Acknowledgements
This communication is in response to applicant’s response filed on 03/14/2022.
Claims 1, 11, and 20-21 has been amended. Claims 26-27 have been added.
Claims 1-27 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Arguments
Regarding applicant’s arguments under Claim Rejections - 35 USC § 103 that Kurani (US 10,997,592 B1) fails to disclose the feature of "the pre-certified payment application driver code supports multiple payment terminal vendors in one integration," in amended claim 1, examiner respectfully argues that applicant’s argument is moot due to the new grounds of rejection necessitated by amendments made to claim 1. 
Applicant makes a similar argument for claims 11 and 21 as claim 1 above. Examiner respectfully argues applicant’s arguments are moot for the same reasons listed above for claim 1.
Applicant argues dependent claims 2-10, 12-20 and 22-27 are allowable based on their dependence upon allowable base claims, examiner respectfully argues applicant’s arguments are moot in light of the new rejections necessitated by the claim amendments for claims 1, 11, and 21.
Priority
Acknowledgment is made of applicant’s claim to U.S. Provisional Application No. 62/358,745, filed on 07/06/2016. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 6-11, 13-14, 16-21, and 23-27 are rejected under 35 U.S.C. 103 as being unpatentable over Goldfarb (US 20140372320) in view of Murphy (US 20180018661) in further view of Alimi (US 20150363765).

