DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. JP2018-115575, filed on June 18, 2018.

Specification
The abstract of the disclosure is objected for the following reason: 
It is recommended that the terms “TA” and “TEE” be initially defined before using abbreviations. 
Correction is required.  See MPEP § 608.01(b).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 7 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 7 recites the limitation "certification step" in line 7 of page 36.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-8 are rejected under 35 U.S.C. 103 as being unpatentable over Elnekaveh et al. (U.S. Pub. No. 2018/0035293 A1) hereinafter referred to as “Elnekaveh”, and further in view of Trostle et al. (U.S. Pub. No. 2018/0096137 A1) hereinafter referred to as “Trostle”.
Regarding Claim 1:
	Elnekaveh discloses the following limitations:
	A confirmation system comprising: a display device (Par. [0002], The present invention relates to authenticating a device utilizing a secure display). 
	that includes a first execution environment and a second execution environment that is guaranteed to be higher in safety than the first execution environment (Par. [0017], processor 102 may operate in a regular mode 103 and/or a secure mode 105 to create a trusted execution environment (TEE)) 
	and a verification device that verifies whether the display device works normally (Par. [0029], authentication to server 160 may include transmitting the identifier displayed on the secure display 139 to server 160 (and a verification device that verifies whether the display device works normally)). Elnekaveh teaches the device with a secure display authenticating itself to a server, i.e. the server verifies the display device.  
	wherein the display device has a generation unit that operates on the second execution environment and generates first information (Par. [0017], processor 102 may itself be a secure processor and/or operate in the secure mode 105 to create a trusted execution environment (TEE) to allow for security procedures, such as, running trusted applications (wherein the display device has a generation unit that operates on the second execution environment), utilizing keys, verifying signatures, and displaying identifiers on secure display 139; Par. [0008], display the identifier, or a derivative of the identifier (e.g., such as an item generated from the identifier, such as, a QR code or time based code, as will be described in more detail hereafter) (and generates first information)). Reference Elnekaveh teaches running trusted applications to generate an identifier.
	(taught by Trostle below)
	a reception unit that receives third information from the verification device (Par. [0039], a device may comprise a wireless transceiver with associated transmitter and receiver components (e.g., a transmitter and a receiver)). Elnekaveh teaches the device having a receiver, and this receiver enables receiving a server response and teaches authentication with a server, i.e. third information from the verification device. 
	and a first output unit that outputs the first information generated by the generation unit (Par. [0032], device 100 displays the identifier 226 on secure display 139 of display device 113 (and a first output unit that outputs the first information generated by the generation unit)). Elnekaveh teaches displaying the generated secure identifier on the display.
	(taught by Trostle below)
	(taught by Trostle below)
	an authentication unit that authenticates the display device (Par. [0032], device 100 displays the identifier 226 on secure display 139 of display device 113 to initiate the authentication process with server 160). Reference Elnekaveh teaches that the server performs authentication through the displayed indicator of the display device. Under the broadest reasonable interpretation, this teaches “confirming facts that the first information is being output and that a device outputting the first information is the display device”.
	(taught by Trostle below)
	and a second transmission unit (Par. [0039], a device may comprise a wireless transceiver with associated transmitter). Elnekaveh teaches the server being any type of device with communication interfaces necessary for its function, (Par. [0037], It should be appreciated that although a server and a device are provided as examples, the one-time initial provisioning and thereafter on-demand device identification processes may be utilized between any types of devices. It should be appreciated that device 100, server 160, and authentication device 180 may be any type of device. Further, device 100, server 160, and authentication device 180 may include appropriate processors, memories, and communication interfaces to implement the previously described function). As the server of Elnekaveh responds to the display device for authentication, Elnekaveh teaches the server having a transmitter. 
	(taught by Trostle below)

