DETAILED ACTION
	This is a non-final office action on the merits.  The U.S. Patent and Trademark Office has received claims 1-7, 9-11, 15-21, and 23-25 in application number 15/025,280.  Claims 1-7, 9-11, 15-21, and 23-25  are pending and have been examined on the merits.

Notice of Pre-AIA  or AIA  Status
	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Request for Continued Examination
	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/21/20 has been entered.

Response to Applicant Remarks
	Applicant's arguments filed 12/21/20 have been fully considered but they are not persuasive because the ZEIDLER discloses the computation of the recited encryption keys, and AABYE is cited for its disclosure to a mobile application gateway and the steps performed therein.  That those steps may be performed with the recited encryption keys disclosed by ZEIDLER is the basis of the obviousness rejection.  The rejection of claims 11 and 25 by reference to Official Notice has been replaced by the additional “KANNAPPAN” reference.  

Claim Rejections 35 U.S.C. 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Claims 1-7, 9-10, 15-21, and 23-24  are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 4,578,530 (hereinafter ZEIDLER”) in view of U.S. Pre-Grant Publication 2010/0189265 (hereinafter “ITO”) and further in view of U.S. Pre-Grant Publication 2010/0211507 (hereinafter “AABYE”).
	Throughout this section, claim limitations are numbered by decimal and all quotations of prior art are cited to with the applicable paragraph number in brackets; bold-type is used to emphasize disclosure.



