DETAILED ACTION
This Office Action is in response to the application 16/787,056 filed on 02/11/2020.
Claims 1-10, 15, 17, 19, 21, 23-28 have been examined and are pending.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This Action is made Non-FINAL.
Priority
The present application claim priority to PCT/CN 2018/097027, filed on July 25, 2018, which claims priority to CN201710632863.4, filed July 28, 2017. 
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 07/08/2020 and 06/04/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements have been considered by the examiner.
Examiner’s Notes:
In attempt to promote compact prosecution, the examiner contacted applicant’s representative, Aaron Wong (Reg. No.: 61871), on March 04, 2022 to discuss possible Examiner’s Amendment. However, the applicant and the examiner were unable to reach an agreement.
Claim Objection: 
Claims 15, an independent claim directed to electronic device, recites “implement the step of the method according to claim 1.” Claim 15 should be rewritten into proper independent claim format and explicitly state its limitations and without reference to a related method claim. Similarly, device claim 17, which recites “implement the step of the method according to claim 4,” should be rewritten into proper format. Correction is requested. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically discloses as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4, 15 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Mistry et al. (“Mistry,” US 20170094509, published Mar. 30, 2017) in view of Song (“Song,” US 9331856, patented May 6, 2016). 
Regarding claim 1, Mistry discloses a security authentication method, comprising:  
performing, based on a transmitted password authentication message, password authentication with a server and acquiring a result of the password authentication (Mistry FIG. 7, [0127], [0129]. The certificate management system server 728 may be a single-server or multi-server system, or a cloud-based system, including at least one virtualization server. As part of the launch command, the enrollment application 712 may provide the user password received from the user of the mobile computing device 710 to the certificate management system application 714. The certificate management system application 714 may be configured to authenticate the user of the mobile computing device and the mobile computing device with the certificate management system server 728.); 
sending a request authentication message to the server in a case that the result of the password authentication is determined to indicate that the password authentication is successful (Mistry FIG. 7, [0130]. After the user has been authenticated, the certificate management system application 714 may request and receive at least one or more derived credentials from the certificate management system server 728. The derived credentials may comprise enrollment credentials, secure/ Multipurpose Internet Mail Extensions (S/MIME) encryption and signing certificates, other network credentials, encryption certificates, signing certificates, and the like.); 
receiving a response authentication message, returned based on a received request authentication message by the server, comprising a server certificate and a digital signature value (Mistry FIG. 7, [0104], [0130]. SSL certificate validation may be operable so the application specifically validates the server SSL certificate. After the user has been authenticated, the certificate management system application 714 may request and receive at least one or more derived credentials from the certificate management system server 728. The derived credentials may comprise enrollment credentials, Secure/ Multipurpose Internet Mail Extensions (S/MIME) encryption and signing certificates, other network credentials, encryption certificates, signing certificates, and the like [note that certificates has digital signatures that is associated with or bind to a public key of the certificate].).  
Mistry does not explicitly disclose: 
wherein the server certificate comprises a public key of the server, and the digital signature value is acquired based on the request authentication message and the password authentication message; 
verifying the digital signature value comprised in the response authentication message based on the public key of the server, to acquire a result of security authentication.
