Terminal Disclaimer
The terminal disclaimer filed on 02/25/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of any patent granted on Application Number 16/724,711 now has been reviewed and is accepted. The terminal disclaimer has been recorded.
EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Weisheng “Wilson” Xie (Reg. No. 79,353) on 09/28/2021.

The application has been amended as follows: Please enter the amendments filed 02/25/2021 and include the following amendments:

1. (Currently Amended) A computer-implemented method, comprising: 
receiving, by a third-party payment application of a computing device comprising one or more processing devices, and from a target payment application, a service identifier (ID) for the third-party payment application and a private key corresponding to the service ID;
generating, by the third-party payment application, a digital signature by signing a payment activation request using the private key; 
including the service ID in the payment activation request, wherein a public key corresponds to the service ID, and wherein the digital signature is verifiable using the public key;
obtaining a payment certificate of the target payment application responsive to verification of the digital signature;
generating, by [[a]] the computing device 
generating, by the one or more processing devices, a first encrypted payment certificate by encrypting [[a]] the payment certificate of [[a]] the target payment application using the associated key;
storing, by the one or more processing devices, the first encrypted payment certificate and the first identity authentication ID of the user in a trusted execution environment (TEE) of the computing device;
receiving, by [[a]] the third-party payment application 
sending, by the third-party payment application and to the TEE, a second identity authentication ID of the user;
determining, by the one or more processing devices and in the TEE, that the second identity authentication ID of the user matches the first identity authentication ID;
in response to determining that the second identity authentication ID matches the first identity authentication ID, retrieving, by the one or more processing devices and in the TEE, the first encrypted payment certificate; 

sending, from the TEE and to the third-party payment application, the payment certificate; and
providing, by the one or more processing devices, the payment certificate to a payment service party.

2. (Currently Amended) The computer-implemented method of claim 1, further comprising: 
sending, by the third-party payment application and before receiving the payment request, [[a]] the payment activation request to a server, wherein the payment activation request further includes a user ID of the user and a computing device ID of the computing device; 
receiving, by the third-party payment application, a second encrypted payment certificate that corresponds to the user ID; and 
decrypting, by the third-party payment application and by using a computing device private key that corresponds to the computing device ID, the second encrypted payment certificate to obtain the payment certificate.

3. (Previously presented) The computer-implemented method of claim 2: wherein generating the associated key comprises: 
providing, by the third-party payment application, the first identity authentication ID of the user to a local storage device of the computing device, and 
generating, by the local storage device, the associated key corresponding to the first identity authentication.

4. (Previously presented) The computer-implemented method of claim 1, wherein the method further comprises: 
sending, by the third-party payment application, a payment deactivation request to the target payment application; and 
deleting, by the target payment application, the payment certificate.

5. (Currently Amended) The computer-implemented method of claim 2, further comprising: 



obtaining, by the target payment application and based on the service ID, [[a]] the public key corresponding to the service ID; and
verifying, by the target payment application, the digital signature using the public key.

6. (Previously Presented) The computer-implemented method of claim 2, wherein the payment certificate is a two-dimensional code.

7. (Original) The computer-implemented method of claim 1, wherein the identity authentication ID is a fingerprint authentication or an iris authentication.

8. (Currently Amended) A non-transitory computer-readable storage medium coupled to a computing device comprising one or more processing devices and storing instructions that when executed by the computing device, cause the computing device to perform operations comprising: 
receiving, by a third-party payment application of the computing device, and from a target payment application, a service identifier (ID) for the third-party payment application and a private key corresponding to the service ID;
generating, by the third-party payment application, a digital signature by signing a payment activation request using the private key; 
including the service ID in the payment activation request, wherein a public key corresponds to the service ID, and wherein the digital signature is verifiable using the public key;
obtaining a payment certificate of the target payment application responsive to verification of the digital signature;
generating an associated key corresponding to a first identity authentication 
generating a first encrypted payment certificate by encrypting [[a]] the payment certificate of [[a]] the target payment application using the associated key; 
storing the first encrypted payment certificate and the first identity authentication ID of the user in a trusted execution environment (TEE) of the computing device;
receiving, by [[a]] the third-party payment application 
sending, by the third-party payment application and to the TEE, a second identity authentication ID of the user; 
determining, in the TEE, that the second identity authentication ID of the user matches the first identity authentication ID; 
in response to determining that the second identity authentication ID matches the first identity authentication ID, retrieving, by the one or more processing devices and in the TEE, the first encrypted payment certificate; 
decrypting, in the TEE, the first encrypted payment certificate using the associated key to generate the payment certificate; 
sending, from the TEE and to the third-party payment application, the payment certificate; and 
providing the payment certificate to a payment service party.

