Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is in response to applicant’s Amendment filed on 05/25/2022 to Application #16/790,125 filed on 02/13/2020 in which Claims 1-20 are pending.

Status of Claims
Claims 1-20 are pending, of which Claims 3, 5, 11, 13, 18 are canceled, new Claims 21-26 are added, resulting in Claims 1-2, 4, 6-10, 12, 14-17, 19-26 allowable via Examiner’s Amendment.

Applicant’s Most Recent Claim Set of 05/25/2022
Applicant’s most recent claim set of 05/25/2022 is considered to be the latest claim set under consideration by the examiner.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in a telephone interview with Andy Mu on July 28, 2022.

The application has been amended as follows:

In the Claims:

Claim 1: (Currently Amended)
A method comprising:
generating, by a computing device, a visual representation, the visual representation including a public portion of an encryption key associated with the computing device, wherein the encryption key comprises a Trusted Platform Module (TPM) endorsement key, and the public portion of the encryption key comprises a TPM public endorsement key (EK); 
displaying, by the computing device, the visual representation to enable another computing device to scan the visual representation and acquire the public portion of the encryption key; 
receiving, by the computing device, a client certificate from a server to establish a connection between the computing device and the server, the client certificate being encrypted with the public portion of the encryption key acquired from the visual representation;
 establishing, by the computing device, by authenticating the computing device using to decrypt the encrypted client certificate 


Claim 3: (Currently Canceled)


Claim 5: (Currently Canceled)


Claim 9: (Currently Amended)
A system comprising:
a memory; and
a processor coupled to the memory and configured to:
generate a visual representation, the visual representation including a public portion of an encryption key associated with the system, wherein the encryption key comprises a Trusted Platform Module (TPM) endorsement key, and the public portion of the encryption key comprises a TPM public endorsement key (EK);
display the visual representation to enable an image capture device of a computing device to scan the visual representation and acquire the public portion of the encryption key; and
receive a client certificate from a server to establish a connection between the system and the server, the client certificate being encrypted with the public portion of the encryption key acquired from the visual representation;
establish by authenticating the system using a private portion of the encryption key to decrypt the encrypted client certificate 


Claim 10: (Currently Amended)
The system of claim 9, wherein the encryption key is a hardware secured encryption key 


Claim 11: (Currently Canceled)


Claim 13: (Currently Canceled)


Claim 14: (Currently Amended)
The system of claim 9, wherein the establishment of the connection enables a network boot program (NBP) executing on the system to stream provisioning software from the server.


Claim 15: (Currently Amended)
The system of claim 9, wherein the public portion of the encryption key included in the visual representation is retrieved by a network boot program (NBP) executing on the system.


Claim 17: (Currently Amended)
A method comprising:
generating, by a first computing device, an optically scannable visual representation, the optically scannable visual representation including a public portion of an encryption key associated with the first computing device, wherein the encryption key comprises a Trusted Platform Module (TPM) endorsement key, and the public portion of the encryption key comprises a TPM public endorsement key (EK);
causing, by the first computing device, a display of the optically scannable visual representation to enable a mobile computing device to acquire the public portion of the encryption key by scanning the display of the optically scannable visual representation;
receiving, by the first computing device, a request of a second computing device to access the first computing device, the request including a certificate encrypted using the public portion of the encryption key acquired from the optically scannable visual representation; and
providing, by the first computing device, the second computing device with access to the first computing device based on decryption of the encrypted certificate using a private portion of the encryption key.


Claim 18: (Currently Canceled)


Claim 19: (Currently Amended)
The method of claim 17, wherein the second computing device is granted access to the first computing device based on determining that the encrypted certificate is able to be decrypted using the private portion of the encryption key.


Claim 20: (Currently Amended)
The method of claim 17, wherein the second computing device is denied access to the first computing device based on determining that the encrypted certificate is unable to be decrypted using the private portion of the encryption key.


Claim 21: (Currently New)
A method comprising:
generating, by a computing device, a visual representation, the visual representation including a public portion of an encryption key associated with the computing device, wherein the public portion of the encryption key included in the visual representation is retrieved by a network boot program (NBP) executing on the computing device; 
displaying, by the computing device, the visual representation to enable another computing device to scan the visual representation and acquire the public portion of the encryption key; and
receiving, by the computing device, a client certificate from a server to establish a connection between the computing device and the server, the client certificate being encrypted with the public portion of the encryption key acquired from the visual representation; and 
establishing, by the computing device, the connection by authenticating the computing device using a private portion of the encryption key to decrypt the encrypted client certificate.


Claim 22: (Currently New)
The method of claim 21, wherein the establishment of the connection enables the NBP to stream provisioning software from the server.


Claim 23: (Currently New)
The method of claim 21, wherein the client certificate is received, based on a request, by the computing device, to establish the connection with the server.


Claim 24: (Currently New)
A system comprising:
a memory; and
a processor coupled to the memory and configured to:
generate a visual representation, the visual representation including a public portion of an encryption key associated with the system, wherein the public portion of the encryption key is retrieved by a network boot program (NBP) executing on the system;
display the visual representation to enable an image capture device of a computing device to scan the visual representation and acquire the public portion of the encryption key; and
receive a client certificate from a server to establish a connection between the system and the server, the client certificate being encrypted with the public portion of the encryption key acquired from the visual representation; and
establish the connection by authenticating the system using a private portion of the encryption key to decrypt the encrypted client certificate.


Claim 25: (Currently New)
The system of claim 24, wherein the establishment of the connection enables the NBP to stream provisioning software from the server.


Claim 26: (Currently New)
The system of claim 24, wherein the client certificate is received, based on a request, by the computing device, to establish the connection with the server.


