Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 04/04/2022 has been entered.
This Office Action is in response to the communication and claim amendment filed on 04/04/2022; Claims 1, 8, and 15 have been amended; Claims 1, 8, and 15 are independent claims.  Claims 1-20 have been examined and are pending. 
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. GRIGGERS, CHARLES (Reg. No.: 47283) has agreed and authorized the Examiner to amend claims 1, 8, and 15; Canceled claims 6, 13, and 20.
The eTerminal Disclaimer filed on 05/03/2022 (US Patent 10,992,656).


Examiner’s Amendments
Claims
Replacing claims 1-20 as following:
 1.	(Currently Amended) A system for distributed profile and key management, comprising:
a client device; and
program instructions executable in the client device that, when executed by the client device, cause the client device to:
receive, by a first client application of the client device, a partially populated device profile, the partially populated device profile generated by a management service remotely located from the client device to configure at least one setting on the client device, the partially populated device profile as generated comprising a credential payload portion having a temporary string or an empty portion;
authenticate, by a second client application of the client device, the client device through communication with a third-party security service;
in response to the client device being authenticated, generate, by the second client application, a credential, wherein the credential is a derived credential, the derived credential being generated using at least one personal identity verification (PIV) card credential;
provide, by the second client application, the credential to the first client application;
modify, by the first client application, the partially populated device profile to include the credential to create a fully populated device profile by replacing the temporary string or inserting the credential to generate the fully populated device profile; and
cause, by the first client application, the client device to be configured in accordance with the fully populated device profile.

2.	(Original) The system of claim 1, wherein the first client application is an agent application executable on the client device.

3.	(Original) The system of claim 2, further comprising program instructions executable in the client device that, when executed by the client device, cause the client device to encrypt, by the agent application, the fully populated device profile.

4.	(Original) The system of claim 3, further comprising program instructions executable in the client device that, when executed by the client device, cause the client device to send, by the agent application, the fully populated device profile to the management service.

5.	(Original) The system of claim 1, wherein the client device is configured in accordance with the fully populated device profile using at least one device management feature of an Android® operating system.

6.	(Canceled)

7.	(Currently Amended) The system of claim 1 

8.	(Currently Amended) A non-transitory computer-readable medium for distributed profile and key management embodying program code executable in a client device that, when executed by the client device, causes the client device to:
receive, by a first client application of the client device, a partially populated device profile, the partially populated device profile generated by a management service remotely located from the client device to configure at least one setting on the client device, the partially populated device profile as generated comprising a credential payload portion having a temporary string or an empty portion;
authenticate, by a second client application, the client device through communication with a third-party security service;
in response to the client device being authenticated, generate, by the second client application, a credential, wherein the credential is a derived credential, the derived credential being generated using at least one personal identity verification (PIV) card credential;
provide, by the second client application, the credential to the first client application;
modify, by the first client application, the partially populated device profile to include the credential to create a fully populated device profile by replacing the temporary string or inserting the credential to generate the fully populated device profile; and
cause, by the first client application, the client device to be configured in accordance with the fully populated device profile.

9.	(Original) The non-transitory computer-readable medium of claim 8, wherein the first client application is an agent application executable on the client device.
10.	(Original) The non-transitory computer-readable medium of claim 9, further comprising program code executable in the client device that, when executed by the client device, causes the client device to encrypt, by the agent application, the fully populated device profile.

11.	(Original) The non-transitory computer-readable medium of claim 10, further comprising program code executable in the client device that, when executed by the client device, causes the client device to send, by the agent application, the fully populated device profile to the management service.

12.	(Original) The non-transitory computer-readable medium of claim 8, wherein the client device is configured in accordance with the fully populated device profile using at least one device management feature of an Android® operating system.

13.	(Canceled)

14.	(Currently Amended) The non-transitory computer-readable medium of claim 8 
15.	(Currently Amended) A computer-implemented method for distributed profile and key management, comprising:
receiving, by a first client application of the client device, a partially populated device profile, the partially populated device profile generated by a management service remotely located from the client device to configure at least one setting on the client device, the partially populated device profile as generated comprising a credential payload portion having a temporary string or an empty portion;
authenticating, by a second client application, the client device through communication with a third-party security service;
in response to the client device being authenticated, generating, by the second client application, a credential, wherein the credential is a derived credential, the derived credential being generated using at least one personal identity verification (PIV) card credential;
providing, by the second client application, the credential to the first client application;
modifying, by the first client application, the partially populated device profile to include the credential to create a fully populated device profile by replacing the temporary string or inserting the credential to generate the fully populated device profile; and
configuring, by the first client application, the client device in accordance with the fully populated device profile.

16.	(Original) The computer-implemented method of claim 15, wherein the first client application is an agent application executable on the client device.

17.	(Original) The computer-implemented method of claim 16, further comprising encrypting, by the agent application, the fully populated device profile.

18.	(Original) The computer-implemented method of claim 17, further comprising sending, by the agent application, the fully populated device profile to the management service.

19.	(Original) The computer-implemented method of claim 15, wherein the client device is configured in accordance with the fully populated device profile using at least one device management feature of an Android® operating system.

20.	(Canceled)

Examiner's Statement of reason for Allowance
Claims 1-5, 7-12, 14-19 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The invention is directed to a method/system/non-transitory computer-readable medium for distributed profile and key management. In one example, a client device can include an agent application and a PIV-D application. The agent application can receive a partially populated device profile generated by a management service to configure a setting on the client device. The PIV-D application can generate a derived credential and provide the derived credential to the agent application. The agent application can modify the partially populated device profile to include the credential to create a fully populated device profile and configure the client device in accordance with the fully populated device profile.
The closest prior arts are Rykowski et al. (“Rykowski,” US 10,122,577) and Entrust Datacard (“Entrust,” Mobile Derived PIV/CAC Credential – A Complete Solution For NIST 800-157, Nov 15th, 2014, pages 1-15) are generally directed to a system has a client device for generating a credential by a first client application in response to the client device being authenticated. The client device provides the credential to a second client application by the first client application and modifies a partially populated device profile to include the credential to create a fully populated device profile by the second client application, where the credential is a derived credential. The client device causes a client device main body to be configured in accordance with the fully populated device profile by the second client application.
However, none of Rykowski and Entrust teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims 1, 8, and 15.  For examples, it failed to teach “receive, by a first client application of the client device, a partially populated device profile, the partially populated device profile generated by a management service remotely located from the client device to configure at least one setting on the client device, the partially populated device profile as generated comprising a credential payload portion having a temporary string or an empty portion; authenticate, by a second client application, the client device through communication with a third-party security service; in response to the client device being authenticated, generate, by the second client application, a credential, wherein the credential is a derived credential, the derived credential being generated using at least one personal identity verification (PIV) card credential” and “modify, by the first client application, the partially populated device profile to include the credential to create a fully populated device profile by replacing the temporary string or inserting the credential to generate the fully populated device profile”
This feature in light of other features, when considered as a whole, in the independent claims 1, 8, and 15 are allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CANH LE whose telephone number is (571)270-1380.  The examiner can normally be reached on Monday-Friday: 6:00 AM-3:30 PM, other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Canh Le/
Examiner, Art Unit 2439

May 7th, 2022 



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439