DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the application filed on 06/10/2021.
Claims 1-20 are currently pending in this application.
No IDS has been filed.

Allowable Subject Matter
Claims 1-20 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Regarding independent claims 1 and 20,

Bakshi et al. (US 2014/0259115 A1) teaches system and method to implement authentication for network access in electronic devices. During the login procedure the identification packet may be transmitted from the electronic device to the remote authentication provider through a secure communication channel. The remote authentication provider may implement one or more authentication routines using data in the identification packet. When the host device is embodied as an electronic device a trusted execution environment may be implemented by the trusted execution engine, while the untrusted execution environment may be implemented by the main processors and operating system of the system. Remote entities that issue credentials, identified as issuers, supply credentials, which are stored in the trusted execution environment of the host device. A host proxy facilitates communication between one or more client applications which execute in the untrusted execution layer and the token access manager. The identification packet is signed and wrapped for transport to the remote authentication provider – see figs. 1, 5; paras. [0010], [0011], [0027], [0030] and [0038] of Bakshi.

Toth (US 2017/0230361 A1) teaches an electronic credentialing system that allows personal identity devices to interact, acquire, hold, issues and uses electronic credentials (e-credentials). Binding public-private keys to e-credentials of an owner to enable remote users to verify that an e-credential provided by the originating owner is in the owner's possession, and that subsequent digital signing, encryption, and digital sealing operations are bound to that owner. Secrets of a device owner such as authentication data (e.g. PIN/password hashes, biometric templates, and behavioral criteria), and private encryption keys, are retained in a protected memory store such that the secrets can only be accessed and used by the identity engine and are not disclosed by the identity engine - see figs. 1, 2; abstract, paras. [0123] - [0126] and [0132] of Toth.

Henderson et al. (US 2010/0218233 A1) teaches techniques for credential auditing. Histories for credentials are evaluated against a principal credential policy for a user and an enterprise credential policy for an enterprise as a whole. The history can include a variety of information that is useful in the auditing processing to the credential auditing service. For example, patterns for the credentials, frequency with which each pattern was used, creation dates and times for each credential, length of time that each credential was used and other information. The credential auditing service determines whether the history includes prior usage of the credential – see figs. 1-2; abstract; paras. [0006], [0028] and [0029] of Henderson.

Smith et al. (US 2016/0127351 A1) teaches technologies for continuously authenticating a user via multiple authentication factors. A trusted execution environment module asserts continuous user authentication monitoring to the key distribution center server. The assertion provided to the key distribution center server may also include information indicative of the factors (e.g., the forms of verification data) used by the trusted execution environment module to authenticate the user. The assertion of continuous user authentication and presence monitoring may be signed using a user private key of a user public/private key pair prior to being sent to the key distribution center server. The trusted execution environment module may request a ticket granting ticket from the key distribution center server. The ticket granting ticket may include the signed assertion of continuous user authentication/presence monitoring - see figs. 2, 4, 5; abstract, paras. [0043] - [0048] of Smith.

However, the prior art of record does not teach or render obvious the limitations, specific and combination with other limitations:
in the claims 1 and 20 of a medium and a method, respectively for, 
requesting establishment of an asymmetric key pair on the computing device, the asymmetric key pair including a private key maintained by a trusted execution environment and a corresponding public key for dissemination outside of the trusted execution environment;
requesting establishment of one or more credentials maintained by the trusted execution environment to govern use of the private key to sign data for remote signature verification based on the public key, the one or more established credentials corresponding to a user of the computing device and credential data for a respective credential to establish being solicited via a respective component of the computing device;
registering the public key and an identifier of the computing device for association with a record of the user with an authentication service;
receiving a notification corresponding to an access attempt by another computing device indicated as being utilized by the user to access a secure asset of a relying party; and requesting authentication of the user on at least one of the established credentials by solicitation of input credential data via the respective component of the computing device;
obtaining, from the trusted execution environment responsive to the authentication of the input credential data based on the established credential data, authentication data signed based on the private key; and transmitting the signed data for remote signature verification by the authentication service based on the public key, wherein verification of the signed data by the authentication service confers the another computing device access to the secure asset of the relying party.

Dependent claims 2-19 are allowed as they depend from allowable independent claim 1.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MAUNG T LWIN/Primary Examiner, Art Unit 2495