DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission, filed on 9th March 2021, has been entered.
 
Response to Amendment
The following detailed action acknowledges the amendments of the response filed on the 9th of March of 2021. The amendments in the filed response have been entered. 
Claims 1-3, 5-7, 9-11 and 20-24 have been amended.
Claims 14-19 are confirmed to have been cancelled. 
Claims 1-13 and 20-25 are pending in the application and the status of the application is currently pending. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. 	Determining the scope and contents of the prior art.
2. 	Ascertaining the differences between the prior art and the claims at issue.
3. 	Resolving the level of ordinary skill in the pertinent art.
4. 	Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-3, 8-10 and 20-24 are rejected under 35 U.S.C. 103 as being unpatentable over Vasu (US 2017/0270517, hereinafter “Vasu”), in view of Gupta (US 10,216,852, hereinafter “Gupta”), in view of Palanisamy (US 2015/0312038, hereinafter “Palanisamy), and in view of Makhotin (US 2015/0088756, hereinafter “Makhotin”).
Regarding Claims 1, 20 and 23, Vasu teaches 
receiving, by a user input module of an electronic device, user credentials via […] payment terminal application of the electronic device before provisioning the […] payment terminal application (the credentials are entered at the electronic device: “The depicted process begins when initially user 107 logs into an electronic wallet application (e.g., transaction application 208C and/or secure transaction application 206) on their mobile device 101 at block 302 to initially request a provisioning of an account, credit card, or any other payment credentials for the mobile device 101.” See Vasu in ¶ [0085])
transmitting an authentication request message to a remote data center via a network interface module on the electronic device, the authentication request message including the user credentials (credentials are transmitted from the electronic device to the server that will authenticate the credentials: “However, upon the user 107 providing the credentials to the mobile device 101 at block 302, the mobile device 101 (e.g., at the request of a mobile transaction application), transmits the credentials 350 to the application provider computer 211. In the depicted embodiment, upon affirming that the credentials 350 are correct and for a valid account, will transmit a check account message 352 (e.g., make an API call for a card eligibility request) for one or more accounts of the user 107 to the service provider computer 212. In some embodiments, this check account message 352 includes one or more PANs of accounts of the user (or other types of account identifiers), which may have been provided by the user 107 (e.g., to the wallet provider) at an earlier time, or may have been provided by the user 107 along with the credentials (i.e., at block 302) and sent with the credentials message 350.” See Vasu in ¶ [0087])
receiving an authentication response message from the remote data center, the authentication response message including an indication as to whether authentication was successful (“At some point, whether via block 304 or block 306, the service provider computer 212 will have determined the eligibility of the account(s), and will transmit an account eligibility response message 358 (e.g., send an API response message) to the application provider computer 211 identifying one or more accounts and indicating, for these accounts, whether the respective account is eligible for credential provisioning.” … “At block 308, if an account is not eligible, the application provider computer 211 may transmit an ineligibility message 360 to the mobile device 101, which may cause a message to be presented to the user 107 (e.g., via a display device) to indicate that the account is ineligible.” … “If, at block 308, an account is eligible, the flow continues with the application provider computer 211 sending an enablement query message 362 indicating that the account is eligible, and the user 107 and/or wallet application may, in response, cause another enablement query response message 362 to be sent back to the application provider computer 211 to indicate that the user 107 does seek to "enable" the provisioning of the credential 207 associated with the account to the mobile device 101 (i.e., "add" their account to the mobile device 101).” See Vasu in ¶ [0090]-[0092])
receiving an authentication response message from the remote data center, the authentication response message including an indication as to whether authentication was successful (occurring when the risk level of the request is determined to be low to proceed and prepare provisioning scripts: “At block 326, the provisioning service module 225 prepares and sends a message 376 to the application provider computer 211 including the token (received from the token service module 222) along with a set of one or more provisioning scripts. In some embodiments, the this message 376 includes one or more of the token (which may be encrypted), a token expiration date, a portion of the associated PAN (e.g., the last four digits), a portion of the token itself (e.g., the last four unencrypted digits), the associated card metadata, a token reference identifier, a PAN reference identifier, a token to be returned with further messages, and/or the personalization scripts. Then, the application provider computer 211 may forward, in another message 378 back to the mobile device 101, some or all of the information from message 376 (e.g., the provisioning scripts and the token, for example) to cause the token for the account to be provisioned onto the mobile device 101 (by executing the scripts at block 328).” See Vasu in ¶ [0105])
For claim 20, Vasu teaches an electronic device comprising a payment terminal application, a volatile storage module, a user input module, and a network interface module (the mobile device is a well-known device that includes applications, storage modules, user input modules and network interface modules: “The credentials can be payment credentials to be used with merchants (e.g., with resource provider computer 103, typically via an application 208 such as a resource provider application 208A, web browser 208B, third-party application, etc.) or for other transactions.” See Vasu in ¶ [0055]; “The physical device 108, the mobile device 101, the access device 102, the resource provider computer 103, the transport computer 104, the transaction processing computer 105, and the authorizing entity computer 106 may all be in operative communication with each other through any suitable communication channel or communications network.” See ¶ [0043]; “The user 107 may also be able to use the mobile device 101 for conducting transactions with the resource provider. For example, the mobile device 101 can also store transaction credentials and any other suitable user 107 identification information, and the mobile device 101 can provide this information to the access device 102 during a transaction.” See in ¶ [0046]); a data storage device storing instructions for providing a payment terminal application on an electronic device, and a processor configured to execute the instructions (the mobile device is a well-known device that includes a memory and a processor: “The set of instructions or software code may be stored in a memory or other form of data storage element which is accessed by the computing device, microprocessor, etc. In other embodiments, the functions, processes, operations or method steps may be implemented by firmware or a dedicated processor, integrated circuit, etc.” See in ¶ [0175]). 