	Trostle discloses the following limitations not taught by Elnekaveh:
	a first transmission unit that transmits certification information for certifying validity of the generation unit to the verification device (Par. [0056], enrollment server 660 validates the information provided by registration enclave 628 in action 6.15. Enrollment server 660 validates the UDN by hashing the public verification key from the certificate received from registration enclave 628). Trostle teaches providing a certificate to an authentication server for validation.
	and also outputs the third information received by the reception unit (Par. [0038], The display of the window pattern is associated with a random code (and also outputs the third information received by the reception unit), which may be displayed within or alongside the window pattern; Par. [0058], registration enclave 628 returns the data (i.e., the shared secret window pattern's random code) to secure application enclave (received by the reception unit)). Reference Trostle however teaches displaying a random code along with a window pattern, i.e. a secure identifier, during certification of enrolment. This random code is received as the data portion in the response from a verification server (Par. [0057], the message includes a elliptic-curve digital signature algorithm (ECDSA) signature by enrollment server 660 in the form Sign Enroll Server ECDSA {enc_id∥challenge∥ID∥data}), i.e. third information received by the display device. While Trostle does disclose that the random code is prescribed beforehand (Par. [0038], the user selects the window pattern by entering the associated random code into web browser 630 of the secondary computing device) and that the display of the random code is temporary (Par. [0041], The random code will not be displayed as a part of the user window pattern on windows shown after enrollment of secure application enclave 618 is complete), the previously mentioned steps of displaying a random code occur throughout the enrolment process. Trostle further teaches using the received random code as a form of mutual authentication (Par. [0059], in action 6.19, secure application enclave 618 confirms whether the data (random code for the shared secret window pattern) returned by the registration enclave 628 is identical to the code stored). Therefore, while the random code of Trostle is prescribed beforehand, Trostle teaches the scenario of presenting the random code while simultaneously verifying a successful match of the generated/received codes, therefore teaching an output of the third information received by the display device under the broadest reasonable interpretation. 
	and the verification device has a verification unit that verifies whether the generation unit is valid on a basis of the certification information (Par. [0056], enrollment server 660 validates the information provided by registration enclave 628 in action 6.15. Enrollment server 660 validates the UDN by hashing the public verification key from the certificate received from registration enclave 628). Trostle teaches validation through the certificate provided.  
	when the validity of the generation unit is certified by the verification unit (Par. [0056], If the certificate is not valid, then an error is also returned to registration enclave). Trostle teaches validation of the certificate, and that authentication only proceeds once the certificate is validated. 
	a second output unit that outputs second information when the display device is authenticated by the authentication unit (Par. [0056], If the certificate is valid, the enrollment server 660 also sends a message to the test server). Trostle further teaches an output of second data, in the form of a message to a test server. Trostle further teaches that this can be used to track the number of registrations with the application (Par. [0056], counter reflecting the number of registrations for this UDN).  
	that transmits the third information to the display device when the display device is authenticated by the authentication unit (Par. [0057], Upon validation of the UDN and certificate in action 6.16, enrollment server 660 forwards a message to registration enclave 628 in action 6.17 (when the display device is authenticated by the authentication unit). In one embodiment, the message includes a elliptic-curve digital signature algorithm (ECDSA) signature by enrollment server 660 in the form Sign Enroll_Server_ECDSA{enc_id∥challenge∥ID∥data} (that transmits the third information to the display device when the display device is authenticated by the authentication unit)). Trostle further teaches transmitting the third information through the message, wherein the third information was previously argued to comprise the data portion of the message. 

	Elnekaveh teaches using authentication with a server, but does not teach using certification information for validation, the display device outputting data received from the server, or a second output unit. Reference Trostle however teaches all of these additional features, as shown above. Regarding the first aspect, Trostle further teaches that this provides an additional layer of security when verifying, as verifying the certificate is among one of the validation steps performed by Trostle (Par. [0056], If the hash result is not identical to the UDN, an error is returned to registration enclave 628. If the certificate is not valid, then an error is also returned to registration enclave 628). Regarding the second feature, Trostle further teaches the display device outputting data received from the server provides a form of mutual authentication (Par. [0059], in action 6.19, secure application enclave 618 confirms whether the data (random code for the shared secret window pattern) returned by the registration enclave 628 is identical to the code stored). Regarding the third feature, Trostle further teaches that this can be used to track the number of registrations with the application (Par. [0056], counter reflecting the number of registrations for this UDN). 
	References Elnekaveh and Trostle are considered to be analogous art because they both relate to systems for verifying an application in a trusted execution environment. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the authentication system of Elnekaveh with the certificate, random code, and second output unit of Trostle in order to gain the benefits of increased security, mutual verification of the server response during the authentication process, and the ability to track number of registrations with the application. 

