DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Status
 Claims 1-18 are pending.

Interview Summary
 As noted in attached  interview summary, issues regarding the claim language were discussed in interview on 8/15/2022.  Notably, independent claims 1, 7 and 13 appear to recite elements of Figure 8, except for the limitation of confirming...the manufacturer identifier...was signed; this feature appears to be drawn instead from the embodiment of Figure 9a.  It was further noted that the embodiment of Figure 9a does not support the limitations of the claim other than the locating of the key associated with the manufacturer identifier and the confirming of the signed manufacturer identifier limitation.  Attorney Cheah agreed to contact Applicant regarding clarification and possible embodiments or interpretations that would have support in the specification.  However, response was not received within the time allowed for examination, and the claims have been examined as they were filed on 6/8/2020.  



Claim Rejections - 35 USC § 112(a)
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-18 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
With regard to claims 1, 7 and 13, claim 1 recites, “...receive a data set and a manufacturer identifier from a communications device, and validate an identity from the data set; locate a first terminal cryptographic key associated with the manufacturer identifier in a terminal database; confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key, wherein the located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair; determine an acquirer server from the data set, and provide the acquirer server with a merchant identifier; and download a payload to the communications device, the payload including the merchant identifier,” and claims 7 and 13 recite similar limitations.    However, Applicant’s specification does not specifically disclose the limitations of the claims.
Notably, independent claims 1, 7 and 13 appear to recite elements of Figure 8, except for the limitation of, “...locate a first terminal cryptographic key associated with the manufacturer identifier in a terminal database; confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key, wherein the located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair...”  The use of a signed manufacturer identifier and confirmation of such a datum is not disclosed in Figure 8.
PGPub paragraphs [111]-[114] and Figure 8, steps S812 and S816, appear to read on “receive a data set and a manufacturer identifier from a communications device, and validate an identity from the data set” (where merchant activation request, comprising ManfID and MerchID, reads on ‘receive a data set’ and validate MerchID reads on ‘validate an identity from the data set’. Step S822, sending data to financial institution server, appears to read on ‘determine acquirer server... and provide with merchant identifier’.   However, Figure 8 does not disclose a signed manufacturer identifier.
Figure 9 and PGPub [127]-[129] disclose, “...locate a first terminal cryptographic key associated with the manufacturer identifier in a terminal database; confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key, wherein the located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair...”; step S914 discloses receiving signed terminal identifier and signed manufacturer identifier, and step S916 discloses locating MprvK, and then validating signed terminal identifier and signed manufacturer identifier in step S918. However, Figure 9 does not disclose validate an identity from the data set; step S918 validates terminal and manufacturer identifiers- identifiers associated with the pin-pad device- not with an ‘identity’, which is interpreted as the Merchant within the context of the instant claims (see PGPub [69] disclosing validating an identity as comprising that of the merchant).  
The claims therefore appear to be drawing elements from different embodiments, in a manner which is not supported by Applicant’s specification.  The claims are rejected as failing to comply with the written description requirement.  Dependent claims 2-6, 8-12, 14-18 inherit the same deficiency and are rejected for the same reason.

 With regard to claims 1, 7 and 13, claim 1 recites, “...determine an acquirer server from the data set, and provide the acquirer server with a merchant identifier; and download a payload to the communications device, the payload including the merchant identifier,” and claims 7 and 13 recite similar limitations.    However, Applicant’s specification does not specifically disclose the limitations of the claims.  Specifically, Figure 9a S922 discloses sending a payload comprising encrypted keys to be used for secure communications, and Figure 9b S936 discloses sending a payload comprising encrypted payment keys.  The acquirer server is not provided notification until the payload downloads have completed. The claims therefore are rejected as failing to comply with the written description requirement.  Dependent claims 2-6, 8-12, 14-18 inherit the same deficiency and are rejected for the same reason.


 Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
With regard to claims 1-18, claim 1 recites, “...receive a data set and a manufacturer identifier from a communications device, and validate an identity from the data set; locate a first terminal cryptographic key associated with the manufacturer identifier in a terminal database; confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key, wherein the located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair; determine an acquirer server from the data set, and provide the acquirer server with a merchant identifier; and download a payload to the communications device, the payload including the merchant identifier,” and claims 7 and 13 recite similar limitations.  
The claims recite validating an identity from the data set.  However, the ‘identity’ is unclear.  The term, according to Applicant’s PGPub  ([69], disclosing the identity as comprising that of the merchant), indicates the data set comprises merchant identity, but such a combination of elements in the received dataset (MerchID, ManufID) comprises a step in the terminal activation process/provisioning of TermID as disclosed by Applicant’s specification, not the downloading of a payload, as recited by claims. Therefore, in light of Applicant’s specification, the claims are unclear and indefinite.  Dependent claims 2-6, 8-12, 14-18 inherit the same deficiency and are rejected for the same reason.