Regarding Claims 1, 11, and 21, Goldfarb teaches a pre-certified payment application driver code executable by at least one of the first processor or the second processor and configured to satisfy requirements of a particular level of a credit card data security certification compliance, wherein the pre-certified payment application driver code is integrated with a first point of sale (POS) application which executes on the first processor with the first memory and does not satisfy the requirements of the particular level of the credit card data security certification compliance, to generate a first integrated application executing on the first processor with the first memory (Paragraphs 0023-0024 teach the third party application (POS system) may be modified by software development kit (SDK) provided by payment provider so that third party application integrates functions that allow it to provide services from payment provider that can facilitate transactions and payments between consumer and merchant; the SDK may enable the third party (merchant) to accept chip and PIN payments using payment provider device using the third party's own app and not a specific, separate app provided by the payment provider to interface third party mobile device to payment provider device, as is currently typically necessary for other card reader devices; the SDK may create an abstraction layer for modification of the third party's own app and certify the functionality once as being of the payment provider; the SDK may effectively provide a way for the merchant to use the certification of the SDK in the POS system without “breaking” the certification yet retain the flexibility to use the merchant's own app (POS system)), the first integrated application configured to: receive first payment data encrypted with the first encryption key (Paragraphs 0027 and 0022 teach the third party app (i.e., integrated application), as modified by SDK and executing on merchant mobile device, may process a chip and PIN transaction between merchant and consumer by a point-of-sale (POS) system executing on the mobile device of merchant; the third party application may take the card data, which may be encrypted, and transmit it via network 160 to a payment provider server); and transmit the encrypted first payment data to the payment server for processing the first payment transaction using the encrypted first payment data (Paragraphs 0028 and 0022 teach the POS system, executing on mobile device, may communicate with the payment provider device, which may be reading a chip and PIN card or magnetic card (e.g., card) and may accept a PIN for the chip and PIN transaction that, for example, authorizes use of card; the payment provider server communicates encrypted card data with payment networks to complete the transaction).
However, Goldfarb does not explicitly teach enable, in response to the first POS application initiating a first payment transaction, a first payment terminal to share a first encryption key with a payment server; and receive a processing result of the first payment transaction from the payment server and communicate the processing result to the first POS application, and wherein the first integrated application is configured to perform operations as required by the particular level of the credit card data security certification compliance.
Murphy from same or similar field of endeavor teaches enable, in response to the first POS application initiating a first payment transaction (Paragraph 0080 teaches a user of an online merchant website may initiate a transaction by placing items to purchase in a digital, e.g. virtual, shopping cart, wherein a “user” can mean a person performing or executing interactions, or multiple interactions, on the virtual POS engine), a first payment terminal to share a first encryption key with a payment server (Paragraph 0082 teaches host system (i.e., comprises payment server) can receive from the virtual POS engine (i.e., first payment terminal) a DUKPT (working key) to create a secure communication session between the virtual POS engine and an entity (e.g. host POS engine (i.e., payment server)) in the host system); and receive a processing result of the first payment transaction from the payment server and communicate the processing result to the first POS application (Paragraphs 0089-0090 teach the issuer can provide authorization for the transaction and route an authorization response that is received by the virtual POS engine; the virtual POS engine determines if the authorization response indicates that the transaction is approved, more specifically, the virtual POS engine can generate an indication that is provided to the merchant server to complete the online transaction), and wherein the first integrated application is configured to perform operations as required by the particular level of the credit card data security certification compliance (Paragraph 0067 teaches communication interface of the portable device can conform to the NFC)(EMV® ISO/IEC 14443 standard such that an NFC enabled, contactless payment card can be read when presented to communication interface; the contact-based card reader of the portable device can also conform to the EMV Smart Card (ISO 7816) standard such that an integrated circuit card (chip card) on the payment card can be read, when inserted into the slot of the portable device; the virtual POS engine can support applicable certifications, regulatory and payment body standards where relevant, including, but not restricted to, payment card industry (PCI) PIN entry device (PED), PCI PIN transaction security (PTS), EMV® Level 1 & Level 2, International Organization for Standardization/American National Standards Institute (ISO/ANSI), Federal Communications Commission (FCC), etc.).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in Goldfarb, which teaches a pre-certified application driver code integrated with a POS application that creates an integrated application, to incorporate the teachings of Murphy to enable, in response to the first POS application initiating a first payment transaction, a first payment terminal to share a first encryption key with a payment server; and receive a processing result of the first payment transaction from the payment server and communicate the processing result to the first POS application, and wherein the first integrated application is configured to perform operations as required by the particular level of the credit card data security certification compliance.