Regarding Claim 3:
	The combination of references Elnekaveh/Trostle discloses Claim 1.
	Trostle further discloses the following limitation:
	wherein the verification device further has a random number code issuance unit that issues a random number code, the second output unit outputs the random number code as the second information, and the second transmission unit transmits the random number code as the third information (FIG 6A, send… data for shared secret (wherein the verification device further has a random number code issuance unit that issues a random number code); Par. [0056], the enrollment server 660 also sends a message to the test server 680 (the second output unit outputs the random number code as the second information); Par. [0057], enrollment server 660 forwards a message to registration enclave 628 in action 6.17. In one embodiment, the message includes a elliptic-curve digital signature algorithm (ECDSA) signature by enrollment server 660 in the form Sign Enroll_Server_ECDSA{enc_id∥challenge∥ID∥data} (and the second transmission unit transmits the random number code as the third information); Par. [0058], registration enclave 628 returns the data (i.e., the shared secret window pattern's random code) to secure application enclave). Under the broadest reasonable interpretation, “issue”, “output”, and “transmit” are all considered synonyms for providing a random number. Therefore, as reference Trostle teaches the enrolment server receiving the random code, this can be considered a random number issuance unit as it provides a random number code. Furthermore, Trostle teaches the outputting/transmission of a message of which the data section is a random number code. Therefore, as “issue”, “output”, and “transmit” are considered to be identical actions of providing, reference Trostle teaches units performing such actions under the broadest reasonable interpretation. 

	The reasons for motivation/combination of references Elnekaveh and Trostle remain the same as in Claim 1.

Regarding Claim 4:
	The combination of references Elnekaveh/Trostle discloses Claim 1.
	Elnekaveh further discloses the following limitation:
	wherein the second output unit outputs the second information using output means that is provided in the verification device and capable of switching an on-off state of output (Par. [0039], a device may comprise a wireless transceiver with associated transmitter and receiver components). Elnekaveh teaches using a wireless transceiver as the output unit. A transceiver is known to be capable of switching an on/off state of output through disconnection of power such as through a power switch (NPL - BaoFeng BF-888S, Page 2, lines 6-7, Turn clockwise to switch ON the transceiver. Turn counterclockwise to switch OFF transceiver). 
	(taught by Trostle below)
	
	Trostle further discloses the following limitation not taught by Elnekaveh:
	and the second transmission unit transmits a prescribed code informed to a user in advance as the third information (Par. [0038], The user selects the window pattern by entering the associated random code into web browser 630 (a prescribed code informed to a user in advance as the third information); Par. [0057], the message includes a elliptic-curve digital signature algorithm (ECDSA) signature by enrollment server 660 in the form Sign Enroll_Server_ECDSA{enc_id∥challenge∥ID∥data} (and the second transmission unit transmits)). The system of Trostle teaches that the random code is given to the user in advance before communicating with the enrolment server. That is, the selection of a window pattern and random code in Trostle occur before the transmission, as the system of Trostle transmits the random code for mutual verification purposes (Par. [0059], secure application enclave 618 confirms whether the data (random code for the shared secret window pattern) returned by the registration enclave 628 is identical to the code stored).

	The reasons for motivation/combination of references Elnekaveh and Trostle remain the same as in Claim 1.

Regarding Claim 5:
	The combination of references Elnekaveh/Trostle discloses Claim 1.
	Elnekaveh further discloses the following limitations:
	wherein the generation unit further generates identification information for identifying the generation unit (Par. [0027] the identifier, or a derivative of the identifier (e.g., a QR code or time based code), may be displayed on secure display 139 to initiate authentication with server (wherein the generation unit further generates identification information for identifying the generation unit)). Reference Elnekaveh teaches generation of identification information and derivatives of the identifier for authentication.
	the first transmission unit transmits the identification information to the verification device (Par. [0025], transmit the identifier through networks 150 over a different channel to server). Reference Elnekaveh teaches transmitting the identifier.
	(taught by Trostle below)
	(taught by Trostle below)
	and information stored in a storage unit and the identification information are identical when the information is stored in the prescribed storage unit of the verification device (Par. [0027], device 100 now has a securely stored identifier for association with the server 160. It should be appreciated that the nonce may be any unique identifier. Examples of this may include a universal unique I.D. (UUID), an encrypted blob, etc. (and information stored in a storage unit and the identification information are identical when the information is stored in the prescribed storage unit of the verification device)). Elnekaveh teaches that the identifier is associated with the server. This strongly suggests that authentication is performed by the server when a match of identical identifiers occurs, as given by the examples of a UUID and a nonce for identifiers. 
	(taught by Trostle below)
	(taught by Trostle below)

