Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Kevin Yao on June 15, 2022.






The application has been amended as follows: 


1. (Currently Amended) A method implemented by a first device, the method comprising: 
sending a login request initiated at the first device to an authentication server over the Internet, the login request comprising a login account;
establishing a communication connection with a second device, and obtaining encrypted information through the Internet in response to the login request, wherein the first device is a device that is allowed to access the Internet, and the second device is a device that is not allowed to access the Internet; 
encrypting identity information of a user account that is logged into the second device using the encrypted information, and sending the encrypted identity information to the second device, wherein the user account has a one-to-one correspondence with the login account; and 
receiving a verification result returned by the second device, wherein the second device verifies the encrypted identity information based on: 
decrypting, by the second device, the encrypted identity information using a public key extracted from a digital certificate included in the identity information; and
determining, by the second device, whether the login account of the login request exists in a trusted list, wherein the trusted list includes at least one user account that is allowed to log into the second device.

2. (Currently Amended) The method of claim 1, wherein encrypting the identity information of the user account that is logged into the second device using the encrypted information, and sending the encrypted identity information to the second device comprise: 
obtaining [[a]]the login account, and receiving the encrypted information returned by an authentication server, wherein the encrypted information includes at least one of the following: a key pair and a digital certificate; 
generating the encrypted identity information according to the login account and the encrypted information; and 
sending the encrypted identity information to the second device.

3. (Original) The method of claim 2, wherein generating the encrypted identity information according to the login account and the encrypted information comprises: 
encrypting the login account and/or a random number using a private key in the key pair to obtain an encryption result; and 
generating the encrypted identity information based on the login account and information of at least one of: the encryption result and a digital certificate.

4. (Original) The method of claim 3, wherein encrypting the login account and/or the random number using the private key in the key pair to obtain the encryption result comprises: 
obtaining a first random number; and 
encrypting the login account and the first random number using the private key in the key pair to obtain the encryption result. 

5. (Previously Presented) The method of claim 1, wherein the authentication server generates the encrypted information according to the login request, and the encrypted information includes at least one of: a key pair and a digital certificate.

6. (Original) The method of claim 1, wherein establishing the communication connection with the second device is performed using one of: a transmission control protocol (TCP), a user datagram protocol (UDP), Bluetooth, Zigbee, and WiFi.

7. (Original) The method of claim 1, wherein sending the encrypted identity information to the second device comprises: 
adding a digital signature of the first device to the encrypted identity information; and 
sending the identity information added with the digital signature to the second device.

8. (Original) The method of claim 7, further comprising: 
after the first device sending the identity information added with the digital signature to the second device, receiving a result of the authentication failure returned by the second device if the digital certificate is determined to be not trusted by the second device, wherein sending the identity information added with the digital signature to the second device enables the second device to determine whether the digital certificate included in the identity information to be verified is trusted based on a pre-installed root certificate.
9. (Currently Amended) The method of claim 1, further comprising: 
obtaining a login account, and receiving encrypted information returned by an authentication server; 
generating the encrypted identity information according to the login account and the encrypted information; 
sending the encrypted identity information to the second device; and
generating a shared key based on a first random number generated by the first device and a second random number returned by the authentication server, wherein the second random number is a random number generated by the second device when the login account exists in [[a]]the trusted list, and the second device generates the shared secret key based on the first random number and the second random number.

10. (Currently Amended) One or more computer readable media storing executable instructions that, when executed by one or more processors of a second device, cause the one or more processors to perform acts comprising: 
receiving encrypted identity information to be verified that is sent from a first device, wherein the identity information comprises a user account logged into the second device having a one-to-one correspondence with a login account of login request initiated at the first device, the first device is a device that is allowed to access the Internet, and the second device is a device that is not allowed to access the Internet;
decrypting the encrypted identity information using a public key extracted from a digital certificate included in the identity information;
verifying the identity information to be verified according to verification information to obtain a verification result by determining whether the login account of the login request exists in a trusted list, wherein the trusted list includes at least one user account that is allowed to log into the second device; and
generating a shared key used for encrypting and decrypting data in response to the verification result indicating that the identity information is trusted, wherein the shared key is used for ensuring secure data transmission between the first device and the second device, and the identity information to be verified is data encrypted by using encrypted information.