1. 	 A method for securing update processing for a mobile payment application installed in a mobile device from an update issuer through a gateway, the update processing transiting in an unsecure network between the mobile application in a mobile device and a gateway, the method comprising:
1.1	 a personalization phase having the steps of:
1.11		 receiving, by a key management system, a first gateway master key;
1.12		 receiving, by the gateway, the first gateway master key;
1.13		 deriving a gateway encryption key KENC, using a first derivation algorithm, from an application identifier of the mobile payment application and the first gateway master key;
1.14		 transmitting the gateway encryption key to the mobile application;
1.15		 and loading the gateway encryption key KENC into the mobile application;
1.2	and a mobile application update phase, having the steps of, when an over- the-air issuer update of the mobile payment application is initiated, 
[6:38-57] Briefly, this attack scenario is prevented by insuring that a session key can never be used more than once. Session key uniqueness is guaranteed utilizing a session key authentication code. A session key authentication code SKAC is generated for each encryption pair of a session keys at the acquirer station. The SKAC is generated in a manner similar to a MAC, except that different inputs are used.
	the mobile payment application performs an administrative payment transaction by:
1.21		incrementing a transaction counter of the mobile application, 
[17:4-16] The new session key (KS.sub.n+1) is processed by first decrypting e[KM.sub.1 ](KS.sub.n+1), utilizing the master key KM.sub.1 of the terminal in step 153. KS.sub.n+1 is then used to compute the SKAC.sub.n+1 in step 155. The computation of the SKAC is similar to the MAC computation process, both of which are discussed below with reference to FIGS. 13 and 14. Although and the anticipated session key number (n+1), which is generated by the terminal through incrementing of the value in its key counter 154 from the value n of the session key KS.sub.n used for the current transaction.
[17:32-36] As can be appreciated, the inclusion of the incremented number n+1 in this SKAC verification process provides assurance that the new session key KS.sub.n+1 could not have been used previously. Therefore, fraudulent replay of a previous first master key encrypted value could not have occurred.
1.22		deriving a session encryption key ENC from the transaction counter value and the gateway encryption key KENC, 
[17:4-16] The new session key (KS.sub.n+1) is processed by first decrypting e[KM.sub.1 ](KS.sub.n+1), utilizing the master key KM.sub.1 of the terminal in step 153. KS.sub.n+1 is then used to compute the SKAC.sub.n+1 in step 155.  The computation of the SKAC is similar to the MAC computation process, both of which are discussed below with reference to FIGS. 13 and 14. Although additional inputs may be used, the basic inputs to the SKAC computation are the terminal identifier (TID=TX) and the anticipated session key number (n+1), which is generated by the terminal through incrementing of the value in its key counter 154 from the value n of the session key KS.sub.n used for the current transaction.
1.23		encrypting user sensitive data with the session encryption key ENC, the user sensitive data comprising the magnetic- stripe data track(s), fully or partially (track 1, track 2, track 3), and/or a Primary Account Number (PAN), 
[3:66,4:8] In the preferred embodiment, the PINc is encrypted with the first session key KS1 and the encrypted PINc and selected elements of the transaction data are concatenated. The concatenated data are processed with the first session key, according to an arbitrarily-specified procedure to form a first message authentication code, MAC1. A network/interchange request message comprised of the encrypted PINc, the MAC1 and other transaction data are transmitted from the transaction terminal to the acquirer station connected to said terminal.
[9:14-17] This transaction data would typically include the primary account number PAN, the date, the time, the terminal identification number of the transaction terminal 10, as well as other miscellaneous information.
elaborating an update request message comprising the encrypted user sensitive data, the transaction counter value, and the application identifier of the mobile payment application, 
Fig. 12 (SKAC counter); Fig. 13 (primary account number (PAN) and PIN).
1.25		sending the update request message from the mobile payment application through the mobile device to the gateway, 
[9:7-13] The transaction terminal 10 sends to an associated acquirer station 12 a message comprised of the encrypted PINc, the MAC1 and other transaction data. In some embodiments the transaction terminals are actually operated under a controller tied to the acquirer 12, in which the data is relayed by the controller to the acquirer host processor.
1.3		upon receiving the update request message by the gateway, the gateway performs the steps of:
1.31		computing the gateway encryption key (KENC) from the application identifier received in the received update request message and the first gateway master key, 
1.32		computing the gateway session encryption key (ENC) from the application transaction counter received in the received update request message and the gateway encryption key (KENC), 
1.33		decrypting user sensitive information from the received encrypted data with the computed gateway session encryption key ENC, 
1.34		sending, through a secured network, the update request message comprising the decrypted user sensitive data to the update issuer of the mobile payment application for processing;
1.35		 and forwarding the update response message from the issuer to the mobile payment application, the update response message comprising information for 
	However, ZEIDLER does not disclose: at the personalization phase, receiving, by a key management system, a first gateway master key; receiving, by the gateway, the first gateway master key;  deriving a gateway encryption key KENC, using a first derivation algorithm, from an application identifier of the mobile payment application and the first gateway master key; transmitting the gateway encryption key to the mobile application;  and loading the gateway encryption key KENC into the mobile application. Nor does ZEIDLER disclose: the gateway performing the steps of computing the gateway encryption key (KENC) from the application identifier received in the received update request message and the first gateway master key, computing the gateway session encryption key (ENC) from the application transaction counter received in the received update request message and the gateway encryption key (KENC), decrypting user sensitive information from the received encrypted data with the computed gateway session encryption key ENC, sending, through a secured network, the update request message comprising the decrypted user sensitive data to the update issuer of the mobile payment application for processing; and forwarding the update response message from the issuer to the mobile payment application, the update response message comprising information for configuring the mobile payment application and information for issuer updates to the mobile payment application.
	However, ITO discloses (1.1)  a personalization phase having the steps of:
1.11		 receiving, by a key management system, a first gateway master key;
[0098] The semiconductor manufacturing system 100 manufactures a plurality of crypto-processing units 401 having identical specifications. Each of the crypto-processing units 401 is installed in a different terminal 120 by the terminal manufacturing system 110. The crypto-processing unit 401 is a device typically a crypto-processing unit public key 532 corresponding to the crypto-processing unit private key 531. The crypto-processing unit 401 is installed in a terminal 120 manufactured by the terminal manufacturing system 110.
(Figure 1, element 532, paragraph 98)
1.12		 receiving, by the gateway, the first gateway master key;
[0101] [. . .] The root certificate 351 is issued to the DRM server 150 the service provider 5 uses when providing the service. The root certificate 351 is sent from the device key issuer 2 to the service provider 5 in a state in which secrecy can be administered, using a conventional method such as transmitting an encrypted root certificate 361 via a dedicated line, or handing over a recording medium 24 that stores thereon the encrypted root certificate 361. The DRM server 150 can check whether the device key set in a terminal 120 is legitimate or not by using the root certificate 351. 
(Figure 1, element 731 paragraph 101 [manufacture key is construed as “gateway master key”])
1.13		 deriving a gateway encryption key KENC, using a first derivation algorithm, from an application identifier of the mobile payment application and the first gateway master key;
[0101] [. . .] It should be noted that the device key 331 is composed of a set of a device private key 332 and a device public key certificate 333 corresponding to the device private key 332, as shown in FIG. 8.
Figure 1, at 140; [0101] at 341.
1.14		 transmitting the gateway encryption key to the mobile application;
[0101] [. . .] A different device key is issued for each terminal used by a service user. The plurality of device keys 331x are sent from the device key issuer 2 to the key setter 4 in a state in which secrecy can be administered, using a conventional method such as transmitting encrypted device keys 341 via a 
Figure 1, at 140; [0101] at 341.
1.15		 and loading the gateway encryption key KENC into the mobile application;