	Trostle further discloses the following limitations:
	together with the certification information (Par. [0056], the certificate received from registration enclave 628). Reference Trostle teaches transmitting certification information in the form of a certificate for authentication. 
	and the verification unit certifies that the generation unit is valid if the certification information is valid (Par. [0056], In action 6.16, enrollment server 660 validates the information provided by registration enclave). 
	and stores the identification information in the storage unit when the information is not stored in the storage unit and certifies that the generation unit is valid if the certification information is valid (Par. [0056], If the certificate is valid, then enrollment server 660 stores the certificate with the application identifier tuple (indexed by enc_id) for the main computing device). Reference Trostle teaches storing an application identifier during enrolment. 
	and the second transmission unit transmits the third information to the display device when the identification information is stored by the verification unit and the display device is authenticated by the authentication unit (Par. [0057], Upon validation of the UDN and certificate in action 6.16, enrollment server 660 forwards a message to registration enclave 628 in action 6.17 (and the second transmission unit transmits the third information to the display device when the identification information is stored by the verification unit and the display device is authenticated by the authentication unit)). As the combination of references Elnekaveh/Trostle were combined such that the third information is transmitted after authentication and the identification information is stored whenever the certification information is valid, the combination of references Elnekaveh/Trostle further teach sending the third information when the identification information is stored.  

	 The reasons for motivation/combination of references Elnekaveh and Trostle remain the same as in Claim 1.

Regarding Claim 6:
	Elnekaveh discloses the following limitations:
	A confirmation system comprising: a display device that includes a first execution environment and a second execution environment that is guaranteed to be higher in safety than the first execution environment (Par. [0002], Par. [0017]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1.
	and a verification device that verifies whether the display device works normally (Par. [0029]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1.
	wherein the display device has a generation unit that operates on the second execution environment and generates first information (Par. [0017], Par. [0008]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1.
	a first transmission unit that transmits identification information (Par. [0025]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	(taught by Trostle below)
	and a first output unit that outputs the first information generated by the generation unit (Par. [0032]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	(taught by Trostle below)
	an authentication unit that authenticates the display device (Par. [0032]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 

	(taught by Trostle below)

	Trostle discloses the following limitations not taught by Elnekaveh:
	input by a user (Par. [0038], The user selects the window pattern). Trostle teaches the user creation of a shared secret by selecting a window pattern. 
	together with certification information for certifying validity of the generation unit (Par. [0056]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 	
	and the verification device has a verification unit that verifies whether the generation unit is valid on a basis of the certification information (Par. [0056]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 	
	when the validity of the generation unit is certified by the verification unit (Par. [0056]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 	
	and a second output unit that outputs the identification information when the display device is authenticated by the verification unit (Par. [0057], Upon validation of the UDN and certificate in action 6.16, enrollment server 660 forwards a message to registration enclave 628 in action 6.17 (when the display device is authenticated by the authentication unit). In one embodiment, the message includes a elliptic-curve digital signature algorithm (ECDSA) signature by enrollment server 660 in the form Sign Enroll_Server_ECDSA{enc_id∥challenge∥ID∥data} (and a second output unit that outputs the identification information when the display device is authenticated by the verification unit)). Reference Trostle teaches that the enrolment server outputs a message which includes an ID field. This ID identifies the application (Par. [0058], Registration enclave 628 then compares the identifier ID from the signed message with the application identifier). 

	Reference Elnekaveh neither teaches using certification information for verification nor the second output unit outputting identification information input by a user. Reference Trostle teaches validation with certification information and further teaches that this provides an additional layer of security when verifying, as verifying the certificate is among one of the validation steps performed by Trostle (Par. [0056], If the hash result is not identical to the UDN, an error is returned to registration enclave 628. If the certificate is not valid, then an error is also returned to registration enclave 628). Reference Trostle teaches an identification information input by the user, and further teaches that this identification information can be used to authenticate the server’s response (Par. [0058], If the application identifier tuple values are equal, registration enclave 628 returns the data (i.e., the shared secret window pattern's random code) to secure application enclave 618 in action 6.18 over the secure (AES-GCM protected) channel. Otherwise, registration enclave 628 returns an error to secure application enclave 618.)
	References Elnekaveh and Trostle are considered to be analogous art because they both relate to systems for verifying an application in a trusted execution environment. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the authentication system of Elnekaveh with the random code of Trostle in order to gain the benefit of increased security through additional verification and verification of the server response during the authentication process. 

