Acknowledgements
Examiner is withdrawing finality and vacating the previous office action.
This communication is in response to applicant’s response filed on 07/22/2022.
Claims 1-27 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Arguments
Regarding applicant’s arguments under Claim Rejections - 35 USC § 103 that Alimi (US 20150363765) fails to disclose the feature of "the pre-certified payment application driver code supports multiple payment terminal vendors in one integration," in claim 1, examiner respectfully agrees with applicant’s argument and has issued a new grounds of rejection. 
Applicant makes a similar argument for claims 11 and 21 as claim 1 above. Examiner respectfully agrees with applicant’s arguments for the same reasons listed above for claim 1.
Applicant argues dependent claims 2-10, 12-20 and 22-27 are allowable based on their dependence upon allowable base claims, examiner respectfully argues applicant’s arguments are moot in light of the new rejections for claims 1, 11, and 21.

Priority
Acknowledgment is made of applicant’s claim to U.S. Provisional Application No. 62/358,745, filed on 07/06/2016. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 6-11, 13-14, 16-21, and 23-27 are rejected under 35 U.S.C. 103 as being unpatentable over Goldfarb (US 20140372320) in view of Murphy (US 20180018661) in further view of Baar (US 20180144321).

Regarding Claims 1, 11, and 21, Goldfarb teaches a pre-certified payment application driver code executable by at least one of the first processor or the second processor and configured to satisfy requirements of a particular level of a credit card data security certification compliance, wherein the pre-certified payment application driver code is integrated with a first point of sale (POS) application which executes on the first processor with the first memory and does not satisfy the requirements of the particular level of the credit card data security certification compliance, to generate a first integrated application executing on the first processor with the first memory (Paragraphs 0023-0024 teach the third party application (POS system) may be modified by software development kit (SDK) provided by payment provider so that third party application integrates functions that allow it to provide services from payment provider that can facilitate transactions and payments between consumer and merchant; the SDK may enable the third party (merchant) to accept chip and PIN payments using payment provider device using the third party's own app and not a specific, separate app provided by the payment provider to interface third party mobile device to payment provider device, as is currently typically necessary for other card reader devices; the SDK may create an abstraction layer for modification of the third party's own app and certify the functionality once as being of the payment provider; the SDK may effectively provide a way for the merchant to use the certification of the SDK in the POS system without “breaking” the certification yet retain the flexibility to use the merchant's own app (POS system)), the first integrated application configured to: receive first payment data encrypted with the first encryption key (Paragraphs 0027 and 0022 teach the third party app (i.e., integrated application), as modified by SDK and executing on merchant mobile device, may process a chip and PIN transaction between merchant and consumer by a point-of-sale (POS) system executing on the mobile device of merchant; the third party application may take the card data, which may be encrypted, and transmit it via network 160 to a payment provider server); and transmit the encrypted first payment data to the payment server for processing the first payment transaction using the encrypted first payment data (Paragraphs 0028 and 0022 teach the POS system, executing on mobile device, may communicate with the payment provider device, which may be reading a chip and PIN card or magnetic card (e.g., card) and may accept a PIN for the chip and PIN transaction that, for example, authorizes use of card; the payment provider server communicates encrypted card data with payment networks to complete the transaction).
However, Goldfarb does not explicitly teach enable, in response to the first POS application initiating a first payment transaction, a first payment terminal to share a first encryption key with a payment server; and receive a processing result of the first payment transaction from the payment server and communicate the processing result to the first POS application, and wherein the first integrated application is configured to perform operations as required by the particular level of the credit card data security certification compliance.
Murphy from same or similar field of endeavor teaches enable, in response to the first POS application initiating a first payment transaction (Paragraph 0080 teaches a user of an online merchant website may initiate a transaction by placing items to purchase in a digital, e.g. virtual, shopping cart, wherein a “user” can mean a person performing or executing interactions, or multiple interactions, on the virtual POS engine), a first payment terminal to share a first encryption key with a payment server (Paragraph 0082 teaches host system (i.e., comprises payment server) can receive from the virtual POS engine (i.e., first payment terminal) a DUKPT (working key) to create a secure communication session between the virtual POS engine and an entity (e.g. host POS engine (i.e., payment server)) in the host system); and receive a processing result of the first payment transaction from the payment server and communicate the processing result to the first POS application (Paragraphs 0089-0090 teach the issuer can provide authorization for the transaction and route an authorization response that is received by the virtual POS engine; the virtual POS engine determines if the authorization response indicates that the transaction is approved, more specifically, the virtual POS engine can generate an indication that is provided to the merchant server to complete the online transaction), and wherein the first integrated application is configured to perform operations as required by the particular level of the credit card data security certification compliance (Paragraph 0067 teaches communication interface of the portable device can conform to the NFC)(EMV® ISO/IEC 14443 standard such that an NFC enabled, contactless payment card can be read when presented to communication interface; the contact-based card reader of the portable device can also conform to the EMV Smart Card (ISO 7816) standard such that an integrated circuit card (chip card) on the payment card can be read, when inserted into the slot of the portable device; the virtual POS engine can support applicable certifications, regulatory and payment body standards where relevant, including, but not restricted to, payment card industry (PCI) PIN entry device (PED), PCI PIN transaction security (PTS), EMV® Level 1 & Level 2, International Organization for Standardization/American National Standards Institute (ISO/ANSI), Federal Communications Commission (FCC), etc.).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in Goldfarb, which teaches a pre-certified application driver code integrated with a POS application that creates an integrated application, to incorporate the teachings of Murphy to enable, in response to the first POS application initiating a first payment transaction, a first payment terminal to share a first encryption key with a payment server; and receive a processing result of the first payment transaction from the payment server and communicate the processing result to the first POS application, and wherein the first integrated application is configured to perform operations as required by the particular level of the credit card data security certification compliance.