Reasons For Allowance
The following is an examiner’s statement of reasons for allowance:
Claims 1-2, 4, 6-10, 12, 14-17, 19-26 are considered allowable.

The instant invention is directed to methods and systems for providing authentication based on generating and displaying an optically scannable visual representation of a public portion of a hardware secured encryption key.

The closest prior art, as recited, Payne et al. US Patent Application Publication #2012/0159591 and Lin et al. US Patent Application Publication #2010/0067691, are also generally directed to various aspects of providing authentication based on an optically scannable authentication identifier.  However, Payne et al. or Lin et al. does not teach or suggest, either singularly or in combination, the particular combination of steps or elements as recited in the independent claim(s) 1, 9, 17, 21, 24.  For example, none of the cited prior art teaches or suggests the steps of:
Regarding Claim 1:
Although the combination of Payne et al. or Lin et al. teaches the providing of authentication based on an optically scannable authentication identifier, Payne et al. or Lin et al. fails to teach a computing device generating a visual image that incorporates as part of the visual image a public portion of an encryption key that includes a Trusted Platform Module endorsement key, with the public portion of the encryption key in the visual image including the Trusted Platform Module’s public portion of the Trusted Platform Module’s endorsement key pair, the computing device displaying the generated visual image with another computing device scanning the visual image to retrieve the public portion of the encryption key from the visual image, the computing device receiving from a server an encrypted client certificate utilized in establishing a connection between the computing device and the server, the client certificate having been encrypted utilizing the retrieved public portion of the encryption key from the displayed and scanned visual image, the computing device establishing the connection by authenticating the computing device utilizing a private portion of the encryption key in decrypting the encrypted client certificate.
When combined with the additional limitations found in Claim 1.

Regarding Claim 9:
Although the combination of Payne et al. or Lin et al. teaches the providing of authentication based on an optically scannable authentication identifier, Payne et al. or Lin et al. fails to teach a system’s computing device generating a visual image that incorporates as part of the visual image a public portion of an encryption key that includes a Trusted Platform Module endorsement key, with the public portion of the encryption key in the visual image including the Trusted Platform Module’s public portion of the Trusted Platform Module’s endorsement key pair, the system’s computing device displaying the generated visual image with another computing device scanning the visual image to retrieve the public portion of the encryption key from the visual image, the system’s computing device receiving from a server an encrypted client certificate utilized in establishing a connection between the system and the server, the client certificate having been encrypted utilizing the retrieved public portion of the encryption key from the displayed and scanned visual image, the system’s computing device establishing the connection by authenticating the system utilizing a private portion of the encryption key in decrypting the encrypted client certificate.
When combined with the additional limitations found in Claim 9.

Regarding Claim 17:
Although the combination of Payne et al. or Lin et al. teaches the providing of authentication based on an optically scannable authentication identifier, Payne et al. or Lin et al. fails to teach a first computing device generating an optically scannable visual image that incorporates as part of the optically scannable visual image a public portion of an encryption key that includes a Trusted Platform Module endorsement key, with the public portion of the encryption key in the optically scannable visual image including the Trusted Platform Module’s public portion of the Trusted Platform Module’s endorsement key pair, the first computing device displaying the generated optically scannable visual image with a mobile computing device scanning the optically scannable visual image to retrieve the public portion of the encryption key from the optically scannable visual image, the first computing device receiving from a second computing device a request to access the first computing device that includes an encrypted certificate utilized in establishing access between the first computing device and the second computing device, the certificate having been encrypted utilizing the retrieved public portion of the encryption key from the displayed and scanned optically scannable visual image, the first computing device providing access from the second computing device by decrypting the encrypted certificate in utilizing a private portion of the encryption key.
When combined with the additional limitations found in Claim 17.

Regarding Claim 21:
Although the combination of Payne et al. or Lin et al. teaches the providing of authentication based on an optically scannable authentication identifier, Payne et al. or Lin et al. fails to teach a computing device generating a visual image that incorporates as part of the visual image a public portion of an encryption key with the public portion of the encryption key retrieved from the visual image by a network boot program executing on the computing device, the computing device displaying the generated visual image with another computing device scanning the visual image to retrieve the public portion of the encryption key from the visual image, the computing device receiving from a server an encrypted client certificate utilized in establishing a connection between the computing device and the server, the client certificate having been encrypted utilizing the retrieved public portion of the encryption key from the displayed and scanned visual image, the computing device establishing the connection by authenticating the computing device utilizing a private portion of the encryption key in decrypting the encrypted client certificate.
When combined with the additional limitations found in Claim 21.

Regarding Claim 24:
Although the combination of Payne et al. or Lin et al. teaches the providing of authentication based on an optically scannable authentication identifier, Payne et al. or Lin et al. fails to teach a system’s computing device generating a visual image that incorporates as part of the visual image a public portion of an encryption key with the public portion of the encryption key retrieved from the visual image by a network boot program executing on the system’s computing device, the system’s computing device displaying the generated visual image with another computing device scanning the visual image to retrieve the public portion of the encryption key from the visual image, the system’s computing device receiving from a server an encrypted client certificate utilized in establishing a connection between the system and the server, the client certificate having been encrypted utilizing the retrieved public portion of the encryption key from the displayed and scanned visual image, the system’s computing device establishing the connection by authenticating the system utilizing a private portion of the encryption key in decrypting the encrypted client certificate.
When combined with the additional limitations found in Claim 24.

Therefore Claims 1-2, 4, 6-10, 12, 14-17, 19-26 of the instant application are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Westra et al - US_20170257345: Westra et al teaches secure tunneling with authentication for mobile devices.
Belfield et al - US_10013558: Belfield et al teaches the secure updating of software applications on target systems or devices.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw, can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498