DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claims 1, 4-6, 10-13 and 16-19 are allowed.
Reasons for Allowance
According to 37 CFR 1.104(e), if the examiner believes that the record of the prosecution as a whole does not make clear his or her reasons for allowing a claim or claims, the examiner may set forth such reasoning. Accordingly, Examiner concludes that, for clarity, the record requires that Examiner set forth reasons for the allowance of claims 1-25. The applicant or patent owner may file a statement commenting on the following reasons for allowance within THREE MONTHS FROM THE “MAILING DATE” of this communication.
The following is an examiner’s statement of reasons for allowance.
For example, the cited prior art of record comprises inter alia the following references:
	US 2010/0189265 A1		Ito et al.
	US 2005/0149722 A1		Wiseman et al.
	US 2016/0285638 A1		Pearson et al.
	US 7,194,759 B1			Chess et al.

Ito teaches a terminal (collectively: 120, FIG. 1 and 302, FIG. 7) for a key updating method, the terminal (note: terminal 120 and apparatus 130 collectively read on Applicant’s claimed “terminal” [see ¶ 97, 150]) comprising: a processor; and a memory storing instructions that, when executed by the processor, cause the processor to:
send the device public key and a device identifier of the terminal to a device public key management server (¶ 84, 94 “transmit the device public key...to the key management server...transmit information relating to the device private key...to the management server/device public key management server”);
generate a new private key (332, FIG. 8) and a new public key (334, FIG. 8 / 344, FIG. 11) using the TEE system of the terminal (¶ 150 “generate the device private key 332 and the device public key 334”);
perform signature processing on the new public key using an upper-level private key of the new private key, to obtain to-be-verified signature information (335, FIG. 8 / 345, FIG. 11) (¶ 150 “obtain/generate signature data 335 with respect to the device public key 334 with use of the root private key/upper-level private key”); and
send, to an operation server (150, FIG. 1), a storage request (S1402, FIG. 16) carrying the device identifier (333, FIG. 8 / 343, FIG. 11) of the terminal, the new application public key, and the second to-be-verified signature information (¶ 97, 150, 165, 186, 187 “server 150 receives S1402 the device public key certificate transmitted/sent from the terminal 120”; ¶ 150, 162 “device public key certificate 343 includes the device public key 344 and the signature data 345”; note: terminal 120 may 
However, Ido does not explicitly disclose: generate a device private key and a device public key using a TEE (a trusted execution environment) system; store the device private key in the TEE system; generate an application private key and an application public key using the TEE system; store the application private key in the TEE system; perform signature processing on the application public key using the device private key to obtain first to-be-verified signature information; send, to an operation server, a first storage request carrying the device identifier, the application public key, and the first to-be-verified signature information; receive a key updating notification sent by the operation server; generate a new application private key and a new application public key using the TEE system of the terminal; store the new application private key in the TEE system; perform signature processing on the new application public key using the application private key as an upper-level private key of the new application private key, to obtain second to-be-verified signature information; and send, to the operation server, a second storage request carrying the device identifier of the terminal, the new application public key, and the second to-be-verified signature information.
In an analogous art, Wiseman teaches: 
receive a key updating notification sent by a operation server (¶ 31, 38, 42 “operation server/provider sends to the client/terminal the service key generation request/key updating notification”; note: it is implicit that Wiseman’s client/ terminal ; and
generate a new private key and a new public key using a TPM system of a terminal (¶ 27 “operation server/provider...requests the client/terminal to generate a key pair”; ¶ 28 “terminal/client sends the request to the platform's TPM.  The TPM returns the public key”; note: it is implicit that Wiseman’s TPM may create a “new public key” and “new private key” in response to a key generation request/key updating notification [see ¶ 18, 27, 28, 32]).
However, Ito in view of Wiseman does not explicitly disclose: generate a device private key and a device public key using a TEE (a trusted execution environment) system; store the device private key in the TEE system; generate an application private key and an application public key using the TEE system; store the application private key in the TEE system; perform signature processing on the application public key using the device private key to obtain first to-be-verified signature information; send, to an operation server, a first storage request carrying the device identifier, the application public key, and the first to-be-verified signature information; generate a new application private key and a new application public key using the TEE system of the terminal; store the new application private key in the TEE system; perform signature processing on the new application public key using the application private key as an upper-level private key of the new application private key, to obtain second to-be-verified signature information; and send, to the operation server, a second storage request carrying the device identifier of the terminal, the new application public key, and the second to-be-verified signature information.
Pearson teaches:
generate a device private key and a device public key using a TEE (a trusted execution environment) system (¶ 136 “cause the TEE to: generate the public/private key pair”); and
store the device private key in the TEE system (note: it is implicit that, at some point, Pearson’s TEE must somehow “store” the “private key” it generates [see ¶ 136]).
However, Ito in view of Wiseman further in view of Pearson does not explicitly disclose:  generate an application private key and an application public key using the TEE system; store the application private key in the TEE system; perform signature processing on the application public key using the device private key to obtain first to-be-verified signature information; send, to an operation server, a first storage request carrying the device identifier, the application public key, and the first to-be-verified signature information; generate a new application private key and a new application public key using the TEE system of the terminal; store the new application private key in the TEE system; perform signature processing on the new application public key using the application private key as an upper-level private key of the new application private key, to obtain second to-be-verified signature information; and send, to the operation server, a second storage request carrying the device identifier of the terminal, the new application public key, and the second to-be-verified signature information.
In an analogous art, Chess teaches:
wherein a new private key is a new application private key (609, FIG. 6) and wherein a new public key is a new application public key (609, FIG. 6) (col. 7, lns. 28-33 “this new keypair 609 belongs to [] application...leave this application keypair 609”; note: ; and
an upper-level private key (608, FIG. 6) of the new application private key (col. 7, lns. 28-33 “use the devices’ own keypair 608 to certify...new keypair 609”; note: Examiner takes official notice of the fact that a “devices’ [] key pair 608” includes both a public key and a private key [see: col. 7, lns. 28-33]).
However, the prior art of record, alone or in combination does not explicitly disclose: generate an application private key and an application public key using the TEE system; store the application private key in the TEE system; perform signature processing on the application public key using the device private key to obtain first to-be-verified signature information; send, to an operation server, a first storage request carrying the device identifier, the application public key, and the first to-be-verified signature information; generate a new application private key and a new application public key using the TEE system of the terminal; store the new application private key in the TEE system; perform signature processing on the new application public key using the application private key as an upper-level private key of the new application private key, to obtain second to-be-verified signature information; and send, to the operation server, a second storage request carrying the device identifier of the terminal, the new application public key, and the second to-be-verified signature information.