There is motivation to combine Murphy into Goldfarb because the security of the base invention is improved because the portable device can also store a cryptographic key that can be used to establish a secure session between the portable device and the host system, for the purpose of authorizing payment for an online transaction between the consumer endpoint device and the merchant server (Murphy Paragraph 0029). Establishing the secure session between the portable device and the host system can refer to encrypting data sent through the session using the cryptographic key. In addition, in some examples, establishing the secure session can further include checking the validity of the portable device (Murphy Paragraph 0032).
However, the combination of Goldfarb and Murphy does not explicitly teach wherein the pre-certified payment application driver code supports multiple payment terminal vendors.
Baar from same or similar field of endeavor teaches wherein the pre-certified payment application driver code supports multiple payment terminal vendors in one integration (Paragraphs 0023-0024, 0029, and 0033 teaches a global terminal management services can generate updated certificates, provide software updates, provide other configuration files, and the like; payment terminals 110A-C can be configured to interface with EMV cards, such as an integrated circuit card (ICC); example suitable interfaces are provided by EMV Integrated Circuit Card Specifications for Payment Systems; terminal management computing system executes the software of the terminal management engine, and the processor can be caused to perform monitoring, encryption key/certificates, software patch management, and remote terminal configuration and monitoring; the terminal management computing system can generally provide for management of the payment terminals 210A-N, including software management and encryption management; the terminal management computing system can also securely deliver data to secure payment terminals, such as updated certificates, software updates, software patches, configurations files, and so forth).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in the combination of Goldfarb and Murphy, which teaches a pre-certified application driver code integrated with a POS application that creates an integrated application and a payment terminal and payment server that share an encryption key for secure transmission of financial data, to incorporate the teachings of Baar for the pre-certified payment application driver code to support multiple payment terminal vendors in one integration.
There is motivation to combine Baar into the combination of Goldfarb and Murphy because a merchant A-N may receive generally real-time information regarding the security and software status of any affiliated payment terminals 210A-N through the terminal management computing system. Such reporting can be used, for example, for the merchant A-N to monitor compliance with various EMV-related specification (Baar Paragraph 0035).
There are numerous scenarios where a limitation which is not taught in the prior art can be found to be obvious. For example, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960). 
Paragraph [0038] of Goldfarb teaches the user device may be implemented as a personal computer (PC), a smart phone, personal digital assistant (PDA), laptop computer, and/or other types of computing devices capable of transmitting and/or receiving data, such as an iPad™ from Apple™
Paragraph [0015] of Murphy teaches examples of consumer endpoint devices can include any or some combination of the following: a personal computer, a tablet computer, a smartphone, a user-wearable device (an electronic device worn on a person, such as on the wrist, on the face, etc.), or any other type of computing device, and although just one consumer endpoint device is shown in FIG. 1, it is noted that in other examples, multiple consumer endpoint devices can be provided.
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system in the combination of Goldfarb and Murphy to include multiple consumer endpoint devices (i.e., payment client systems), wherein the second consumer endpoint device (in conjunction with the portable device) also comprises an integrating application configure to enable the consumer endpoint device to share an encryption key with the payment server, receive encrypted data encrypted with the encryption key, transmit encrypted data to payment server for processing a payment transaction, and receive a processing result of the payment transaction. It would have been obvious to one of ordinary skill in the art at the time of invention to duplicate the steps of receiving a secret, decrypting a secret to obtain clear text that represents the data, validating the data, and generating a validation result.  It is well within the knowledge of one of ordinary skill to duplicate software steps in a computer.
There is motivation to combine because the mere duplication of parts has no patentable significance and does not produce new and unexpected results.  For example, the processing of the secrets is performed in parallel and have no bearing on each other. See MPEP 2144.04 VI B; In re Harza, 124 USPQ 378 (CCPA 1960).
Regarding Claim 1, Goldfarb teaches a system (Paragraphs 0020 and 0035 teach a third-party mobile device (i.e., POS terminal device, or any other electronic device capable of communicating with payment provider device (card reader) can initiate a payment transaction and receive a transaction approval request), comprising: a first processor and a first memory (Paragraph 0036 teaches the user device (i.e., POS device) may each include one or more processors, memories, and other appropriate components for executing instructions such as program code and/or data stored on one or more computer readable mediums to implement the various applications, data, and steps described herein).