There is motivation to combine Murphy into Goldfarb because the security of the base invention is improved because the portable device can also store a cryptographic key that can be used to establish a secure session between the portable device and the host system, for the purpose of authorizing payment for an online transaction between the consumer endpoint device and the merchant server (Murphy Paragraph 0029). Establishing the secure session between the portable device and the host system can refer to encrypting data sent through the session using the cryptographic key. In addition, in some examples, establishing the secure session can further include checking the validity of the portable device (Murphy Paragraph 0032).
However, the combination of Goldfarb and Murphy does not explicitly teach wherein the pre-certified payment application driver code supports multiple payment terminal vendors.
Alimi from same or similar field of endeavor teaches wherein the pre-certified payment application driver code supports multiple payment terminal vendors in one integration (Paragraphs 0021, 0023, and 0029, and 0017 teach a fleet of dedicated payment terminals managed by a Terminal Management System (TMS) is generally homogeneous; an execution environment of the managed payment terminals is substantially the same for all the managed payment terminals, and consequently the dedicated profiles are substantially the same for all the managed payment terminals; the managed payment terminals may upload the dedicated payment acceptance applet from the TMS, the dedicated payment acceptance applet being also substantially the same for all the managed payment terminals; the TMS combines functionalities of a traditional TMS for managing a traditional POS terminal and functionalities of a TSM for managing a mobile device with a secure element capable of executing a payment transaction; due to the heterogeneity of the execution environments of the payment terminals implemented by each specific mobile device, the profiles generated by the TMS need to be adapted for each specific mobile device; the TMS is capable of managing several devices each with a specific profile generated based on the specific execution environment of the payment terminal of the corresponding specific device; a payment acceptance applet is uploaded on the secure element of each specific device; the uploaded payment acceptance applet on the secure element of each specific device may be the same for all the specific devices; the payment acceptance applet: a payment acceptance application executed by a secure element to conduct a secured financial transaction with an external entity (e.g. a financial institution such as a bank) for accepting a payment).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in the combination of Goldfarb and Murphy, which teaches a pre-certified application driver code integrated with a POS application that creates an integrated application and a payment terminal and payment server that share an encryption key for secure transmission of financial data, to incorporate the teachings of Alimi for the pre-certified payment application driver code to support multiple payment terminal vendors in one integration.
There is motivation to combine Alimi into the combination of Goldfarb and Murphy because devices initially not dedicated to implement a payment terminal functionality are now used. For example, such devices may include mobile computing devices (e.g. smartphones, tablets). In order to provide the appropriate level of security, the payment terminal functionality supported by the secure element is now compliant with the appropriate security standard, for instance EMV. In addition, the payment terminal functionality may be deployed on a large scale, involving multiple devices each providing the payment terminal functionality. These devices may be deployed over a large geographic area, may be used by a plurality of different merchants, and may interact with several different financial institutions. This complex payment infrastructure is now managed in a secure and efficient way (Alimi Paragraphs 0003-0004).
There are numerous scenarios where a limitation which is not taught in the prior art can be found to be obvious. For example, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960). 
Paragraph [0038] of Goldfarb teaches the user device may be implemented as a personal computer (PC), a smart phone, personal digital assistant (PDA), laptop computer, and/or other types of computing devices capable of transmitting and/or receiving data, such as an iPad™ from Apple™
Paragraph [0015] of Murphy teaches examples of consumer endpoint devices can include any or some combination of the following: a personal computer, a tablet computer, a smartphone, a user-wearable device (an electronic device worn on a person, such as on the wrist, on the face, etc.), or any other type of computing device, and although just one consumer endpoint device is shown in FIG. 1, it is noted that in other examples, multiple consumer endpoint devices can be provided.
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system in the combination of Goldfarb and Murphy to include multiple consumer endpoint devices (i.e., payment client systems), wherein the second consumer endpoint device (in conjunction with the portable device) also comprises an integrating application configure to enable the consumer endpoint device to share an encryption key with the payment server, receive encrypted data encrypted with the encryption key, transmit encrypted data to payment server for processing a payment transaction, and receive a processing result of the payment transaction. It would have been obvious to one of ordinary skill in the art at the time of invention to duplicate the steps of receiving a secret, decrypting a secret to obtain clear text that represents the data, validating the data, and generating a validation result.  It is well within the knowledge of one of ordinary skill to duplicate software steps in a computer.
There is motivation to combine because the mere duplication of parts has no patentable significance and does not produce new and unexpected results.  For example, the processing of the secrets is performed in parallel and have no bearing on each other. See MPEP 2144.04 VI B; In re Harza, 124 USPQ 378 (CCPA 1960).
Regarding Claim 1, Goldfarb teaches a system (Paragraphs 0020 and 0035 teach a third-party mobile device (i.e., POS terminal device, or any other electronic device capable of communicating with payment provider device (card reader) can initiate a payment transaction and receive a transaction approval request), comprising: a first processor and a first memory (Paragraph 0036 teaches the user device (i.e., POS device) may each include one or more processors, memories, and other appropriate components for executing instructions such as program code and/or data stored on one or more computer readable mediums to implement the various applications, data, and steps described herein).

