DETAILED ACTION
This office action is in response to the correspondence filed on 06/04/2019. This application is a 371 National Stage of PCT/CN2017/102984 which has two foreign applications: CN201611220733.1 filed on 12/26/2016 and CN201611188523.9 filed on 12/20/2016. Claims 1-15 are still pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 06/04/2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Proposal for this examiner’s amendment was given in an interview with Jonathan Withrow (Reg. No. 54548 on 02/16/2021 and subsequent authorization on 02/19/2021.
The application has been amended as follows: 
Please replace Claims 2-3, 5-8, 10-13, and 15 as follows:
2.	(Currently Amended) The method according to claim 1, wherein before said detecting [[an]] the injection key acquisition instruction the method further comprises steps of:
sending a certificate request to a certificate acquisition server;
randomly generating the random key pair when receiving request confirmation information returned by the certificate acquisition server according to the certificate request;
storing the private key in the random key pair locally, and sending a public key in the random key pair to the certificate acquisition server, generating a certificate request
file according to the public key in the random key pair and sending the certificate request file to a certificate issuance server by the certificate acquisition server, and
generating the first identity authentication certificate by the certificate issuance server according to the first identity authentication certificate; and
receiving the first identity authentication certificate fed back by the certificate issuance server through the certificate acquisition server.

3.	(Currently Amended) The method according to claim 1, wherein the step of acquiring and storing [[an]] the injection key according to the injection key ciphertext signature and the second identity authentication certificate comprises:
verifying an identity of the remote injection server according to the second identity authentication certificate;
extracting an authentication public key in the second identity authentication certificate if verification of the identity of the remote injection server is passed;
verifying the injection key ciphertext signature according to the authentication public key in the second identity authentication certificate; and


5.	(Currently Amended) The method according to claim 1, wherein the step of receiving [[an]] the injection key ciphertext signature and [[a]] the second identity authentication certificate returned by the remote injection server according to the temporary key signature and the first identity authentication certificate comprises:
receiving the injection key ciphertext signature and the second identity authentication certificate returned by the remote injection server after verification of the first identity authentication information is passed by the remote injection server; wherein the injection key ciphertext signature is generated by the remote injection server by performing a signature on the injection key ciphertext using an authentication secret key corresponding to an authentication public key in the second identity authentication certificate, and wherein the injection key ciphertext is acquired by the remote injection server by encrypting the iniection key using the public key in the temporary key signature.

6.	(Currently Amended) A Point of Sale (POS)  terminal, comprising a memory and a processor, and the memory stores a computer readable instruction, wherein when the computer readable instruction is executed by the processor, the processor is configured to be caused to perform following steps of:
detecting an injection key acquisition instruction;
generating a temporary key pair when the injection key acquisition instruction is detected;

acquiring a first identity authentication certificate;
sending the temporary key signature and the first identity authentication certificate to a remote injection server;
receiving an injection key ciphertext signature and a second identity
authentication certificate returned by the remote injection server according to the temporary key signature and the first identity authentication certificate; and
acquiring and storing an injection key according to the injection key ciphertext signature and the second identity authentication certificate.


7.	(Currently Amended) The POS terminal according to claim 6, wherein before [[an]] the injection key acquisition instruction is detected, the processor is further configured to be caused by the computer readable instruction to perform the following steps of:
sending a certificate request to a certificate acquisition server;
randomly generating the random key pair when receiving request confirmation information which is returned by the certificate acquisition server according to the certificate request;
storing the private key in the random key pair locally, and sending a public key in the random key pair to the certificate acquisition server, generating a certificate request file according to the public key in the random key pair and sending the certificate request file to a certificate issuance server by the certificate acquisition server, and

receiving the first identity authentication certificate fed back by the certificate issuance server through the certificate acquisition server.

8.	(Currently Amended) The POS terminal according to claim 6, wherein the step of acquiring and storing [[an]] the injection key according to the injection key ciphertext signature and the second identity authentication certificate comprises:
verifying an identity of the remote injection server according to the second identity authentication certificate;
extracting an authentication public key in the second identity authentication certificate if verification of the identity of the remote injection server is passed;
verifying [[an]] the injection key ciphertext signature according to the authentication public key in the second identity authentication certificate; and
decrypting [[the]] an injection key ciphertext in the injection key ciphertext signature to
obtain and store the injection key according to the locally stored private key in the temporary key pair, if verification of the injection key ciphertext signature is passed.

10.	(Currently Amended) The POS terminal according to claim 6, wherein the step of receiving [[an]] the injection key ciphertext signature and [[a]] the second identity authentication certificate returned by the remote injection server according to the temporary key signature and the first identity authentication certificate comprises:
receiving the injection key ciphertext signature and the second identity authentication certificate returned by the remote injection server after verification of the first identity authentication 

11.	(Currently Amended) One or a plurality of non-transitory  readable storage medium storing a computer readable instruction, wherein when the computer readable instruction is executed by one or more processors, the one or more processors is/are configured to be caused to perform following steps of:
detecting an injection key acquisition instruction;
generating a temporary key pair when the injection key acquisition instruction is detected;
acquiring a locally stored private key in a random key pair, and using a private key in the random key pair to perform signature on a public key in the temporary key pair to generate a temporary key signature;
acquiring a first identity authentication certificate;
sending the temporary key signature and the first identity authentication certificate to a remote injection server;
receiving an injection key ciphertext signature and a second identity authentication certificate returned by the remote injection server according to the temporary key signature and the first identity authentication certificate; and
acquiring and storing an injection key according to the injection key ciphertext signature and the second identity authentication certificate.
12.	(Currently Amended) The storage medium according to claim 11, wherein before performing the step of detecting [[an]] the injection key acquisition instruction, the processor is further configured to be caused by the computer readable instruction to perform following steps of:
sending a certificate request to a certificate acquisition server;
randomly generating the random key pair when a request confirmation information as returned by the certificate acquisition server according to the certificate request is received;
storing the private key in the random key pair locally, and sending a public key in the random key pair to the certificate acquisition server, generating a certificate request file according to the public key in the random key pair and sending the certificate request file to a certificate issuance server by the certificate acquisition server, and
generating the first identity authentication certificate by the certificate issuance server according to the first identity authentication certificate; and
receiving the first identity authentication certificate fed back by the certificate issuance server through the certificate acquisition server.