For claim 23, Vasu teaches a non-transitory machine-readable medium storing instructions that, when executed by a computing system, causes the computing system to perform a method for providing a payment terminal application on an electronic device (interpreting non-transitory machine-readable medium provides instructions for a processor: “Any of the software components or functions described in this application may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer-readable medium, such as a random access memory (RAM), a read-only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer-readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.” See Vasu in ¶ [0176])
Vasu teaches the steps by which an encryption key could be received from the remote data center and stored in a volatile storage module of the electronic device (interpreting the encryption key as credential information: “Attempts have been made to utilize mobile device technology to replace conventional physical items carried by individuals, such as various cards carried in bags or wallets. For example, one way to provide mobile transaction functionality has been realized by provisioning account information (e.g., access credentials) directly onto a secure element (SE) of a mobile device that may be equipped with Near Field Communication (NFC) chipset. An SE may be a smart card chip that is capable of storing multiple applications and/or account specific information that may not be easily accessed by external parties.” See Vasu in ¶ [0003]; provided as part of the solution: “A user 107 may send a request for provisioning by use of a mobile application 208 running on mobile device 101. For example, in a transaction application 208C (e.g., digital wallet application), the user 107 may request provisioning of an account, credit card, or any other payment credentials for mobile device 101. The request for provisioning message may include device information such as a mobile device 101 identifier, secure element 202 identifier, a secure element key identifier (or key), a user identifier (to identify a user or account), and user authentication information (e.g., a cryptogram such as a CVV2 for card verification based authentication processes, a ZIP code for geographic verification, etc.).” See Vasu in ¶ [0073]).
Vasu does not explicitly teach generating, in a volatile storage module, an instance of a payment terminal application based on one or more payment application files received from a non-volatile storage module.
However, Gupta does teach generating an instance of a payment terminal application (“The process 200 determines that a native application 107 limits access to generic content in the native application 107 using account credential requirements (202). …In some implementations, the application indexer 120 may determine that a particular native application 107 limits access using account credential requirements based on identifying the particular native application 107 as a native application that has used an account authentication service. For example, the application indexer 120 may determine that a particular native application 107 has used an account authentication service by analyzing account authentication service usage logs. In another implementation, the application indexer 120 may determine that access to a native application is limited and then determine that the content for which access is limited is generic content.” See Gupta in Col 5 Ln 32-49; “The process 200 obtains a set of robot account credentials for indexing environment instances of the native application 107 (204).” See Gupta in Col 6 Ln 4-6; “The process 200 instantiates the native application 107 with the set of robot account credentials (206).” See Gupta in Col 6 Ln 65-66). 
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to include in the teachings of Vasu the “generate an instance of an application”, as taught by Gupta, to further secure the process of encrypting the user credentials and processing payment information.
Vasu is shown to teach provisioning of credentials associated with the account when the account is indicated as eligible (shown above). Vasu, in view of Gupta, does not expressly teach if the authentication was successful, receiving at least one encryption key from the remote data center. 
However, Palanisamy does teach receiving at least one encryption key (interpreted to receive after authentication, such as with a request for a token: “Communication device 520 may then send a token request 552 to token request computer 504. Token request 552 may include the user authentication data received by the application as well as information about the nature of the token or sensitive information being requested. …When token server 502 receives token request 554, token server 502 may verify that the token requestor is an authorized entity based on the received token requestor ID. In some embodiments, token server 502 may generate a session key (e.g., a symmetric key) for the request. …In response to receiving response 556, token request computer may encrypt the received session key using a hash value as an encryption key. In some embodiments, the hash value can be computed over the user authentication data.” See Palanisamy in ¶ [0070]-[0073]). 