Regarding Claims 2 and 12, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claims 1 and 11 above; and Goldfarb further teaches wherein the pre-certified payment application driver code includes configurable authentication identifiers to selectively implement (1) an authentication to use the same authentication identifier across all implementations of the pre-certified payment application driver code, (2) an authentication to use authentication identifiers for individual independent software vendors (ISVs), (3) an authentication to use authentication identifiers for individual merchants, or (4) an authentication to use authentication identifiers for individual applications (Paragraph 0044 teaches the user device may include one or more user identifiers which may be implemented, for example, as operating system registry entries, cookies associated with browser application, identifiers associated with hardware of user device, or other appropriate identifiers, such as used for payment/user/device authentication; the user identifier may be used by a payment service provider to associate user with a particular account maintained by the payment provider).

Regarding Claims 3 and 13, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claims 1 and 11 above; however the combination does not explicitly teach during the transmission of the encrypted first payment data and the reception of the processing result of the first payment transaction, the first integrated application is further configured to communicate transaction information including the encrypted first payment data with the payment server using a transport layer security (TLS) protocol.
Murphy further teaches during the transmission of the encrypted first payment data and the reception of the processing result of the first payment transaction, the first integrated application is further configured to communicate transaction information including the encrypted first payment data with the payment server using a transport layer security (TLS) protocol (Paragraphs 0065 and 0069-0070 teach the virtual POS engine, host system, and merchant web server can communicate with one another using, for example, transport layer security (TLS); the host system can communicate with the virtual POS engine using, for example, TLS).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Alimi to incorporate the further teachings of Murphy for during the transmission of the encrypted first payment data and the reception of the processing result of the first payment transaction, the first integrated application to be further configured to communicate transaction information including the encrypted first payment data with the payment server using a transport layer security (TLS) protocol.
There is motivation to further combine Murphy into the combination of Goldfarb, Murphy, and Alimi because of the same reasons listed above for claims 1 and 11. 