[0179] When the service user selects "NO" when the screen 1002 is being displayed (step S1007), the control unit of the terminal 120 displays the screen 1004 showing the end of service usage on the display unit, and ends service usage. When the service user selects "YES" (step S1003), the control unit displays a screen 1005 showing that processing for the initial setting of the content distribution service is in progress on the display unit, while in the background the control unit is acquiring an encrypted device key from the device key encryption server 140.
[0180] Upon acquiring the encrypted device key from the terminal 120 (step S1004), the control unit of the terminal 120 displays a screen 1006 showing completion of initial settings of the content distribution service, and asks for the user's acknowledgement ("OK") of the completion. When the user presses "OK" (step S1005), the control unit displays the screen 1003 showing the start of service on the display unit.
	ZEIDLER discloses a system for a transaction terminal with software (device with application), associated with an acquirer, to transmit encrypted user data (a personal account number (PAN)) through an interchange network (over-the-air network), via a network switch (gateway) to an issuer system.  ZEIDLER discloses these steps in a system analogous to that of the present application, where a the terminal performs the steps of incrementing a counter to derive a session encryption key unique to the transaction of that session.  Where the session encryption key of the present application is calculated from the incremented transaction counter, ZEIDLER performs the same step by “incrementing of the value in its key counter.”  Where the recited KENC is used with the counter value to derive the session ENC in the present claims, ZEIDLER discloses the session key as derived by applying encryption operations to a master key 
	ITO discloses the recited steps with respect to the issuer system and gateway, where a “crypto-processing unit public key 532 corresponding to the crypto-processing unit private key 531” is generated at the “system 100” and sent from the “device key issuer” to a server or gateway; the manufacturer key is construed as the gateway master key.  That server will subsequently transmit and load the “encrypted device key” to the user device.
	ZEIDLER discloses a terminal, network switch, and issuer system such that the terminal performs the steps of creating incremented session key using an encrypted device key; and where ITO discloses the generation and provisioning of an encrypted device key from an issuing system to server to device.  It would be obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the terminal of ZEIDLER to receive its KENC equivalent encrypted device key, via the issuer system and gateway of ITO.  This modification would yield a predictable result because each of the encryption and transmission steps performed in the system of ZEIDLER and ITO could be performed the same in combination as disclosed independently.
	However, the combination of ZEIDLER in view of ITO do not disclose: the gateway performing the steps of computing the gateway encryption key (KENC) from the application identifier received in the received update request message and the first gateway master key, computing the gateway session encryption key (ENC) from the application transaction counter received in the received update request message and the gateway encryption key (KENC), decrypting user sensitive information from the received encrypted data with the computed gateway session encryption key ENC, sending, through a secured network, the update request 
	Where ZEIDLER discloses the gateway encryption key (KENC) and the first gateway master key, AABYE discloses these steps with respect to “an encryption key” and “an encryption key server” at (1.3) the gateway performing the steps of:
1.31		computing the gateway encryption key (KENC) from the application identifier received in the received update request message and the first gateway master key, 
[0056] FIG. 5(a) illustrates the stages involved in a process for an encryption key distribution server (e.g., element 140 of FIG. 2) to distribute an encryption key of a first key pair to a mobile gateway. FIG. 5(b) illustrates the stages involved in a process for using the encryption key server to distribute an encryption key of a second key pair to an Issuer. FIG. 5(c) illustrates the stages involved in a process for using the encryption keys distributed to the mobile gateway and to the Issuer to encrypt data generated by the Issuer in the mobile gateway for transmission to the mobile device, and to decrypt that data in the mobile device. 
[0057] As shown in FIG. 5(a), at stage 502 an encryption key server (e.g., element 140 of FIG. 2) is used to distribute a first encryption key pair (or more precisely, a key of a first encryption key pair) to a mobile gateway that will participate in the encryption/decryption processes. Note that the keys can be generated within the encryption key server or provided to the server by another entity, such as an authorized data processor, Issuer, payment processor, or element of a data processing network. Note that the process described with reference to FIG. 5(a) is performed for each mobile gateway that will be used in the transfer of transaction data between the mobile payment device and the payment processing network.
computing the gateway session encryption key (ENC) from the application transaction counter received in the received update request message and the gateway encryption key (KENC), 
[0064] If there is no direct connection between the Issuer and mobile gateway, then the generated data provided to the Payment Processing Network is provided to the mobile gateway. The mobile gateway connects to the encryption key server and to the mobile device (stage 528). At stage 530, the encryption key server generates a session specific key from the stored key of the first key pair. The encryption key server then generates the unique key for the mobile device using the stored key of the second key pair (stage 532). The encryption key server then encrypts the generated session key using the unique key for the mobile device (stage 532).
1.33		decrypting user sensitive information from the received encrypted data with the computed gateway session encryption key ENC, 
[0064] [. . .] The encryption key server then distributes the encrypted session key to the mobile device via the mobile gateway (stage 534). The mobile device receives the encrypted session key, recovers the session key using its unique key, and then uses the session key to decrypt the transaction data it received from the mobile gateway (stage 536). The decrypted data is then made available to the payment application resident on the mobile device for processing, storage, display to the user, or another relevant function. The decrypted data may be stored in a secure data storage medium or other suitable element.
1.34		sending, through a secured network, the update request message comprising the decrypted user sensitive data to the update issuer of the mobile payment application for processing;
[0066] After distribution of the encryption/decryption keys, the keys may be used to provide a secure method of exchanging transaction data between the mobile device and the Issuer. In some embodiments, this may involve establishing a secure channel between a payment application resident in the mobile device and the mobile gateway, with the gateway acting as an intermediary between the mobile device and the payment processing network (and hence the Issuer by virtue of the Issuer's communication with the payment processing network). Typically, the exchange of transaction data may involve two paths: (1) data 
1.35		 and forwarding the update response message from the issuer to the mobile payment application, the update response message comprising information for configuring the mobile payment application and information for issuer updates to the mobile payment application.
[0066] [. . .] Typically, the exchange of transaction data may involve two paths: (1) data generated in the mobile device for transfer to the payment processing network; and (2) data generated by the Issuer for transfer to the mobile device.
[0067] [. . .] The encrypted data may include security or access data, payment account data (account identifiers, account balances, etc.), transaction data, user identification data, etc. The encrypted data is transmitted from the mobile device over the cellular network to the cellular system and then to the mobile gateway. The mobile gateway uses a key stored in the gateway to decrypt the received data so that the data may be provided to the payment processing network and the Issuer. Note that this process of encrypting data generated in the mobile device for transfer to the payment processing network or Issuer may be used as part of the process described with reference to FIG. 4 (e.g., to transfer transaction related data as part of a transaction query, update or reconciliation process). However, this process may also be used in situations other than those described with reference to FIG. 4, such as to provide a secure data exchange between a mobile device and a payment processing network or Issuer using a wireless/cellular network, for the purpose of initiating or otherwise conducting a payment transaction.
	AABYE discloses the steps performed by a mobile application gateway.  The gateway serves as an intermediary between the mobile device with application and the issuer system, and in doing so performs the steps of recovering the session key with its own encryption key to decrypt the user specific data and provide it to the issuer system through a secure channel.  AABYE in its use of a payment system with mobile gateway and encryption steps is analogous to ZEIDLER, ITO, and the present application.