However, in an analogous art, Song discloses a method comprising the steps of: 
wherein the server certificate comprises a public key of the server (Song col. 8: 52-57, 59-61. Decryption module 106 may decrypt digital signature 212 on object 208 to obtain a decrypted digital signature in a variety of ways. In some examples, decryption module 106 may decrypt the digital signature on the object to obtain the decrypted digital signature at least in part by decrypting the digital signature using a public key. The overall digital signature system may encrypt data and/or protect the public key using a public-key infrastructure, third party certificate authority.), and 
the digital signature value is acquired based on the [request authentication] message and the [password authentication] message (Song col. 8: 35-42. In the case of signing multiple messages, sub-messages, and/or hashes of messages or sub-messages, the signer may orient them, prior to digital signing []  in a predetermined manner known or shared with the reader [ ] such as concatenating them (e.g., in a predetermined order) and/or interweaving them.); 
verifying the digital signature value comprised in the response authentication message based on the public key of the server, to acquire a result of security authentication (Song col. 8: 59-61; col. 10: 21-22, 53-56, 60-64. The overall digital signature system may encrypt data and/or protect the public key using a public-key infrastructure, third party certificate authority. Decryption module 106 may decrypt digital signature 212 using a public key. Returning to FIG.3, at step 306 one or more of the systems described herein may attempt, using the processor of the smart glasses, to validate the object by comparing content of the object with the decrypted digital signature. As used herein, the phrase “validate the object' generally refers to verifying that a digital signature on the object is authentic, including for example verifying that the decrypted digital signature matches corresponding content on the object (or a hash thereof).). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Song with the teachings of Mistry to include: verifying the digital signature value comprised in the response authentication message based on the public key of the server, to provide users with a means for enabling mobile devices (e.g., phone or smart glass) to authenticate a digital signature of messages using the public key infrastructure.  (See Song col. 10: 53-56, 60-64.)


Regarding claim 4, Mistry discloses an authentication method, comprising:  
receiving a request authentication message sent by a client based on a result of password authentication indicating that password authentication is successful (Mistry FIG. 7, [0127], [0130]. As part of the launch command, the enrollment application 712 may provide the user password received from the user of the mobile computing device 710 to the certificate management system application 714. After the user has been authenticated, the certificate management system application 714 may request and receive at least one or more derived credentials from the certificate management system server 728. The derived credentials may comprise enrollment credentials, Secure/ Multipurpose Internet Mail Extensions (S/MIME) encryption and signing certificates, other network credentials, encryption certificates, signing certificates, and the like.), 
wherein the result of the password authentication is acquired by performing the password authentication based on a transmitted password authentication message (Mistry [0127], [0129]. The certificate management system server 728 may be a single-server or multi-server system, or a cloud-based system, including at least one virtualization server. As part of the launch command, the enrollment application 712 may provide the user password received from the user of the mobile computing device 710 to the certificate management system application 714. The certificate management system application 714 may be configured to authenticate the user of the mobile computing device and the mobile computing device with the certificate management system server 728.); 
sending a response authentication message comprising a local server certificate and the digital signature value to the client (Mistry FIG. 7, [0104], [0130]. SSL certificate validation may be operable so the application specifically validates the server SSL certificate. After the user has been authenticated, the certificate management system application 714 may request and receive at least one or more derived credentials from the certificate management system server 728. The derived credentials may comprise enrollment credentials, Secure/ Multipurpose Internet Mail Extensions (S/MIME) encryption and signing certificates, other network credentials, encryption certificates, signing certificates, and the like.). 
Mistry does not explicitly disclose: 
digitally signing the received request authentication message and the password authentication message based on a local private key to acquire a digital signature value; 
to trigger the client to verify the digital signature value based on a public key of a server comprised in the server certificate and acquire a result of security authentication. 
However, in an analogous art, Song discloses an authentication method comprising the steps of: 
digitally signing the received [request authentication] message and the [password authentication message] based on a local private key to acquire a digital signature value (Song col. 8: 35-42. In the case of signing multiple messages, sub-messages, and/or hashes of messages or sub-messages, the signer may orient them, prior to digital signing []  in a predetermined manner known or shared with the reader [ ] such as concatenating them (e.g., in a predetermined order) and/or interweaving them.); 
to trigger the client to verify the digital signature value based on a public key of a server comprised in the server certificate and acquire a result of security authentication (Song col. 8: 59-61; col. 10: 21-22, 53-56, 60-64. The overall digital signature system may encrypt data and/or protect the public key using a public-key infrastructure, third party certificate authorityDecryption module 106 may decrypt digital signature 212 using a public key. Returning to FIG.3, at step 306 one or more of the systems described herein may attempt, using the processor of the smart glasses, to validate the object by comparing content of the object with the decrypted digital signature. As used herein, the phrase “validate the object' generally refers to verifying that a digital signature on the object is authentic, including for example verifying that the decrypted digital signature matches corresponding content on the object (or a hash thereof). [Note the public key can be public key of a certificate authority. See col. 8: 59-61.]). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Song with the teachings of Mistry to include:  verifying the digital signature value comprised in the response authentication message based on the public key of the server, to provide users with a means for enabling mobile devices (e.g., phone or smart glass) to authenticate a digital signature of messages using the public key infrastructure.  (See Song col. 10: 53-56, 60-64.)