Regarding Claim 7:
	Elnekaveh discloses the following limitations:
	A confirmation method performed by a confirmation system having a display device that includes a first execution environment and a second execution environment that is guaranteed to be higher in safety than the first execution environment (Par. [0002], Par. [0017]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	and a verification device that verifies whether the display device works normally (Par. [0029]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	the confirmation method comprising: a generation step of generating first information by a generation unit that operates on the second execution environment (Par. [0017], Par. [0008]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	(taught by Trostle below)
	a first output step of outputting the first information generated in the generation step by the display device (Par. [0032]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	(taught by Trostle below)
	an authentication step of authenticating the display device by the verification device (Par. [0032]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	(taught by Trostle below)
	(taught by Trostle below)
	(taught by Trostle below)
	(taught by Trostle below)

	Trostle discloses the following limitations not taught by Elnekaveh:
	a first transmission step of transmitting certification information for certifying validity of the generation unit to the verification device by the display device (Par. [0056]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 
	a verification step of verifying whether the generation unit is valid on a basis of the certification information by the verification device (Par. [0056]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 
	when the validity of the generation unit is certified in the certification step (Par. [0056]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 
	a second output step of outputting second information by the verification device when the display device is authenticated in the verification step (Par. [0056]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 
	a second transmission step of transmitting the third information to the display device by the verification device when the display device is authenticated in the verification step (Par. [0057]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 
	a reception step of receiving the third information from the verification device by the display device (Par. [0058]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 
	and a third output step of outputting the third information received in the reception step by the display device (Par. [0038], Par. [0058]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 

	Elnekaveh teaches using authentication with a server, but does not teach using certification information for validation, the display device outputting data received from the server, or a second output unit. Reference Trostle however teaches all of these additional features, as shown above. Regarding the first aspect, Trostle further teaches that this provides an additional layer of security when verifying, as verifying the certificate is among one of the validation steps performed by Trostle (Par. [0056], If the hash result is not identical to the UDN, an error is returned to registration enclave 628. If the certificate is not valid, then an error is also returned to registration enclave 628). Regarding the second feature, Trostle further teaches the display device outputting data received from the server provides a form of mutual authentication (Par. [0059], in action 6.19, secure application enclave 618 confirms whether the data (random code for the shared secret window pattern) returned by the registration enclave 628 is identical to the code stored). Regarding the third feature, Trostle further teaches that this can be used to track the number of registrations with the application (Par. [0056], counter reflecting the number of registrations for this UDN). 
	References Elnekaveh and Trostle are considered to be analogous art because they both relate to systems for verifying an application in a trusted execution environment. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the authentication system of Elnekaveh with the certificate, random code, and second output unit of Trostle in order to gain the benefits of increased security, mutual verification of the server response during the authentication process, and the ability to track number of registrations with the application. 

Regarding Claim 8:
	Elnekaveh discloses the following limitations:
	A confirmation method performed by a confirmation system having a display device that includes a first execution environment and a second execution environment that is guaranteed to be higher in safety than the first execution environment (Par. [0002], Par. [0017]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	and a verification device that verifies whether the display device works normally (Par. [0029]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	the confirmation method comprising: a generation step of generating first information by a generation unit that operates on the second execution environment (Par. [0017], Par. [0008]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
a first transmission step of transmitting identification information (Par. [0025]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
(taught by Trostle below)
	a first output step of outputting the first information generated in the generation step by the display device (Par. [0032]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	 (taught by Trostle below)
	an authentication step of authenticating the display device by the verification device capable of confirming facts that the first information is being output and that a device outputting the first information is the display device (Par. [0032]). This limitation was shown to be disclosed by Elnekaveh in the rejection of Claim 1. 
	 (taught by Trostle below)

	Trostle discloses the following limitations not taught by Elnekaveh:
	input by a user (Par. [0038]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 6. 
	together with certification information for certifying validity of the generation unit by the display device (Par. [0056]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 
	a verification step of verifying whether the generation unit is valid on a basis of the certification information by the verification device (Par. [0056]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 
	when the validity of the generation unit is certified in the verification step (Par. [0056]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 1. 
	and a second output step of outputting the identification information by the verification device when the display device is authenticated in the verification step (Par. [0057]). This limitation was shown to be disclosed by Trostle in the rejection of Claim 6. 