Regarding Claims 2 and 12, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claims 1 and 11 above; and Goldfarb further teaches wherein the pre-certified payment application driver code includes configurable authentication identifiers to selectively implement (1) an authentication to use the same authentication identifier across all implementations of the pre-certified payment application driver code, (2) an authentication to use authentication identifiers for individual independent software vendors (ISVs), (3) an authentication to use authentication identifiers for individual merchants, or (4) an authentication to use authentication identifiers for individual applications (Paragraph 0044 teaches the user device may include one or more user identifiers which may be implemented, for example, as operating system registry entries, cookies associated with browser application, identifiers associated with hardware of user device, or other appropriate identifiers, such as used for payment/user/device authentication; the user identifier may be used by a payment service provider to associate user with a particular account maintained by the payment provider).

Regarding Claims 3 and 13, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claims 1 and 11 above; however, the combination does not explicitly teach during the transmission of the encrypted first payment data and the reception of the processing result of the first payment transaction, the first integrated application is further configured to communicate transaction information including the encrypted first payment data with the payment server using a transport layer security (TLS) protocol.
Murphy further teaches during the transmission of the encrypted first payment data and the reception of the processing result of the first payment transaction, the first integrated application is further configured to communicate transaction information including the encrypted first payment data with the payment server using a transport layer security (TLS) protocol (Paragraphs 0065 and 0069-0070 teach the virtual POS engine, host system, and merchant web server can communicate with one another using, for example, transport layer security (TLS); the host system can communicate with the virtual POS engine using, for example, TLS).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Baar to incorporate the further teachings of Murphy for during the transmission of the encrypted first payment data and the reception of the processing result of the first payment transaction, the first integrated application to be further configured to communicate transaction information including the encrypted first payment data with the payment server using a transport layer security (TLS) protocol.
There is motivation to further combine Murphy into the combination of Goldfarb, Murphy, and Baar because of the same reasons listed above for claims 1 and 11. 

