary network interface 404, and a computer processing unit 406 that is coupled to the primary network interface 402 and the secondary network interface 404. The computer processing unit 406 may include a microprocessor 408 and a computer-readable medium 410. The computer-readable medium 410 may be provided as electronic computer memory (e.g. flash memory) or optical or magnetic memory (e.g. compact disc, hard disk) and may include computer processing instructions stored thereon which, when executed by the microprocessor 408, define an operating system (not shown) that controls the overall operation of the network gateway 400. The computer processing instructions may also implement a gateway authenticator 414):
i) receive from a pin-pad terminal, via the first computer network, an activation credential request including a first administrator credential (See [0041] of Hayhow1, the communications terminal 200 is a payment terminal; [0077], at step S600 the network gateway 400 receives an authentication request from a communications terminal 200.  The authentication request includes a token cryptogram that is generated by an identity token 210 that is interfaced with the communications terminal 200. Optionally, the authentication request may include one or more of the administrator credentials)
the pin-pad terminal receiving the first administrator credential from a hardware token interfaced with the pin-pad terminal ([0003], the payment terminals are deployed with proprietary software that uses the acquirer network to securely process electronic payments via payment account information received from hardware tokens (e.g. credit cards, debit cards) that may be interfaced with the payment terminals. [0114], The terminal authentication processor 218 of the payment terminal 200 then prompts the merchant to interface an identity token with the payment terminal 200 and to input one or more identity token 210 is configured with a cryptographic key (“token cryptographic key”) and one or more credentials (“administrator credentials”) that were uniquely assigned to the intended recipient of the identity token 210 by the issuer of the identity token 210. As non-limiting examples, the administrator credentials may comprise an administrator identifier (“sysID”) and/or an administrator passcode. The administrator credentials and token cryptographic key may be stored in the protected memory at the time the identity token 210 is manufactured or prior to delivery of the identity token 210 to the intended individual, see also [0051].)

ii) before the pin-pad terminal received the first administrator credential from the hardware token ( ([0003], the payment terminals are deployed with proprietary software that uses the acquirer network to securely process electronic payments via payment account information received from hardware tokens (e.g. credit cards, debit cards) that may be interfaced with the payment terminals; [0114], The terminal authentication processor 218 of the payment terminal 200 then prompts the merchant to interface an identity token with the payment terminal 200 and to input one or more administrator credentials (e.g. sysID, administrator passcode) into the payment terminal 200; [0048], the protected memory of the identity token 210 is configured with a cryptographic key (“token cryptographic key”) and one or more credentials (“administrator credentials”) that were uniquely assigned to the intended recipient of the identity token 210 by the issuer of the identity token 210. As non-limiting examples, the administrator credentials may comprise an administrator identifier (“sysID”) and/or an administrator passcode. The administrator credentials and token cryptographic key may be stored in the protected memory at the time the identity token 210 is manufactured or prior to delivery of the identity token 210 to the intended individual, [0051], Alternately, the activation code may be stored on an identity token (e.g. identity token and the administrator may input the activation code into the communications terminal 200 by interfacing the identity token with the communications terminal 200.)
verify that the first computer network associated the first administrator credential with the pin-pad terminal ([0106], the terminal management server 350 may query its database with the terminal credentials to verify that the terminal credentials are associated with a common payment terminal 200 (i.e. the terminal credentials are associated with a legitimate payment terminal 200); [0051], The terminal authentication processor 218 is configured to generate a terminal activation request from a private encryption key (activation code) and from at least one of the terminal credentials (e.g. terminal ID, terminal serial number) that are uniquely associated with the communications terminal 200; [0062], The terminal activation request may include the terminal credentials of the communications terminal 200.)
install a digital authentication certificate in the pin-pad terminal, the digital authentication certificate facilitating authentication of the pin-pad terminal to the second computer network via the network gateway (see {0063] & [0064].)
Hayhow1 teaches the following:  an identity token (0046) comprising a built-in micro-controller and protected memory.  The protected memory contains a cryptographic key and administrator credentials (0048).  Hayhow1 teaches that the credentials may be manually input via an input device or by interfacing the identity token with the communications terminal (see 0051).  Hayhow1 teaches that a terminal activation request contains a private encryption key (activation code) that may either be manually input or received from the identity token and at least one of the terminal credentials (e.g. terminal ID, terminal serial number) (fig.2; para [0042-0057]; para [0093-0101] & fig.8 ).  Although Hayhow1 teaches the option of inputting data from the identity token (0051) by interfacing the identity token with the communications terminal and that the identity token contains administrator credentials (0048); what is not taught by Hayhow1 is that the administrator credentials are used in the activation request as a substitute for the private encryption key or token cryptographic key.   As such, the 
Similarly with regard to the additional limitation of verifying that the computer network associated the first administrator credential with the pin-pad terminal is taught by Hayhow1 at paragraphs 0061 and 0062 with the use of terminal credentials and a digital signature generated from a private encryption key where the private encryption key was either manually input or received from the identity token via the interface.  Both the claim invention and Hayhow1 recite the installation of a digital authentication certificate facilitating authentication of the pin-pad terminal to a second computer network via a network gateway (0063, 0066).  Therefore the only distinction between the claimed invention and the Hayhow1 reference is the particular credential chosen that is used in the verification process i.e. the claimed invention recites the use of the administrator credential and Hayhow1 teaches the use of the signature generated by the private key present in the identity token.  As the identity token contains a limited set of credentials per paragraph 0048 of Hayhow1 (cryptographic key and administrator credentials) simply substituting the cryptographic key with the administrator credentials does not patentably distinguish the claimed invention from the prior art as it is the simple substitution of one element for another where both elements were known at the time of the invention.  Therefore the claims are clearly obvious in view of Hayhow1.

