DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 05/20/2022.  Claims 1-8, and 10-18 are amended. Claim 9 is cancelled. Claims 1-8, and 10-20 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/926,317.

                                                           Examiner notes

Applicant is encouraged to schedule an interview with the examiner prior to the next communication to compact prosecution of the case.
Response to Arguments
Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  

Applicant's arguments filed 05/20/2022 have been fully considered but they are not persuasive:
Applicants respectfully submits on pages 12-13 of remarks filed on 05/20/2022 that Yan and Zhang do not describe that the RSA key pair is generated by an application executed in the security component and that the security component is an environment that is independent of an operating system in the terminal. 
Examiner respectfully disagrees with applicant argument for claim 1 filed on 05/20/2022 on pages 12-13 of remarks. 

Claim 1 cites:

  generating, with circuitry of the terminal and by an application executed in a local security zone, a device key including a device public key and a device private key, the local security zone being an environment that is independent of an operating system in the terminal.


Applicant specification in various paragraphs cites: 

[0006] In exemplary aspects, in a case that an application key generating instruction 
triggered by an application running locally is obtained, an application key of the application is generated in the security zone. The application key includes an application public key and an application private key. An application certificate of the application in the security zone is generated by signing an application parameter of the application and the application public key by using the device private key. The application private key and the application certificate are correspondingly stored in the security zone. 

[0019] In an exemplary aspect, the circuitry of the terminal generates, in a case that an 
application key generating instruction triggered by an application running locally is obtained, an4 application key of the application in the security zone. The application key includes an application public key and an application private key. The circuitry of the terminal also generates an application certificate of the application in the security zone by signing an application parameter of the application and the application public key by using the device private key, and correspondingly stores the application private key and the application certificate in the security zone. 

Examiner Note: the cited limitation in claim 1 contradict the cited paragraphs in the specification, the claim limitation claims that generating device private key and device public key by using the circuitry of the terminal and by a local application, however in the specification application private key and application public key generated by a local application and the local application is not used to create device public and private keys. Examiner interprets that the local application is the implementation PKI technology which utilizes the RSA algorithm to generate private and public keys.

Yan disclose this limitation as:  [ Page 6, A RSA key pair is generated on the mobile terminal; the RSA key pair comprises a public key and a private key; ​Preferably, the method specifically comprises the following steps: detecting whether a safety assembly( security component) exists in the mobile terminal or not, ​a) if so, generating an RSA key pair inside the security component; ​b) if not, generating an RSA key pair in a security area managed by the mobile terminal], and [ see Title: MOBILE TERMINAL DEVICE AND USER AUTHENTICATION METHOD BASED ON PKI TECHNOLOGY].
Furthermore, Zhang  in his application discloses [ Summary of invention:  In order to achieve the above object of the invention, another embodiment of the present invention provides a wireless terminal. The wireless terminal includes: a key generating unit for generating a key pair(a key pair is generated using the RSA encryption algorithm, public key infrastructure (PKI)); a user identification module connected to the key generating unit, and Storing a private key of the key pair; a digital certificate obtaining unit connected to the key generating unit and the user identification module, and configured to include a public key in the key pair, a user identification module number, and The application certificate information of the user information is sent to an authentication server, and receives a digital certificate issued by the authentication server; a non-volatile storage unit is connected to the digital certificate acquisition unit and is used to store the digital certificate].

