Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner’s Note
	Corrected Notice Allowance has been issued to resolve the issues mentioned in Printer Rush dated 3/30/2021.
Examiner’s Note
	Examiner called Applicant and proposed amending all independent claims ( 1, 9, 15 & 18) by incorporating limitations of claim 11. He further proposed canceling claim 14, as well as further amending claim 18 to make it similar to claim 1 and also suggested to correct minor error in claim 15. The Examiner further told him if the Applicant agrees to amend the claims as suggested by the Examiner, the case will be placed in allowable condition. The Applicant agreed to consider the proposal and get back with a response asap. Subsequently, the Applicant emailed the proposed amendment as recommended by the Examiner. Later on the Applicant authorized the Examiner over phone to cancel redundant dependent claims 3, 17 & 20. The case has now been placed in allowable condition.
	EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

AMENDMENTS TO THE CLAIMS:
          Claims are amended as follows:
1.	(Amended) A method for distribution of device key sets over a network, the method comprising: 
generating a provisioning request including a protected software environment key agreement public key in a protected software environment (PSE) of a client device, and sending the provisioning request along with a PSE hash and a PSE signature to a quoting enclave of the client device to obtain a quote and an enhanced privacy ID (EPID) signature;
obtaining from a crypto hardware (CH) token, belonging to a user, a token signature for the provisioning request and a token certificate; 
combining the provisioning request, the quote, the EPID signature, the token signature, and the token certificate using untrusted software to form a provisioning message, and transmitting the provisioning message from the client device to an attestation proxy server (APS) using a first network connection;
attaching an APS signature and an APS certificate to the provisioning message based on a result of a verification of the EPID signature in an attestation server, and transmitting the provisioning message along with the APS signature and the APS certificate from the APS to an online provisioning server (OPS) using a second network connection;

wherein the PSE decrypts the encrypted device key set included with the provisioning response to obtain the device key set, re-encrypts the device key set with a local chip-specific sealing key, and stores the re-encrypted device key set; and wherein
the PSE transmits the PSE hash to the CH token and receives the PSE hash signed using the token signature as an authenticator object;
requests and receives the token certificate; and  attaches the authenticator object and the token certificate to the provisioning request, and 
wherein the APS verifies the signature of the authenticator object and then attaches the APS signature and the APS certificate to the provisioning message based on the verification result.

3. (Cancelled)
4. Please make Claim 4 dependent on claim 1.
9. 	(Amended) A system for distribution of device key sets over a network, the system comprising:
a client device including:
a connection interface for receiving a crypto hardware (CH) token belonging to a 
user;
a non-transitory memory configured to store one or more programs, untrusted 
software, a quoting enclave, and a protected software environment (PSE);
a hardware processor configured to execute the one or more programs to 
perform operations of the untrusted software, the quoting enclave, and the PSE; and 
a network interface configured to establish communication with a network using
 a first network connection,
wherein, when the one or more programs are executed by the hardware
 processor:
the PSE generates a provisioning request including a PSE key agreement public 
key,
the untrusted software sends the provisioning request along with a PSE hash
 and a PSE signature to the quoting enclave to obtain a quote and an enhanced privacy ID (EPID) signature,
the untrusted software obtains from the CH token a token signature for the 
provisioning request and a token certificate, combines the provisioning request, the quote, and the EPID signature, the token signature, and the token certificate to form a provisioning message, and transmits the provisioning message from the client using the first network connection;
the PSE transmits the PSE hash to the CH token and receives the PSE hash 
signed using the token signature as an authenticator object;
	requests and receives the token certificate; and attaches the authenticator object and the token certificate to the provisioning request, 
wherein the APS verifies the signature of the authenticator object and then
 attaches the APS signature and the APS certificate to the provisioning message based on the verification result;
an attestation proxy server (APS) configured to receive the provisioning message using the first network connection and attach an APS signature and an APS certificate to the provisioning message based on a result of a verification of the EPID signature in an attestation server, and transmit the provisioning message along with the APS signature and the APS certificate from the APS using a second network connection; and
 an online provisioning server (OPS) configured to receive the provisioning message using the second network connection and generate a provisioning response including an encrypted device key set, and deliver the provisioning response to the PSE using the first and second network connections, 
wherein the PSE decrypts the encrypted device key set in the provisioning response to obtain the device key set, re-encrypts the device key set with a local chip-specific sealing key, and stores the re-encrypted device key set.