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 6 and 16, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claims 1 and 11 above; however, the combination does not explicitly teach in response to enabling the first payment terminal, the first integrated application is configured to disable other listener processes in the system from connecting with the first payment terminal.
Murphy further teaches in response to enabling the first payment terminal, the first integrated application is configured to disable other listener processes in the system from connecting with the first payment terminal (Paragraph 0072 teaches the host system can include instructions executable to create, access and maintain a Base Derivation Key (BDK), wherein the BDK can be used to create an Initial PIN Encryption Key (IPEK) which, accompanied by a key serial number, can be provided to the portable device; a TRSM module of the portable device is provided in compliance with the ISO 9564 standard and can contain a unique cryptographic key, e.g. IPEK, based on the HSM module BDK, wherein the IPEK can be provided to the portable device at the point of manufacture such that each portable device can have a unique cryptographic key, e.g. an IPEK accompanied by a key serial number (i.e., enabling the portable device with the unique cryptographic key disables other listeners)).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Baar to incorporate the further teachings of Murphy for in response to enabling the first payment terminal, the first integrated application to be configured to disable other listener processes in the system from connecting with the first payment terminal.
There is motivation to further combine Murphy into the combination of Goldfarb, Murphy, and Baar because of the same reasons listed above for claims 1 and 11.

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 7 and 17, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claims 1 and 11 above; however, the combination does not explicitly teach the first integrated application is configured to maintain the first memory to be free of any decryption keys corresponding to the first encryption key and any unencrypted data of the first payment data. 
Murphy further teaches the first integrated application is configured to maintain the first memory to be free of any decryption keys corresponding to the first encryption key and any unencrypted data of the first payment data (Paragraphs 0072-0073 and 0039 teach the BDK can be used to create an Initial PIN Encryption Key (IPEK) which, accompanied by a key serial number, can be provided to the portable device, and the transaction payment program code (e.g. firmware) of the portable device can create a secure session between the virtual POS engine and the host system, which has the HSM containing the BDK; a secure session can ensure a validity of the virtual POS engine, ensure message transport encryption, e.g. 3DES, per ANSI x9.52 standards, ensure message transport authentication, e.g. via a message authentication code (MAC) (i.e., decryption keys are located at the host system), and enable a secure, e.g. encrypted PIN block to be created per ANSI x9.8 and ISO 9564; a security mechanism can be provided to protect communication between the captive sensors of the portable device and the virtual element of the payment UI screen, for example, the security mechanism can apply some form of message disruption (e.g. data encryption, data scrambling, etc.) between the captive sensors of the portable device and the payment UI screen of the consumer endpoint device (i.e., unencrypted data is not maintained in first memory)).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Baar to incorporate the further teachings of Murphy for the first integrated application to be configured to maintain the first memory to be free of any decryption keys corresponding to the first encryption key and any unencrypted data of the first payment data.
There is motivation to further combine Murphy into the combination of Goldfarb, Murphy, and Baar because of the same reasons listed above for claims 1 and 11.

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 8 and 18, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claims 1 and 11 above; however, the combination does not explicitly teach in response to the first payment terminal reading the first payment data, the first integrated application is configured to encrypt the first payment data.
Murphy further teaches in response to the first payment terminal reading the first payment data, the first integrated application is configured to encrypt the first payment data (Paragraphs 0032, 0039, 0073 teach establishing the secure session between the portable device and the host system can refer to encrypting data sent through the session using the cryptographic key, for example, a security mechanism can apply some form of message disruption (e.g. data encryption, data scrambling, etc.) between the captive sensors of the portable device and the payment UI screen of the consumer endpoint device; the transaction payment program code (e.g. firmware) of the portable device can create a secure session between the virtual POS engine and the host system, which has the HSM containing the BDK, wherein the secure session can ensure a validity of the virtual POS engine, ensure message transport encryption).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Baar to incorporate the further teachings of Murphy for in response to the first payment terminal reading the first payment data, the first integrated application to be configured to encrypt the first payment data.
There is motivation to further combine Murphy into the combination of Goldfarb and Murphy because of the same reasons listed above for claims 1 and 11.