With respect to claim 3
Hayhow1 teaches the limitations of claim 1.  Hayhow1 further teaches: the network gateway is configured to receive a second administrator credential from an input device of the pin-pad terminal, and to install the digital authentication certificate after confirming that the second computer network validated the administrator credentials (See [0127], the terminal authentication processor 218 of the payment terminal 200 then prompts the merchant to an input one or more credentials (e.g. administrator transmits the activation response to the payment terminal. The activation response comprises a digital authentication certificate that includes the public encryption key and facilitates authentication of the payment terminal to a computer server, distinct from the certificate server; see also [0061-0063, 0072 & 0073].)

With respect to claim 6 & 16
Hayhow1 teaches the limitations of claim 1 & 14 respectively.  Hayhow1 further teaches:   the gateway authenticator is configured to provide the pin-pad terminal with the private cryptographic key and a second terminal credential (See [0095], the terminal authentication processor 218 of the payment terminal 200 then prompts the merchant to input the terminal credentials (terminal ID, terminal serial number) and activation code (private cryptographic key) into the payment terminal 200 the activation code (private cryptographic key) and the terminal credentials that identify the payment terminal 200 (terminal ID, terminal serial number). The merchant manually inputs the required terminal credentials into the payment terminal 200 via the data input device 202.)
and to install the digital authentication certificate after the first computer network verifying that ([0010], the certificate server generates an activation response in response to the terminal activation request and transmits the activation response to the payment terminal. The activation response comprises a digital authentication certificate that includes the public encryption key and facilitates authentication of the payment terminal to a computer server, distinct from the certificate server)
 (i) the pin-pad terminal generated the terminal activation request from the private cryptographic key and the second terminal credential ([0052], the terminal activation request also includes at least one of the terminal credentials; See [0006], involves the payment terminal generating a terminal activation request from a private encryption key, and from at least one terminal credential that is uniquely associated with the payment terminal.) 
 (ii) before the network gateway provided the pin-pad terminal with the second terminal credential (See [0098 & 0099])
the private cryptographic key and the second terminal credential were uniquely associated with the pin-pad terminal (See [0051], generate a terminal activation request from a private encryption key (activation code) and from at least one of the terminal credentials (e.g. terminal ID, terminal serial number) that are uniquely associated with the communications terminal 200).