9. (Currently Amended) The non-transitory computer-readable storage medium of claim 8, wherein the operations further comprise: 
sending, by the third-party payment application and before receiving the payment request, [[a]] the payment activation request to a server, wherein the payment activation request further includes a user ID of the user and a computing device ID of the computing device; 
receiving, by the third-party payment application, a second encrypted payment certificate that corresponds to the user ID; and 
decrypting, by the third-party payment application and by using a computing device private key that corresponds to the computing device ID, the second encrypted paymentPage: 6of16 certificate to obtain the payment certificate.

10. (Previously presented) The non-transitory computer-readable storage medium of claim 9: wherein generating the associated key comprises: 
providing, by the third-party payment application, the first identity authentication ID of the user to a local storage device of the computing device, and 
generating, by the local storage device, the associated key corresponding to the first identity authentication ID.  

11. (Previously presented) The non-transitory computer-readable storage medium of claim 8, wherein the operations further comprise: 
sending, by the third-party payment application, a payment deactivation request to the target payment application; and 
deleting, by the target payment application, the payment certificate.  

12. (Currently Amended) The non-transitory computer-readable storage medium of claim 9, wherein the operations further comprise: 



obtaining, by the target payment application and based on the service ID, [[a]] the public key corresponding to the service ID; and 
verifying, by the target payment application the digital signature using the public key.

13. (Previously Presented) The non-transitory computer-readable storage medium of claim 9, wherein the payment certificate is a two-dimensional code.  

14. (Original) The non-transitory computer-readable storage medium of claim 8, wherein the identity authentication ID is a fingerprint authentication or an iris authentication.

15. (Currently Amended) A system, comprising: 
a computing device comprising one or more processing devices; and
one or more computer-readable memories coupled to the computing device and storing instructions that when executed by the computing device, cause the computing device to perform operations comprising: 
receiving, by a third-party payment application of the computing device, and from a target payment application, a service identifier (ID) for the third-party payment application and a private key corresponding to the service ID;
generating, by the third-party payment application, a digital signature by signing a payment activation request using the private key; 
including the service ID in the payment activation request, wherein a public key corresponds to the service ID, and wherein the digital signature is verifiable using the public key;
obtaining a payment certificate of the target payment application responsive to verification of the digital signature;
generating an associated key corresponding to a first identity authentication 
generating a first encrypted payment certificate by encrypting [[a]] the payment certificate of [[a]] the target payment application using the associated key; 
storing the first encrypted payment certificate and the first identity authentication ID of the user in a trusted execution environment (TEE) of the computing device; 
receiving, by [[a]] the third-party payment application 
sending, by the third-party payment application and to the TEE, a second identity authentication ID of the user; 
determining, in the TEE, that the second identity authentication ID of the user matches the first identity authentication ID; 
in response to determining that the second identity authentication ID matches the first identity authentication ID, retrieving, by the one or more processing devices and in the TEE, the first encrypted payment certificate; 
decrypting, in the TEE, the first encrypted payment certificate using the associated key to generate the payment certificate; 
sending, from the TEE and to the third-party payment application, the payment certificate; and 
providing the payment certificate to a payment service party.

16. (Currently Amended) The system of claim 15, wherein the operations further comprise: 
sending, by the third-party payment application and before receiving the payment request, [[a]] the payment activation request to a server, wherein the payment activation request further includes a user ID of the user and a computing device ID of the computing device; 
receiving, by the third-party payment application, a second encrypted payment certificate that corresponds to the user ID; and 
decrypting, by the third-party payment application and by using a computing device private key that corresponds to the computing device ID, the second encrypted paymentPage: 6of16 certificate to obtain the payment certificate.

17. (Previously presented) The system of claim 16: wherein generating the associated key comprises: 
providing, by the third-party payment application, the first identity authentication ID of the user to a local storage device of the computing device, and 
generating, by the local storage device, the associated key corresponding to the first identity authentication ID.  

18. (Previously presented) The system of claim 15, wherein the operations further comprise: 
sending, by the third-party payment application, a payment deactivation request to the target payment application; and 
deleting, by the target payment application, the payment certificate.  

19. (Currently Amended) The system of claim 16, wherein the operations further comprise:



obtaining, by the target payment application and based on the service ID, [[a]] the public key corresponding to the service ID; and 
verifying, by the target payment application the digital signature using the public key.

20. (Previously Presented) The system of claim 16, wherein the payment certificate is a two-dimensional code.  