	Regarding claim(s) 2 and 16, ZEIDLER discloses:
	wherein the personalization phase further comprises:
2.1		deriving a gateway integrity key KMAC from a second master gateway key and the application identifier, 
[9:19-37] [. . .] A security module 14 may be associated with the acquirer station 12. A security module would be a secured facility within the station to which unauthorized physical and electronic accesses are precluded as far as is feasible. Within the security module 14, a plurality of encryption pairs of master key encrypted session keys are batch-generated. The session key of each encryption pair is encrypted in a first master key, and is also encrypted in a second master key.
(disclosing the KMAC as a session key derived from a master key at the acquirer system). 
2.2		and loading the gateway integrity key KMAC into the mobile payment application;
[10:36-44] The network switch station 16 does nothing but pass on the return message plus the MAC2 to the acquirer 12. The acquirer 12 receives the return message including the MAC2, identifies the initiating transaction terminal 10 and retrieves the next session key, encrypted in the first master key, and appends it along with the associated SKAC to the response message for use in the next transaction by that particular terminal. The entire message is then forwarded to the transaction terminal 10.
(disclosing the session key authentication code or SKAC as the recited KMAC).
	and wherein the mobile application update phase further comprises: 
2.3		computing, by the mobile payment application, a session integrity key from the gateway integrity key KMAC and the transaction counter, 
[10-45-53] The transaction terminal 10 receives the response to the initial request, including the MAC2 and the new, first master key encrypted session key. It recomputes and verifies the MAC2 using the original session key. It also determines that the newly supplied first master key encrypted session key is a unique key never previously used by recomputing and verifying the SKAC. The inputs and processing of the SKAC are explained in further detail in a subsequent section of this application.
2.4		computing, by the mobile payment application, a MAC signature value from the session integrity key and at least one part of the contents of the update request message, 
[10-45-53] (disclosing the re-computation of the message authentication code MAC2 along with the re-computation of the session key authentication code SKAC).
2.5		adding, by the mobile payment application, said MAC signature value to the update request message during its elaboration, 
[12:63-68] #35# The processor 26 forms a transaction request message 64 including a header, which includes the terminal identifier, TID, the e[KS.sub.n ](PINc), and the MAC1 plus other nonencrypted information. This transaction request message 64 is passed through the communication interface 32 and is transmitted at step 65 to the acquirer 12.
2.7		computing, by the gateway, the gateway integrity key KMAC from the second master gateway key and the application identifier received in the update request message, 
computing, by the gateway, the session integrity key from the transaction counter received in the update request message and the gateway integrity key KMAC, and 
[17:4-16] The new session key (KS.sub.n+1) is processed by first decrypting e[KM.sub.1 ](KS.sub.n+1), utilizing the master key KM.sub.1 of the terminal in step 153. KS.sub.n+1 is then used to compute the SKAC.sub.n+1 in step 155. The computation of the SKAC is similar to the MAC computation process, both of which are discussed below with reference to FIGS. 13 and 14. Although additional inputs may be used, the basic inputs to the SKAC computation are the terminal identifier (TID=TX) and the anticipated session key number (n+1), which is generated by the terminal through incrementing of the value in its key counter 154 from the value n of the session key KS.sub.n used for the current transaction.
2.9		verifying, by the gateway, the MAC signature value of the received transaction request message.
[17:32-36] As can be appreciated, the inclusion of the incremented number n+1 in this SKAC verification process provides assurance that the new session key KS.sub.n+1 could not have been used previously. Therefore, fraudulent replay of a previous first master key encrypted value could not have occurred.
	Therefore claims 2 and 16 are rendered obvious by ZEIDLER in view of ITO and further in view of AABYE.