With respect to claim 9
Hayhow1 teaches the limitations of claim 7.  Hayhow1 further teaches: the gateway authenticator is configured to generate a second terminal credential, generate the terminal activation request from the private cryptographic key and the second terminal credential, and receive the digital authentication certificate from the first computer network (See [0006], the payment terminal generating a terminal activation request from a private encryption key; see [0010], the certificate server generates an activation response in response to the terminal activation request and transmits the activation response to the payment terminal. The activation response comprises a digital authentication certificate that includes the public encryption key and facilitates authentication of the payment terminal to a computer server, distinct from the certificate server)
after the first computer network verifies that
(i) the terminal activation request was generated from the private cryptographic key and the second terminal credential (See [0006], the payment terminal generating a terminal activation request from a private encryption key; see [0010], the certificate server generates an activation response in response to the terminal activation request and transmits the activation response to the payment terminal. The activation response comprises a digital authentication certificate that includes the public encryption key and facilitates authentication of the payment terminal to a computer server, distinct from the certificate server.)  
(ii) before the network gateway generated the terminal activation request, the private cryptographic key and the second terminal credential were associated with the pin-pad terminal (See [0100] & [0072])

With respect to claim 11
Hayhow1 teaches the limitations of claim 10.  Hayhow1 further teaches: the activation credential request includes a first terminal credential uniquely associated with the pin-pad terminal, the first terminal credential being stored in a memory of the pin-pad terminal prior to the network gateway receiving the activation credential request (See [0072], a terminal activation request from a private encryption key (activation code) that is input into or saved in the payment terminal 200, and from at least one terminal credential that is uniquely associated with the payment terminal 200.; See [0045], electronic computer memory (e.g. FLASH memory) that may store one or more credentials (“terminal credentials”) that are uniquely associated with the communications terminal 200.)

With respect to claim 13
Hayhow1 teaches the limitations of claim 10.  Hayhow1 further teaches: the installing a digital authentication certificate comprises the network gateway receiving a second administrator credential from the pin-pad terminal, and the pin-pad terminal installing the digital authentication certificate in a memory thereof after the network gateway confirming that the second computer network validated the administrator credentials (See [0010], the certificate server generates an activation response in response to the terminal activation request and transmits the activation response to the payment terminal. The activation response comprises a digital authentication certificate that includes the public encryption key and facilitates authentication of the payment terminal to a computer server, distinct from the certificate server; See [0081], after step S604, the operator of the communications terminal 200 may transmit a validation request to the network gateway 400 requesting authentication of the communications terminal 200 to a network device of the communications network (e.g. the network device 500 of the second communications network 104).  The network gateway 400 may facilitate authentication of the communications terminal 200 to the network device of the communications network via the gateway authentication certificate and the validation request; see [0045], electronic computer memory (e.g. FLASH memory) that may store one or more credentials (“terminal credentials”) that are uniquely associated with the communications terminal 200.)

With respect to claim 7 & 17
Hayhow1 teaches the limitations of claim 1 & 11 respectively.  Hayhow1 further teaches: wherein the activation credential request includes a first terminal credential uniquely associated with the pin-pad terminal (See [0072], a terminal activation request from a private encryption key (activation code) that is input into or saved in the payment terminal 200, and from at least one terminal credential that is uniquely associated with the payment terminal 200)
the gateway authenticator is configured to: 
receive a private cryptographic key from the first computer network (See [0147]);
before the pin-pad terminal received the first administrator credential from the hardware token (See [0077], The authentication request includes a token cryptogram that is generated from a cryptographic 

after verifying that the first computer network associated the first administrator credential with the pin-pad terminal (See [0055]);
generate a terminal activation request from the private cryptographic key, and transmit the terminal activation request to the first computer network (See [0006], the payment terminal generating a terminal activation request from a private encryption key; see [0066]), and 
receive the digital authentication certificate from the first computer network in response to the terminal activation request, after the first computer network verifies that the terminal activation request was generated from the private cryptographic key (See [0006], the payment terminal generating a terminal activation request from a private encryption key; see [0010], the certificate server generates an activation response in response to the terminal activation request and transmits the activation response to the payment terminal. The activation response comprises a digital authentication certificate that includes the public encryption key and facilitates authentication of the payment terminal to a computer server, distinct from the certificate server.)