Regarding claim 15, claim 15 is directed to an electronic device corresponding to the method of claim 1. Claim 15 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Regarding claim 17, claim 17 is directed to an electronic device corresponding to the method of claim 4. Claim 17 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Claims 2-3, 5-6, 23-24 and 25-26 are rejected under 35 U.S.C. 103 as being unpatentable over Mistry et al. (“Mistry,” US 20170094509, published Mar. 30, 2017) in view of Song (“Song,” US 9331856, patented May 6, 2016) and Fujii et al. (“Fujii,” US 20100191967, published July 29, 2010). 
Regarding claim 2, Mistry and Song disclose the method of claim 1. 
Mistry further discloses wherein sending the request authentication message to the server in a case that the result of the password authentication is determined to indicate that the password authentication is successful, specifically comprises: sending the request authentication message to the server in a case that the result of the password authentication is determined to indicate that the password authentication is successful, to trigger the server to perform following steps (Mistry [0127], [0129] – [0130]. As part of the launch command, the enrollment application 712 may provide the user password received from the user of the mobile computing device 710 to the certificate management system application 714. The certificate management system application 714 may use at least one or more authentication mechanisms to authenticate with the certificate management system server 728, as required by the enterprise. After the user has been authenticated, the certificate management system application 714 may request and receive at least one or more derived credentials from the certificate management system server 728. The derived credentials may comprise enrollment credentials, Secure/ Multipurpose Internet Mail Extensions (S/MIME) encryption and signing certificates, other network credentials, encryption certificates, signing certificates, and the like.): 
Song further discloses: digitally signing the first hash value based on a local private key to acquire a digital signature value of the request authentication message (Song col. 4: 42-50. As a last example, database 120 may also be configured to store digital signatures 130. In some embodiments, digital signatures may correspond to content and/or hashes of a message encrypted using a signer's private key.). 
Mistry and Song do not explicitly disclose: 
performing a hash operation on the password authentication message and the request authentication message to acquire a first hash value. 
However, in an analogous art, Fujii discloses a method comprising the step of: 
performing a hash operation on the [password authentication]  message and the [request authentication message] to acquire a first hash value (Fujii [0183] – [0184], [0187]. The function of creating a Client Hello message (first message) including the client random number and sending the Client Hello message to the server apparatus 200a. The function of receiving, after sending the Client Hello message, a Server Hello message (second message) including a server random number (second random number) from the server apparatus 200a through the communication unit 101. The function of generating, by an encrypting unit 111, an encryption parameter by a hash algorithm, based on the client random number (first random number) and the server random number (second random number).). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Fujii with the teachings of Song and Mistry to include:  performing a hash operation on the password authentication message and the request authentication message to acquire a first hash value, to provide users with a means for mutual authentication through device hand-shake protocol.  (See Fujii [0187].)
Regarding claim 3, Mistry and Song disclose the method of claim 1. 
