DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgements
This Office Action is in response to the response filed on August 5, 2021 (“August 2021 Response”).  The August 2021 Response contained, inter alia, claim amendments (“August 2021 Claim Amendments”) and “REMARKS” (“August 2021 Remarks”).
Claims 1-4 and 11-12 are currently pending and have been examined. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4, and 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Persson et al. (WO 02/065696 A1)(“Persson”) in view of Oka et al. (US 2002/0108042 A1)(“Oka”) and further in view of Doyle et al. (US 6,128,738)(“Doyle”).

As to Claim 1, Persson discloses a method for initializing secure network access for terminals, which is used to connect a POS terminal to a terminal backend system, the method comprising: 
loading a terminal default public key certificate (“certificate,” p.12, l.6), a default private key file (p.12, l.5-6, l.9), and a CA public key certificate (“a CA-certificate could also be provided to the device 1.” p.12, L.8-9) of the terminal backend system (CA-system 5) into the POS terminal (device 1, “any device which is connected to an insecure network and is being used for electronic commerce, bank services, control, supervision etc.” p1, L.19-21) when leaving factory (p.12, l.5-9, p.12, l.9-11);
after the POS terminal leaves factory and when initializing secure network access for the POS terminal, establishing a terminal transaction certificate secure downloading channel, wherein the terminal transaction certificate secure downloading channel is a mutual authenticated secure channel based on a secure socket layer (SSL)/ transport layer security (TLS) protocol (“handshake phase of SSL-(Secure Socket Layer)-communication,” p.2, l.16-17), that utilizes said terminal default public key certificate 
generating, by the POS terminal, a terminal transaction public/private key pair, storing the transaction private key within the POS terminal (“the device itself generates the private and the public key,” p.17, l.9-10);
uploading by the POS terminal, a terminal transaction identifier as a certificate signing request (“request,” p.15, l.7) to the terminal backend system via the terminal transaction certificate secure downloading channel (“If the authorization was successful the authorization module 19 forwards the request in block B62 to the second CA-client” p.15, l.6-7, “The identity of the device is included in the request” p.15, l.10-11);
signing and issuing, a terminal transaction certificate (“the second CA-system 11 generates a key, a certificate,” p.15, l.16, “the second CA-system 11 signs the certificates,” p.15, l.17), wherein the terminal backend system generates the terminal transaction certificate (“the certificate could be generated in another unit,” p.17, l.8-9) based on the certificate signing request uploaded from the POS terminal via the terminal transaction certificate secure downloading channel, and returning the terminal transaction certificate to the POS terminal via the terminal transaction certificate secure downloading channel for downloading the terminal transaction certificate by the POS terminal (steps b41-b73, fig.3, p.15, l.11-25); and
executing a transaction between the POS terminal and the terminal backend system via the secure channel (“used for electronic commerce, bank services”  p.1, l.20).
Persson does not directly disclose 
wherein said terminal default public key certificate comprises a terminal transaction unique identifier (and this identifier then uploaded by the POS terminal);
in the uploading by the POS terminal, at least said terminal transaction public key to the terminal backend system; and
the signing and issuing is by the terminal backend system;
after the terminal transaction certificate is downloaded by the POS terminal, establishing a secure channel for transaction for executing transactions between the POS terminal and the terminal backend system, according to the terminal transaction certificate, the transaction private key of said terminal transaction public/private key pair, and the CA public key certificate of the terminal backend system.

Persson teaches that one certificate authority (e.g. verisign) can sign and issue both the factory CA-certificate and the customer CA-certificate (p.17, l.14-18).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Persson by the features of Persson and in particular to include consolidate Persson’s first (terminal backend system) and second certificate authorities with one certificate authority (terminal backend system) that signs the terminal transaction certificate.
A person having ordinary skill in the art would have been motivated to combine these features because that way “[t]he device, the authentication module or any module can use a CA-certificate from the other CA to perform verification” (Persson, p.17, l.17-18).