With respect to claim 19
Hayhow1 teaches the limitations of claim 17.  Hayhow1 further teaches: the generating a terminal activation request comprises the network gateway generating a second terminal credential and generating the terminal activation request from the private cryptographic key and the second terminal credential (See [0052], the terminal activation request also includes at least one of the terminal credentials; See [0006], the payment terminal generating a terminal activation request from a private encryption key), and 
the receiving the digital authentication certificate comprises the network gateway receiving the digital authentication certificate from the first computer network after the first computer network (See [0147]);
verifying that (i) the terminal activation request was generated from the private cryptographic key and the second terminal credential (See [0006], the payment terminal generating a terminal activation request from a private encryption key; see [0010], the certificate server generates an activation response in response to the terminal activation request and transmits the activation response to the payment terminal. The activation response comprises a digital authentication certificate that includes the public encryption key and facilitates authentication of the payment terminal to a computer server, distinct from the certificate server) and
(ii) before the network gateway generated the terminal activation request, the private cryptographic key and the second terminal credential were associated with the pin-pad terminal (See [0100] & [0072])

Claims 2, 4, 5, 8, 12, 14, 15 & 18 are rejected under 35 U.S.C 103 as obvious over Hayhow1(US20130254116A1) in view of Gleeson et al. (US20150170126A1; hereinafter, “Gleeson”)
With respect to claim 2
Hayhow1 teaches limitations of claim 1.  Hayhow1 does not explicitly disclose, but Gleeson teaches: the activation credential request includes a first terminal credential uniquely associated with the pin-pad terminal (See [0072], the payment terminal 200 generates a terminal activation request from a private encryption key (activation code) that is input into or saved in the payment terminal 200, and from at least one terminal credential that is uniquely associated with the payment terminal 200)
the gateway authenticator is configured to install the digital authentication certificate (See [0010], the certificate server generates an activation response in response to the terminal activation request and transmits the activation response to the payment terminal. The activation response comprises a digital 
before the pin-pad terminal received the first administrator credential from the hardware token (See [0077], The authentication request includes a token cryptogram that is generated from a cryptographic key that is stored on an identity token 210 that is interfaced with the communications terminal 200. Optionally, the authentication request may include one or more of the administrator credentials)

Hayhow1 does not explicitly disclose, but Gleeson teaches:  verifying that the first computer network associated the first administrator credential with the first terminal credential (See claim 14 of Gleeson, at least one terminal credential associated with the pin-pad terminal and an administrator credential associated with an administrator of the pin-pad terminal, and the authenticating to the network device comprises the pin-pad terminal authenticating to the network device with the least one terminal credential and the administrator credential)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hayhow1 with the teaching of Gleeson as they relate to authenticating a payment terminal.  The claimed invention is merely a combinations of old elements, and in the combinations each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combinations were predictable.  Motivation to do so would have been to have different configuration/settings of authentication at the pin-pad payment terminal.

With respect to claim 4
Hayhow1 teaches limitations of claim 1.  Hayhow1 further teaches: the activation credential request includes a first terminal credential uniquely associated with the pin-pad terminal (See [0072], the 
the gateway authenticator is configured to: 
before the pin-pad terminal received the first administrator credential from the hardware token (See [0077], The authentication request includes a token cryptogram that is generated from a cryptographic key that is stored on an identity token 210 that is interfaced with the communications terminal 200. Optionally, the authentication request may include one or more of the administrator credentials) 
receive the digital authentication certificate from the first computer network after the first computer network verifies that the pin-pad terminal provided the first computer network with a terminal activation request and generated the terminal activation request from the private cryptographic key (See [0006], the payment terminal generating a terminal activation request from a private encryption key; see [0010], the certificate server generates an activation response in response to the terminal activation request and transmits the activation response to the payment terminal. The activation response comprises a digital authentication certificate that includes the public encryption key and facilitates authentication of the payment terminal to a computer server, distinct from the certificate server)