                              
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over WO2014110877A1(filed in IDS on 08/11/2020) issued to Zhichao YAN (hereafter, “YAN” and in view of CN101777978A (filed in IDS on 07/10/2020) issued to WANCHUN ZHANG (hereafter, “Zhang”].
Regarding claims 1, 12, and 19 Yan discloses  generating, with circuitry of the terminal and by an application executed in a local security zone, a device key including a device public key and a device private key, the local security zone being an environment that is independent of an operating system in the terminal [ Page 6, A RSA key pair is generated on the mobile terminal; the RSA key pair comprises a public key and a private key; ​Preferably, the method specifically comprises the following steps: detecting whether a safety assembly( security component) exists in the mobile terminal or not, ​a) if so, generating an RSA key pair inside the security component; ​b) if not, generating an RSA key pair in a security area managed by the mobile terminal], and [ see Title: MOBILE TERMINAL DEVICE AND USER AUTHENTICATION METHOD BASED ON PKI TECHNOLOGY]; and 
Examiner Note: Zhang  in his application discloses [ Summary of invention:  In order to achieve the above object of the invention, another embodiment of the present invention provides a wireless terminal. The wireless terminal includes: a key generating unit for generating a key pair(a key pair is generated using the RSA encryption algorithm, public key infrastructure (PKI)); a user identification module connected to the key generating unit, and Storing a private key of the key pair; a digital certificate obtaining unit connected to the key generating unit and the user identification module, and configured to include a public key in the key pair, a user identification module number, and The application certificate information of the user information is sent to an authentication server, and receives a digital certificate issued by the authentication server; a non-volatile storage unit is connected to the digital certificate acquisition unit and is used to store the digital certificate].
transmitting, with the circuitry of the terminal, a local device parameter and the device public key to a certificate authentication server [Page 3, the terminal information is a hardware feature of the terminal, and the terminal information comprises the IMEI, the IMSI and/or the MAC of the mobile terminal. ​The mobile terminal submits digital certificate application information to an authentication system of a mobile operator, wherein the digital certificate application information comprises terminal information and a public key of an RSA key pair]; and
Examiner Note: Zhang also discloses this limitation as: [Page 2, a digital certificate obtaining unit connected to the key generating unit and the user identification module, and configured to include a public key in the key pair, a user identification module number, and the application certificate information of the user information is sent to an authentication server].
 and storing, with the circuitry of the terminal, the device private key and the device certificate in the local security zone [ Page 7, a) generating and maintaining a digital certificate with a PKI technology as a core and a private key thereof, and performing secure storage on the user mobile terminal]; and 
Examiner Note: Zhang also discloses this limitation as: [Page 2, a non-volatile storage unit is connected to the digital certificate acquisition unit and is used to store the digital certificate], and [Page 3, separately storing a private key and a digital certificate, storing the private key in a user identification module of a wireless terminal, and storing the digital certificate in a FLASH. Because the core part of the digital certificate that can prove the identity of the user is the private key, this storage method can improve the security of the private key, which is better than storing both the digital certificate and the private key in Flash], and [ Page 5,the wireless terminal shown in FIG. 3 stores a private key in a SIM card and a digital certificate in a non-volatile storage unit, thereby improving the security of the private key].
receiving, with the circuitry of the terminal, a device certificate fed back by the certificate authentication server, signature data of the device certificate being generated by signing the device parameter and the device public key 
Even though Yan discloses the limitation as: [Page 3,  2), after receiving the registration request, the authentication system extracts the terminal information therein and acquires the mobile phone number thereof through a submission mode of the terminal…5 ​), the authentication system compares the terminal information in the submitted digital certificate application information with the terminal information extracted in the step 2, and if the terminal information matches the terminal information extracted in the step 2, the authentication system issues a digital certificate to the mobile terminal, and stores the corresponding terminal information].
Yan does not explicitly disclose however, Zhang discloses this limitation as: [Page 5, receives a digital certificate (signed with the private key of the authentication server) issued by the authentication server, and storing the digital certificate in the wireless terminal's non-volatile memory], and [Page 6, The internal memory of the wireless terminal is mainly composed of
Flash, in which a partition is specifically used to store digital certificates. A standard CA
digital certificate is about 2k in size. The digital certificate of this embodiment is a digitally
signed file containing the information of the public key owner and the public key, which is
digitally signed by the certificate authority. The simplest digital certificate contains a public
key, the name of the certificate owner, and the number of the certificate authority signature].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of YAN with the teaching of Zhang in order to to provide a method, a system and a wireless terminal for applying a digital certificate based on a wireless terminal, so that a digital certificate can also be conveniently applied through a wireless network for subsequent security authentication, and can effectively improve the security level of certification[ Zhang, Page 2].