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 9 and 19, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claims 1 and 11 above; and Goldfarb further teaches the first payment data includes data selected from the group consisting of tender data, magnetic card reader (MSR) data, personal identification number (PIN) data, or Europay, MasterCard, or Visa (EMV) data (Paragraph 0028 teaches the POS system, executing on mobile device, may communicate with the payment provider device, which may be reading a chip and PIN card or magnetic card (e.g., card) and may accept a PIN for the chip and PIN transaction that, for example, authorizes use of card).

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).

	Regarding Claims 10 and 20, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claims 1 and 11 above; however, the combination does not explicitly teach for the system to further comprise a first hardware security module (HSM) and a second HSM, wherein: the first integrated application is configured to cause the first payment terminal to share the first encryption key with the payment server via the first HSM, and the second integrated application is configured to cause the second payment terminal to share the second encryption key with the payment server via the second HSM.
Murphy further teaches sharing by the payment server, the first encryption key with the first payment terminal via a first hardware security module (HSM) (Paragraphs 0049, 0072, and 0082 teach the portable device can include a tamper-resistant security module (TRSM) (i.e., HSM), which can include a storage medium to store security parameters, such as the cryptographic key and other cryptographic security parameters (CSPs); the TRSM is tamper-resistant (to make intrusion difficult), tamper-evident (to make intrusion attempts evident), and tamper-responsive (to detect an intrusion attempt and destroy contents in the storage medium in the process); the TRSM module of the portable device is provided in compliance with the ISO 9564 standard and can contain a unique cryptographic key, e.g. IPEK, based on the HSM module BDK; the host system can receive from the virtual POS engine a DUKPT (working key) to create a secure communication session between the virtual POS engine and an entity (e.g. host POS engine) in the host system).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Baar to incorporate the further teachings of Murphy for the system to further comprise a first hardware security module (HSM) and a second HSM, wherein: the first integrated application to be configured to cause the first payment terminal to share the first encryption key with the payment server via the first HSM, and the second integrated application to be configured to cause the second payment terminal to share the second encryption key with the payment server via the second HSM.
There is motivation to further combine Murphy into the combination of Goldfarb, Murphy, and Baar because of the same reasons listed above for claims 1 and 11.
	