Oka teaches
wherein said terminal default public key certificate comprises a terminal transaction unique identifier (see Fig.4, “subject,” which is a “User Device ID”);
uploading by the terminal, at least said terminal (“servers,” [0099]) transaction public key (“public key,” [0009]) to the terminal backend system (“certificate authority,” [0009])([0009]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the aforementioned Persson combination by the features of Oka and in particular to include in Persson’s terminal default public key certificate, the terminal transaction unique identifier of Oka, as taught by Oka (thereby modifying Persson’s terminal transaction identifier in the uploading by the POS terminal, to include the terminal transaction unique identifier), and to include in the uploading by the POS terminal of Persson, the terminal transaction public key to the terminal backend system of Oka, as taught by Oka.
A person having ordinary skill in the art would have been motivated to combine these features because including the terminal transaction unique identifier in the terminal default public key certificate would help a party using the certificate know to what the certificate belongs to; and uploading by the terminal, at least said terminal transaction public key to the terminal backend system would help “the certificate authority complete[s] the certificate by furnishing it with a signature” (Oka, [0010]).

Doyle teaches
establishing a secure channel for transaction for executing transactions between the terminal and the terminal backend system (C.4, L.22-55, C.6, L.12-14) according to the terminal transaction certificate (“certificate,” C.3, L.52), the transaction private key of said terminal transaction public/private key pair (C.3, L.19-21), and the CA public key certificate of the terminal backend system (“certificates 715 of the signers and the authenticating certificate authorities,” C.6, L.30-31)(C.6, L.7-14, C.6, L.19-31).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Persson/Oka combination by the features of Doyle and in particular to include after the terminal transaction certificate is downloaded by the POS terminal in the Persson/Oka combination, the features of establishing a secure channel for transaction for executing transactions between the terminal (the POS terminal in Persson) and the terminal backend system according to the terminal transaction certificate, the transaction private key of said terminal transaction public/private key pair, and the CA public key certificate of the terminal backend system are adopted to establish the secure channel for transaction for executing transactions between the terminal (the POS terminal in Persson) and the terminal backend system, as taught by Doyle.
A person having ordinary skill in the art would have been motivated to combine these features because it “allows a single, well recognized certificate to access secure applications without the requirement of having a connected trusted third party for verification of authority.” (Doyle, C.6, L.42-46).

As to Claim 2, the Persson/Oka/Doyle combination discloses as discussed above.  Persson further discloses wherein posterior to establishing the secure channel for transactions, the method further comprises: determining, by the terminal backend system, whether a transaction is able to be executed based on the terminal transaction unique identifier of the POS terminal accessed through said secure channel for transaction (p.15, l.1-6). 

As to Claim 4, the Persson/Oka/Doyle combination discloses as discussed above.  Persson further discloses, in issuing the terminal transaction certificate, the terminal backend system executes certificate signing for the transaction public key and the terminal transaction unique identifier uploaded from the POS terminal to generate the terminal transaction certificate (p.15, l.15-17). 

As to Claim 11, the Persson/Oka/Doyle combination discloses as discussed above.  
Persson further discloses wherein establishing the terminal transaction certificate secure downloading channel includes:
authenticating, users and servers to ensure that data is sent to a correct client and a correct server, the data including the terminal transaction certificate (p.6, l.8);
encrypting, the data to prevent the data from being stolen (p.9, l.24);
maintaining, data integrity to ensure that the data is not altered during transmitting (p.4, l.5); and
providing, confidentiality and the data integrity between two communication applications (p.1, l.22).
Persson does not directly disclose the
authenticating, through the SSL protocol;
encrypting, through the SSL protocol;
maintaining, through the SSL protocol; and
providing, through the TLS protocol.
Doyle teaches
authenticating, through the SSL protocol, users and servers to ensure that data is sent to a correct client and a correct server (C.4, l.56-57);
encrypting, through the SSL protocol, the data to prevent the data from being stolen (C.3, L.49);
maintaining, through the SSL protocol, data integrity to ensure that the data is not altered during transmitting (C.5, L.19-26); and
providing, through the TLS protocol, confidentiality and the data integrity between two communication applications (C.2, L.2-15).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Persson/Oka/Doyle combination by the feature of Doyle and in particular to include in the authenticating, encrypting, maintaining, and providing of Persson, the SSL and TSL protocols, as taught by Doyle.
A person having ordinary skill in the art would have been motivated to combine these features because it “allows a single, well recognized certificate to access secure applications without the requirement of having a connected trusted third party for verification of authority.” (Doyle, C.6, L.42-46).