	Regarding claim(s) 3 and 17, ZEIDLER discloses:
	wherein the deriving of the gateway encryption key KENC and the gateway integrity key KMAC comprises:
3.1		generating the first and second master gateway keys, 
[13:49-59] (Fig. 5) For greater security, the preferred embodiment provides a unique master key KM.sub.1 for each terminal for the first master key encryption of the session keys in table 78 of FIG. 5. If the acquirer were to use the same first master key KM.sub.1 in all supported terminals, a compromise of that one key would potentially compromise all transactions originating from all such terminals. 
3.2		generating the application identifier for the mobile payment application, 
[14:32-42] Referring now more particularly to FIG. 7, the extended transaction request message 82 is received over the data communication line 15 and is broken down into its constituent parts by the processor 84. From the header, the host data processor 84 identifies the acquirer 12 in step 96 and then addresses its memory unit 90 which contains a file of the master keys of the members of the network. These are all encrypted with a special security module master key, KSM. As pointed out above, in some situations, it may be preferable to store the master keys in the security module.
3.3		deriving the gateway encryption key KENC from said application identifier, the first master key and a first derivation algorithm, 
[14:32-42] (Fig. 7)
3.4		deriving the gateway integrity key KMAC from said application identifier, the second master key and a second derivation algorithm, 
[14:32-42] (Fig. 7)
3.5		loading into the mobile payment application the generated application identifier, the derived gateway encryption key KENC and the derived gateway integrity key KMAC.  
[14:32-42] (Fig. 7)
	Therefore claims 3 and 17 are rendered obvious by ZEIDLER in view of ITO and further in view of AABYE.