Song further discloses wherein verifying the digital signature value comprised in the response authentication message based on the public key of the server, to acquire the result of the security authentication, comprises (Song col. 10: 21-22, 53-56, 60-64. Decryption module 106 may decrypt digital signature 212 using a public key. Returning to FIG.3, at step 306 one or more of the systems described herein may attempt, using the processor of the smart glasses, to validate the object by comparing content of the object with the decrypted digital signature. As used herein, the phrase “validate the object' generally refers to verifying that a digital signature on the object is authentic, including for example verifying that the decrypted digital signature matches corresponding content on the object (or a hash thereof). [Note the public key can be public key of a certificate authority. See col. 8: 59-61.]): 
acquiring a verification digital signature value by using a preset digital signature verification algorithm based on the public key and the second hash value; acquiring the result of the security authentication based on a result of comparing the digital signature value with the verification digital signature value (Song col. 10: 21-22, 53-56, 60-64. Decryption module 106 may decrypt digital signature 212 using a public key. Returning to FIG.3, at step 306 one or more of the systems described herein may attempt, using the processor of the smart glasses, to validate the object by comparing content of the object with the decrypted digital signature. As used herein, the phrase “validate the object' generally refers to verifying that a digital signature on the object is authentic, including for example verifying that the decrypted digital signature matches corresponding content on the object (or a hash thereof). [Note the public key can be public key of a certificate authority. See col. 8: 59-61.]).
Fujii further discloses performing a hash operation on the [password authentication] message and the [request authentication] message to acquire a second hash value (Fujii [0183] – [0184], [0187]. The function of creating a Client Hello message (first message) including the client random number and sending the Client Hello message to the server apparatus 200a. The function of receiving, after sending the Client Hello message, a Server Hello message (second message) including a server random number (second random number) from the server apparatus 200a through the communication unit 101. The function of generating, by an encrypting unit 111, an encryption parameter by a hash algorithm, based on the client random number (first random number) and the server random number (second random number).). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Fujii with the teachings of Song and Mistry to include:  performing a hash operation on the password authentication message and the request authentication message to acquire a first hash value, to provide users with a means for mutual authentication through device hand-shake protocol.  (See Fujii [0187].) 
Regarding claim 5, Mistry and Song disclose the method of claim 4. Song further discloses: 
wherein digitally signing the received request authentication message and the password authentication message based on the local private key to acquire the digital signature value, specifically comprises: digitally signing the first hash value based on the private key to acquire a digital signature value of the request authentication message (Song col. 5: 32-35; col. 8: 35-42. Digital signature 212 may correspond to the result of encrypting all or part of message 210 with the signer's private key or the result of encrypting a hash of all or part of message 210. In the case of signing multiple messages, sub-messages, and/or hashes of messages or sub-messages, the signer may orient them, prior to digital signing []  in a predetermined manner known or shared with the reader [ ] such as concatenating them (e.g., in a predetermined order) and/or interweaving them.). 
Fujii further discloses performing a hash operation on the [password authentication] message and the [request authentication] message to acquire a first hash value (Fujii [0183] – [0184], [0187]. The function of creating a Client Hello message (first message) including the client random number and sending the Client Hello message to the server apparatus 200a. The function of receiving, after sending the Client Hello message, a Server Hello message (second message) including a server random number (second random number) from the server apparatus 200a through the communication unit 101. The function of generating, by an encrypting unit 111, an encryption parameter by a hash algorithm, based on the client random number (first random number) and the server random number (second random number).). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Fujii with the teachings of Song and Mistry to include:  performing a hash operation on the password authentication message and the request authentication message to acquire a first hash value, to provide users with a means for mutual authentication through device hand-shake protocol.  (See Fujii [0187].) 
Regarding claim 6, Mistry and Song disclose the method of claim 4. 
Mistry further discloses wherein sending the response authentication message comprising the local server certificate and the digital signature value to the client, sending the response authentication message comprising the local server certificate and the digital signature value to the client (Mistry FIG. 7, [0104], [0130]. SSL certificate validation may be operable so the application specifically validates the server SSL certificate. After the user has been authenticated, the certificate management system application 714 may request and receive at least one or more derived credentials from the certificate management system server 728. The derived credentials may comprise enrollment credentials, Secure/ Multipurpose Internet Mail Extensions (S/MIME) encryption and signing certificates, other network credentials, encryption certificates, signing certificates, and the like [note that certificates has digital signatures that is associated with or bind to a public key of the certificate].).  