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 6 and 16, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claims 1 and 11 above; however, the combination does not explicitly teach in response to enabling the first payment terminal, the first integrated application is configured to disable other listener processes in the system from connecting with the first payment terminal.
Murphy further teaches in response to enabling the first payment terminal, the first integrated application is configured to disable other listener processes in the system from connecting with the first payment terminal (Paragraph 0072 teaches the host system can include instructions executable to create, access and maintain a Base Derivation Key (BDK), wherein the BDK can be used to create an Initial PIN Encryption Key (IPEK) which, accompanied by a key serial number, can be provided to the portable device; a TRSM module of the portable device is provided in compliance with the ISO 9564 standard and can contain a unique cryptographic key, e.g. IPEK, based on the HSM module BDK, wherein the IPEK can be provided to the portable device at the point of manufacture such that each portable device can have a unique cryptographic key, e.g. an IPEK accompanied by a key serial number (i.e., enabling the portable device with the unique cryptographic key disables other listeners)).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Alimi to incorporate the further teachings of Murphy for in response to enabling the first payment terminal, the first integrated application to be configured to disable other listener processes in the system from connecting with the first payment terminal.
There is motivation to further combine Murphy into the combination of Goldfarb, Murphy, and Alimi because of the same reasons listed above for claims 1 and 11.

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 7 and 17, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claims 1 and 11 above; however, the combination does not explicitly teach the first integrated application is configured to maintain the first memory to be free of any decryption keys corresponding to the first encryption key and any unencrypted data of the first payment data. 
Murphy further teaches the first integrated application is configured to maintain the first memory to be free of any decryption keys corresponding to the first encryption key and any unencrypted data of the first payment data (Paragraphs 0072-0073 and 0039 teach the BDK can be used to create an Initial PIN Encryption Key (IPEK) which, accompanied by a key serial number, can be provided to the portable device, and the transaction payment program code (e.g. firmware) of the portable device can create a secure session between the virtual POS engine and the host system, which has the HSM containing the BDK; a secure session can ensure a validity of the virtual POS engine, ensure message transport encryption, e.g. 3DES, per ANSI x9.52 standards, ensure message transport authentication, e.g. via a message authentication code (MAC) (i.e., decryption keys are located at the host system), and enable a secure, e.g. encrypted PIN block to be created per ANSI x9.8 and ISO 9564; a security mechanism can be provided to protect communication between the captive sensors of the portable device and the virtual element of the payment UI screen, for example, the security mechanism can apply some form of message disruption (e.g. data encryption, data scrambling, etc.) between the captive sensors of the portable device and the payment UI screen of the consumer endpoint device (i.e., unencrypted data is not maintained in first memory)).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Alimi to incorporate the further teachings of Murphy for the first integrated application to be configured to maintain the first memory to be free of any decryption keys corresponding to the first encryption key and any unencrypted data of the first payment data.
There is motivation to further combine Murphy into the combination of Goldfarb, Murphy, and Alimi because of the same reasons listed above for claims 1 and 11.

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 8 and 18, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claims 1 and 11 above; however, the combination does not explicitly teach in response to the first payment terminal reading the first payment data, the first integrated application is configured to encrypt the first payment data.
Murphy further teaches in response to the first payment terminal reading the first payment data, the first integrated application is configured to encrypt the first payment data (Paragraphs 0032, 0039, 0073 teach establishing the secure session between the portable device and the host system can refer to encrypting data sent through the session using the cryptographic key, for example, a security mechanism can apply some form of message disruption (e.g. data encryption, data scrambling, etc.) between the captive sensors of the portable device and the payment UI screen of the consumer endpoint device; the transaction payment program code (e.g. firmware) of the portable device can create a secure session between the virtual POS engine and the host system, which has the HSM containing the BDK, wherein the secure session can ensure a validity of the virtual POS engine, ensure message transport encryption).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Alimi to incorporate the further teachings of Murphy for in response to the first payment terminal reading the first payment data, the first integrated application to be configured to encrypt the first payment data.
There is motivation to further combine Murphy into the combination of Goldfarb and Murphy because of the same reasons listed above for claims 1 and 11.