	Regarding claim(s) 4 and 18, ZEIDLER discloses:
	The method according to claim 2, comprising, computing, by the gateway, the session encryption key KENC and the session integrity key MAC, by:
deriving the gateway encryption key KENC and the gateway integrity key KMAC from the received application identifier and respectively from a stored first and second master gateway key and the first and second derivation algorithm, respectively, and 
[9:19-37] The data are received at the acquirer station 12 connected to that particular transaction terminal. The station 12 would typically be either in the headquarters or branch of the financial institution which controls the transaction terminal 10. A security module 14 may be associated with the acquirer station 12. A security module would be a secured facility within the station to which unauthorized physical and electronic accesses are precluded as far as is feasible. Within the security module 14, a plurality of encryption pairs of master key encrypted session keys are batch-generated. 
4.2		deriving the session encryption key ENC and the session integrity key MAC from the received transaction counter value and respectively from the derived gateway encryption key KENC and the derived gateway integrity key KMAC.
[13:49-59] (Fig. 5) [. . .] The session key of each encryption pair is encrypted in a first master key, and is also encrypted in a second master key. In the present embodiment, a session key authentication code (SKAC) is computed for each session key. The plurality of encrypted pairs of session keys, i.e., e[KM.sub.1 ](KS.sub.1, KS.sub.2, KS.sub.3 . . . KS.sub.n), e[KM.sub.2 ](KS.sub.2, KS.sub.2, KS.sub.3 . . . KS.sub.n) and the associated SKAC's (SKAC.sub.1, SKAC.sub.2, SKAC.sub.3 . . . SKAC.sub.n) are then output for storage in a memory within the acquirer host processor.
	Therefore claims 4 and 18 are rendered obvious by ZEIDLER in view of ITO and further in view of AABYE.

