EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Attorney Mark Stevenosky on 9/22/2021.

The application has been amended as follows: 

1.	(Original) A method of establishing a remote control session between a first computing device and a second computing device to enable a graphical user interface of an application executed by a processor of the first computing device to be remotely controlled and viewed on the second computing device, the method implemented on the first computing device and comprising:
	establishing a connection with a bridging module, the bridging module external to the first computing device;
	performing an authentication procedure with the bridging module using the connection;
	establishing a secure communication channel to the bridging module on the connection;
	receiving, from the bridging module, an authentication request transmitted from the second computing device;
	in response to receiving the authentication request (i) accessing a projection certificate chain stored in a secure data store of the bridging module using the secure communication channel, (ii) generating a response including the projection certificate chain, and (iii) instructing, via  the secure communication channel, the bridging module to cryptographically sign the response using a private key which is associated with the bridging module and is stored in the secure data store, and in response receiving a signature from the bridging module via  the secure communication channel; and
	transmitting a signed authentication response to the second computing device via the bridging module to establish the remote control session, the signed authentication response comprising the projection certificate chain and the signature.

2.	(Original)  A method according to claim 1, wherein accessing the projection certificate chain comprises transmitting a request for the projection certificate chain to the bridging module via  the secure communication channel, and receiving the projection certificate chain from the bridging module via  the secure communication channel.

3.	(Previously Presented)  A method according to claim 1, wherein performing the authentication procedure comprises:
	retrieving a certificate chain associated with the first computing device from storage on the first computing device;
signing the certificate chain associated with the first computing device with a private key associated with the first computing device; and
 transmitting the signed certificate chain to the bridging module for validation by the bridging module, said private key stored in the memory on the first computing device.
	
4.	(Previously Presented)  A method according to claim 1, wherein performing the authentication procedure comprises: 
receiving a signed certificate chain associated with the bridging module together with a public key associated with  the bridging module;
and validating the certificate chain associated with the bridging module using a root certificate stored in memory on the first computing device.

5.	(Previously Presented)  A method according to claim 1, wherein said establishing a secure communication channel to the bridging module on the connection comprises:
	generating at least one symmetric encryption key;
	encrypting said at least one symmetric encryption key using a public key associated with the bridging module to generate at least one encrypted symmetric encryption key; and
	transmitting the at least one encrypted symmetric encryption key to the bridging module.
 
6.	(Original)  A method according to claim 5, wherein the method further comprises invalidating the at least one symmetric encryption key in response to detecting loss of said connection.

7.	(Previously Presented)  A method according to claim 1, wherein the method further comprises:
	receiving a request, from the bridging module, to initiate projection of said graphical user interface to the second computing device, the request originating from the second computing device; and
	transmitting a command to the bridging module to set up a bridge to allow data to be routed between the first computing device and the second computing device.

8.	(Previously Presented)  A method according to claim 1, wherein the establishing the connection with the bridging module is in response to user input received at the first computing device.

9.	(Previously Presented)  A method according to claim 1, wherein a bridging device external to both the first computing device and the second computing device comprises the bridging module, said establishing a connection with the bridging module comprising establishing a connection with the bridging device.
 
10.	(Previously Presented)  A method according to claim 1, wherein the second computing device comprises the bridging module, said establishing a connection with the bridging module comprising establishing a connection with the second computing device. 

11-14.	(Cancelled) 

15.	(Previously Presented)  A method according to claim 1, wherein the second computing device is a vehicle head unit integrated into a vehicle, the vehicle head unit comprising a display for displaying the graphical user interface of said application.

16.	(Cancelled)  

17.	(Original)  A computer program product for establishing a remote control session between a first computing device and a second computing device to enable a graphical user interface of an application executed by a processor of the first computing device to be remotely controlled and viewed on the second computing device, the computer program product comprising code embodied on a non-transient computer-readable medium and configured so as when executed on a processor of the first computing device to perform the method of claim 1.

18. 	(Original)  A computing device comprising: 
	a processor configured to run an application for establishing a remote control session between the computing device and a second computing device to enable a graphical user interface of a user application executed by the processor of the computing device to be remotely controlled and viewed on the second computing device, wherein the application is configured to:
	establish a connection with a bridging module, the bridging module external to the computing device;
	perform an authentication procedure with the bridging module using the connection;
	establish a secure communication channel to the bridging module on the connection;
	receive, from the bridging module, an authentication request transmitted from the second computing device;
	in response to receiving the authentication request (i) access a projection certificate chain stored in a secure data store of the bridging module using the secure communication channel, (ii) generate a response including the projection certificate chain, and (iii) instruct, via  the secure communication channel,  the bridging module to cryptographically sign the response using a private key which is associated with the bridging module and is stored in the secure data store, and in response receive a signature from the bridging module via  the secure communication channel; and
	transmit a signed authentication response to the second computing device via the bridging module to establish the remote control session, the signed authentication response comprising the projection certificate chain and the signature.