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 9 and 19, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claims 1 and 11 above; and Goldfarb further teaches the first payment data includes data selected from the group consisting of tender data, magnetic card reader (MSR) data, personal identification number (PIN) data, or Europay, MasterCard, or Visa (EMV) data (Paragraph 0028 teaches the POS system, executing on mobile device, may communicate with the payment provider device, which may be reading a chip and PIN card or magnetic card (e.g., card) and may accept a PIN for the chip and PIN transaction that, for example, authorizes use of card).

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 10 and 20, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claims 1 and 11 above; however the combination does not explicitly teach for the system to further comprise a first hardware security module (HSM) and a second HSM, wherein: the first integrated application is configured to cause the first payment terminal to share the first encryption key with the payment server via the first HSM, and the second integrated application is configured to cause the second payment terminal to share the second encryption key with the payment server via the second HSM.
Murphy further teaches sharing by the payment server, the first encryption key with the first payment terminal via a first hardware security module (HSM) (Paragraphs 0049, 0072, and 0082 teach the portable device can include a tamper-resistant security module (TRSM) (i.e., HSM), which can include a storage medium to store security parameters, such as the cryptographic key and other cryptographic security parameters (CSPs); the TRSM is tamper-resistant (to make intrusion difficult), tamper-evident (to make intrusion attempts evident), and tamper-responsive (to detect an intrusion attempt and destroy contents in the storage medium in the process); the TRSM module of the portable device is provided in compliance with the ISO 9564 standard and can contain a unique cryptographic key, e.g. IPEK, based on the HSM module BDK; the host system can receive from the virtual POS engine a DUKPT (working key) to create a secure communication session between the virtual POS engine and an entity (e.g. host POS engine) in the host system).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Alimi to incorporate the further teachings of Murphy for the system to further comprise a first hardware security module (HSM) and a second HSM, wherein: the first integrated application to be configured to cause the first payment terminal to share the first encryption key with the payment server via the first HSM, and the second integrated application to be configured to cause the second payment terminal to share the second encryption key with the payment server via the second HSM.
There is motivation to further combine Murphy into the combination of Goldfarb, Murphy, and Alimi because of the same reasons listed above for claims 1 and 11.
	Regarding Claim 20, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claim 11 above; and Murphy further teaches in response to receiving the encrypted first payment data from the first integrated application, decrypting by the payment server, the encrypted first payment data (Paragraph 0073 teaches the transaction payment program code of the portable device can create a secure session between the virtual POS engine and the host system, which has the HSM containing the BDK; a secure session can ensure a validity of the virtual POS engine, ensure message transport encryption, e.g. 3DES, per ANSI x9.52 standards, ensure message transport authentication, e.g. via a message authentication code (MAC) (i.e., decrypting first payment data), and enable a secure, e.g. encrypted PIN block to be created per ANSI x9.8 and ISO 9564); encrypting by the payment server, the first payment data with a third encryption key and sending the first payment data encrypted with the third encryption key to a front-end server (Paragraphs 0070 and 0062 teach the application layer to the host system can include a switch to route transaction network traffic, in addition to the acquirer engine (i.e., front-end server) and the host POS engine (i.e., payment server), wherein the acquirer engine can communicate with the external interfaces (i.e., card networks) via the switch using, for example, ISO 8583/3DES and the host POS engine can communicate with the virtual POS engine using, for example, HTTPS/SSL/TLS/3DES (i.e., a different encryption keys are used); the host POS engine (which can include machine-executable instructions or a combination of machine-executable instructions and processing hardware) can communicate securely with the virtual POS engine to transport payment credentials to the acquirer engine); in response to receiving the first payment data encrypted with the third encryption key, processing by the front-end server, the first payment transaction and sending a request for processing the first payment transaction to a card network (Paragraph 0063 and 0089 teach the acquirer engine (i.e., front-end server) can function to determine a scheme, e.g. Visa®, Mastercard®, Amex®, etc., associated with an issuer of a payment card, e.g. an issuing bank, by way of example, the acquirer engine may determine a card scheme based on a bank identification number (BIN) or the issuer identification number (IIN) associated with a payment card; the acquirer can receive the authorization request and, can execute instructions to determine the card scheme, e.g. Mastercard®, Visa®, Amex®, etc. using, for example, the card BIN or IIN; instructions associated with the scheme can execute to determine the issuer, e.g. a bank that offers branded (e.g. MasterCard®, Visa®, Amex®, etc.) payment cards to consumers; in addition the issuer (i.e., card network) can provide authorization for the transaction);-38- 4820-6694-9450.2Attorney Docket No. 111452-0103in response to receiving the processing result of the first payment transaction from the card network, forwarding by the front-end server, the processing result back to the payment server (Paragraph 0089 and Fig. 7B teach the issuer can provide authorization for the transaction and route an authorization response that is received by the virtual POS engine, wherein the authorization response can be, for example, an ISO 8583 MTI 0110 (i.e., the authorization response travels from the issuer (i.e., card network) back through to the acquirer engine (i.e., front-end server) to the host POS engine (i.e., payment server))); in response to receiving the processing result of the first payment transaction from the front-end server, forwarding by the payment server, the processing result back to the first integrated application (Paragraph 0089 teaches the issuer can provide authorization for the transaction and route an authorization response that is received by the virtual POS engine, wherein the authorization response can be, for example, an ISO 8583 MTI 0110; the virtual POS engine (i.e., comprises first integrated application) determines if the authorization response indicates that the transaction is approved).
However, the combination of Goldfarb and Murphy does not explicitly teach wherein the pre-certified payment application driver code supports multiple payment terminal vendors.
Alimi from same or similar field of endeavor teaches wherein the pre-certified payment application driver code supports multiple payment terminal vendors (Paragraphs 0021, 0023, and 0029, and 0017 teach a fleet of dedicated payment terminals managed by a Terminal Management System (TMS) is generally homogeneous; an execution environment of the managed payment terminals is substantially the same for all the managed payment terminals, and consequently the dedicated profiles are substantially the same for all the managed payment terminals; the managed payment terminals may upload the dedicated payment acceptance applet from the TMS, the dedicated payment acceptance applet being also substantially the same for all the managed payment terminals; the TMS combines functionalities of a traditional TMS for managing a traditional POS terminal and functionalities of a TSM for managing a mobile device with a secure element capable of executing a payment transaction; due to the heterogeneity of the execution environments of the payment terminals implemented by each specific mobile device, the profiles generated by the TMS need to be adapted for each specific mobile device; the TMS is capable of managing several devices each with a specific profile generated based on the specific execution environment of the payment terminal of the corresponding specific device; a payment acceptance applet is uploaded on the secure element of each specific device; the uploaded payment acceptance applet on the secure element of each specific device may be the same for all the specific devices; the payment acceptance applet: a payment acceptance application executed by a secure element to conduct a secured financial transaction with an external entity (e.g. a financial institution such as a bank) for accepting a payment).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in the combination of Goldfarb and Murphy, which teaches a pre-certified application driver code integrated with a POS application that creates an integrated application and a payment terminal and payment server that share an encryption key for secure transmission of financial data, to incorporate the teachings of Alimi for the pre-certified payment application driver code to support multiple payment terminal vendors in one integration.
There is motivation to combine Alimi into the combination of Goldfarb and Murphy because devices initially not dedicated to implement a payment terminal functionality are now used. For example, such devices may include mobile computing devices (e.g. smartphones, tablets). In order to provide the appropriate level of security, the payment terminal functionality supported by the secure element is now compliant with the appropriate security standard, for instance EMV. In addition, the payment terminal functionality may be deployed on a large scale, involving multiple devices each providing the payment terminal functionality. These devices may be deployed over a large geographic area, may be used by a plurality of different merchants, and may interact with several different financial institutions. This complex payment infrastructure is now managed in a secure and efficient way (Alimi Paragraphs 0003-0004).

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).	