Claims 2-3, and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over WO2014110877A1(filed in IDS on 08/11/2020) issued to Zhichao YAN (hereafter, “YAN” and in view of CN101777978A (filed in IDS on 07/10/2020) issued to WANCHUN ZHANG (hereafter, “Zhang”] and further in view of CN105704123A (filed in IDS on 08/11/2020)) issued to Lu Qiang (hereafter, “Qiang”].
Regarding claims 2, and 15, Yan and Zhang do not explicitly disclose, however, Qiang discloses  generating, when an application key generating instruction triggered by an application running locally is obtained, an application key of the application in the local security zone, the application key including an application public key and an application private key; generating an application certificate of the application in the local security zone by signing an application parameter of the application and the application public key by using the device private key; and correspondingly storing the application private key and the application certificate in the security zone[ Pages 14-17, the embodiment of the invention further provides a method for generating a service private key and a service public key. As shown in FIG. 4, the method can be used for generating the service private key and the service public key, and the processing flow shown in FIG. 4 is described in detail below with reference to the specific implementation mode, and the content can be as follows: ​Step 401: The terminal generates a pair of device private keys and a device public key by means of the TEE system, stores the device private key in the TEE system, and sends the device public key and the device identifier of the terminal to the device public key management server, so that the device public key management server correspondingly stores the device identifier and the device public key.​The device verification key comprises a pair of device private keys and a device public key, and is used for verifying the legitimacy of the terminal, and is a necessary key for generating an application verification key. The device private key can be built in the equipment safety area before the terminal leaves the factory, the equipment public key is stored in the equipment public key management server, and one terminal is provided with only one device verification key .​In an implementation, the terminal may generate a device verification key (which may also be referred to as a root key) by means of a TEE system, that is, a pair of device private keys and a device public key are generated, wherein a pair of device private keys and device public keys may be generated by the TEE system in the terminal before the terminal leaves the factory, and different terminals correspond to different device private keys and device public keys.​After the device private key and the device public key are generated, the generated device private key can be stored in the TEE system, the device verification key is stored in the security area, the other terminal cannot know the device private key stored in the secure area, and the generated device public key and the device identifier of the terminal are sent to the device public key management server, wherein the device public key management server can be used for storing the device public key generated by the terminal before leaving the factory, and the device public key management server can receive the device public key and the device identifier sent by the terminal, so that the device identifier and the device public key can be stored correspondingly.         ​Step 402: The terminal generates a pair of application private keys and an application public key by means of the TEE system, stores the application private key in the TEE system, and uses the device private key to perform signature processing on the application public key to obtain second to-be-verified information.​The application verification key comprises a pair of application private keys and an application public key, wherein the application private key is stored in the secure storage area, the application public key is stored in the secure storage area, the application verification key can be used for verifying the security and identity of the application program, the application verification key can be used for verifying the security and identity of the application program, the application program is provided with only one application verification key, and if the application verification key is generated repeatedly, the generated application verification key is covered. ​In an implementation, when the terminal has installed an application program (such as WeChat) for implementing a certain service processing, when the application program is started for the first time, an application verification key (also referred to as a secondary key) can be generated by the TEE system, that is, a pair of application private keys and an application public key can be generated according to the hardware information of the terminal and the preset algorithm, and the application program in the terminal has a corresponding relationship with the application private key and the application public key, that is, the generated pair of application private keys and the application public key have a corresponding relationship with the application program, and the application private key and the application public key are not corresponding to the account of the application program.​After the application private key and the application public key are generated, the application private key can be stored in the TEE system, and the generated application public key can be subjected to signature processing by using the device private key pre-stored in the terminal to obtain the to-be-verified information (which may be referred to as the second to-be-verified information).         ​Step 403: The terminal sends a storage request carrying the device identifier, the application public key and the second to-be-verified information to the service server.​In an implementation, after the terminal obtains the second to-be-verified information, a storage request can be sent to the service server, wherein the storage request can carry the equipment identifier, the application public key and the second to-be-verified information.​Step 404: When receiving a storage request carrying a device identifier, an application public key and a second to-be-verified information sent by a terminal, the service server obtains a device public key corresponding to the device identifier to the device public key management server, performs signature verification processing on the second signature information based on the device public key and the application public key, and stores the device identifier and the application public key if the signature verification succeeds. ​In an implementation, after the terminal sends a storage request carrying the device identifier, the application public key and the second to-be-verified information to the service server, the service server can receive the storage request sent by the terminal and parse the storage request to obtain a device public key corresponding to the device identifier carried in the storage request, and the device public key management server can obtain the device public key corresponding to the device identifier carried in the storage request, and can correspondingly store the device identifier and the application public key based on the acquired device public key and the application public key ​Step 405: The terminal generates a pair of service private keys and a service public key by means of the TEE system, stores the service private key in the TEE system, and uses the application private key to perform signature processing on the service public key to obtain third signature information to be verified.].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of YAN, Zhang with the teaching of Qiang in order for generating, by the TEE system, a pair of application private keys and an application public key, storing the application private key in the TEE system [ Qiang, page 3].
