DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Drawings
The drawings are objected to under 37 CFR 1.83(a). The drawings must show every feature of the invention specified in the claims. Therefore, in Figure 2, a direct link between the issuer 136 and mobile gateway 138 (dotted line), as an alternative to the path 136-134-138 must be shown or the feature(s) canceled from the claim(s). paragraph [0063] describe the transaction processing by the issuer and subsequently providing the generated data to either the Payment Processing network or “directly to the mobile gateway, language “The generated data is provided to the Payment Processing Network at stage 526. Note that in some embodiments, and depending upon the communications network or connections being used, the generated data may instead be provided directly to the mobile gateway.” No new matter should be entered.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for 

Status of claims
This office action is in response to the amendment received on 08/10/2021.
Claims 27, 31, 34, 38 and 47-56 were amended.
Claims 1-26, 35-37 and 39-46 were canceled.
Claims 27-34, 38 and 47-56 are pending.
Claims 27-34, 38 and 47-56 were examined.


Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 

Claims 27 and 38 were amended to recite, inter alia:
“obtaining, by the mobile gateway, from the key distribution server, the second encryption keys;
generating, by the mobile gateway, the device key using the second encryption key;
encrypting, by the mobile gateway, the updated transaction data using the device key;
sending, by the mobile gateway to the mobile device, the encrypted updated transaction data, 
decrypting, by the mobile device, the encrypted updated transaction data using the device key; and 
updating, by the mobile device, the account data on the mobile device based on the updated transaction data.” (Emphasis added)

The specification as filed recites, inter alia:
“[0061] At stage 508, the encryption key server begins the process of distributing a key of a second key pair to an Issuer. One key of the second key pair is provided to the Issuer (stage 510) and the other key of the second key pair is stored in the encryption key server (stage 514). The Issuer uses the received key of the second key pair to generate a unique key (or other form of access control data) for each mobile payment device that is registered with the Issuer (stage 512). As will be described, this unique key will be distributed to the mobile payment device and used to decrypt transaction data provided to the device as part of an update of the transaction data stored in the device, or as part of a transaction or account record stored in the device. Note that the unique key provided to the mobile device may also be used to encrypt data that is generated by the device or the payment application installed in the device for secure transfer to an Issuer or other entity. 
[0062] Figure 5(c) illustrates the stages involved in a process for using the encryption keys distributed to the mobile gateway and to the Issuer to encrypt data generated by the Issuer in the mobile gateway for transmission to the mobile device, and to decrypt that data in the mobile device. Note that the process or method described with reference to Figure 5(c) may be performed for each transaction. At stage 522, a mobile device initiates a payment transaction by interacting with a device reader or point of sale terminal (e.g., element 130 of Figure 2). As part of the transaction process, the Acquirer (e.g., element 132 of Figure 2) provides transaction data to the Payment Processing Network (e.g., element 134 of Figure 2) and ultimately to the Issuer (e.g., element 136 of Figure 2) at stage 524, typically as a result of communication between the Payment Processing Network and the Issuer. 
[0063] The Issuer processes the transaction data and generates updated transaction data which is intended to be provided to the mobile device. The generated data may be for example, in the form of transaction records, updates or corrections to an account balance, etc. Thus, the process described with reference to Figure 5(c) may be used for example, as part-of the process described with reference to Figure 4 (e.g., to exchange or update transaction related data as part of a transaction query, update or reconciliation process performed by the Issuer). The generated data is provided to the Payment Processing Network at stage 526. Note that in some embodiments, and depending upon the communications network or connections being used, the generated data may instead be provided directly to the mobile gateway. 
[0064] If there is no direct connection between the Issuer and mobile gateway, then the generated data provided to the Payment Processing Network is provided to the mobile gateway. The mobile gateway connects to the encryption key server and to the mobile device (stage 528). At stage 530, the encryption key server generates a session specific key from the stored key of the first key pair. The encryption key server then generates the unique key for the mobile device using the stored key of the second key pair (stage 532). The encryption key server then encrypts the generated session key using the-unique key for the mobile device (stage 532). The encryption key server then distributes the encrypted session key to the mobile device via the mobile gateway (stage 534). The mobile device receives the encrypted session key, recovers the session key using its unique key, and then uses the session key to decrypt the transaction data it received from the mobile gateway (stage 536). The decrypted data is then made available to the payment application resident on the mobile device for processing, storage, display to the user, or another relevant function. The decrypted data may be stored in a secure data storage medium or other suitable element.”