Song further discloses to trigger the client perform the following steps: to trigger the client to verify the digital signature value based on the public key of the server comprised in the server certificate and acquire the result of security authentication, comprises: acquiring a verification digital signature value based on the public key and the second hash value by using a preset digital signature verification algorithm, and acquiring the result of security authentication result based on a result of comparing the digital signature value with the verification digital signature value (Song col. 10: 21-22, 53-56, 60-64. Decryption module 106 may decrypt digital signature 212 using a public key. Returning to FIG.3, at step 306 one or more of the systems described herein may attempt, using the processor of the smart glasses, to validate the object by comparing content of the object with the decrypted digital signature. As used herein, the phrase “validate the object' generally refers to verifying that a digital signature on the object is authentic, including for example verifying that the decrypted digital signature matches corresponding content on the object (or a hash thereof). [Note the public key can be public key of a certificate authority. See col. 8: 59-61.]).
Fujii further discloses performing a hash operation on the [password authentication] message and the [request authentication message] to acquire a second hash value (Fujii [0183] – [0184], [0187]. The function of creating a Client Hello message (first message) including the client random number and sending the Client Hello message to the server apparatus 200a. The function of receiving, after sending the Client Hello message, a Server Hello message (second message) including a server random number (second random number) from the server apparatus 200a through the communication unit 101. The function of generating, by an encrypting unit 111, an encryption parameter by a hash algorithm, based on the client random number (first random number) and the server random number (second random number).). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Fujii with the teachings of Song and Mistry to include:  performing a hash operation on the password authentication message and the request authentication message to acquire a first hash value, to provide users with a means for mutual authentication through device hand-shake protocol.  (See Fujii [0187].) 
Regarding claim 23, claim 23 is directed to an electronic device corresponding to the method of claim 2. Claim 23 is similar in scope to claim 2 and is therefore rejected under similar rationale.
Regarding claim 24, claim 24 is directed to an electronic device corresponding to the method of claim 3. Claim 24 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding claim 25, claim 25 is directed to an electronic device corresponding to the method of claim 5. Claim 25 is similar in scope to claim 5 and is therefore rejected under similar rationale.
Regarding claim 26, claim 26 is directed to an electronic device corresponding to the method of claim 6. Claim 26 is similar in scope to claim 6 and is therefore rejected under similar rationale.
Claims 7-8, 9-10, 19, 27, 21 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Mistry et al. (“Mistry,” US 20170094509, published Mar. 30, 2017) in view of Fujii et al. (“Fujii,” US 20100191967, published July 29, 2010) and Monica et al. (“Monica,” US 8874913, patented Oct 28, 2014). 
Regarding claim 7, Mistry discloses a security authentication method, comprising:  
performing password authentication with a server based on a transmitted password authentication message to acquire a result of the password authentication (Mistry FIG. 7, [0127], [0129]. The certificate management system server 728 may be a single-server or multi-server system, or a cloud-based system, including at least one virtualization server. As part of the launch command, the enrollment application 712 may provide the user password received from the user of the mobile computing device 710 to the certificate management system application 714. The certificate management system application 714 may be configured to authenticate the user of the mobile computing device and the mobile computing device with the certificate management system server 728.); 
sending a request authentication message to the server in a case that the result of the password authentication is determined to indicate that the password authentication is successful, and receiving a response authentication message comprising a server certificate returned based on the request authentication message by the server (Mistry FIG. 7, [0130]. After the user has been authenticated, the certificate management system application 714 may request and receive at least one or more derived credentials from the certificate management system server 728. The derived credentials may comprise enrollment credentials, secure/ Multipurpose Internet Mail Extensions (S/MIME) encryption and signing certificates, other network credentials, encryption certificates, signing certificates, and the like.). 
Mistry does not explicitly disclose: 
wherein the server certificate comprises a public key of the server; 
generating a random number, performing a hash operation on the password authentication message, and the request authentication message hash value, encrypting the First Named Inventor : Fuwen Liu Page:6 random number and the hash value by using the public key of the server to acquire an encrypted value, and sending the encrypted value to the server. 