11.	(Canceled) 

14.	(Canceled) 

15.	(Amended) An apparatus for distribution of device key sets over a network, the apparatus comprising:
a connection interface for receiving a crypto hardware (CH) token belonging to a user;
a non-transitory memory configured to store one or more programs, untrusted software, a quoting enclave, and a protected software environment (PSE);
a hardware processor configured to execute the one or more programs to perform operations of the untrusted software, the quoting enclave, and the PSE; and 
a network interface configured to establish communication with a network using a 
wherein, when the one or more programs are executed by the hardware processor:
the PSE generates a provisioning request including a protected software environment (PSE) key agreement public key;
the untrusted software sends the provisioning request along with a PSE hash and a PSE signature to the quoting enclave to obtain a quote and an enhanced privacy ID (EPID) signature;
the untrusted software obtains from the CH token a token signature for the provisioning request and a token certificate, combines the provisioning request, the quote, and the EPID signature, the token signature, and the token certificate to form a provisioning message, transmits the provisioning message from the client device to an attestation proxy server (APS) using the network connection, and receives a provisioning response including the encrypted device key set from an online provisioning server (OPS) using the 
the PSE transmits the PSE hash to the CH token and receives the PSE hash signed using the token signature as an authenticator object;
requests and receives the token certificate; and 
attaches the authenticator object and the token certificate to the provisioning request, 
wherein the APS verifies the signature of the authenticator object and then attaches the APS signature and the APS certificate to the provisioning message based on the verification result, and 
wherein the PSE decrypts the encrypted device key set in the provisioning response to obtain the device key set, re-encrypts the device key set with a local chip-specific key and stores the re-encrypted device key set.
17.  (Cancelled)
18.	(Amended) A method for distribution of device key sets over a network, the method comprising:
generating a provisioning request including a protected software environment (PSE) key agreement public key in a PSE of a client device, and sending the provisioning request along with a PSE hash and a PSE signature to a quoting enclave of a client device to obtain a quote and an enhanced privacy ID (EPID) signature;
obtaining from a crypto hardware (CH) token, belonging to a user, a token signature for the provisioning request and a token certificate; 
combining the provisioning request, the quote, and the EPID signature, the token signature, and the token certificate using untrusted software to form a provisioning message, and transmitting the provisioning message from the client device using a first network connection; 
attaching an APS signature and an APS certificate to the provisioning message based on a result of a verification of the EPID signature in an attestation server, and transmitting the provisioning message along with the APS signature and the APS certificate from the APS to an online provisioning server (OPS) using a second network connection; and 
receiving a provisioning response including an encrypted device key set from an online provisioning server (OPS) using the first network connection,
wherein the PSE decrypts the encrypted device key set in the provisioning response to obtain the device key set, re-encrypts the device key set with a local chip-specific sealing key, and stores the re-encrypted device key set; and wherein
the PSE transmits the PSE hash to the CH token and receives the PSE hash signed using the token signature as an authenticator object;
	requests and receives the token certificate; and 
	attaches the authenticator object and the token certificate to the provisioning request, and 
wherein the APS verifies the signature of the authenticator object and then attaches the APS signature and the APS certificate to the provisioning message based on the verification result.

20. (Cancelled) 
.
Allowable Subject Matter
Claims 1-2, 4-10, 12-16 and 18-19 are allowed.