Hayhow1 does not explicitly disclose, but Gleeson teaches:  provide the pin-pad terminal with a private cryptographic key, in response to the activation credential request (See [0129]);
after verifying that the first computer network associated the first administrator credential with the first terminal credential (See claim 14 of Gleeson, at least one terminal credential associated with the pin-pad terminal and an administrator credential associated with an administrator of the pin-pad terminal, and the authenticating to the network device comprises the pin-pad terminal authenticating to the network device with the least one terminal credential and the administrator credential)


With respect to claim 5
Hayhow1 teaches limitations of claim 1.  Hayhow1 further teaches: the gateway authenticator is configured to:
before the pin-pad terminal received the first administrator credential from the hardware token (See [0077], The authentication request includes a token cryptogram that is generated from a cryptographic key that is stored on an identity token 210 that is interfaced with the communications terminal 200. Optionally, the authentication request may include one or more of the administrator credentials)
Hayhow1 does not explicitly disclose, but Gleeson teaches:  provide the private cryptographic key after verifying that the first computer network associated the first administrator credential with the first terminal credential (See [129]; See claim 14 of Gleeson, at least one terminal credential associated with the pin-pad terminal and an administrator credential associated with an administrator of the pin-pad terminal, and the authenticating to the network device comprises the pin-pad terminal authenticating to the network device with the least one terminal credential and the administrator credential)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hayhow1 with the teaching of Gleeson as they relate to 

With respect to claim 8
Hayhow1 teaches limitations of claim 7.  Hayhow1 further teaches: the gateway authenticator is configured to receive the digital authentication certificate from the first computer network (See [0147]);
before the pin-pad terminal received the first administrator credential from the hardware token (See [0077], The authentication request includes a token cryptogram that is generated from a cryptographic key that is stored on an identity token 210 that is interfaced with the communications terminal 200. Optionally, the authentication request may include one or more of the administrator credentials)
	Hayhow1 does not explicitly disclose, but Gleeson teaches:  verifying that the first computer network associated the first administrator credential with the first terminal credential (See claim 14 of Gleeson, at least one terminal credential associated with the pin-pad terminal and an administrator credential associated with an administrator of the pin-pad terminal, and the authenticating to the network device comprises the pin-pad terminal authenticating to the network device with the least one terminal credential and the administrator credential)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hayhow1 with the teaching of Gleeson as they relate to authenticating a payment terminal.  The claimed invention is merely a combinations of old elements, and in the combinations each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combinations were 

With respect to claim 12
Hayhow1 teaches limitations of claim 11.  Hayhow1 further teaches: the installing a digital authentication certificate comprises the first computer network providing the pin-pad terminal with the digital authentication certificate (See [0010], the certificate server generates an activation response in response to the terminal activation request and transmits the activation response to the payment terminal. The activation response comprises a digital authentication certificate that includes the public encryption key and facilitates authentication of the payment terminal to a computer server, distinct from the certificate server; See [0081], after step S604, the operator of the communications terminal 200 may transmit a validation request to the network gateway 400 requesting authentication of the communications terminal 200 to a network device of the communications network (e.g. the network device 500 of the second communications network 104).  The network gateway 400 may facilitate authentication of the communications terminal 200 to the network device of the communications network via the gateway authentication certificate and the validation request);
before the pin-pad terminal received the first administrator credential from the hardware token (See [0077], The authentication request includes a token cryptogram that is generated from a cryptographic key that is stored on an identity token 210 that is interfaced with the communications terminal 200. Optionally, the authentication request may include one or more of the administrator credentials)
Hayhow1 does not explicitly disclose, but Gleeson teaches: verifying that the first computer network associated the first administrator credential with the first terminal credential (See claim 14 of Gleeson, at least one terminal credential associated with the pin-pad terminal and an administrator credential associated with an administrator of the pin-pad terminal, and the authenticating to the network 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hayhow1 with the teaching of Gleeson as they relate to authenticating a payment terminal.  The claimed invention is merely a combinations of old elements, and in the combinations each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combinations were predictable.  Motivation to do so would have been to have different configuration/settings of authenticating a payment terminal.