However, in an analogous art, Fujii discloses a method comprising the step of: 
wherein the server certificate comprises a public key of the server (Fujii FIG. 2, [0102]. In the key saving unit 204, a server certificate including a public key of the server apparatus 200 and a private key associated with the public key are saved); 
generating a random number, performing a hash operation on the [password authentication] message, and the [request authentication] message to acquire hash value (Fujii [0183] – [0184], [0187]. The function of creating a Client Hello message (first message) including the client random number and sending the Client Hello message to the server apparatus 200a. The function of receiving, after sending the Client Hello message, a Server Hello message (second message) including a server random number (second random number) from the server apparatus 200a through the communication unit 101. The function of generating, by an encrypting unit 111, an encryption parameter by a hash algorithm, based on the client random number (first random number) and the server random number (second random number).), 
encrypting the First Named Inventor : Fuwen LiuPage:6random number and the hash value by using the [public key] of the server to acquire an encrypted value, and sending the encrypted value to the server (Fujii [0188]. [E]ncrypting, by the encrypting unit 111 [ ] based on the encryption parameter and notifying the server apparatus 200a of the resulting encrypted biometric information through the communication unit 101 and thereby continuing the agreement process.). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Fujii with the teachings Mistry to include:  performing a hash operation on the password authentication message and the request authentication message to acquire a first hash value, to provide users with a means for mutual authentication through device hand-shake protocol.  (See Fujii [0187].)
Mistry and Fujii do not explicitly disclose: 
receiving a verification random number returned based on the encrypted value by the server, and acquiring a result of security authentication based on a result of comparing the random number with the verification random number, wherein the verification random number is acquired by decrypting the encrypted value using a private key.
However, in an analogous art, Monica discloses a method comprising the step of: 
receiving a verification random number returned based on the encrypted value by the server, and acquiring a result of security authentication based on a result of comparing the random number with the verification random number, wherein the verification random number is acquired by decrypting the encrypted value using a private key (Monica col. 7: 22-40. For example, device A can generate a random number. Device A can retrieve Device B's public key from Device A's database of known devices and encrypt the random number using Device B's public key (previously received in the pairing process shown in FIG. 2A). If Device B is trusted, Device B can decrypt the random number using its private key, increment the random number, retrieve Device As public key from Device B's database of known devices, and re-encrypt the random number using Device A's public key (also previously received in the pairing process shown in FIG. 2A). After Device B sends the data to Device A, Device A can decrypt the random number using its private key and ensure the random number was correctly incremented. At this point, Device A can trust Device B, a session is started between the two devices, and secure communication can commence using the keys to encrypt communications between the devices. In some implementations, a session can be started by exchanging public keys.). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Monica with the teachings of Fujii and Mistry to include:  acquiring a result of security authentication based on a result of comparing the random number with the verification random number, to provide users with a means for mutual authentication through a hand-shake protocol.  (See Monica col. 7: 20-22.)
Regarding claim 8, Mistry, Fujii and Monica discloses the method of claim 7. Fujii further discloses: 
wherein generating a random number, performing a hash operation on the [password authentication] message and the [request authentication] message to acquire a hash value (Fujii [0183] – [0184], [0187]. The function of creating a Client Hello message (first message) including the client random number and sending the Client Hello message to the server apparatus 200a. The function of receiving, after sending the Client Hello message, a Server Hello message (second message) including a server random number (second random number) from the server apparatus 200a through the communication unit 101. The function of generating, by an encrypting unit 111, an encryption parameter by a hash algorithm, based on the client random number (first random number) and the server random number (second random number).), encrypting the random number and the hash value by using the public key of the server to acquire an encrypted value comprises (Fujii [0188]. [E]ncrypting, by the encrypting unit 111 [ ] based on the encryption parameter and notifying the server apparatus 200a of the resulting encrypted biometric information through the communication unit 101 and thereby continuing the agreement process.) : 
performing the hash operation on the password authentication message and the request authentication message to acquire a-the hash value (Fujii [0183] – [0184], [0187]. The function of creating a Client Hello message (first message) including the client random number and sending the Client Hello message to the server apparatus 200a. The function of receiving, after sending the Client Hello message, a Server Hello message (second message) including a server random number (second random number) from the server apparatus 200a through the communication unit 101. The function of generating, by an encrypting unit 111, an encryption parameter by a hash algorithm, based on the client random number (first random number) and the server random number (second random number).);
encrypting the random number and the hash value based on the [public] key to acquire an the encrypted value (Fujii [0188]. [E]ncrypting, by the encrypting unit 111 [ ] based on the encryption parameter and notifying the server apparatus 200a of the resulting encrypted biometric information through the communication unit 101 and thereby continuing the agreement process.). 