19.	(Original)  A method of establishing a remote control session between a first computing device and a second computing device to enable a graphical user interface of an application executed by a processor of the first computing device to be remotely controlled and viewed on the second computing device, the method implemented on a bridging module and comprising:
	establishing a connection with the first computing device, the bridging module external to the first computing device;
	performing an authentication procedure with the first computing device using the connection;
	establishing a secure communication channel to the first computing device on the connection;
	transmitting an authentication request received from the second computing device to the first computing device;
receiving a request from the first computing device via the secure communication channel, for a projection certificate chain stored in a secure data store of the bridging module, and in response retrieving the projection certificate chain from the secure data store and transmitting the projection certificate chain to the first computing device via the secure communication channel; 
receiving a response including the projection certificate chain and a request to sign said response, from the first computing device via the secure communication channel; 
cryptographically signing the response using a private key associated with the bridging module and which is stored in the secure data store to generate a signature for the first computing device, and transmitting the signature to the first computing device via the secure communication channel; and
	transmitting a signed authentication response received from the first computing device to the second computing device to establish the remote control session, the signed authentication response comprising the projection certificate chain and the signature.  

20.	(Original)  A method according to 19, wherein performing the authentication procedure comprises:
	receiving a signed certificate chain associated with the first computing device from the first computing device; and
validating the certificate chain associated with the first computing device using a root certificate stored in said secure data store.

21.	(Previously Presented)  A method according to claim 19, wherein performing the authentication procedure comprises:
retrieving a certificate chain associated with the bridging module from said secure data store;
signing the certificate chain associated with the bridging module with a private key associated with the bridging module; and
 transmitting the signed certificate chain to the first computing device for validation by the first computing device, said private key stored in said secure data store. 

22.	(Previously Presented)  A method according to claim 19, wherein the method comprises establishing a bridge to allow data to be routed between the first computing device and the second computing device.

23.	(Original)  A method according to claim 22 wherein following the establishment of the bridge, the method comprising:
	receiving data in a first format from the second computing device for transmission to the first computing device and relaying said data in a second format to the first computing device; and
	receiving data in the second format from the first computing device for transmission to the second computing device and relaying said data in the first format to the second computing device.

24-25.	(Cancelled) 

26.	(Previously Presented)  A method according to claim 22, wherein the method further comprises:
	transmitting a request to the first computing device to initiate projection of said graphical user interface to the second computing device, the request originating from the second computing device; and
	in response, receiving a command from the first computing device to set up the bridge to allow data to be routed between the first computing device and the second computing device.

27-28.	(Cancelled) 

29.	(Previously Presented)  A computer program product for establishing a remote control session between a first computing device and a second computing device to enable a graphical user interface of an application executed by a processor of the first computing device to be remotely controlled and viewed on the second computing device, the computer program product comprising code embodied on a non-transient computer-readable medium and configured so as when executed on a processor to perform the method of claim 19.

30.	(Currently Amended)  A bridging module for establishing a remote control session between a first computing device and a second computing device to enable a graphical user interface of an application executed by a processor of the first computing device to be remotely controlled and viewed on the second computing device, wherein the bridging module is integrated into one of the second computing device or a bridging device that is external to both the first computing device and the second computing device, and wherein the bridging module is configured to:
establish a connection with the first computing device, the bridging module external to the first computing device;
	perform an authentication procedure with the first computing device using the connection;
	establish a secure communication channel to the first computing device on the connection;
	transmit an authentication request received from the second computing device to the first computing device;
receive a request from the first computing device via the secure communication channel, for a projection certificate chain stored in a secure data store of the bridging module, and in response retrieve the projection certificate chain from the secure data store and transmit the projection certificate chain to the first computing device via the secure communication channel; 
receive a response including the projection certificate chain and a request to sign said response, from the first computing device via the secure communication channel;
cryptographically sign the response using a private key associated with the bridging module and which is stored in the secure data store to generate a signature for the first computing device, and transmit the signature to the first computing device via the secure communication channel; and
	transmit a signed authentication response received from the first computing device to the second computing device to establish the remote control session, the signed authentication response comprising the projection certificate chain and the signature. 

31.	(Currently Amended)  A bridging module according to claim 30, wherein the bridging module is integrated into the

32.	(Original)  A bridging module according to claim 30, wherein the bridging module is integrated into the second computing device.

Allowable Subject Matter
Claims 1-10, 15, 17-23, 26 and 29-32 are allowed.
The concept of establishing a remote control session between a first computing device and a second computing device to enable a graphical user interface of an application executed by a processor of the first computing device to be remotely controlled and viewed on the second computing device is known in the art, as admitted by Applicant (see specification, page 1, lines 10-34).
A prior art such as Innes et al. (US 2016/0094545) teaches enabling users to authenticate to virtual desktop sessions by login into an external component/service/device such as Identity provider (interpreted as the claimed “bridging module,” using credential and/or authentication protocol. 
Another prior art such as Beveridge et al. (US 2016/0342784) teaches using authenticator plug-in to enable remote desktop control. 
However, none of the prior art of record teaches the specific steps of “in response to receiving the authentication request (i) accessing a projection certificate chain stored in a secure data store of the bridging module using the secure communication channel, (ii) generating a response including the projection certificate chain, and (iii) instructing, via  the secure communication channel, the bridging module to cryptographically sign the response using a private key which is associated with the bridging module and is stored in the secure data store, and in response receiving a signature from the bridging module via  the secure communication channel; and transmitting a signed authentication response to the second computing device via the bridging module to establish the remote control session, the signed authentication response comprising the projection certificate chain and the signature.”

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALINA N BOUTAH whose telephone number is (571)272-3908.  The examiner can normally be reached on M-F 7:00 AM - 3:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on 571-272-3880.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


ALINA N. BOUTAH
Primary Examiner
Art Unit 2443



/ALINA A BOUTAH/Primary Examiner, Art Unit 2443