	Reference Elnekaveh neither teaches using certification information for verification nor the second output unit outputting identification information input by a user. Reference Trostle teaches validation with certification information and further teaches that this provides an additional layer of security when verifying, as verifying the certificate is among one of the validation steps performed by Trostle (Par. [0056], If the hash result is not identical to the UDN, an error is returned to registration enclave 628. If the certificate is not valid, then an error is also returned to registration enclave 628). Reference Trostle teaches an identification information input by the user, and further teaches that this identification information can be used to authenticate the server’s response (Par. [0058], If the application identifier tuple values are equal, registration enclave 628 returns the data (i.e., the shared secret window pattern's random code) to secure application enclave 618 in action 6.18 over the secure (AES-GCM protected) channel. Otherwise, registration enclave 628 returns an error to secure application enclave 618.)
	References Elnekaveh and Trostle are considered to be analogous art because they both relate to systems for verifying an application in a trusted execution environment. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the authentication system of Elnekaveh with the random code of Trostle in order to gain the benefit of increased security through additional verification and verification of the server response during the authentication process. 

	Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over the combination of Elnekaveh/Trostle and further in view of Deacon et al. (U.S. Patent No. 8,572,368 B1), hereinafter referred to as “Deacon”.
Regarding Claim 2:
	The combination of references Elnekaveh/Trostle discloses Claim 1.
	Trostle further discloses the following limitations:
	
	the first transmission unit transmits (Par. [0056], Enrollment server 660 validates the UDN by hashing the public verification key from the certificate received from registration enclave 628). Reference Trostle teaches providing a digital certificate for validation during the enrolment process. In combination with the public key generated by Deacon, this teaches the public key certificate of the public key. 
	verification unit verifies whether (Par. [0056], Enrollment server 660 validates the UDN by hashing the public verification key from the certificate received from registration enclave 628). Reference Trostle teaches the server validating the public key certificate.
	the second transmission unit transmits the third information after encrypting the same with the public key and the reception unit decrypts the encrypted third information (Par. [0055], an authenticated exchange can be performed between registration enclave 628 and enrollment server 660 to set up an authenticated encrypted channel). Reference Trostle teaches the creation of an encrypted channel. In combination with the public key generated by Deacon, this teaches encrypting the third information for communication as it has been shown previously that the transmission unit transmits the third information (Par. [0057], enrollment server 660 forwards a message to registration enclave 628 in action 6.17).

	Deacon discloses the following limitations not taught by the combination of Elnekaveh/Trostle:
	wherein the generation unit further generates a pair of a secret key and a public key (Col. 8, lines 66-67, signing module 106 may create a new asymmetric key pair for each application). Reference Deacon teaches generation of an asymmetric key pair.
	the first transmission unit transmits a code signing certificate of the generation unit (Abstract, signing the code by generating a unique, code-specific digital certificate … providing the code-specific digital certificate (the first transmission unit transmits a code signing certificate of the generation unit … to the verification device as the certification information)). Reference Deacon teaches transmitting the code signing certificate for attestation of integrity.
	verification unit verifies whether the code signing certificate (Col. 10, line 35-36, a relying party may validate code-specific digital certificate 500). Reference Deacon teaches verification of a code signing certificate.

	The combination of references Elnekaveh and Trostle do not teach a code signing certificate. Reference Deacon teaches transmitting the code signing certificate for attestation of integrity. Deacon further teaches that using such a code signing certificate helps to detect tampering of the code (Col. 10, lines 42-45, Validating the digital signature in this manner may verify that the copy of code 203 contained within the code-signing request has not been modified or tampered with since leaving the possession of the software publisher).
	The combination of references Elnekaveh/Trostle and Deacon are considered to be analogous art because they relate to authentication systems of application integrity. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the authentication system of Elnekaveh/Trostle with the code signing certificate of Deacon in order to gain the benefit of tamper detection of the code.

Related Art
	The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: 
Ekdahl (U.S. Pub No. 2013/0263215 A1) – Includes methods related to display authentication
Caceres et al. (U.S. Pub. No. 2016/0381003 A1) – Includes methods related to biometric authentication and a type of outputting information in the form of a notification

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/E.V.V./Examiner, Art Unit 2431                                                                                                                                                                                                        /LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431