Therefore, the specification as filed does not recite in which manner the (same) device key recited previously in the claims (see claim language “generating, by the issuer computer, a device key using the first encryption key received from the key distribution server; transmitting, by the issuer computer, the device key to a mobile device) is generated by the mobile gateway. The specification as filed is completely silent regarding the claimed term "device key". The specification as filed is also silent regarding device key generation aspects performed “by the mobile gateway”. The specification as filed recites a "unique key" in paragraphs [0061] and [0064], which is generated by the issuer using the "received key of the second key pair" (paragraph [0061]), and then distributed to the mobile device. The specification as filed requires: A. "The mobile gateway connects to the encryption key server and to the mobile device (stage 528), B. The encryption key server generates a session specific key from the stored key of the first key pair (stage 530); C. "the encryption key server then generates the unique key for the mobile device using the stored key of the second key pair (stage uses the session key to decrypt the transaction data it received from the mobile gateway (stage 536)". The claims, however, attempt to describe an embodiment in which the mobile gateway is somehow able to generate the mobile device unique key. In other words, the claims introduce a key generation step, performed by the mobile gateway, and subsequent encryption of the data using this locally generated key. This goes squarely against what is described in the specification as filed, in which only the mobile device and the encryption key server are in possession of the "unique key for the mobile device". This unique key is then used to encrypt a session key that is then forwarded to the mobile device "via the mobile gateway". This session key, once decrypted by the unique key already in possession of the mobile device, is used to decrypt the updated transaction data. A fair reading of the specification as filed would lead one of ordinary skill in the art to reasonably convey that it is the session key that is used to decrypt the encrypted updated transaction data received by the mobile device. Therefore, the specification as filed is silent regarding the updated transaction data being encrypted "using the device key" and "by the mobile gateway", as claimed. The specification is also silent regarding the mobile device decrypting the "encrypted transaction data using the device key". It appears that by omitting the steps related to the “session specific key”, the claim language now recites an embodiment which is not sufficiently described by the 

    PNG
    media_image1.png
    714
    548
    media_image1.png
    Greyscale



Response to Arguments/Amendments
Claim rejections - 35 USC § 112(b)
Applicant’s amendments and arguments (see remarks, pages 9 and 10, filed on 08/10/2021), with respect to the rejection of claims 27-34, 38 and 47-56 under 35 USC § 112(b) have been fully considered. Examiner finds Applicant's arguments persuasive in view of the submitted amendments, therefore the rejections were withdrawn.
 
Claim rejections - 35 USC § 103
Applicant’s amendments and arguments (see remarks, pages 10-12, filed on 08/10/2021), with respect to the rejection of claims 27-34, 38 and 47-56 under 35 USC § 103 have been fully considered. Examiner finds Applicant's arguments persuasive in view of the submitted amendments, therefore the rejections are withdrawn. 


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Nambiar et al. (NPL 2004, listed in PTO-892 as reference "U") disclose Analysis of payment transaction security in mobile commerce, including public key infrastructure as a basis for secure mobile technologies.
Hui et al. (NPL 2005, listed in PTO-892 as reference "V") disclose A Kind of Modified Encrypted WAP in E-commerce, including an exchange of secret-keys between a mobile device and a server, in which both sides can use this shared secret-key to carry on the symmetrical encryption, making it impossible for WAP Gateway to see the plaintext.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDUARDO D CASTILHO whose telephone number is (571)270-1592. The examiner can normally be reached Mon-Fri 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/E.C./Examiner, Art Unit 3685 
/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685