Regarding Claim 20, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claim 11 above; and Murphy further teaches in response to receiving the encrypted first payment data from the first integrated application, decrypting by the payment server, the encrypted first payment data (Paragraph 0073 teaches the transaction payment program code of the portable device can create a secure session between the virtual POS engine and the host system, which has the HSM containing the BDK; a secure session can ensure a validity of the virtual POS engine, ensure message transport encryption, e.g. 3DES, per ANSI x9.52 standards, ensure message transport authentication, e.g. via a message authentication code (MAC) (i.e., decrypting first payment data), and enable a secure, e.g. encrypted PIN block to be created per ANSI x9.8 and ISO 9564); encrypting by the payment server, the first payment data with a third encryption key and sending the first payment data encrypted with the third encryption key to a front-end server (Paragraphs 0070 and 0062 teach the application layer to the host system can include a switch to route transaction network traffic, in addition to the acquirer engine (i.e., front-end server) and the host POS engine (i.e., payment server), wherein the acquirer engine can communicate with the external interfaces (i.e., card networks) via the switch using, for example, ISO 8583/3DES and the host POS engine can communicate with the virtual POS engine using, for example, HTTPS/SSL/TLS/3DES (i.e., a different encryption keys are used); the host POS engine (which can include machine-executable instructions or a combination of machine-executable instructions and processing hardware) can communicate securely with the virtual POS engine to transport payment credentials to the acquirer engine); in response to receiving the first payment data encrypted with the third encryption key, processing by the front-end server, the first payment transaction and sending a request for processing the first payment transaction to a card network (Paragraph 0063 and 0089 teach the acquirer engine (i.e., front-end server) can function to determine a scheme, e.g. Visa®, Mastercard®, Amex®, etc., associated with an issuer of a payment card, e.g. an issuing bank, by way of example, the acquirer engine may determine a card scheme based on a bank identification number (BIN) or the issuer identification number (IIN) associated with a payment card; the acquirer can receive the authorization request and, can execute instructions to determine the card scheme, e.g. Mastercard®, Visa®, Amex®, etc. using, for example, the card BIN or IIN; instructions associated with the scheme can execute to determine the issuer, e.g. a bank that offers branded (e.g. MasterCard®, Visa®, Amex®, etc.) payment cards to consumers; in addition the issuer (i.e., card network) can provide authorization for the transaction);-38- 4820-6694-9450.2Attorney Docket No. 111452-0103in response to receiving the processing result of the first payment transaction from the card network, forwarding by the front-end server, the processing result back to the payment server (Paragraph 0089 and Fig. 7B teach the issuer can provide authorization for the transaction and route an authorization response that is received by the virtual POS engine, wherein the authorization response can be, for example, an ISO 8583 MTI 0110 (i.e., the authorization response travels from the issuer (i.e., card network) back through to the acquirer engine (i.e., front-end server) to the host POS engine (i.e., payment server))); in response to receiving the processing result of the first payment transaction from the front-end server, forwarding by the payment server, the processing result back to the first integrated application (Paragraph 0089 teaches the issuer can provide authorization for the transaction and route an authorization response that is received by the virtual POS engine, wherein the authorization response can be, for example, an ISO 8583 MTI 0110; the virtual POS engine (i.e., comprises first integrated application) determines if the authorization response indicates that the transaction is approved).
However, the combination of Goldfarb and Murphy does not explicitly teach wherein the pre-certified payment application driver code supports multiple payment terminal vendors.
Baar from same or similar field of endeavor teaches wherein the pre-certified payment application driver code supports multiple payment terminal vendors (Paragraphs 0023-0024, 0029, and 0033 teaches a global terminal management services can generate updated certificates, provide software updates, provide other configuration files, and the like; payment terminals 110A-C can be configured to interface with EMV cards, such as an integrated circuit card (ICC); example suitable interfaces are provided by EMV Integrated Circuit Card Specifications for Payment Systems; terminal management computing system executes the software of the terminal management engine, and the processor can be caused to perform monitoring, encryption key/certificates, software patch management, and remote terminal configuration and monitoring; the terminal management computing system can generally provide for management of the payment terminals 210A-N, including software management and encryption management; the terminal management computing system can also securely deliver data to secure payment terminals, such as updated certificates, software updates, software patches, configurations files, and so forth).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in the combination of Goldfarb and Murphy, which teaches a pre-certified application driver code integrated with a POS application that creates an integrated application and a payment terminal and payment server that share an encryption key for secure transmission of financial data, to incorporate the teachings of Baar for the pre-certified payment application driver code to support multiple payment terminal vendors in one integration.
There is motivation to combine Baar into the combination of Goldfarb and Murphy because of the same reasons listed above for claims 1 and 11.

Examiner Note: Similar to claim 1 above, limitations can be found obvious in view of legal precedent (2144.04) such as the duplication of parts. In reHarza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960).	

	Regarding Claims 23, 24, 25, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claims 21, 1, and 11 above; and Goldfarb further teaches wherein the pre-certified payment application driver code is a software development kit (SDK) (Paragraph 0025 teaches the merchant's POS system can be adapted (e.g., using SDK) to drive the payment provider device (e.g., card reader) without the merchant having to use an app of the payment provider in order to use the payment provider device and services of the payment provider).