13.	(Currently Amended) The storage medium according to claim 11, wherein the step of acquiring and storing [[an]] the injection key according to the injection key ciphertext signature and the second identity authentication certificate comprises:
verifying an identity of the remote injection server according to the second identity authentication certificate;
extracting an authentication public key in the second identity authentication certificate, if verification of the identity of the remote injection server is passed;
verifying the injection key ciphertext signature according to the authentication public key in the second identity authentication certificate; and


15.	(Currently Amended) The storage medium according to claim 11, wherein the step of receiving [[an]] the injection key ciphertext signature and [[a]] the second identity authentication certificate returned by the remote injection server according to the temporary key signature and the first identity authentication certificate comprises:
receiving the injection key ciphertext signature and the second identity authentication certificate returned by the remote injection server after verification of the first identity authentication information is passed by the remote injection server; wherein the injection key ciphertext signature is generated by the remote injection server by performing a signature on the injection key ciphertext using an authentication secret key corresponding to an authentication public key in the second identity authentication certificate, and wherein the injection key ciphertext is acquired by the remote injection server by encrypting the injection key using the public key in the temporary key signature.

---------------------------------END OF EXAMINER’S AMENDMENT--------------------------------


Allowable Subject Matter
Claims 1-15 are allowed.
The following is an examiner’s statement of reasons for allowance:
Kamikura (US Pub. No. 2009/0037728 A1) discloses an authentication system for devices, a key certificate issuing station, and key certificate acquisition method. While Kamikura discloses a key certificate issuing station that issues a temporary certificate and permanent certificate for a key pair composed of a public key and private key used by a device, a device public key/certificate acquisition control acquires a permanent certificate from public key certificate issuing station using the temporary certificate via the device and stores this in key/certificate storage, it fails to disclose acquiring a locally stored private key in a random key pair, using a private key in the random key pair to perform signature on a public key in the temporary key pair to generate a temporary key signature; acquiring a first identity authentication certificate; sending the temporary key signature and the first identity authentication certificate to a remote injection server; receiving an injection key ciphertext signature and a second identity authentication certificate returned by the remote injection server according to the temporary key signature and the first identity authentication certificate; and acquiring and storing an injection key according to the injection key ciphertext signature and the second identity authentication certificate as described in the claims.
Song et al. (US Pub. No. 2007/0214356 A1) discloses a method for authentication between electronic devices with minimal user intervention. While Song discloses a server generating a public/private key pair which will be used for a device and issuing a temporary certificate for the device, the device provides its temporary certificate to a gateway that provides its permanent certificate to the device if the gateway determines the device can be trusted, it fails to disclose acquiring a locally stored private key in a random key pair, using a private key in the random key pair to perform signature on a public key in the temporary key pair to generate a temporary key signature; acquiring a first identity authentication certificate; sending the temporary key signature and the first identity authentication certificate to a remote injection server; receiving an injection key ciphertext signature and a second identity authentication certificate returned by the remote injection server according to the temporary key signature and the first identity authentication certificate; and acquiring and storing an injection key according to the injection key ciphertext signature and the second identity authentication certificate as described in the claims.
Hassinen et al. (NPL - "Utilizing national public-key infrastructure in mobile payment systems." Electronic Commerce Research and Applications 7.2 (2008): 214-231) discloses utilizing national public-key infrastructure in mobile payment systems. While Hassinen discloses generating two key pairs and sending the public keys to a terminal, certificates containing these public keys are generated, signed and transferred to an applet along with the root certificate, and the private keys are stored, it fails to disclose acquiring a locally stored private key in a random key pair, using a private key in the random key pair to perform signature on a public key in the temporary key pair to generate a temporary key signature; acquiring a first identity authentication certificate; sending the temporary key signature and the first identity authentication certificate to a remote injection server; receiving an injection key ciphertext signature and a second identity authentication certificate returned by the remote injection server according to the temporary key signature and the first identity authentication certificate; and acquiring and storing an injection key according to the injection key ciphertext signature and the second identity authentication certificate as described in the claims.
Therefore, the pending claims are allowed as the prior art of record does not disclose all the features including generating a temporary key signature using a random key pair, receiving an injection key ciphertext signature and a second identity authentication certificate according to the temporary key signature and a first identity authentication certificate, acquiring an injection key according to the injection key ciphertext signature and a second identity authentication certificate as described in the claims; nor would it have been obvious to one of ordinary skill in the art to further modify the prior art to include all of the deficient features, as set forth in the allowed claims. 



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The listed references disclose relevant inventions of providing secure service using keys.
Jung; Dong-shin et al. (US 20060239452 A1) 
VAN; Long et al. (US 20180018663 A1) 
MARUYAMA; Hidefumi (US 20170093570 A1) 
Please see PTO-892. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/KA SHAN CHOY/Examiner, Art Unit 2435  

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435