	Regarding claim(s) 5 and 19, ZEIDLER discloses:
	The method according to claim 3, wherein
5.1		the first and the second derivation algorithm are identical.

	Therefore claims 5 and 19 are rendered obvious by ZEIDLER in view of ITO and further in view of AABYE.

Regarding claim(s) 6 and 20, ZEIDLER discloses:
6.1		the first and the second master gateway key are identical.  
[13:49-59] (Fig. 5) For greater security, the preferred embodiment provides a unique master key KM.sub.1 for each terminal for the first master key encryption of the session keys in table 78 of FIG. 5. If the acquirer were to use the same first master key KM.sub.1 in all supported terminals, a compromise of that one key would potentially compromise all transactions originating from all such terminals. Note that one key in each of the paired encryptions (all second master encrypted session keys) are encrypted with only a single second master key associated with the acquirer station.
	Therefore claims 6 and 20 are rendered obvious by ZEIDLER in view of ITO and further in view of AABYE.

	Regarding claim(s) 7 and 21, ZEIDLER discloses:
7.1		the generated application identifier, the gateway encryption key KENC and the gateway integrity key KMAC, is stored into a secure element of the mobile device.
[15:5-22] (Fig. 8) (47) Referring now more particularly to FIG. 8, the issuer 20 comprises a host data processor 108 connected to associated peripheral equipment such as an operator keyboard 110, a memory 112, log tapes 114, an operator 
	Therefore claims 7 and 21 are rendered obvious by ZEIDLER in view of ITO and further in view of AABYE.

	Regarding claim(s) 9 and 23, ZEIDLER discloses:
9.1		the over-the-air update is initiated by a user of the mobile device, by the mobile device itself, or when a push message is received by the mobile payment application.  
[8:11-33] In operation, a transaction terminal 10, which may be an automatic teller machine (ATM), cash dispensing (CD) machine or point of sale (POS) terminal, receives transaction information from a user in the form of a personal identification number PINc, an amount, a primary account number PAN, a service code, etc. which can be input by means of a combination of magnetic stripes on a plastic card and a keyboard. The transaction terminal 10 identifies the PAN as having been issued by a potential interchange-type issuer, then retrieves a session key from its electronic memory, which key has been encrypted in a first master key. The session key is decrypted using the first master key, and the personal identification number PINc is encrypted using the session key and the data encryption standard algorithm heretofore discussed. This encryption/decryption process is described in further detail in "Data Encryption Standard, Federal Information Processing Standards Publication, January 15, 1977, FIPS PUB 46" which is incorporated herein by reference. While this encryption/decryption algorithm is preferred, in other embodiments other such algorithms having the same properties could be used.
	Therefore claims 9 and 23 are rendered obvious by ZEIDLER in view of ITO and further in view of AABYE.

	Regarding claim(s) 10 and 24, ZEIDLER discloses:
10.1		dynamic transaction data and static application data enabling the issuer to authenticate the mobile payment application.
[18:18-39] #65# Referring now more particularly to FIG. 13, the steps taken in computing a typical message authentication code, MAC, for a transaction request type of message are illustrated. This approach is the same as used to compute the SKAC except that the inputs are different, as will be set forth below with reference to FIGS. 13 and 14. MAC computation comprises concatenating certain data 160 such as the message type, the transaction number, the PAN, the encrypted PINc, the date, the time, other data and zero fill numbers to fill out the last of the 64 bit grouping. Some of these data may be alphabetical, some may be numeric, some may be in hexadecimal form. For example, the first three characters of data in the example are the message type and these may typically be in alphanumeric form. The next three digits are the transaction number and these are usually in numerical form. Next is the PAN which is 16 digits of numeric data followed by the encrypted PINc which is 16 more characters of data in hexadecimal form. The remaining data depend to some extent upon the particular interchange or communications environment.
	Therefore claims 10 and 24 are rendered obvious by ZEIDLER in view of ITO and further in view of AABYE.