Since claims 4, 5, 10-12 and 16-19 depend from either claim 1, 6 or 13, then the foregoing reasons for allowing claims 1, 6 and 13 apply equally to claims 4, 5, 10-12 and 16-19.
EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Junqi Hang, Reg. No. 54,615 on April 6, 2021.
The application has been amended as follows.

In the claims:
1. (Currently Amended) A key updating method comprising:
generating, by a terminal, a device private key and a device public key using a TEE (a trusted execution environment) system;
storing, by the terminal, the device private key in the TEE system;
sending, by the terminal, the device public key and a device identifier of the terminal to a device public key management server;
generating, by the terminal, an application private key and an application public key using the TEE system;
storing, by the terminal, the application private key in the TEE system;
performing, by the terminal, signature processing on the application public key using the device private key to obtain first to-be-verified signature information;
sending, by the terminal to an operation server, a first storage request carrying the device identifier, the application public key, and the first to-be-verified signature information;

generating, by the terminal, a new application private key and a new application public key using the TEE system of the terminal;
storing the new application private key in the TEE system;
performing, by the terminal, signature processing on the new application public key using the application private key as an upper-level private key of the new application private key, to obtain second to-be-verified signature information; and
sending, by the terminal to the operation server, a second storage request carrying the device identifier of the terminal, the new application public key, and the second to-be-verified signature information.

2-3. (Cancelled).

4.    (Previously Presented) The method according to claim 1, further comprising:
generating, by the terminal, a service private key and a service public key using the TEE system;
storing, by the terminal, the service private key in the TEE system;
performing, by the terminal, signature processing on the service public key using the application private key to obtain third to-be-verified signature information; and
sending, by the terminal to the operation server, a third storage request carrying the device identifier, the service public key, and the third to-be-verified signature information.

5.    (Previously Presented) The method according to claim 4, wherein:
the service private key has a correspondence with an account logged into an application program; and
generating the service private key and the service public key includes generating the service private key and the service public key in response to receiving a starting instruction of a service in the application program.