11. (Original) The one or more computer readable media of claim 10, wherein the identity information to be verified that is sent from the first device is received by using one of: a transmission control protocol (TCP), a user datagram protocol (UDP), Bluetooth, Zigbee, and WiFi.

12. (Currently Amended) The one or more computer readable media of claim 10, wherein verifying the identity information to be verified according to verification information to obtain the verification result comprises: 
determining whether [[a]]the digital certificate included in the identity information to be verified is trusted based on a pre-installed root certificate; and 
returning a result of the authentication failure to the first device if the digital certificate is not trusted.

13. (Currently Amended) The one or more computer readable media of claim 12, wherein the acts further comprise: 
extracting [[a]]the public key included in the digital certificate when the digital certificate is trusted, and verifying whether received data has been tampered with using the digital certificate; and 
returning the result of the authentication failure to the first device if the received data has been tampered with.

14. (Currently Amended) The one or more computer readable media of claim 13, wherein the acts further comprise: 


returning the result of the authentication failure to the first device if the login account does not exist in the trusted list.

15. (Original) The one or more computer readable media of claim 14, wherein the acts further comprise determining the verification result as the identity information of the first device being trusted when the login account exists in the trusted list.

16. (Original) The one or more computer readable media of claim 15, wherein the acts further comprise: 
obtaining a second random number, and generating a shared secret key based on the first random number and the second random number, after determining the verification result as the identity information of the first device being trusted when the login account exists in the trusted list, wherein the first device generates the shared key based on the first random number and the second random number returned by an authentication server.

17. (Original) The one or more computer readable media of claim 14, wherein: after decrypting the encryption result using the public key to obtain the login account and/or the first random number, the acts further comprise: 
determining whether any login account exists in the trusted list; and 
using the decrypted login account as a management account and adding the management account to the trusted list if no login account exists in the trusted list, wherein the management account is used to manage at least one login account in the trusted list.

18. (Currently Amended) A first device comprising: 
one or more processors; and 
memory storing executable instructions that, when executed by the one or more processors , cause the one or more processors to perform acts comprising: 
sending a login request initiated at the first device to an authentication server over the Internet, the login request comprising a login account;
establishing a communication connection with a second device and obtaining encrypted information through the Internet in response to the login request, wherein the first device is a device that is allowed to access the Internet, and the second device is a device that is not allowed to access the Internet; 
encrypting identity information of a user account that is logged into the second device using the encrypted information, and sending the encrypted identity information to the second device, wherein the user account has a one-to-one correspondence with the login account; and 
receiving a verification result that is returned by the second device, wherein the second device verifies the encrypted identity information based on: 
decrypting, by the second device, the encrypted identity information using a public key extracted from a digital certificate included in the identity information; and
determining, by the second device, whether the login account of the login request exists in a trusted list, wherein the trusted list includes at least one user account that is allowed to log into the second device.

19. (Previously Presented) The first device of claim 18, wherein encrypting the identity information of the user account that is logged into the second device using the encrypted information, and sending the encrypted identity information to the second device comprise: 
obtaining a login account, and receiving the encrypted information returned by an authentication server, wherein the encrypted information includes at least one of the following: a key pair and a digital certificate; 
generating the encrypted identity information according to the login account and the encrypted information; and 
sending the encrypted identity information to the second device.

20. (Original) The first device of claim 19, wherein generating the encrypted identity information according to the login account and the encrypted information comprises: 
encrypting the login account and/or a random number using a private key in the key pair to obtain an encryption result; and 
generating the encrypted identity information based on the login account and information of at least one of: the encryption result and a digital certificate.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON HOFFMAN whose telephone number is (571)272-3863. The examiner can normally be reached Monday-Friday 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/BRANDON HOFFMAN/Primary Examiner, Art Unit 2433