		The following is an examiner’s statement of reasons for allowance:
Regarding claims 1 & 18, although the prior art of record teaches (such as, Scott-Nash (US20160149912) generating a provisioning request including a protected software environment key agreement public key in a protected software environment (PSE) of a client device; none of the prior art, alone or in combination teaches obtaining from a crypto hardware (CH) token, belonging to a user, a token signature for the provisioning request and a token certificate; combining the provisioning request, the quote, the EPID signature, the token signature, and the token certificate using untrusted software to form a provisioning message, and transmitting the provisioning message from the client device to an attestation proxy server (APS) using a first network connection; attaching an APS signature and an APS certificate to the provisioning message based on a result of a verification of the EPID signature in an attestation server, and transmitting the provisioning message along with the APS signature and the APS certificate from the APS to an online provisioning server (OPS) using a second network connection; in view of other limitations of claims 1 & 18.
Regarding claims 9 &15, although the prior art of record teaches (such as, Scott-Nash (US20160149912) generating a provisioning request including a protected software environment key agreement public key in a protected software environment (PSE) of a client device, none of the prior art, alone or in combination teaches the untrusted software sends the provisioning request along with a PSE hash
 and a PSE signature to the quoting enclave to obtain a quote and an enhanced privacy ID (EPID) signature, the untrusted software obtains from the CH token a token signature for the provisioning request and a token certificate, combines the provisioning request, the quote, and the EPID signature, the token signature, and the token certificate to form a provisioning message, and transmits the provisioning message from the client using the first network connection; the PSE transmits the PSE hash to the CH token and receives the PSE hash signed using the token signature as an authenticator object; requests and receives the token certificate; and attaches the authenticator object and the token certificate to the provisioning request, wherein the APS verifies the signature of the authenticator object and then attaches the APS signature and the APS certificate to the provisioning message based on the verification result; in view of other limitations of claims 9 & 15.

	The closest prior art (patent publications) made of records are: 
Scott-Nash (US20160149912) teaches that  at least one computer readable medium has instructions stored thereon for causing a system to cryptographically sign, at a secure platform services enclave (PSE) of a computing system and using a secure attestation key (SGX AK), a public portion of a trusted platform module attestation key (TPM AK) associated with a trusted computing base of a physical platform, to form a certified TPM AK public portion. Also included are instructions to store the certified TPM AK public portion in the PSE, and instructions to, responsive to an attestation request received from a requester at a virtual trusted platform module (vTPM) associated with a virtual machine (VM) that has migrated onto the physical platform, provide to the requester the certified TPM AK public portion stored in the PSE. Other embodiments are described and claimed. 
Medvinsky (US20030149871) teaches a method and system for providing a client (102) with a copy of the authorization data that can be accessed and used by the client. The method is well-suited to key management protocols that utilize the concept of tickets. Two copies of the authorization data, a client copy and a server copy, are included within and forwarded to the client where the client is requesting a ticket for a specific application server (106). The client is capable of accessing the client copy of the authorization data such that the client can verify requests, and determine authorization of use for content and/or services requested. 
 Medvinsky (US20030059053) teaches a system and method for interfacing protocol applications with a daemon to perform secure key management between the a computer system and a second computer system. The method includes providing a first protocol application running on the first computer, and specifying an application role value from the first protocol application to the daemon, the application role for identifying the first protocol application. Further, the method includes specifying an object containing application data specific to the first protocol application, and employing the object and the application role value for performing key management in order to secure communication of real-time data between the first computer system and the second computer systems. 
Sprunk (US20050027985) teaches a secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers. The secure devices, such as the CTA, can communicate with other secure devices by establishing signaling and bearer channels that are encrypted with session specific symmetric keys derived from a symmetric key distributed by a signaling controller. 
Zhang (US20090165111) teaches a method, device and system for securely managing debugging processes within a communication device, such as a set top box or other multimedia processing device. For example, a security processor (SP) within the communication device manages the lifetime (LT) of any access token issued for use in activating debugging privileges within the communication device. The security processor authenticates an issued access token and securely delivers appropriate debug authorization information to the device controller. The security processor uses its secure, internal timer to count down the lifetime and update the remaining lifetime of the issued access token during the processing of each command by the security processor. In addition to securely managing the issuance of the access token and it's remaining lifetime, the updating process reduces any impact on the normal communications within the device. The method overcomes the issue of the communication device not having a secure internal clock. 
   Kou (US 20180150411 ) discloses Instantiating an attestation facilitation component that allows a remote application to attest to a secure state of a secure memory application executing upon a secure platform of a computer system regardless of a type of either the secure platform or a health attestation service. Instantiation comprises identifying a property that includes at least one of the secure platform type and the health attestation service type. The instantiation is customized with the identified property. The attestation facilitation component verifies that a report generated by the secure platform represents that the secure memory application is operating in a secure state, and accesses a token generated by the health attestation service that represents that the secure platform is operating in a secure state. The attestation facilitation component generates a quote that allows the remote application to verify that the secure platform and the secure memory application are both operating in secure states. 

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHER A KHAN/Primary Examiner, Art Unit 2497