As to Claim 12, the Persson/Oka/Doyle combination discloses as discussed above.  Persson further discloses, wherein: the default terminal public key certificate and the private key .

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Persson in view of Oka and further in view of Doyle and Linehan (US 6,327,578 B1)(“Linehan”).

As to Claim 3, the Persson/Oka/Doyle combination discloses as discussed above.  Oka teaches wherein the terminal transaction unique identifier is composed of a terminal ID (subject of certificate which can be “Device ID,” Fig.4). 
Persson does not directly disclose wherein the terminal transaction unique identifier is composed of a merchant ID.
Linehan teaches wherein the terminal transaction unique identifier is composed of a merchant ID (C.15, L.24-25).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Persson/Oka/Doyle combination by the feature of Linehan and in particular to include in the terminal transaction unique identifier of the Persson/Oka/Doyle combination, the merchant ID, as taught by Linehan.
A person having ordinary skill in the art would have been motivated to combine these features because to provide “evidence of the identity and privileges of the” merchant (Linehan, C.1, L.58-59).

Response to Arguments
Applicant's arguments filed in the August 2021 Remarks have been fully considered and addressed below. 
On page 9, Applicant argues that Persson “specifically requires a different CA system to sign the CA certificate and teaches away from… ‘loading…a CA…certificate of the terminal backend system…”  The Examiner has considered this argument; however, as noted in the rejection, Persson also disclose a hierarchy of CA-systems, in which a main CA (e.g.verisign) signs the certificates both from the factory, as well, as the customer (see page 17, lines 14-18).  As such, a single certificate authority can sign and verify certificates.  Furthermore, Persson does not specify why a second certificate authority would be necessary; as such, in implementing a CA hierarchy as proposed by Persson, there would be no deterioration of the original process, or teaching away, as argued by Applicant.  Therefore, the argument is found unpersuasive.
On pages 9-10, Applicant argues that since Persson does not disclose in the uploading by the POS terminal, at least said terminal transaction public key to the terminal backend system, and Oka’s public key is used for a different reason, that Persson cannot teach the certificate signing request.  The Examiner finds this argument unpersuasive because Persson discloses the signing request (“request,” p.15, l.7) and Oka teaches uploading by the terminal, at least said terminal (“servers,” [0099]) transaction public key (“public key,” [0009]) to the terminal backend system (“certificate authority,” [0009])([0009]), as discussed in the respective rejection.  Furthermore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Persson by the features of Oka and in particular to include in the uploading by the POS terminal of Persson, the terminal transaction public key to the terminal backend system of Oka, as taught by Oka.
A person having ordinary skill in the art would have been motivated to combine these features because including the terminal transaction unique identifier in the terminal default public key certificate would help a party using the certificate know to what the certificate belongs to; and uploading by the terminal, at least said terminal transaction public key to the terminal backend system would help “the certificate authority complete[s] the certificate by furnishing it with a signature” (Oka, [0010]).

Conclusion
Applicant’s amendment filed on August 5, 2021 necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONICA A MANDEL whose telephone number is (571)270-7046.  The examiner can normally be reached on Monday-Friday 10:00 AM-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Abhishek Vyas can be reached on (571) 270-1836.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.A.M/Examiner, Art Unit 3621                        
November 6, 2021
/ABHISHEK VYAS/Supervisory Patent Examiner, Art Unit 3621