Regarding claim 3, and 16,Yan and Quang do not explicitly disclose, however, Zhang discloses  wherein the generating of the application certificate comprises: obtaining digest information of the application parameter of the application and the application public key; encrypting the digest information by using the device private key to obtain signature data; and generating the application certificate of the application according to the signature data [Page 6, FIG. 4 is a schematic diagram of another wireless terminal according to an embodiment of the present invention. The digital certificate obtaining unit 103 further includes: a sending unit 1031, configured to send the application certificate information including the public key in the key pair, a user identification module number, and user information to an authentication server; and a receiving unit 1032, configured to: Receive the issued digital certificate. Further, the wireless terminal 10 further includes: an encryption unit 107, configured to hash-encrypt the application certificate information to obtain digest information, and encrypt the digest information using the private key to obtain a ciphertext; the sending the unit 1031 is further configured to send the ciphertext and the public key to the authentication server. When the wireless terminal shown in FIG. 4 applies for a digital certificate, the application certificate information is hash-encrypted and the private key is encrypted to obtain a ciphertext, and the application certificate information, the public key, and the ciphertext are sent to an authentication server. The authentication server can verify the application certificate information by decrypting the cipher text with the public key, which is a reliable way to verify the identity of the wireless terminal.]. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of YAN, Qiang with the teaching of Zhang in order to the authentication server can verify the application certificate information by decrypting the cipher text with the public key, which is a reliable way to verify the identity of the wireless terminal [ Zhang, page 5, 6].
Claims 4, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over WO2014110877A1( filed in IDS on 08/11/2020) issued to Zhichao YAN( hereafter, “YAN” and in view of CN101777978A( filed in IDS on 07/10/2020) issued to WANCHUN ZHANG( hereafter, “Zhang”] and in view of CN105704123A( filed in IDS on ( filed in IDS on 08/11/2020)) issued to Lu Qiang ( hereafter, “Qiang”] and further in view of CN108880788A  issued to Benjamin Luts ( hereafter, “Luts”].
Regarding claim 4, Yan disclose storing the certificate chain in the local security zone [Page 7, Referring to FIG. 3, a schematic diagram of hardware is used, and a core component thereof is a security chip (hardware), a security component (software) deployed on a
mobile terminal of a user… a) generating and maintaining a digital certificate with a PKI technology as a core and a private key thereof, and performing secure storage on the user mobile terminal].
Yan, Qiang  do not explicitly disclose, however, Zhang discloses 34obtaining an authentication certificate including an authentication public key corresponding to the authentication private key[ Page 6, When the wireless terminal shown in FIG. 4 applies for a digital certificate, the application certificate information is hash-encrypted and the private key is encrypted to obtain a ciphertext, and the application certificate information, the public key, and the ciphertext are sent to an authentication server. The authentication server can verify the application certificate information by decrypting the cipher text with the public key, which is a reliable way to verify the identity of the wireless terminal… The digital certificate of this embodiment is a digitally signed file containing the information of the public key owner and the public key, which is digitally signed by the certificate authority]
Yan, Zhang, and Qiang do not explicitly disclose, However, Luts discloses using the authentication certificate, the device certificate, and the application certificate as a certificate chain of the application [ Page 4, specifically explained, local registration service testing device/application is actively using the communication relationship between each user, so the actual needs the corresponding certificate. So, it can also especially be executed assigning the certificate to each device/application, thereby generally reducing the number of certificates. it reduces the complexity of certificate management. control system or technical equipment of a technical apparatus in communication overhead can be thereby significantly reduced. under the condition of a successful verification, local registration service can transmit the request to the certificate authority, so called certificate authentication mechanism (Certification definitions (CA), which is a certificate of the device or application operation and provided to the local registration service. local registration service then forwards the operating certificate to the corresponding device or the corresponding application], and [Page 6, only under the condition of a successful verification, engineering local registration service system 2 of 17 as each device or each application 8 represented by the corresponding authentication request 22 and a certificate authentication mechanism 5 the assignment 23 associated with the corresponding certificate. Finally, the certificate service 17 from engineering local registration system 2 of distribution service 20 via a designated 24 to the corresponding device/application 8. Therefore, the 8 assigned the corresponding device/application only when needed, which obviously reduces the communication transmission amount caused by certificate management].
 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Yan, Zhang, and Qiang with the teaching of Luts in order to after successful verification of the application and device certificate request by the local registration certificate authority (LRA), transmitting the request certificate authority (CA) which issues operational certificate for device and application [ Pages 2-3].