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
The present claims disclose a method, system, and non-transitory computer-readable storage medium comprising: receiving, by a third-party payment application of a computing device comprising one or more processing devices, and from a target payment application, a service identifier (ID) for the third-party payment application and a private key corresponding to the service ID; generating, by the third-party payment application, a digital signature by signing a payment activation request using the private key; including the service ID in the payment activation request, wherein a public key corresponds to the service ID, and wherein the digital signature is verifiable using the public key; obtaining a payment certificate of the target payment application responsive to verification of the digital signature; generating, by the computing device, an associated key corresponding to a first identity authentication ID of a user; generating, by the one or more processing devices, a first encrypted payment certificate by encrypting the payment certificate of the target payment application using the associated key; storing, by the one or more processing devices, the first encrypted payment certificate and the first identity authentication ID of the user in a trusted execution environment (TEE) of the computing device; receiving, by the third-party payment application, a payment request for a payment corresponding to the target payment application, wherein the third-party payment application and the target payment application are associated with two different payment platforms; sending, by the third-party payment application and to the TEE, a second identity authentication ID of the user; determining, by the one or more processing devices and in the TEE, that the second identity authentication ID of the user matches the first identity authentication ID; in response to determining that the second identity authentication ID matches the first identity authentication ID, retrieving, by the one or more processing devices and in the TEE, the first encrypted payment certificate; decrypting, in the TEE, the first encrypted payment certificate using the associated key to generate the payment certificate; sending, from the TEE and to the third-party payment application, the payment certificate; and providing, by the one or more processing devices, the payment certificate to a payment service party.
The closest prior art of Lingappa (US 2015/0332262) discloses: generating, by the one or more processing devices, an encrypted payment certificate ("credentials") by encrypting a payment certificate using the associated key (0020-0021, 0060-0061, 0064); storing, by the one or more processing devices, the encrypted payment certificate and the first identity authentication ID of the user in the computing device (0020-0021, 0060-0061, 0064, 0073, 0077); receiving, by the one or more processing devices a user-initiated payment request for a payment (Fig, 1, Fig. 3, 0018-0019, 0025, 0058-0060, 0071-0074); receiving, by the one or more processing devices, a second identity authentication ID of the user (Fig. 3-4, 0073, 0075-0077); determining, by the one or more processing devices, that the second identity authentication ID of the user matches the first identity authentication ID (Fig. 3-4, 0073, 0075-0077); in response to determining that the second identity authentication ID matches the first identity authentication ID, retrieving, by the one or more processing devices, the payment certificate (Fig. 3-4, 0020, 0073, 0075-0077, 0079-0081); and providing, by the one or more processing devices, the payment certificate to a payment service party ("merchant web server") (Fig. 1, Fig. 3-4, 0082-0084).
Ginter et al. (USP 5892900) discloses: generating, by a computing device comprising one or more processing devices, an associated key corresponding to a first identity authentication identifier (ID) of a user (Fig. 8, Col 21 line 22-38, Col 127 line 4-Col 128 line 14). Ginter further discloses a trusted execution environment or TEE (“SPU” Fig. 9, Col 48 line 64-Col 49 line 60).
Hruska (US 2013/0282588) discloses: receiving, by the third-party payment application and from the server before sending the payment activation request, a service ID ("UAID") for the third-party payment application and a pair of public and private keys corresponding to the service ID (0013); including, by the third-party payment application, the service ID in the payment activation request (0016); and verifying, by the server and based on the payment activation request and the service ID, the payment activation request (0016).
Samar (USP 6304974) discloses: signing, by the third-party payment application, the payment activation request using the private key (Fig. 2, Col 5 line 30-42).
However, the prior art does not disclose, neither singly nor in combination, for claims 1-4, 6-11, 13-18, and 20: receiving, by a third-party payment application of a computing device comprising one or more processing devices, and from a target payment application, a service identifier (ID) for the third-party payment application and a private key corresponding to the service ID; generating, by the third-party payment application, a digital signature by signing a payment activation request using the private key; including the service ID in the payment activation request, wherein a public key corresponds to the service ID, and wherein the digital signature is verifiable using the public key; obtaining a payment certificate of the target payment application responsive to verification of the digital signature; receiving, by the third-party payment application, a payment request for a payment corresponding to the target payment application, wherein the third-party payment application and the target payment application are associated with two different payment platforms; decrypting, in the TEE, the first encrypted payment certificate using the associated key to generate the payment certificate; sending, from the TEE and to the third-party payment application, the payment certificate; and providing, by the one or more processing devices, the payment certificate to a payment service party.
The Examiner additionally notes that the submitted amendments overcome the prior rejections under 35 USC 101 and 35 USC 112(b).
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAYLOR RAK whose telephone number is (571)270-1575.  The examiner can normally be reached on Monday-Friday 9:30-5:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571)-272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 


If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/T.R./Examiner, Art Unit 3685 

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685