DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on October 21, 2021
Claims 2 – 19 are being considered on the merits.

Response to Arguments
Status of claim in the present application:
Claims 2 – 19 are pending.
Claims 2 – 3, 8 – 10, and 13 are amended.
Applicant’s remarks and amendments submitted on October 21, 2021 for application 16/520, 202 have been considered and are persuasive in light of the filed remarks and amendments. Therefore, the previously filed claim rejections have been withdrawn. 

Allowable Subject Matter
Claim 2 – 19 allowed, but they are renumbered as claims 1 – 18. The following is an examiner’s statement of reasons for allowance: the following prior arts were yielded during examination of the claims filed on October 21, 2021 in response to office action mailed on July 20, 2021. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims. Independent claims 2, 8 and 13 are allowed over the prior arts of the record since the references taken together or individually fail to clearly teach or suggest the limitation(s): “… “transmitting the retrieved account and ecosystem certificates to the electronic device to provision the electronic device, wherein the CA is generated by the portal for a particular customer upon activation of the electronic device and creation of a customer account by the particular customer, and wherein the bootstrap device certificate is different from the retrieved account certificate and from the retrieved ecosystem certificate …”, as recited in claim 1, but are in general realm of applicant’s field of endeavor:
Ramatchandirance [US 20170302656 A1]: this is considered the closest prior art of the present application that generally relates to system, methodology and technology to transmitting a manufacturer security certificate to a provisioning server device, and establishing, with the provisioning server device, a secure connection based on the manufacturer security certificate. The embodiment may also involve transmitting, over the secure connection, device data that characterizes the client device, and receiving, over the secure connection, a server security certificate. The embodiment may further include obtaining a unique client device identifier. The embodiment may additionally include, possibly based on the server security certificate and the unique client device identifier, accessing protected information available to a particular pre-validated server device.
Ramatchandirance discloses receiving, by a provisioning server device, a manufacturer security certificate of a client device. The manufacturer security certificate may be associated with a manufacturer of the client device. The second example embodiment may also involve establishing, between the client device and the provisioning server device, a secure connection. The secure connection may be established based on the manufacturer security certificate. Provisioning server device 402 may transmit a server security certificate to client device 400. The server security certificate may be associated with one or more of application server devices 404. For instance, the server security certificate may contain a public encryption key of one or more of application server devices 404. In some cases, multiple server security certificates, each 
Oh et al. [US 20070136574 A1]: This prior art discloses system, methodology, and technology for managing a plurality of certificates are provided. The apparatus for managing a plurality of certificates includes a plurality of certificates, a certificate search table, a low-performance file system, and a verification module. The certificate search table includes information about the plurality of certificates. The low-performance file system extracts a corresponding certificate from among the plurality of certificates that are received from a host device, with reference to the certificate search table based on a root certificate authority ID and information about a public key of a certificate of a certificate authority that issued the host device certificate. The verification module uses the extracted certificate to verify the host device certificate.
	Oh discloses the method including receiving information a host device certificate, a root certificate authority ID, and information about a public key of a certificate of a certificate authority that issued the host device certificate from the host device; extracting a corresponding certificate from among a plurality of certificates with reference to a certificate search table. the method including receiving information a host device certificate, a root certificate authority ID, and information about a public key of a certificate of a certificate authority that issued the host device certificate from the host device; extracting a corresponding certificate from among a plurality of certificates with reference to a certificate search table including information about the plurality of certificates based on the received root certificate authority ID and the received 
Hayes et al. [US 9736145 B1]: This prior art discloses system, methodology, and technology for a CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.
Hayes discloses receive a request, over a computer network, for generating a derived credential from a CAC/PIV enabled device; receive a CAC/PIV certificate associated with a user over the computer network from the CAC/PIV enabled device, the CAC/PIV certificate comprising a first public key and a user identifier associated with the user; authenticate the user by validating the CAC/PIV certificate against a certificate chain and a revocation list; store the CAC/PIV certificate, or a public key associated with the CAC/PIV certificate, in an enterprise data store as associated with the user's entry in the enterprise data store, the enterprise data store comprising identity information for users associated with an enterprise; issue to the user a passcode over the computer network, wherein the passcode is associated with the CAC/PIV certificate or the user, and wherein the passcode is a one-time-use passcode or a time limited passcode; receive the passcode from a target device, the target device being distinct from the CAC/PIV enabled device, the target device not having a CAC/PIV card reader; verify the passcode as associated with the CAC/PIV certificate or the user; generate a second private key and a corresponding second public key, the second public key distinct from the first public key; 
Bouda [US 20150262170 A1]: This prior art discloses system, methodology, and technology to providing secure services using a mobile device, the method comprising the steps of: the mobile device sending a token request comprising device identification data identifying the mobile device to a server; the server generating an asymmetric key pair comprising a public key and a private key, and sending the public key to the mobile device; the mobile device requesting entry of a user identity verifier; the mobile device encrypting the entered user identity verifier using the public key and sending the encrypted user identity verifier to the server; the server decrypting the user identity verifier and comparing the user identity verifier to a stored user identity verifier to verify the user, and comparing the device identification data to stored eligible device identification data to verify the device; if both verifications are successful, the server sending a token to the mobile device; the mobile device storing the token; the mobile device establishing communication with a service provider device; the service provider device sending service data regarding a requested service to the mobile device; the mobile device sending the token to the service provider device; and the service provider device confirming that the token is valid, and if the confirmation is successful, executing the requested service. 
Bouda discloses When the security server 24 receives the begin transaction session message the secure element 26 generates a plurality of asymmetric key pairs in step 32. The asymmetric key pairs are pairs of corresponding public and private encryption keys. The secure element 26 then randomly selects one of the generated asymmetric key pairs in step 33, and sends the public key of the selected asymmetric key pair to the mobile phone 21 in step 34. This public key is sent to the mobile phone 21 through the Internet 25. The private key held by the secure element 26 on the server 24 and the public key sent to the mobile phone 21 are used to encrypt communications between the server 24 and the mobile phone 21, as will be explained below. At the mobile phone 21 this encrypted communication is managed by the secure transaction software. In some examples this encryption may use a public key infrastructure (PKI) protocol.

Therefore, the above limitation(s) in combination with the remaining limitation(s) of claim 2 (same is true for claims 8 and 13) are not taught nor suggested by prior art(s) of record. The respective independent claims are allowed for the same reason(s) as mentioned above for claim 2. The dependent claims being definite, further limiting, and fully enabled by the specification, are also allowed by virtue of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        

/ABIY GETACHEW/Primary Examiner, Art Unit 2434                                                                                                                                                                                                        November 1, 2021