	Claims 11 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over U ZEIDLER in view of ITO and further in view of AABYE and in further view of U.S. Pre-Grant Publication 2011/0247063 A1 by Aabye and Kennappan (hereinafter “KENNAPPAN”).

	Regarding claim(s) 11 and 25, the combination of ZEIDLER in view of ITO and further in view of AABYE do not explicitly disclose steps for the blocking and unblocking of a mobile payment application.
	KANNAPPAN fully discloses the following:

11.1		updating parameters for the mobile payment application, blocking a payment application on the mobile device, unblocking the mobile payment application, unblocking a PIN on the mobile payment application, and/or changing the PIN on the mobile payment application.  
[0087] In one embodiment, the first entity is an issuer 114. The issuer 114 may wish to control and/or update the MPA 154 on the consumer device 104. For example, the issuer 114 may wish to update the MPA 154 with additional information associated with the payment account of the consumer. For example, the consumer device 104 may request an update for the MPA 154 when offline risk counters and indicators in the MA 156 have reached certain thresholds, such that the MA 156 triggers a mobile update request, when an issuer sends a `talk-to-me` push notification, etc. For issuer updates, the mobile gateway 152 is used to establish the secure connection between the MPA 154 and the associated issuer 114 in order to enable the delivery of the updates. The updates can further include, but are not limited to, card parameter updates, blocking or unblocking the MPA 154, disabling payment ability, unblocking or changing the passcode for the MPA 154, setting the passcode to a default passcode, etc.
	KANNAPPAN discloses an issuer system updating a mobile application through a mobile gateway, and as such, is an analogous art to ZEIDLER, ITO, AABYE, and the present application.  KANNAPPAN discloses that the issuer system can utilize an authentication response message to update parameters; for issuer updates, via a secure connection with the mobile gateway; and explicitly discloses the disabling and unblocking of the application.   
	Thus, it would be obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to further modify the terminal performing session encryption key steps of ZEIDLER, with the system and server provisioning an encrypted device key of ITO, to include the mobile gateway encryption steps of AABYE, and the parameter updating and blocking of KANNAPPAN, to yield the invention of the present claims.  This modification yields a predictable result because each of the encryption and transmission steps of ZEIDLER, 
Relevant Prior Art Not Relied Upon
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
KANNAPPAN “II” US 20130024383 A1 [0034] The communications may include information for configuring a mobile payment application as well as information for issuer updates to mobile payment applications. The issuer updates may include card parameter updates, blocking or unblocking of the mobile payment application, disabling the payment ability of a mobile payment application, and unblocking or changing a passcode used to authenticate the identity of the consumer and/or the mobile communication device. Additionally, the communications may include the delivery and request of value-added services provided by the mobile payment application issuer including inquires about balances of accounts corresponding to mobile payment applications, adding, limiting, or other instructions regarding pre-paid amounts associated with mobile payment applications, as well as requests and delivery of dynamic card verification values for use in card-not-present transactions. Accordingly, the first communication and the second communication may be selected from a group consisting of issuer application updates, balance updates, updating parameters for the mobile communication device, blocking a respective mobile payment application on the mobile communication device, unblocking the respective mobile payment application, disabling 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFREY L LICITRA whose telephone number is (571)272-5340.  The examiner can normally be reached on 9:00AM-5:00PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on 571-272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 


J.L.L.
Examiner
Art Unit 3685



/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3685