Monica further discloses: acquiring a locally generated random number in a case that the received response authentication message is determined to comprise the public key (Monica col. 7: 22-26, 39-40. For example, device A can generate a random number. Device A can retrieve Device B's public key from Device A's database of known devices and encrypt the random number using Device B's public key (previously received in the pairing process shown in FIG. 2A). In some implementations, a session can be started by exchanging public keys.).
The motivation is the same as that of claim 7 above. 
Regarding claim 9, Mistry discloses a security authentication method, comprising:  
receiving a request authentication message sent by a client based on a result of password authentication indicating that the password authentication is successful, wherein the result of the password authentication is acquired by performing the password authentication based on a transmitted password authentication message (Mistry FIG. 7, [0127], [0129]. The certificate management system server 728 may be a single-server or multi-server system, or a cloud-based system, including at least one virtualization server. As part of the launch command, the enrollment application 712 may provide the user password received from the user of the mobile computing device 710 to the certificate management system application 714. The certificate management system application 714 may be configured to authenticate the user of the mobile computing device and the mobile computing device with the certificate management system server 728.); 
sending a response authentication message comprising a local server certificate to the client based on the request authentication message (Mistry FIG. 7, [0130]. After the user has been authenticated, the certificate management system application 714 may request and receive at least one or more derived credentials from the certificate management system server 728. The derived credentials may comprise enrollment credentials, secure/ Multipurpose Internet Mail Extensions (S/MIME) encryption and signing certificates, other network credentials, encryption certificates, signing certificates, and the like.).
Mistry do not explicitly disclose:   First Named Inventor : Fuwen Liu Page:7 
receiving an encrypted value sent based on the response authentication message by the client, wherein the encrypted value is acquired by generating a random number, performing a hash operation on the password authentication message and the request authentication message to acquire a hash value, and encrypting the random number and the hash value by using a public key of a server to acquire the encrypted value at the client. 
However, in an analogous art, Fujii discloses a method comprising the step of: 
receiving an encrypted value sent based on the response authentication message by the client (Fujii [0197]. The function of receiving []encrypted [ ] based on the client random number (first random number) and the server random number (second random number), from the client apparatus 100a through the communication unit 201.), 
wherein the encrypted value is acquired by generating a random number, performing a hash operation on the password authentication message and the request authentication message to acquire a hash value (Fujii [0183] – [0184], [0187]. The function of creating a Client Hello message (first message) including the client random number and sending the Client Hello message to the server apparatus 200a. The function of receiving, after sending the Client Hello message, a Server Hello message (second message) including a server random number (second random number) from the server apparatus 200a through the communication unit 101. The function of generating, by an encrypting unit 111, an encryption parameter by a hash algorithm, based on the client random number (first random number) and the server random number (second random number).), 
and encrypting the random number and the hash value by using a [public] key of a server to acquire the encrypted value at the client (Fujii [0188]. [E]ncrypting, by the encrypting unit 111 [ ] based on the encryption parameter and notifying the server apparatus 200a of the resulting encrypted biometric information through the communication unit 101 and thereby continuing the agreement process.). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Fujii with the teachings Mistry to include:  performing a hash operation on the password authentication message and the request authentication message to acquire a first hash value, to provide users with a means for mutual authentication through device hand-shake protocol.  (See Fujii [0187].)