Regarding Claim 26, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claim 1 above; however, the combination does not explicitly teach wherein the pre-certified payment application driver code further supports multiple payment terminal models and multiple countries in the one integration.
Baar further teaches wherein the pre-certified payment application driver code further supports multiple payment terminal models and multiple countries in the one integration (Paragraphs 0023 and 0053 teach the central terminal management computing system can also be in communication with one or more entities through open-network communications that include various global terminal management services of vendors or other certification authorities; the global terminal management services can generate updated certificates, provide software updates, provide other configuration files, and the like; the terminal management computing system obtains updated certificates, updated software, and the like from the vendor global terminal management service; the vendor global terminal management service sends a message to the terminal management computing system indicating a software update is available, then sends information on behalf of the terminal, such as an updated certificate, a software update, a software patch, and so forth).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in the combination of Goldfarb, Murphy, and Baar to incorporate the further teachings of Baar for the pre-certified payment application driver code to further support multiple terminal models and multiple countries in the one integration.
There is motivation to further combine Baar into the combination of Goldfarb and Murphy because of the same reasons listed above for claim 1.

Regarding Claim 27, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claim 1 above; however, the combination does not explicitly teach wherein the first POS application before the integration does not support the multiple payment terminal vendors, and the first integrated application supports the multiple payment terminal vendors. 
Baar further teaches wherein the first POS application before the integration does not support the multiple payment terminal vendors, and the first integrated application supports the multiple payment terminal vendors (Paragraphs 0022-0023 and 0035 teach the payment terminals can be in compliance with, for example, EMV Integrated Circuit Card Specifications for Payment Systems, Book 2, Security and Key Management, Version 4.3; payment terminals are often part of a closed-network, thereby making it difficult for the payment terminal to electronically contact; through use of a terminal management computing system a payment terminal can receive the updated certificates, and other types of data, through communications with the terminal management computing system; the central terminal management computing system can also be in communication with one or more entities through open-network communications; such entities include various global terminal management services of vendors or other certification authorities; generally, the terminal management computing system facilitates communications between a payment terminal on a closed-network with an entity on an open-network for certificate management, software management, terminal configuration, terminal monitoring, and so forth; a merchant A-N can interact with the terminal management computing system to schedule, or otherwise, direct the updating or configuring of the payment terminals 210A-N; by way of example, one of the merchants A-N can be alerted that a particular certificate or software upgrade needs to be provided to a particular payment terminal A-N; through the terminal management computing system, a merchant A-N may receive generally real-time information regarding the security and software status of any affiliated payment terminal 210A-N; such reporting can be used, for example, for the merchant A-N to monitor compliance with various EMV-related specifications).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in the combination of Goldfarb, Murphy, and Baar to incorporate the further teachings of Baar for the first POS application to not support the multiple payment terminal vendors before integration, and the first integrated application supports the multiple payment terminal vendors.
There is motivation to further combine Baar into the combination of Goldfarb and Murphy because of the same reasons listed above for claim 1.

Claims 4, 14, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Goldfarb (US 20140372320) in view of Murphy (US 20180018661) in further view of Baar (US 20180144321) in further view of Dolcino (US 20140324698).

