Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Status
Prior to Examiner’s amendment, below, claims 1-20 are pending.

Allowable Subject Matter
Claims 1-16 are allowed.

 Drawings
Drawings filed 5/31/2019 are accepted.

Examiner’s Amendment
  An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Attorney Paul Seegers, Reg. No. 66,621, on June 8, 2021.
The application has been amended as follows: 

(Previously Presented) A computing device, comprising: 
a processor; and
memory having program instructions stored therein that are executable by the processor to implement an application operable to supply a credential to an external system; and 
a secure circuit configured to:
send, to a credential storage, a request for the credential, wherein the request includes a first certificate identifying a first public key and a stipulation to perform a user authentication before permitting use of a first private key corresponding to the first public key;
receive, from the credential storage, the credential encrypted using the first public key; and
based on the stipulation identified in the first certificate, perform the user authentication prior to decrypting the encrypted credential with the first private key and supplying the decrypted credential to the application.
(Previously Presented) The computing device of claim 1, wherein the secure circuit is configured to: 
provide information about hardware included in the computing device to a hardware verification service; and

3.    (Previously Presented) The computing device of claim 2, wherein providing the information to the hardware verification service includes:
providing a second certificate that indicates a presence of the secure circuit in the computing device, wherein the second certificate includes a second public key;
generating an attestation using a second private key maintained by the secure circuit and corresponding to the second public key; and
issuing the attestation with a certificate signing request (CSR) to obtain the first certificate from the hardware verification service in response to a verification of the attestation and the second certificate.
4.    (Previously Presented) The computing device of claim 3, wherein the secure circuit is provisioned with the second certificate by a manufacture of the computing device, and wherein the CSR indicates the stipulation to perform the user authentication before permitting use of the first private key.
5.   (Previously Presented) The computing device of claim 1, wherein the credential is a payment credential usable by a merchant system to conduct a transaction; and
wherein the application is executable to:

populate a payment form of a merchant system with the decrypted payment credential. 
6.   (Previously Presented) The computing device of claim 5, wherein the payment form is a webpage of the merchant system, and wherein populating the payment form includes populating a first field with a primary account number of the payment credential and a second field with a card verification value (CVV) of the payment credential.
7. (Previously Presented) The computing device of claim 1, further comprising:
   a biometric sensor configured to collect biometric data from a user of the computing device; and
wherein the secure circuit is configured to perform the user authentication by: 
retrieving biometric data of an authorized user of the computing device; 
comparing the collected biometric data with the retrieved biometric data of the authorized user; and
based on the comparing, determining whether to use the first private key to decrypt the credential in response to a request from the application. 
8.    (Previously Presented) The computing device of claim 7, wherein the biometric sensor includes a camera configured to collect the biometric data from a user’s face.

a controller circuit coupled to a button, wherein the controller circuit is configured to detect when the button has been pressed and provide, to the secure circuit, a timestamp corresponding to the button being pressed; and
wherein performing the user authentication includes the secure circuit confirming that the timestamp is within an interval of the camera collecting the biometric data from the user’s face.
10.    (Previously Presented) The computing device of claim 1, wherein the secure circuit is configured to:
store the received encrypted credential for one or more subsequent uses without another retrieval of the credential from the credential storage;
receive a request from the application to use the credential; 
in response to the request from the application:
based on the stipulation, perform the user authentication; and 
based on the user authentication, use the first private key to decrypt the stored encrypted credential.

12.    (Previously Presented) A method, comprising:
a credential storage receiving, from a first computing device, a first request for a credential to be supplied by the first computing device to a system external to the first computing device, wherein the first request includes a first certificate identifying a public key generated by a secure circuit in the first computing device;
the credential storage determining whether the first certificate includes a stipulation for the secure circuit to perform a user authentication prior to permitting use of a private key corresponding to the public key;
in response to determining that the first certificate includes the stipulation:
the credential storage encrypting the requested credential with the public key; and 
the credential storage supplying the encrypted credential to the first computing device.
13.    (Previously Presented) The method of claim 12, further comprising:

the credential storage determining whether a second certificate included in the second request includes the stipulation to perform a user authentication prior to permitting use of a private key; and
in response to determining that the second certificate omits the stipulation, the credential storage providing, to the second computing device, only a portion of the credential.
14.    (Previously Presented) The method of claim 13, wherein the credential includes a primary account number and a card verification value (CVV) for conducting a transaction with a merchant system, and wherein the portion of the credential includes the primary account number and does not include the CVV.
15.    (Previously Presented) The method of claim 12, wherein the first certificate is issued by a certificate authority associated with a manufacturer of the first computing device.
16.    (Previously Presented) The method of claim 12, further comprising:
in response to receiving the first request, the credential storage contacting an issuing authority to obtain the credential, wherein the issuing authority issues a transaction instrument having the credential, and wherein the credential is a payment credential usable to conduct a transaction with a merchant system.
17.    (Cancelled) 

19.    (Cancelled) 
20.   (Cancelled) 


Reasons for Allowance
 The following is an examiner’s statement of reasons for allowance: 
Closest prior patent art, Benson, US Publication 2017/0373843, and Karpenko, US Publication 2015/0052064, and closest non-patent literature, NPL1, “White Paper on FIDO”, downloaded from https://globalplatform.org/wp-content/uploads/2018/04/White-Paper-Technical-FIDO-Auth-using-GlobalPlatform-Jan2018.pdf and attached as a PDF file, January 2018, and NPL2, “Remote Credential Management with Mutual Attestation for Trusted Execution Environments”, downloaded from 1804.10707.pdf (arxiv.org) and attached as a PDF file, 4/27/2018, do not fairly disclose a device’s secure circuit sending a credential request, including a certificate identifying key and authentication stipulation, receiving credential, and decrypting based on the stipulation. Benson discloses an application performing such operations, and the secure circuit does not comprise the application. Benson, in [29]-[30], discloses the certificate and the ‘stipulations’ comprising authentication and secure circuit/hardware of the device.  However, Benson in [33] discloses, “…Upon receiving a certificate 146, an application 132 may present the certificate 146…The application may then present the signature along with the certificate 146 to the banking entity…”  This does not disclose the secure circuit sending request 
Moreover, Benson does not specifically disclose the credential storage determining whether the first certificate includes a stipulation for the secure circuit to perform a user authentication prior to permitting use of a private key corresponding to the public key; in response to determining that the first certificate includes the stipulation: the credential storage encrypting the requested credential… and...supplying the encrypted credential to the first computing device, as recited by claim 12.  Benson discloses the certificate comprising stipulations as discussed above ([29]-[30]), but does not specifically disclose the credential storage determining whether a certificate includes a stipulation, nor encrypting/supplying data in response to the determining.
No other prior art corrects the deficiencies.
 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
 The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Wong, US Publication 2015/0046339
Aissi, US Patent  9,867,043
Bhattacharya, US Publication 2018/0219857
Futamura, US Publication 2002/0026577
Wood, US Publication 2011/0225427
Haggerty, US Publication 2014/0222688
Khan, US Publication 2015/0213433
Wong, US Publication 2015/0339664

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Margaret M. Neubig whose telephone number is (571)270-0437.  The examiner can normally be reached on Monday-Friday, 9:30-6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If 
/M.M.N. /Examiner, Art Unit 3685                                                                                                                                                                                                        
/JAMES D NIGH/Senior Examiner, Art Unit 3685