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Vasu to include “provision an encryption key, part of a token request”, as taught by Palanisamy, because when sensitive information is requested, such as a payment account number, the provisioned encryption key could be used by the requesting device for securing the sensitive information and may be used for signing any other requests, which would further secure the user from further providing the credentials.
Vasu, in view of Gupta, does not explicitly teach storing the at least one encryption key in the volatile storage module.
However, Palanisamy does teach storing the at least one encryption key in the volatile storage module (interpreting the encryption key is not maintained after the transaction: “In some embodiments, the memory of the communication device storing the encrypted token or sensitive information and/or the encrypted session key can be a memory that is not part of a secure element. In some embodiments, the memory can be a volatile memory that is automatically erased when power to the communication device is turned off.” See Palanisamy in ¶ [0075]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Vasu to include “storing an encryption key in a volatile storage module”, as taught by Palanisamy, to further secure the sensitive information of the customer from future attacks on their account and prevent fraudulent use of payment information.
Vasu, in view of Gupta, in view of Palanisamy, does not expressly teach provisioning the instance of the payment terminal application of the electronic device, the instance of the provisioned payment terminal application being configured to receive payments. 
However, Makhotin does teach activating the payment terminal application of the electronic device, the provisioned payment terminal application being configured to receive payments (“the mobile device 120 is configured to initiate and process a remote transaction with a merchant computer 130 using a remote key manager 140 to provide a secure remote payment transaction environment, even when using an unknown merchant application 121 or other mobile application is installed on a communication device (e.g., mobile device 120).” See Makhotin in ¶ [0087]; “The merchant application 121 may include a remote transaction SDK (not shown) or third party service layer that may include any API, application, applet, or other executable code suitable to interface with a remote transaction application 124 and/or third party server system interface application (e.g., mobile wallet provider, mobile gateway, remote key manager 140, etc.). For example, a remote transaction SDK may be embedded in a merchant application 121 and may be used by the merchant application 121 to retrieve payment information from a remote transaction application 124 on a secure element 122 in order to interface with a mobile payment application 123 provisioned on a secure element 122. Additionally, although the remote transaction SDK is described as being part of the merchant application 121, the remote transaction SDK could also be an independent application or could be embedded into an operating system of the mobile device 120.” See in ¶ [0094]).
The function of “provisioning” is interpreted as allowing access to the payment terminal application [merchant application] to begin the transaction. It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Vasu to include “activating the merchant application”, as taught by Makhotin, because the electronic device is securing the payment information and securing the transmission to the merchant through the payment terminal application, where activation of the merchant application based on authorization from the remote server prevents unauthorized users from fraudulent transactions.
Regarding Claims 2, 21 and 24, Vasu, in view of Gupta, in view of Palanisamy, in view of Makhotin, teaches the limitations of claims 1, 20 and 23. Vasu, in view of Gupta, further teaches performing at least one security check of the instance of the payment terminal application using a local risk engine that is stored in the volatile storage module (interpreting the risk engine stored in the volatile storage as indefinite and using the local risk engine of the application provider: “The application provider computer 211 receives the request for provisioning message, and may perform a risk check or risk analysis for the requesting user 107, account, mobile device 101, or any other data that is present in the received request for provisioning message, or is tied to a user's account associated with the request for provisioning message.” See Vasu in ¶ [0073]), the at least one security check comprises:
gathering information relating to the electronic device  (interpreted to be provided by the application on the device: “The request for provisioning message may include device information such as a mobile device 101 identifier, secure element 202 identifier, a secure element key identifier (or key), a user identifier (to identify a user or account), and user authentication information (e.g., a cryptogram such as a CVV2 for card verification based authentication processes, a ZIP code for geographic verification, etc.).” See Vasu in ¶ [0073])
processing one or more local risk engine rules from a local risk engine rule set using the gathered information (“For example, the risk check may involve determining how many times the user's account has been provisioned and how many accounts are provisioned on mobile device 101. The risk check may, for example, indicate the likelihood that the request for provisioning is fraudulent. if the risk check indicates that the risk of provisioning is acceptable, then application provider computer 211 may send the request for provisioning to provisioning service module 225 executing at service provider computer 212.” See Vasu in ¶ [0073])
determining whether to raise one or more security events based on the processed one or more local risk engine rules (“The provisioning request message 366 is sent by the mobile device 101 to application provider computer 211, which may generate a risk score (or perform a "risk check" or "risk analysis" to generate risk assessment data) at block 313 based upon the provisioning request message 366. This risk analysis may occur based upon the requesting user 107, account, card, mobile device 101, or any other data that is present in the provisioning request message 366 (e.g., a CVV2 value, ZIP Code, User Identifier, etc.) or is tied to the account of the user 107 submitting the provisioning request (e.g., previously registered/provisioned card data, determining how long the account has been open, how many cards the consumer uses in total or has used, a number of purchases in the past, etc.).” See Vasu in ¶ [0094]; “At block 318, the service provider computer 212 determines which level of risk was determined. As depicted, block 318 indicates identifying whether the level of risk was "High," "Medium," or "Low." Of course, although in some embodiments the levels of risk may be explicitly categorical (and thus uniquely identify which risk category is determined), in other embodiments the levels of risk may be in other formats (e.g., a risk score is generated that is an integer between 0 and 100, for example, and thus the determination of the risk category may include determining if the risk score is within a range of values, meets or exceeds a value, is below a value, etc.).” See Vasu in ¶ [0101], referencing Figure 3).