With respect to claim 14
Hayhow1 teaches limitations of claim 11.  Hayhow1 further teaches: wherein the installing a digital authentication certificate comprises: 
the network gateway providing the private cryptographic key after verifying that, 
before the pin-pad terminal received the first administrator credential from the hardware token (See [0077], The authentication request includes a token cryptogram that is generated from a cryptographic key that is stored on an identity token 210 that is interfaced with the communications terminal 200. Optionally, the authentication request may include one or more of the administrator credentials)
the first computer network associated the first administrator credential with the pin-pad terminal (See [0055]);
the first computer network receiving a terminal activation request from the pin-pad terminal (See [0009], a certificate server receiving a terminal activation request from a payment terminal) and 
the first computer network providing the pin-pad terminal with the digital authentication certificate in response to the terminal activation request, the first computer network providing the digital authentication certificate after verifying that the pin-pad terminal generated the terminal activation request from the private cryptographic key (See [0006], the payment terminal generating a terminal activation request from a private encryption key; see [0010], the certificate server generates an activation response in response to the terminal activation request and transmits the activation response to the payment terminal. The activation response comprises a digital authentication certificate that includes the public encryption key and facilitates authentication of the payment terminal to a computer server, distinct from the certificate server)
Hayhow1 does not explicitly disclose, but Gleeson teaches: the network gateway providing the pin-pad terminal with a private cryptographic key, in response to the activation credential request (See [0129])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hayhow1 and with the teaching of Gleeson as they relate to authenticating a payment terminal.  The claimed invention is merely a combinations of old elements, and in the combinations each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combinations were predictable.  Motivation to do so would have been to have different configuration/settings of authenticating a payment terminal.

With respect to claim 15
Hayhow1 teaches limitations of claim 14.  Hayhow1 further teaches: the providing a private cryptographic key comprises the network gateway providing the pin-pad terminal with the private cryptographic key (See [0100] & [0072]);
before the pin-pad terminal received the first administrator credential from the hardware token (See [0077], The authentication request includes a token cryptogram that is generated from a cryptographic 
Hayhow1 does not explicitly disclose, but Gleeson teaches: verifying that the first computer network associated the first administrator credential with the first terminal credential (See claim 14 of Gleeson, at least one terminal credential associated with the pin-pad terminal and an administrator credential associated with an administrator of the pin-pad terminal, and the authenticating to the network device comprises the pin-pad terminal authenticating to the network device with the least one terminal credential and the administrator credential)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hayhow1 with the teaching of Gleeson as they relate to authenticating a payment terminal.  The claimed invention is merely a combinations of old elements, and in the combinations each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combinations were predictable.  Motivation to do so would have been to have different configuration/settings of authenticating a payment terminal.

With respect to claim 18
Hayhow1 teaches limitations of claim 17.  Hayhow1 further teaches: the receiving the digital authentication certificate comprises the network gateway receiving the digital authentication certificate from the first computer network (See [0147]);
before the pin-pad terminal received the first administrator credential from the hardware token (See [0077], The authentication request includes a token cryptogram that is generated from a cryptographic key that is stored on an identity token 210 that is interfaced with the communications terminal 200. Optionally, the authentication request may include one or more of the administrator credentials)
verifying that the first computer network associated the first administrator credential with the first terminal credential (See claim 14 of Gleeson, at least one terminal credential associated with the pin-pad terminal and an administrator credential associated with an administrator of the pin-pad terminal, and the authenticating to the network device comprises the pin-pad terminal authenticating to the network device with the least one terminal credential and the administrator credential)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hayhow1 with the teaching of Gleeson as they relate to authenticating a payment terminal.  The claimed invention is merely a combinations of old elements, and in the combinations each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combinations were predictable.  Motivation to do so would have been to have different configuration/settings of authenticating a payment terminal.

Conclusion
THIS ACTION IS MADE Non-FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this non-final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this non-final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
 or yin.choi@uspto.gov.  The examiner can normally be reached on M-F 7:30 - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/YIN Y CHOI/           Examiner, Art Unit 3685                                                                                                                                                                                        	6/24/2021
/JAMES D NIGH/               Senior Examiner, Art Unit 3685