Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to the application 16/830,857 filed on 03/26/2020.
EXAMINER’S AMENDMENT
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. Zhu He (Reg. No. 66,452) on December 3rd, 2021.  During the telephone conference, Mr. Zhu has agreed and authorized the Examiner to amend claims 1-2, 5 and 17-18; to cancel claims 3-4, 7-16 and 19-20 and to add new claims 21-22. 
The application has been amended as follows:
CLAIMS
1.  (Currently amended) A principal device comprising:	at least one hardware processor; andat least one hardware processor for:		transmitting, to an identity provider server, a registration request comprising a user identifier associated with a user of the principal device;		receiving, from the identity provider server, a signature for authenticating the identity provider server to the principal device;		authenticating the identity provider server using the signature;		obtaining, from a trusted execution environment associated with the principal device, an authenticated encryption message based on the signature and a principal device key associated with the principal device, wherein the obtaining the authenticated encryption message comprises:                       	generating, by the trusted execution environment associated with the principal device, the authenticated encryption message using at least one symmetric key, wherein generating the at least one symmetric key comprises: 			deriving a first symmetric key and a second symmetric key from a first random number and a user password,			wherein the generating the authenticated encryption message comprises:			deriving a cipher text using the first symmetric key and deriving a message authentication code using the second symmetric key, wherein the cipher text is derived from a second random number, the principal device key, a device identifier associated with the principal device and a secondary identifier associated with the user of the principal device; and
2.	(Currently amended)	The principal device of claim 1, wherein the generating the at least one symmetric key comprises:	generating, by the trusted execution environment associated with the principal device, the at least one symmetric key 
3.-4. 	(Cancelled)
5. (Currently amended) The principal device of claim [[4]] 1, wherein the message authentication code is derived from the second random number, the principal device key, the device identifier and the secondary identifier.
6. (Original) The principal device of claim 1, wherein a secondary device comprises the trusted execution environment, and the secondary device is communicatively coupled to the principal device.
7.-16.	(Cancelled)	
 17.	(Currently amended)	A method for registering a principal device to an identity provider server, the method comprising:	transmitting, to the identity provider server, a registration request comprising a user identifier associated with a user of the principal device;, wherein the obtaining the authenticated encryption message comprises:                       	generating, by the trusted execution environment associated with the principal device, the authenticated encryption message using at least one symmetric key, wherein generating the at least one symmetric key comprises: 			deriving a first symmetric key and a second symmetric key from a first random number and a user password,			wherein the generating the authenticated encryption message comprises:			deriving a cipher text using the first symmetric key and deriving a message authentication code using the second symmetric key, wherein the cipher text is derived from a second random number, the principal device key, a device identifier associated with the principal device and a secondary identifier associated with the user of the principal device; and	transmitting, to the identity provider server, the authenticated encryption message for registration of the principal device.
18.	(Currently amended)	The method of claim 17, wherein the generating the at least one symmetric key comprises:the at least one symmetric key 
19.-20.	(Cancelled) 
21.	(New)	The method of claim 17, wherein the message authentication code is derived from the second random number, the principal device key, the device identifier and the secondary identifier.
22.	(New)	The method of claim 17, wherein a secondary device comprises the trusted execution environment, and the secondary device is communicatively coupled to the principal device.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/30/2021, 01/21/2021, 08/07/2020 and 03/26/2020 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Priority
 This application is a continuation of PCT Application Serial No. PCT/CN2017/103676, filed on September 27, 2017. 
Allowable Subject Matter
 Claims 1-2, 5-6, 17-18 and 21-22 are allowed in light of the Applicant’s arguments/amendments and in light of the prior art made of record.
 The following is an examiner’s statement of reasons for allowance: 
As to claims 1-2, 5-6, 17-18 and 21-22, the closest prior arts, Xia (US 2016/0381522), in view of Farrugia (9,264,234), in view of Peng (US 2018/0276664), in view of Leicher (US 9,490,984), in view of Everson (US 8,614,976), and further in view of Grandcolas (US 2012/0072714), alone or in combination fails to anticipate or render obvious the claim invention.  
Xia (prior art) discloses a collaboration system and method are provided; determining, whether a new group is to be created, determining whether to subscribe a guest device to an existing group, determining whether to join the guest device to a previously subscribed to group, when the guest device is to subscribe to the existing group, scanning for the existing group and transmitting a subscription request requesting that the guest device be subscribed to the existing group, and when the admin device is to join the previously subscribed to group, scanning for the previously subscribed to group and transmitting a join request requesting that the admin device be registered with the previously subscribed to group- See the abstract of Xia.
Farrugia (prior art) discloses a method of generating a signature for a computing device, the method comprising: receiving a particular value and a plurality of identifiers that each uniquely identifies the computing device, wherein each identifier is used to generate a different signature; applying a hash function using a combination of a received See the abstract and claim 1 of Farrugia.
Peng (prior art) discloses sending an encrypted first ciphertext to the local key server; obtaining the first random number and the second random number, encrypting the second random number by the first random number to generate a second ciphertext, seeking the corresponding device authentication key pair and device encryption key pair according to the device identifier, encrypting a device authentication private key and a device encryption private key through the first random number to generate a third ciphertext- See par. 0013-0014 and 0036 of Peng.
Leicher (prior art) discloses a method and apparatus for trusted authentication and logon is disclosed; a user registers an identity with an identity provider that is tightly bound to the user's specific platform, e.g., the TPM. If the user decides to login, for example to a service provider using this identity, the identity provider challenges the user to provide the correct credentials and in order to register such a claimed identity, the user must provide a valid AIK certificate to the identity provider- See the abstract and col.4; lines 1-8 of Leicher.
See the abstract and claim 1 of Everson.
Grandcolas (prior art) discloses a method and system for allowing a user to securely logon on to a host system via an electronic interface; The user is allowed to enter the user's credentials into the encryption applet, which generates a symmetric key (e.g., a DES key, a triple DES key, an AES key, or any other symmetric key algorithm) based on a random number generated by the encryption applet and encrypts the user's credentials with the symmetric key (e.g., to produce a cipherPIN) and also encrypts the symmetric key (e.g., the DES key, the triple DES key, the AES key, etc.)- See par. 0007-0008 and 0015 of Grandcolas.
However, none of Xia, Farrugia, Peng, Leicher, Everson and Grandcolas teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, 1 and 17.  For example, none of the cited prior art teaches or suggest the steps of obtaining, from a trusted execution environment associated with the principal device, an authenticated encryption message based on the signature and a principal device key associated with the principal device, wherein the obtaining the authenticated encryption message comprises: generating, by the trusted execution environment associated with the principal device, the authenticated encryption message using at least one symmetric key, wherein generating the at least one symmetric key comprises: deriving a first symmetric key and a second symmetric key from a first random number and a user password, wherein the generating the authenticated encryption message comprises: deriving a cipher text using the first symmetric key and deriving a message authentication code using the second symmetric key, wherein the cipher text is derived from a second random number, the principal device key, a device identifier associated with the principal device and a secondary identifier associated with the user of the principal device. 
These limitations, in conjunction with all other limitations, has not been disclosed, suggested or made obvious over the prior art of record either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.  For these reasons, as well as the other limitations and in the light of amendments to the claims of the independent claims, puts these claims in condition for allowance.
Claims 2, 5-6, 18 and 21-22 are directly or indirectly dependent upon claims 1 and 17 therefore, they are also allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Examiner, Art Unit 2495