Vasu substantially teaches a payment terminal application that is configured to conduct electronic payments. Vasu, in view of Gupta, in view of Palanisamy, does teach to conduct electronic payments using the at least one encryption key (interpreting the encryption key is used to secure the payment token: “The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.” See Palanisamy in Abstract; “FIG. 8 illustrates a transaction processing system 800 utilizing a network token system, according to some embodiments.” … “In some embodiments, merchant 840 and acquirer 850 may be provided with a token instead of an account identifier (e.g., PAN) to conduct a transaction. For example, merchant 840 and/or acquirer 850 may receive a token in the traditional PAN field of authorization request message and may forward the authorization request message to transaction processing network 860 for processing. Transaction processing network 860 may replace the token with the real account identifier (e.g., PAN), and send a modified authorization request message to issuer 870.” See Palanisamy in ¶ [0080]-[0089] referencing Figure 8).
Regarding Claim 3, Vasu, in view of Gupta, in view of Palanisamy, and in view of Makhotin, teaches the limitations of claim 2. Vasu, in view of Gupta, further teaches gathering information relating to the electronic device includes one or more of: … gathering information relating to the one or more payment terminal application files associated with the instance of the payment terminal application, the one or more payment terminal application files stored on the non-volatile storage module of the electronic device… (“For example, in a transaction application 208C (e.g., digital wallet application), the user 107 may request provisioning of an account, credit card, or any other payment credentials for mobile device 101. The request for provisioning message may include device information such as a mobile device 101 identifier, secure element 202 identifier, a secure element key identifier (or key), a user identifier (to identify a user or account), and user authentication information (e.g., a cryptogram such as a CVV2 for card verification based authentication processes, a ZIP code for geographic verification, etc.). The application provider computer 211 receives the request for provisioning message, and may perform a risk check or risk analysis for the requesting user 107, account, mobile device 101, or any other data that is present in the received request for provisioning message, or is tied to a user's account associated with the request for provisioning message.” See example in Vasu in ¶ [0073]). 
Regarding Claim 8, Vasu, in view of Gupta, in view of Palanisamy, and in view of Makhotin, teaches the limitations of claim 1. Vasu, in view of Gupta, in view of Palanisamy, further teaches 
receiving, at the remote data center, the authentication request message (“upon the user 107 providing the credentials to the mobile device 101 at block 302, the mobile device 101 (e.g., at the request of a mobile transaction application) transmits the credentials 350 to the application provider computer 211. In the depicted embodiment, upon affirming that the credentials 350 are correct and for a valid account, will transmit a check account message 352 (e.g., make an API call for a card eligibility request) for one or more accounts of the user 107 to the service provider computer 212.” See Vasu in ¶ [0087])
comparing the user credentials to reference user credentials stored in a database (interpreted as obvious where the server includes registered consumer account and access information: “the authentication scheme may include verification of the consumer credentials through the issuer ACS (Access Control Server). For example, the issuer ACS service may be part of an authentication protocol such as 3-D secure protocol by Visa.RTM.. The ACS server may be associated with an issuer that may include registered consumer account and access information. The ACS can give issuers the ability to authenticate a consumer during an online purchase, thereby reducing the likelihood of fraudulent use of the consumer account. For example, the ACS can validate that the consumer is registered, performs consumer verification at the time of the transaction, and provides digitally signed responses to the merchants.” See Palanisamy in ¶ [0061]) and
transmitting an authentication response message to the electronic device (interpreting the response message to include provisioned payment information: “For example, for a particular PAN, block 304 may include identifying the authorizing entity computer 106 of the account (e.g., based upon a bank identification number (BIN) of the PAN, for example) and then determining whether that authorizing entity computer 106 allows for this provisioning to occur.” … “The application provider computer 211 then transmits a verification value prompt message 364 to the mobile device 101 seeking the entry of further card information (e.g., a verification value such as a CVV2 or CVV value of a credit card, for example) of the account, which may cause the mobile device 101 to prompt the user 107 for this information. Upon receipt of this card information (e.g., a verification value such as a CVV2 value) from the user 107 at block 312, the mobile device 101 transmits a provision request message 366, which may include the provided card information value (e.g., CVV2 value).” See Vasu in ¶ [0089]-[0093])