	Regarding Claims 23, 24, 25, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claims 21, 1, and 11 above; and Goldfarb further teaches wherein the pre-certified payment application driver code is a software development kit (SDK) (Paragraph 0025 teaches the merchant's POS system can be adapted (e.g., using SDK) to drive the payment provider device (e.g., card reader) without the merchant having to use an app of the payment provider in order to use the payment provider device and services of the payment provider).

	Regarding Claim 26, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claim 1 above; however, the combination does not explicitly teach wherein the pre-certified payment application driver code further supports multiple terminal models and multiple countries in the one integration.
Alimi further teaches wherein the pre-certified payment application driver code further supports multiple terminal models and multiple countries in the one integration (Paragraphs 0030 and 0032 teach the selection of the specific execution environment of the payment terminal is based on a specific geographical area; the generated profile takes into consideration a geographical area where the mobile device is used; for instance, in North America, only on-line transactions (a financial transaction validated by a financial institution) are authorized, while in Europe both on-line and off-line transactions (a financial transaction which does not need to be validated by a financial institution, for example if the amount is lower than a pre-defined threshold) are authorized).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in the combination of Goldfarb, Murphy, and Alimi to incorporate the further teachings of Alimi for the pre-certified payment application driver code to further support multiple terminal models and multiple countries in the one integration.
There is motivation to further combine Alimi into the combination of Goldfarb and Murphy because of the same reasons listed above for claim 1.

Regarding Claim 27, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claim 1 above; however, the combination does not explicitly teach wherein the first POS application before the integration does not support the multiple payment terminal vendors, and the first integrated application supports the multiple payment terminal vendors. 
Alimi further teaches wherein the first POS application before the integration does not support the multiple payment terminal vendors, and the first integrated application supports the multiple payment terminal vendors (Paragraphs 0023, 0025, and 0055 teach the TMS combines functionalities of a traditional TMS for managing a traditional POS terminal and functionalities of a TSM for managing a mobile device with a secure element capable of executing a payment transaction; however, due to the heterogeneity of the execution environments of the payment terminals implemented by each specific mobile device, the profiles generated by the TMS need to be adapted for each specific mobile device (i.e., the payment acceptance applet enables support for multiple payment terminal vendors); in order to provide a satisfactory level of security for the transmission of data between the terminal management system and the secure element on the device, an end-to-end secure communication channel is established between these two entities; security credentials (e.g. keys, certificates) present on at least one of the terminal management system and the secure element may be used for the establishment of the secure communication channel; the Profile Management System is responsible for generating and updating the profiles of the payment terminals; each payment terminal profile contains one or several of the following sub-profiles: a profile of the device implementing the payment terminal, a profile of the secure element of the device, a profile of a payment acceptance applet to be uploaded on and executed by the secure element, a profile of the security keys used by the secure element and the payment acceptance applet, a profile of a merchant with which the payment acceptance applet can perform a secured financial transaction, etc.).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in the combination of Goldfarb, Murphy, and Alimi to incorporate the further teachings of Alimi for the first POS application to not support the multiple payment terminal vendors before integration, and the first integrated application supports the multiple payment terminal vendors.
There is motivation to further combine Alimi into the combination of Goldfarb and Murphy because of the same reasons listed above for claim 1.

Claims 4, 14, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Goldfarb (US 20140372320) in view of Murphy (US 20180018661) in further view of Alimi (US 10,997,592 B1) in further view of Dolcino (US 20140324698).