With regard to claims 1-18, claim 1 recites, “...receive a data set and a manufacturer identifier from a communications device, and validate an identity from the data set; locate a first terminal cryptographic key associated with the manufacturer identifier in a terminal database; confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key, wherein the located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair; determine an acquirer server from the data set, and provide the acquirer server with a merchant identifier; and download a payload to the communications device, the payload including the merchant identifier,” and claims 7 and 13 recite similar limitations.  
 The claims disclose determining an acquirer server and providing with merchant identifier, and downloading a payload including the merchant identifier.  However, the downloading of the payload is unclear, as the payload can broadly read on the receipt of any of the disclosed identifiers, notifications or keysets.  The nature of the payload is critical to the interpretation of the claim limitations, as the interpretation of the recited process steps depends completely upon which downloading step is being claimed.  The claims are therefore unclear and indefinite.  Dependent claims 2-6, 8-12, 14-18 inherit the same deficiency and are rejected for the same reason.  As noted below, the determination of the payload being claimed in the limitation, “download a payload to the communications device, the payload including the merchant identifier” is critically central to the claim interpretation, and the indefiniteness of the limitation precludes efforts to apply art.


Notes regarding prior art
As noted above, the indefiniteness regarding the nature of the ‘payload’ being downloaded in independent claims 1, 7 and 13, precludes definitive application of prior art.  Relevant art comprises Desai (US Patent 6,877,093) generally discloses verifying identifiers and downloading payment configuration payload; (see Figure 9 and Col. 13, line 41-Col. 14 line18, disclosing authenticating a terminal based upon validating data signed by the terminal, and subsequently downloading configuration data). Under broadest reasonable interpretation, much of the instant independent claims can be interpreted as being read upon by Desai.
Prior art of Gantman (US Publication 2007/0234042), is also relevant, disclosing a public key associated with a mobile device, for authenticating access requests from technicians ([28], “...The private key is used by a service provider to digitally sign a username and (possibly) access privileges to obtain a password for technician. The username, access privileges, and password being associated with the technician. The public key is securely distributed to mobile devices. When off-line, a mobile device may authenticate access requests to restricted functions of the mobile device by a technician. The technician provides its username, access privileges and password to the mobile device. The mobile device then uses the public key to authenticate the password.”; Figure 1, [37]-[39], [41]-[42]).  However, Gantman discloses the mobile device as performing the authentication of the technician credentials, not a server performing the verification of a merchant’s possessing a terminal by means of verifying a signature of a manufacturer identifier, and, after verifying, downloading a payload, as recited by independent claim 1, “...confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key, wherein the located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair; determine an acquirer server from the data set, and provide the acquirer server with a merchant identifier; and download a payload to the communications device, the payload including the merchant identifier...” and as similarly recited by independent claims 7 and 13.  
Prior art of Wheeler, (US Publication 2004/0030901),  discloses associating device public keys to other information using asymmetric cryptography ([17], “...linking in a reliable manner of a public key of a device that generates digital signatures using asymmetric cryptography to other information regarding the device...”), and further discloses authenticating a security profile of a device as genuine based upon checking security certificates using public keys ([113, “...authenticity of the Security Certificate 126 is checked (Step 510) using a public key 128 (SE PuK) of the Secure Entity 112...upon a successful authentication, the Security Profile contained in the authenticated Security Certificate 126 is identified as the Security Profile 120 of the genuine device 104 to which belongs the private key 116 used to digitally sign the message of the EC 122...”]).  However, Wheeler does not specifically disclose a server confirming a signed manufacturer’s identifier, nor after verifying, downloading a payload, as recited by independent claims, “...confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key, wherein the located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair; determine an acquirer server from the data set, and provide the acquirer server with a merchant identifier; and download a payload to the communications device, the payload including the merchant identifier...”

Notes on Double Patenting Analysis
  It is noted that parent case, 14/721755, now patent 10,679,212, claims confirming signatures of MerchID and confirming MerchID and ManfID are associated with each other in the pin-pad database, and downloading a configuration payload.  The parent ‘755 claims do not specifically recite confirming signature of ManfID.  Initial analysis therefore indicates a double patenting rejection would not be made on the instant claims; however, further clarification of the claims may change this analysis.


 Conclusion
 The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
“Payment Card Industry (PCI) Unattended Payment Terminal (UPT)- Security Requirements”, downloaded from https://www.pci-dss.gr/media/1954/pci-upt-security-requirements-v10-final.pdf dated 2009 and attached as a PDF file.
  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Margaret Neubig whose telephone number is (571)270-0437. The examiner can normally be reached Monday-Friday, 9:30-6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/M.M.N. /Examiner, Art Unit 3685                                                                                                                                                                                                        
/JAMES D NIGH/Senior Examiner, Art Unit 3685