Regarding Claims 4, 14, and 22, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claims 1, 11, and 21 above; and however, the combination does not explicitly teach wherein the pre-certified payment application driver code is an application programming interface (API).
Dolcino from same or similar field of endeavor teaches wherein the pre-certified payment application driver code is an application programming interface (API) (Paragraphs 0066 and 0075 teach the payment control application executed on the CPU of the control circuit communicates with the secure element via a Contactless Front End (CLF), using the same software stacks as in the previous embodiment; the physical communication between the CLF and the control circuit is implemented via an I2C link (not represented in FIG. 7); the payment applet includes an abstraction layer, to interface generically with the lower level software components (e.g. the OS) of the secure element, and the payment applet includes interface modules, to interface with different contact and contactless interfaces of the device: EMV Contact L1 and EMV Contact L2 Core for interfacing with a smart card reader, EMV Contactless L1 core and EMV Contactless L2 Core for interfacing with a NFC interface, Mag Stripe Core for interfacing with a magnetic strip reader; the payment applet comprises communication services, to communicate with external entities (e.g. a financial institution) via the communication interface of the device; the payment applet further comprises security services for securing a communication with the external entities (e.g. a financial institution): authentication services, cryptographic services, and crypto storage services; the payment applet also includes an acquirer module and several payment modules (e.g. MasterCard PayPass MagStripe, Visa PayWave MSD, MasterCard Paypass M/Chip, Visa PayWave qVSDC), to support various types of payment applications provided by different types of payment means (e.g. contact or contactless credit card, contactless payment enabled mobile phone, etc)).
It would be prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Baar to incorporate the teachings of Dolcino for the pre-certified payment application driver code to be an application programming interface (API).
There is motivation to combine Dolcino into the combination of Goldfarb, Murphy, and Baar in order to ensure security during the financial transactions, security standards such as the Europay, MasterCard, and Visa (EMV) transaction standard have been developed and used to certify both the payment terminals and the payment cards. However, due to various factors, including the technical complexity required to meet the security standards, payment terminals that are used to conduct secured financial transactions are usually devices that are solely dedicated to the conduct of financial transactions (Dolcino Paragraph 0004). By integrating the secure element into the POS device, the financial transaction is secured and compliant with the EMV transaction standard and the applicable PCI SSC standards. The applicable PCI SSC standards may be one of the Payment Application Data Security Standard (PA-DSS), PIN Transaction Security (PTS) and/or Point-to-Point Encryption (P2PE). In other embodiments, the transaction may be compliant with other secured transaction standards (Dolcino Paragraph 0043).

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Goldfarb (US 20140372320) in view of Murphy (US 20180018661) in further view of Baar (US 20180144321) in further view of Reese (US 20180007037).

Regarding Claims 5 and 15, the combination of Goldfarb, Murphy, and Baar teaches all the limitations of claims 1 and 11 above; however, the combination does not explicitly teach wherein the pre-certified payment application driver code is a shared library stored in at least one of the first memory or the second memory.
Reese from same or similar field of endeavor teaches wherein the pre-certified payment application driver code is a shared library stored in at least one of the first memory or the second memory (Paragraphs 0055 and 0047 teach libraries include collections of program functions that provide further abstraction for application programs, for example, these include shared libraries, dynamic linked libraries (DLLs), for example; the libraries may be integral to the operating system, runtime system, or may be added-on features, or even remotely-hosted; storage device includes a machine-readable medium on which is stored one or more sets of data structures and instructions (e.g., software) embodying or utilized by any one or more of the methodologies or functions described herein).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Goldfarb, Murphy, and Baar to incorporate the teachings of Reese for the pre-certified payment application driver code to be a shared library stored in the first memory.
There is motivation to combine Reese into the combination of Goldfarb, Murphy, and Baar because libraries define an application program interface (API) through which a variety of function calls may be made by application programs to invoke the services provided by the operating system (Reese Paragraph 0055).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Govindarajan et al. (US 20170351889) teaches systems and methods for a smart harbor device for intelligent updating and selection for use of transaction processing terminal devices. A smart harbor device may be used to provide updating, servicing, and other maintenance of transaction processing terminal devices, such as EMV terminals used in retail transaction processing. The smart harbor device may include a port where the transaction processing terminal devices may be places, and the smart harbor device may connect to each of the transaction processing terminal devices. Once connected, the smart harbor device may run diagnostics to determine the statuses and conditions for each of the transaction processing terminal devices and maintenance the transaction processing terminal devices. The maintenance may be performed at times where the transaction processing terminal devices are not required for use. Additionally, the smart harbor device may intelligently select one based on statuses and device capabilities.
Speiser et al. (US 20160034876) teaches systems, methods, and computer-readable media related to providing a point of sale platform. In some embodiment, a point of sale (POS) device may receive information associated with an order and payment information associated with the order. The POS device may generate a first object based at least in part on the information associated with the order and a second object based at least in part on the payment information. The POS device may store the first object and the second object in a queue. The POS device may transmit the first object and the second object to a remote server.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:00 pm CST (M-F).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/C.P.J./Examiner, Art Unit 3685        
/JAY HUANG/Primary Examiner, Art Unit 3619