if the comparison determined that the user credentials match the reference user credentials, the authentication response message includes an indication that the user credentials were validated (“If, at block 308, an account is eligible, the flow continues with the application provider computer 211 sending an enablement query message 362 indicating that the account is eligible, and the user 107 and/or wallet application may, in response, cause another enablement query response message 362 to be sent back to the application provider computer 211 to indicate that the user 107 does seek to "enable" the provisioning of the credential 207 associated with the account to the mobile device 101 (i.e., "add" their account to the mobile device 101).” See Vasu in ¶ [0092])
if the comparison determined that the user credentials do not match the reference credentials, the authentication response message includes an indication that the user credentials were not validated (“At block 308, if an account is not eligible, the application provider computer 211 may transmit an ineligibility message 360 to the mobile device 101, which may cause a message to be presented to the user 107 (e.g., via a display device) to indicate that the account is ineligible.” See Vasu in ¶ [0091]).
Regarding Claim 9, Vasu, in view of Gupta, in view of Palanisamy, and in view of Makhotin, teaches the limitations of claim 1. Vasu further teaches
transmitting, from the remote data center, a degradation instruction; receiving the degradation instruction at the electronic device (interpreting the electronic device received the instruction if the remote data center sent it, under the knowledge that they are connected through the network module: “Similarly, provisioning service module 225 may send a deletion message if either the partial personalization confirmation message or authentication result indicates a failure. The application provider computer 211, then, may initiate the execution of the activation script or the deletion script by the mobile device 101, depending on whether an activation message or deletion message was received, respectively.” See Vasu in ¶ [0080])
processing the degradation instruction to degrade the functionality of the instance of the payment terminal application (“Security is maintained by limiting the use of the partially active token. For example, if a fraudster requested the token illegitimately, the fraudster's purchases can be limited in value, number, and scope. Thus, any possible damage is limited and controlled. The fraudster can be detected when he fails authentication (described below), and the partially active token can be deleted or deactivated.” See Vasu in ¶ [0132]).
Regarding Claim 10, Vasu, in view of Gupta, in view of Palanisamy, and in view of Makhotin, teaches the limitations of claim 9. Vasu, in view of Gupta, in view of Palanisamy, further teaches the degradation instruction includes an instruction to render the at least one encryption key unusable or to log a user out of the instance of the payment terminal application. (interpreting the degradation instruction to occur after the application is inactive: “Upon detecting that the application is no longer active, the decrypted token or sensitive information can be removed from the memory of the communication device to prevent static storage of the decrypted information.” See Palanisamy in ¶ [0079]).

Claims 4-7, 22 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Vasu, in view of Gupta, in view of Palanisamy, and in view of Makhotin, and further in view of Griffin (US 2015/0066772, hereinafter “Griffin”).
Regarding Claims 4, 22 and 25, Vasu, in view of Gupta, in view of Palanisamy, and in view of Makhotin, teaches the limitations of claims 2, 21 and 24. Vasu further teaches raising at least one security event (interpreting the risk is determined and compared to be deemed ‘raised’: “If, in the depicted embodiment, the risk level is deemed to be within the predetermined risk threshold range (i.e., is "medium" risk), the flow 600 continues with an optional optimization at block 612 of transmitting a set of provisioning scripts to be executed by the mobile device to cause the credential 207 to be stored on the mobile device in a partially active state.” … “In the depicted embodiment, if the risk level is deemed to be above the predetermined risk threshold range (i.e., is "high" risk), the flow 600 includes at block 610, transmitting a provisioning request denial message indicating that the provisioning request is denied.” See Vasu in ¶ [0154]-[0155]).
Vasu, in view of Gupta, in view of Palanisamy, and in view of Makhotin, does not expressly teach storing the at least one raised security event in a security event log.