Mistry and Fujii do not explicitly disclose:
decrypting the encrypted value based on a local private key to acquire an verification random number, sending the verification random number to the client, to trigger the client to acquire a result of security authentication based on a result of comparing the random number with the verification random number.
However, in an analogous art, Monica discloses a method comprising the step of: 
decrypting the encrypted value based on a local private key to acquire an verification random number, sending the verification random number to the client, to trigger the client to acquire a result of security authentication based on a result of comparing the random number with the verification random number (Monica col. 7: 22-40. For example, device A can generate a random number. Device A can retrieve Device B's public key from Device A's database of known devices and encrypt the random number using Device B's public key (previously received in the pairing process shown in FIG. 2A). If Device B is trusted, Device B can decrypt the random number using its private key, increment the random number, retrieve Device As public key from Device B's database of known devices, and re-encrypt the random number using Device A's public key (also previously received in the pairing process shown in FIG. 2A). After Device B sends the data to Device A, Device A can decrypt the random number using its private key and ensure the random number was correctly incremented. At this point, Device A can trust Device B, a session is started between the two devices, and secure communication can commence using the keys to encrypt communications between the devices. In some implementations, a session can be started by exchanging public keys.). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Monica with the teachings of Fujii and Mistry to include:  acquiring a result of security authentication based on a result of comparing the random number with the verification random number, to provide users with a means for mutual authentication through a hand-shake protocol.  (See Monica col. 7: 20-22.)
Regarding claim 10, Mistry, Fujii and Monica discloses the method of claim 9. Mistry further discloses: 
wherein sending the response authentication message comprising the local server certificate to the client based on the request authentication message, specifically comprises: sending the response authentication message comprising the local server certificate to the client based on the request authentication message, to trigger the client to perform following steps (Mistry FIG. 7, [0130]. After the user has been authenticated, the certificate management system application 714 may request and receive at least one or more derived credentials from the certificate management system server 728. The derived credentials may comprise enrollment credentials, secure/ Multipurpose Internet Mail Extensions (S/MIME) encryption and signing certificates, other network credentials, encryption certificates, signing certificates, and the like.):
generating locally a random number, performing the hash operation on the password authentication message and the request authentication message to acquire the hash value (Fujii [0183] – [0184], [0187]. The function of creating a Client Hello message (first message) including the client random number and sending the Client Hello message to the server apparatus 200a. The function of receiving, after sending the Client Hello message, a Server Hello message (second message) including a server random number (second random number) from the server apparatus 200a through the communication unit 101. The function of generating, by an encrypting unit 111, an encryption parameter by a hash algorithm, based on the client random number (first random number) and the server random number (second random number).), and 
encrypting the locally generated random number and the hash value based on the [public] key to acquire an the encrypted value (Fujii [0188]. [E]ncrypting, by the encrypting unit 111 [ ] based on the encryption parameter and notifying the server apparatus 200a of the resulting encrypted biometric information through the communication unit 101 and thereby continuing the agreement process.).
The motivation is the same as that of claim 9 above. 
Regarding claim 19, claim 19 is directed to an electronic device corresponding to the method of claim 7. Claim 19 is similar in scope to claim 7 and is therefore rejected under similar rationale.
Regarding claim 27, claim 27 is directed to an electronic device corresponding to the method of claim 8. Claim 27 is similar in scope to claim 8 and is therefore rejected under similar rationale.
Regarding claim 21, claim 21 is directed to an electronic device corresponding to the method of claim 9. Claim 21 is similar in scope to claim 9 and is therefore rejected under similar rationale.
Regarding claim 28, claim 28 is directed to an electronic device corresponding to the method of claim 10. Claim 28 is similar in scope to claim 10 and is therefore rejected under similar rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD LONG whose telephone number is (571)272-8961.  The examiner can normally be reached on Monday to Friday, 9 AM - 6  PM EST (Alternate Fridays).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/EDWARD LONG/
Examiner, Art Unit 2439

/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439