6. (Currently Amended) A non-transitory computer-readable storage medium storing computer program instructions executable by at least one processor to perform:






generating, by a terminal, a device private key and a device public key using a TEE (a trusted execution environment) system;
storing, by the terminal, the device private key in the TEE system;
sending, by the terminal, the device public key and a device identifier of the terminal to a device public key management server;
generating, by the terminal, an application private key and an application public key using the TEE system;
storing, by the terminal, the application private key in the TEE system;
performing, by the terminal, signature processing on the application public key using the device private key to obtain first to-be-verified signature information;
sending, by the terminal to an operation server, a first storage request carrying the device identifier, the application public key, and the first to-be-verified signature information;
receiving, by the terminal, a key updating notification sent by the operation server;
generating, by the terminal, a new application private key and a new application public key using the TEE system of the terminal;
storing the new application private key in the TEE system;
performing, by the terminal, signature processing on the new application public key using the application private key as an upper-level private key of the new application private key, to obtain second to-be-verified signature information; and
sending, by the terminal to the operation server, a second storage request carrying the device identifier of the terminal, the new application public key, and the second to-be-verified signature information.

7-9. (Cancelled).

10.  (Currently Amended) The non-transitory computer-readable storage medium according to claim 6, wherein the computer program instructions are executable by the at least one processor to further perform:


generating, by the terminal, a service private key and a service public key using the TEE system;
storing, by the terminal, the service private key in the TEE system;
performing, by the terminal, signature processing on the service public key using the application private key to obtain third to-be-verified signature information; and
sending, by the terminal to the operation server, a third storage request carrying the device identifier, the service public key, and the third to-be-verified signature information.

11.    (Currently Amended)  The non-transitory computer-readable storage medium according to claim 6, wherein the service private key has a correspondence with an account logged into an application program, and wherein the computer program instructions are executable by the at least one processor to further perform:


generating the service private key and the service public key includes generating the service private key and the service public key in response to receiving a starting instruction of a service in the application program.

12.    (Currently Amended)  The non-transitory computer-readable storage medium according to claim 10, wherein the third storage request sent by the terminal includes an account identifier, and wherein, in response to determining the third to-be-verified signature information is verified, the operation server stores the account identifier in addition to the device identifier and the service public key



13.    (Currently Amended)  A terminal for a key updating method, the terminal comprising: a processor; and a memory storing instructions that, when executed by the processor, cause the processor to:






generate a device private key and a device public key using a TEE (a trusted execution environment) system;
store the device private key in the TEE system;
send the device public key and a device identifier of the terminal to a device public key management server;
generate an application private key and an application public key using the TEE system;
store the application private key in the TEE system;
perform signature processing on the application public key using the device private key to obtain first to-be-verified signature information;
send, to an operation server, a first storage request carrying the device identifier, the application public key, and the first to-be-verified signature information;
receive a key updating notification sent by the operation server;
generate a new application private key and a new application public key using the TEE system of the terminal;
store the new application private key in the TEE system;
perform signature processing on the new application public key using the application private key as an upper-level private key of the new application private key, to obtain second to-be-verified signature information; and
send, to the operation server, a second storage request carrying the device identifier of the terminal, the new application public key, and the second to-be-verified signature information.

14-15. (Cancelled).

16.    (Currently Amended) The terminal according to claim 13, wherein the instructions further cause the processor to:


store the service private key in the TEE system;
perform signature processing on the service public key using the application private key to obtain third to-be-verified signature information; and
send, to the operation server, a third storage request carrying the device identifier, the service public key, and the third to-be-verified signature information.

17.    (Currently Amended)The terminal according to claim 13, wherein the service private key has a correspondence with an account logged into an application program, and wherein the instructions further cause the processor to:



generate the service private key and the service public key includes generating the service private key and the service public key in response to receiving a starting instruction of a service in the application program.

18.    (Currently Amended) The terminal according to claim 16, wherein the third storage request sent by the terminal includes an account identifier, and wherein, in response to determining the third to-be-verified signature information is verified, the operation server stores the account identifier in addition to the device identifier and the service public key



19.    (Previously Presented) The method according to claim 4, wherein the third storage request sent by the terminal includes an account identifier, and wherein, in response to determining the third to-be-verified signature information is verified, the operation server stores the account identifier in addition to the device identifier and the service public key.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kalish Bell whose telephone number is (571) 272-5294.  The examiner can normally be reached on 9am-5pm, M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KALISH K BELL/Examiner, Art Unit 2432

/MORSHED MEHEDI/Primary Examiner, Art Unit 2432