However, Griffin does teach storing the at least one raised security event in a security event [database] (“At Event 840, negative file data 270 and 370 are received from multiple financial institutions, non-financial institutions, data aggregators and the like to create or update the negative file. As previously noted, the negative file may include names of high risk entities (e.g., fraud perpetrators, criminals, defaulters, etc.), as well as addresses, telephone numbers, social security numbers, tax identification numbers, IP addresses, device identifiers, biometric data that have been associated with high risk individuals or proven to be counterfeit, and the like.” … “at Event 850, the risk evaluating module 400 receives data feeds from, or otherwise accesses, the risk database that includes data collected from multiple financial institutions, data aggregators, and non-financial institutions.” … “at Event 860, the behavioral baseline scoring logic/routine 106 calculates or updates a behavioral-based behavioral baseline score for each customer and/or customer segments and/or counterparties and for one or more behaviors based on the data provided in centralized risk database 100.” … “At Event 870, the risk score logic/routine 108 calculates risk scores for each customer and/or customer segment and/or counterparty based on the data in the centralized risk database 100. According to some embodiments, the risk score logic/routine 108 monitors the customer's data for risk pattern data 34 and then calculates the customer's risk score based, at least in part, on whether any risk pattern data 34 were identified, the mix and frequency of the risk pattern data 34 and the probability of loss associated with each risk pattern data 34 identified.” The calculated and updated risk scores are interpreted as storing the calculations in the database for future analysis, See Griffin in at least ¶ [0150]-[0153]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Vasu to include “updating a risk database”, as taught by Griffin, because the database allows for quick analysis of a risk score to determine a possible fraudulent event. 
Regarding Claim 5, Vasu, in view of Gupta, in view of Palanisamy, in view of Makhotin, and in view of Griffin, teaches the limitations of claim 4. Vasu, in view of Griffin, further teaches processing the security event log using the local risk engine (See Griffin in ¶ [0152]) and degrading the functionality of the instance of the payment terminal application based on a degradation instruction received from the local risk engine (interpreted as limiting the use of the payment information: “Security is maintained by limiting the use of the partially active token. For example, if a fraudster requested the token illegitimately, the fraudster's purchases can be limited in value, number, and scope. Thus, any possible damage is limited and controlled. The fraudster can be detected when he fails authentication (described below), and the partially active token can be deleted or deactivated.” See Vasu in ¶ [0132]).
Regarding Claim 6, Vasu, in view of Gupta, in view of Palanisamy, in view of Makhotin, and in view of Griffin, teaches the limitations of claim 4. Vasu, in view of Griffin, further teaches transmitting the security event log to the remote data center (interpreted to determine an action with the payment application: “at Event 850, the risk evaluating module 400 receives data feeds from, or otherwise accesses, the risk database that includes data collected from multiple financial institutions, data aggregators, and non-financial institutions. The data may include, but is not limited to, the financial institution data 200 and the non-financial institution data 300. The data 200 and 300 may be downloaded periodically, or on a predetermined schedule, or on an as-needed basis, or the risk evaluating module 400 may be configured to receive real-time feeds of the data 200 and 300.” See Griffin in ¶ [0151]).
Vasu further teaches receiving a response from the remote data center, the response comprising one of: a resume instruction to resume normal operation of the payment terminal application; or a degradation instruction to degrade the functionality of the instance of the payment terminal application; and processing the resume instruction or the degradation instruction (interpreting the remote data center as receiving the information from the application providing computer, where the degradation or resumption are actions on the payment information: “In other embodiments, the partially activated token may not be fully activated (e.g., restrictions may not be withdrawn at the mobile device 101 or the backend servers). Instead, the first token (e.g., the partially activated token) can be temporary token. Once the user is authenticated, the temporary first token can be deleted or de-activated at the mobile device 101, the service provider computer 212, and/or authorizing entity computer 106. Then, a second token can be provisioned to the mobile device 101. This second token can be a fully activated token. In this case, records at the service provider computer 212 and authorizing entity computer 106 can be updated such that the PAN (or other credentials) are associated with the second token and/or no longer associated with the first token.” See Vasu in ¶ [0148]). 
Regarding Claim 7, Vasu, in view of Gupta, in view of Palanisamy, in view of Makhotin, and in view of Griffin, teaches the limitations of claim 6. Vasu, in view of Griffin, further teaches degradation instruction comprises one or more of: an instruction to reduce the available functionality of the payment terminal application; an instruction to log a user out of the payment terminal application; an instruction to close the payment terminal application; and an instruction to render the at least one encryption key unusable (“In specific embodiments of the invention, risk management action may include initiating generation and communication of at least one of risk alerts, risk deviation alerts, risk pattern alerts, suspicious activity alerts, identity misappropriation alerts or associated reports or updates based on the behavioral baseline score, risk score, risk patterns, suspicious activity, identity misappropriation, economic trend, recovery action or the like.” See Griffin in ¶ [0157]). 

