DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the application filed on 08/12/2022. Claims 1-2, 3-4, 12-15, and 17 are amended. Claim 9 is cancelled. Claim 21 newly added. Claims 1-8, and 10-21 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
Allowable Subject Matter
Claims 1-8, and 10-21 are allowed.
The following is an examiner’s statement of reasons for allowance:
The present invention is relating to in a key management method performed by a terminal, a device key including a device public key and a device private key is generated in a security zone. A local device parameter and the device public key are transmitted to a certificate authentication server. A device certificate fed back by the certificate authentication server is received by the terminal. The signature data of the device certificate is generated by signing the device parameter and the device public key by using an authentication private key of the certificate authentication server. The terminal then stores the device private key and the device certificate in the security zone.
Regarding claim 1, although the prior art of record teaches  generating, with circuitry of the terminal and by an application executed in a local security zone, a device key including a device public key and a device private key; transmitting, with the circuitry of the terminal, a local device parameter and the device public key to a certificate authentication server; receiving, with the circuitry of the terminal, a device certificate fed back by the certificate authentication server, signature data of the device certificate being generated by signing the local device parameter and the device public key by using an authentication private key of the certificate authentication server;  storing, with the circuitry of the terminal, the device private key and the device certificate in the local security zone.
None of the prior art, alone or in combination teaches generating an application certificate of an application running locally and obtaining an authentication certificate different from the device certificate and the application certificate; generating a certificate chain of the application using the authentication certificate, the device certificate, and the application certificate; and storing the certificate chain in the local security zone in view of the other limitations of claim 1.
Regarding claim 8, although the prior art of record teaches receiving, with circuitry of the certificate authentication server, an application certificate verification request; obtaining, with the circuitry of the certificate authentication server, a certificate chain corresponding to the application certificate verification request; verifying, with the circuitry of the certificate authentication server, the device certificate and the application certificate according to an authentication public key of the authentication certificate in the certificate chain in response to a determination that there is a local authentication certificate consistent with the authentication certificate in the certificate chain; and outputting, with the circuitry of the certificate authentication server and in response to a determination that both the device certificate and the application certificate pass the verification, a verification result indicating that the verification has succeeded.
None of the prior art, alone or in combination teaches  “the certificate chain comprising an authentication certificate, a device certificate, and an application certificate; wherein an authentication private key corresponding to the authentication certificate is used to generate signature data of the device certificate, the authentication public key of the authentication certificate is used for decrypting the signature data of the device certificate, a device private key corresponding to the device certificate is used to generate signature data of the application certificate, and a device public key of the device certificate is used for decrypting the signature data of the 5Application No.: 16/926,317Attorney Docket No.: 043381.00232 application certificate” in view of the other limitations of claim 8.
Regarding claim 12, although the prior art of record teaches a key management system, comprising a terminal and a certificate authentication server, wherein the terminal includes circuitry configured to generate, by an application executed in a local security zone, a device key comprising a device public key and a device private key, transmit a local device parameter and the device public key to the certificate authentication server, the certificate authentication server includes circuitry configured to feed back a device certificate to the terminal, signature data of the fed back device certificate being generated by the certificate authentication server by signing the local device parameter and the device public key by using an authentication private key of the certificate authentication server, the terminal storing the device private key and the device certificate in the local security zone.
None of the prior art, alone or in combination teaches  the circuitry of the terminal is further configured to generate an application certificate of an application running locally and obtain an 7Application No.: 16/926,317Attorney Docket No.: 043381.00232 authentication certificate different from the device certificate and the application certificate, and generate a certificate chain of the application using the authentication certificate, the device certificate, and the application certificate, and store the certificate chain in the local security zone in view of the other limitations of claim 12.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496