  		                          Allowable Subject Matter


Claims 5-7, 13-14, and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claims 8, 10-11, 20 are allowed.
None of closest prior arts mentioned in this office action and 892 submitted with  this application  teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claim 8. For example, none of the cited prior art, alone or in combination, teaches or suggest the steps of “the certificate chain comprising an authentication certificate, a device certificate, and an application certificate; wherein an authentication private key corresponding to the authentication certificate is used to generate signature data of the device certificate, the authentication public key of the authentication certificate is used for decrypting the signature data of the device certificate, a device private key corresponding to the device certificate is used to generate signature data of the application certificate, and a device public key of the device certificate is used for decrypting the signature data of the 5Application No.: 16/926,317Attorney Docket No.: 043381.00232 application certificate” in view of other limitations of claim 8. Therefore,  the independent claims 8, and 20 and dependent claims 10-11 are allowable over the cited prior arts.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
WO2018177045A1[METHOD AND DEVICE FOR MANAGING DIGITAL CERTIFICATE].
WO2019047927A1[ DIGITAL CREDENTIAL MANAGEMENT METHOD AND DEVICE].
CN110445614A[Certificate Application Method, Device, Terminal Device, A Gateway Device And A Server].
THOM(US20180091312) [ [0020] FIG. 1 is a schematic diagram of an example of a device 100 that can communicate with a separate (e.g., non-integrated; independent; remote), removably connectable TPM device 102 for performing one or more security-related functions. Device 100 can also communicate with another device 104 and authenticate communications therewith based on performing the one or more security-related functions via the TPM device 102. In an example, device 100 can include a processor 112 and/or memory 114 configured to execute or store instructions or other parameters related to performing the one or more security-related functions, such as executing a CA service 116 for generating one or more digital certificates 142 for the device 100, and/or executing an application 118, which can authenticate device 100 with one or more other devices 104 using digital certificate 142. For example, the application 118 may include substantially any application for communicating with another device 104 based on using a certificate for authenticated communications].