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Vasu, in view of Gupta, in view of Palanisamy, in view of Makhotin and further in view of Khan (US 2015/0066772, hereinafter “Khan”).
Regarding Claim 11, Vasu, in view of Gupta, in view of Palanisamy, and in view of Makhotin, teaches the limitations of claim 1. Vasu, in view of Gupta, in view of Palanisamy, in view of Makhotin, does not expressly teach transmitting, from the remote data center, an upgrade instruction; receiving the upgrade instruction at the electronic device; and processing the upgrade instruction to cause the instance of the payment terminal application to upgrade itself to a newer version.
However, Khan does teach
transmitting, from the remote data center, an upgrade instruction; receiving the upgrade instruction at the electronic device (interpreting the electronic device received the instruction if the remote data center sent it, under the knowledge that they are connected through the network module: “During operation, the processor receives, from an updating device, an update package with a digital signature (operation 310), where the update package includes an update to the applet installed on the secure element.” See Khan in ¶ [0073])
processing the upgrade instruction to cause the payment terminal application to upgrade itself to a newer version (“Next, the processor uninstalls the at least one previous version of the applet, and exports user data (operation 318) associated with the at least one previous version of the applet.” … “Furthermore, the processor installs the update to the applet, and personalizes the applet using the user data (operation 320).” See Khan in ¶ [0077]-[0078]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Vasu to include “instructions to upgrade the application”, as taught by Khan, to maintain the application services and security up-to-date.

Claims 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Vasu, in view of Gupta, in view of Palanisamy, in view of Makhotin and further in view of Jooste (US 2014/0052637, hereinafter “Jooste”).
Regarding Claim 12, Vasu, in view of Gupta, in view of Palanisamy, and in view of Makhotin, teaches the limitations of claim 1. Vasu, in view of Gupta, in view of Palanisamy, and in view of Makhotin, does not expressly teach receiving, at the electronic device, cardholder data from a payment instrument; encrypting the cardholder data using the at least one encryption key; transmitting a transaction authorization request message to the remote data center, the transaction authorization request message including the encrypted cardholder data; receiving a transaction response message from the remote data center; and based on the received transaction response message, indicating either success or failure of the transaction to a cardholder.
However, Jooste does teach 
receiving, at the electronic device, cardholder data from a payment instrument (interpreting the user is accessing the data through the application: “The user enters verification information that corresponds to the payment account information (for example, a pin number, card verification number, or other form of verification associated with the payment device and/or the payment account information”. See Jooste in ¶ [0023]; “In yet another example embodiment, the verification information comprises a request to confirm the identity of the user 101 of the payment device 130 by reviewing a form of photo identification. For example, the merchant user 101 verifies that the customer using the payment device 130 is an authorized user of the payment device 130. In another example embodiment, the verification information request comprises a request to confirm the membership status or age of the user of the payment device 130.” See Jooste in ¶ [0090])
encrypting the cardholder data using the at least one encryption key (“If the payment account information is verified, the reader mode device encrypts the payment account information.” See Jooste in ¶ [0024])
transmitting a transaction authorization request message to the remote data center, the transaction authorization request message including the encrypted cardholder data (“If there is a secure element on the reader mode device, the application on the secure element of the reader mode device encrypts the payment account information and transmits it to the application on the reader mode device. The application on the reader mode device transmits the encrypted payment account information to a payment processing system. In an example embodiment, the application on the reader mode device can only receive encrypted financial information from the application on the secure element of the reader mode device.” See Jooste in at least ¶ [0025])
receiving a transaction response message from the remote data center, and based on the received transaction response message, indicating either success or failure of the transaction to a cardholder (“If the payment account information is verified, the reader mode device encrypts the payment account information. For example, the user interface of the reader mode device may display a pop-up window that notifies the user that the transaction was successful. If the transaction is declined, the reader mode device displays a notification of a declined transaction and a request to provide new payment account information. In an example embodiment, the user interface of the reader mode device displays an option to re-scan the payment device or cancel the transaction.” See Jooste in at least ¶ [0027]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Vasu to include “steps to secure payment information for transaction authorization”, as taught by Jooste, because a cardholder’s data is further secure when encrypted. 