Regarding Claims 4, 14, and 22, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claims 1, 11, and 21 above; and however, the combination does not explicitly teach wherein the pre-certified payment application driver code is an application programming interface (API).
Dolcino from same or similar field of endeavor teaches wherein the pre-certified payment application driver code is an application programming interface (API) (Paragraphs 0066 and 0075 teach the payment control application executed on the CPU of the control circuit communicates with the secure element via a Contactless Front End (CLF), using the same software stacks as in the previous embodiment; the physical communication between the CLF and the control circuit is implemented via an I2C link (not represented in FIG. 7); the payment applet includes an abstraction layer, to interface generically with the lower level software components (e.g. the OS) of the secure element, and the payment applet includes interface modules, to interface with different contact and contactless interfaces of the device: EMV Contact L1 and EMV Contact L2 Core for interfacing with a smart card reader, EMV Contactless L1 core and EMV Contactless L2 Core for interfacing with a NFC interface, Mag Stripe Core for interfacing with a magnetic strip reader; the payment applet comprises communication services, to communicate with external entities (e.g. a financial institution) via the communication interface of the device; the payment applet further comprises security services for securing a communication with the external entities (e.g. a financial institution): authentication services, cryptographic services, and crypto storage services; the payment applet also includes an acquirer module and several payment modules (e.g. MasterCard PayPass MagStripe, Visa PayWave MSD, MasterCard Paypass M/Chip, Visa PayWave qVSDC), to support various types of payment applications provided by different types of payment means (e.g. contact or contactless credit card, contactless payment enabled mobile phone, etc)).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Alimi to incorporate the teachings of Dolcino for the pre-certified payment application driver code to be an application programming interface (API).
There is motivation to combine Dolcino into the combination of Goldfarb, Murphy, and Alimi in order to ensure security during the financial transactions, security standards such as the Europay, MasterCard, and Visa (EMV) transaction standard have been developed and used to certify both the payment terminals and the payment cards. However, due to various factors, including the technical complexity required to meet the security standards, payment terminals that are used to conduct secured financial transactions are usually devices that are solely dedicated to the conduct of financial transactions (Dolcino Paragraph 0004). By integrating the secure element into the POS device, the financial transaction is secured and compliant with the EMV transaction standard and the applicable PCI SSC standards. The applicable PCI SSC standards may be one of the Payment Application Data Security Standard (PA-DSS), PIN Transaction Security (PTS) and/or Point-to-Point Encryption (P2PE). In other embodiments, the transaction may be compliant with other secured transaction standards (Dolcino Paragraph 0043).

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Goldfarb (US 20140372320) in view of Murphy (US 20180018661) in further view of Alimi (US 10,997,592 B1) in further view of Reese (US 20180007037).

Regarding Claims 5 and 15, the combination of Goldfarb, Murphy, and Alimi teaches all the limitations of claims 1 and 11 above; however, the combination does not explicitly teach wherein the pre-certified payment application driver code is a shared library stored in at least one of the first memory or the second memory.
Reese from same or similar field of endeavor teaches wherein the pre-certified payment application driver code is a shared library stored in at least one of the first memory or the second memory (Paragraphs 0055 and 0047 teach libraries include collections of program functions that provide further abstraction for application programs, for example, these include shared libraries, dynamic linked libraries (DLLs), for example; the libraries may be integral to the operating system, runtime system, or may be added-on features, or even remotely-hosted; storage device includes a machine-readable medium on which is stored one or more sets of data structures and instructions (e.g., software) embodying or utilized by any one or more of the methodologies or functions described herein).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Alimi to incorporate the teachings of Reese for the pre-certified payment application driver code to be a shared library stored in the first memory.
There is motivation to combine Reese into the combination of Goldfarb, Murphy, and Alimi because libraries define an application program interface (API) through which a variety of function calls may be made by application programs to invoke the services provided by the operating system (Reese Paragraph 0055).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Leger (US 20160210617) teaches receiving a processing request, coming from a payment terminal, connected to the server via a communication network; analyzing the processing request delivering at least one digital wallet identifier and a digital wallet user identifier; implementing a payment transaction from the digital wallet identifier and the digital wallet user identifier and at least one parameter specific to a transaction server associated with the digital wallet identifier, and connected to the server by a communication network; receiving, from the transaction server, a finalizing datum representative of the acceptance or rejection of the transaction; and transmitting said finalizing datum to the payment terminal.
Lewis et al. (US 20090037284) teaches a point of sale system comprises a microprocessor system, a peripheral interface, and a communication interface. The point of sale system is configured to receive, through the communication interface, an update to peripheral operation software associated with a peripheral device that may be connected to the peripheral interface. The peripheral device may be a contactless reader. The updated software may be received from a terminal management system connected to the point of sale device through the communication interface. The updated software may comprise a peripheral driver that is stored in memory comprised in the point of sale device. The updated software may comprise peripheral firmware that is stored in memory comprised in the peripheral device.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:00 pm CST (M-F).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/C.P.J./Examiner, Art Unit 3685                                                                                                                                                                                                        
/JAY HUANG/Primary Examiner, Art Unit 3619