Wang (CN 110278084 A) [ the first device 20 and the second device 30, can be stored with the respective eID device certificate, or may be application eID device certificate to the authentication centre of the eID device (certificate authority, CA). the eID device certificate for that device is to the eID service platform of legal eID carrier. to first device 20 an example described below. in eID device certificate of the first device 20 comprises eID device public key and device information of the first device 20. device information may be, for example, the first device 20 identifier. and the locally stored first device 20 eID device private key, the first device 20 eID device private key to generate signature information may also be used to certify eID carrier of the first equipment is legal].
XU (CN 110417554 A) [It should be noted that, in the embodiments of the present application device certificate before leaving factory PKI system is the terminal device issued to the terminal device, the terminal device stored in the TEE. wherein, corresponding to the application A for issuing the first certificate of the PKI system and PKI system for issuing device certificate can be a PKI system, also can be the different PKI system, this is not limited. For example, as shown in FIG. 2, the PKI system shown comprises a primary authentication mechanism (certificate authority, CA), two secondary CA (first secondary CA and a second second-level CA), wherein the first secondary CA for generating and issuing a device certificate, the second secondary CA for generating and issuing a first certificate. for example, application requiring mounting is WeChat, second second-level CA can be used for the first certificate generation and issue WeChat corresponding to it. For another example, request the application installation is Alipay, the second second-level CA can also be used for generating and issuing the first certificate corresponding to the Alipay, and the like. Also, for example, request the application installation is palm life, the second second-level CA may be used to generate and issue the first certificate corresponding to the palm and so on, is not limited. application namely application corresponding to the first certificate of second second-level CA to generate and issue of requiring mounting. Optionally, for ease of implementation, the first secondary CA and a second second-level CA can be based on the same root certificate structure].

Loreskar (GB 2566263 A) [ Alternatively, the electronic device certificate could be a grandchild, great grandchild or further descendant certificate of the enrolment device certificate, so that there is at least one intermediate certificate between the electronic device certificate and enrolment device certificate within the chain of trust. For example, the electronic device certificate could be a child certificate of an application certificate associated with a specified application executed by the enrolment device, and the application certificate may be descendant certificate of the enrolment device certificate in the chain of trust. For example, this can be useful for enabling third parties to verify that the electronic device certificate was created by a certain trusted application running on the enrolment device (with the presence/validity of the trusted application itself attested as valid by the application certificate].
Smith (US6233685 B1) [ [(42) In another alternative, the device could also retain the previous device certificate, or indeed have more than one certificate active at any particular point in time. For example, the device might participate in multiple applications, each of which has its own central certifying authority. In this situation, the device uses a separate certificate chain for each application].

BAR-EL(US20190245682) [0093-95] In some demonstrative embodiments, SEP hardware module 102 may verify certificate 104. For example, SEP hardware module 102 may determine a hash value of application code 105 of the SEP application 103 being loaded, and concatenate the determined hash with the values of the developer public key, the application ID, the version ID included in certificate 104 and/or any other values, to reproduce a hash that was used to create the signature on certificate 104…, if verification passes, SEP hardware module 102 may determine an application-specific descriptor 114 corresponding to the SEP application 103 being loaded, for example, by determining the hash of the developer public key, the application ID, and the version ID corresponding to the SEP application 103 being loaded].

JP 2006260015 A [ At the time of connection from the client application to the server application, the encryption hash value and the application certificate are acquired from the application certificate database using the application identifier as a key, and the acquired hash value of the client application is: Checking whether the public key included in the application certificate is equal to a hash value decrypted from the encrypted hash value].
Samuel (US2019/0109877) [0079] In examples, an accreditor (not shown in figures) of the modular application 302B may generate a public key and a private key and request the hardware encryption device 306 to certify the public key and private key pair. The hardware encryption device 306 may generate a hash of the application, and generate a certification including the public key of the modular application and the hash, and sign the certification using the hardware encryption device's attestation identity key].
Yach (WO 0225409 A2) [ 19. The code signing system of claim 18, wherein: the digital signature is generated by applying the private signature key to a hash of the software application; and the virtual machine verifies the authenticity of the digital signature by generating a hash of the software application to obtain a generated hash, applying the public signature key to the digital signature to obtain a recovered hash, and comparing the generated hash with the recovered hash].
Hiroshi (2011151679 A) [ certificate chain].
Puruothaman (US2016/0337341) [¶33.  In one embodiment, the connector type includes (i) an application connector 602, (ii) a certificate authority (CA) connector 604, and (iii) a monitor connector 606. The application connector 602 provides information related to a device/application (i.e. ASNC's 112A1-N) to which the one or more certificates, and associated entities of the one or more certificates are transferred/pushed… The CA connector 604 interacts with certificate authorities (CA), and facilitates a complete multi-level approval work flow in ordering/renewing/revoking the one or more certificates.].
                                                                                                                                                                                                     
Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496