Regarding Claim 13, Vasu, in view of Gupta, in view of Palanisamy, in view of Makhotin, and in view of Jooste teaches the limitations of claim 12. Vasu, in view of Gupta, in view of Palanisamy, does not expressly teach receiving, at the remote data center, a transaction authorization request message, the transaction authorization request message including the encrypted cardholder data; decrypting the encrypted cardholder data using an encryption key provided by a hardware security module; based on the decrypted cardholder data, either approving the transaction or declining the transaction; and transmitting a transaction response message to the electronic device, the transaction response message indicating whether the transaction was approved or declined. 
However, Jooste does teach
receiving, at the remote data center, a transaction authorization request message, the transaction authorization request message including the encrypted cardholder data (“The payment account information is received by the payment processing system.” See Jooste in ¶ [0027])
decrypting the encrypted cardholder data using an encryption key provided by a hardware security module (“The payment processing system decrypts the payment account information and processes the payment transaction.” See Jooste in ¶ [0027])
based on the decrypted cardholder data, either approving the transaction or declining the transaction; and transmitting a transaction response message to the electronic device, the transaction response message indicating whether the transaction was approved or declined (“If the payment transaction is approved by the payment processing system, the reader mode device displays notification of the approved transaction.” See Jooste in ¶ [0027]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Vasu to include “steps to secure payment information for transaction authorization”, as taught by Jooste, because a cardholder’s data is further secure when encrypted.

Response to Arguments
Applicant’s arguments, filed the 9th of September of 2020, with respect to the rejections under 35 USC 112 and 35 USC 103 have been fully considered.  
Regarding the rejection under 35 USC 103, the Applicant argues: In the Office Action, claims 1-13 and 20-25 were rejected under 35 U.S.C. § 103 as being unpatentable over combinations of U.S. Patent Application Publication No. 2017/0270517 to Vasu et al. ("Vasu"), U.S. Patent Application Publication No. 2015/0312038 to Palanisamy, U.S. Patent Application Publication No. 2015/0088756 to Makhotin, U.S. Patent Application Publication No. 20015/0066772 to Griffin et al. ("Griffin"), U.S. Patent Application Publication No. 2017/0003954 to Khan et al. ("Khan"), and US Patent Application Publication No. 2014/0052637 to Jooste et al. ("Jooste"). (Office Action at pages 2-27.) Applicant does not necessarily agree with these rejections. However, solely to advance prosecution of this application, Applicant has amended independent claims 1, 20, and 23 to recite limitations that are not taught by the cited references, either individually or in combination. For example, independent claim 1 recites, in part:
generating, in a volatile storage module, an instance of a payment terminal application based on one or more payment application files received from a non-volatile storage module.
The Office Action acknowledges that Vasu fails to teach, inter alia, "storing the at least one encryption key in the volatile storage module." The Office Action, however, alleges that Palanisamy makes up for the deficiencies of Vasu. Palanisamy merely teaches a volatile memory that can store encrypted token or sensitive information and/or the encrypted session key. (see paragraphs [0075].) Palanisamy, however, fails to teach or even suggest, "generating, in a volatile storage module, an instance of a payment application terminal based on one or more payment application files received from a non-volatile storage module." Indeed, Palanisamay does not disclose or suggest anything about generating an instance of a payment terminal application.
Further, the Office Action acknowledges that Vasu and Palanisamy fail to teach various limitations of claims 4-7, 11-13, 22, and 25. The Office Action, however, alleges Makhotin, Griffin, Khan, and Jooste make up for the deficiencies of Vasu and Palanisamy.
Regardless of whether Makhotin, Griffin, Khan, and Jooste teach various limitations of claims 4-7, 11-13, 22, and 25, Makhotin, Griffin, Khan, and Jooste certainly fail to teach or suggest "generating, in a volatile storage module, an instance of a payment terminal application based on one or more payment application files received from a non-volatile storage module."
Thus, none of the cited references teaches or suggests, "generating, in a volatile storage module, an instance of a payment terminal application based on one or more payment application files received from a non-volatile storage module," as recited by amended claim 1. For this reason, independent claims 1, 20, and 23 cannot be rendered obvious by the cited references. By virtue of dependency, dependent claims 2-13, 21, 22, 24, and 25 also cannot be rendered obvious by the cited references.
In response: The prior art of record teaches most of the concepts recited in the claims, as is argued above. A new grounds of rejection is introduced to teach the amended claim limitations, as shown in the rejection above. Under the new grounds of rejection, the claims remain rejected under 35 USC 103. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDGAR R MARTINEZ-HERNANDEZ whose telephone number is (571)270-0658.  The examiner can normally be reached on M-F from 9:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JOHN W. HAYES can be reached on (571) 272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/ERM/Examiner, Art Unit 3685

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685