DETAILED ACTION
This action is in response to the amendment filed on August 19, 2022. Claims 1-20 are pending. Of which, Claims 1, 9, and 17 have been amended. Claims 1-8 represent a method, claims 9-16 represent an apparatus, and claims 17-20 represent a non-transitory storage medium directed to authentication information transmission.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on August 19, 2022 has been entered.
 Response to Arguments
Applicant’s arguments, see pages 9-12, filed on August 19, 2022, with respect to the rejection(s) of claim(s) 1-20 in view of Kamal, Woodmansee et al., and Kamal et al. have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Manohar et al. (2018/0019986), Woodmansee et al. (US 2018/0331918), and Olsen (US 7644264).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 9-15, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable by Manohar et al. (2018/0019986), hereinafter referred to as Manohar, in view of Woodmansee et al. (US Publication Number 20180331918), hereinafter referred to as Woodmansee.
Regarding Claim 1, Manohar discloses:
A method for authentication information transmission, performed by a computing device hosting a key management client (In ¶ 19, Manohar discloses “Techniques are provided for implementing location-based authentication on a computing device. The techniques provided herein can be used to implement location binding in an secure key management (SKM) service.”), the computing device comprising a hardware abstract layer (In ¶ 41, Manohar discloses “The location authenticator unit 280 can include a location authentication hardware abstraction layer (HAL) 282 and a location authenticator trusted application 384.”), and the method comprising: opening the hardware abstract layer to an application client running in the computing device and associated with an application server (In ¶ 41, Manohar discloses “The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device 11 that can be used to determine the location of the computing device 11”); receiving, by the key management client through a path via a preset hardware abstract layer interface of the hardware abstract layer, authentication information transmitted by the application client (In 39, Manohar discloses “The SKM unit 290 is configured to receive user authentication information from the user authenticator unit 270 and to receive location authentication information from the location authenticator unit 280.”) wherein the key management client is registered in the hardware abstract layer (In ¶ 41, Manohar discloses “The location authenticator unit 280 can include a location authentication hardware abstraction layer (HAL) 282 and a location authenticator trusted application 384. The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device 11 that can be used to determine the location of the computing device 11”);  transmitting, by the key management client, the authentication information to a key management server, so that the key management server transmits the authentication information to a trusted application in a trusted execution environment in the computing device (In ¶ 42, Manohar discloses “The location authenticator trusted application 384 can be configured obtain location information for the computing device 11 via the location authentication HAL 382. The location authenticator trusted application 384 can be configured receive a location verification request from the SKM 290.” and in ¶ 43, Manohar further discloses “The user authenticator HAL 372 can be configured to provide an interface between the user authenticator trusted application 374, which is configured to operate within the TEE of the processor 220 ”); obtaining, by the key management client, authentication information signed by the trusted application and forwarded by the key management server (In ¶ 43, Manohar discloses “The user authenticator trusted application 374 can be configured generate an authentication token and to pass the authentication token to the SKM 290 responsive to the authentication information matching the authentication information bound to an authentication key.”); and transmitting, by the key management client through the preset hardware abstract layer interface, the signed authentication information to the application server, so that the application server performs a validity check on the authentication information (In ¶ 45, Manohar discloses “The SKM 290 can provide the attestation information in the form of a signed authentication response. The signed authentication response can be signed using an authentication key selected by the RP application 350 and identified in the request for a signed authentication response received at the SKM 290 from the RP application 350.”).
However, Manohar does not explicitly disclose the path does not repeat following a system update of the computing device. 
Woodmansee discloses:
and an establishment of the path does not repeat following a system update of the computing device (In ¶ 102, Woodmansee discloses “During the upgrade/update time, existing sessions are maintained and are not negatively affected by the upgrading/updating of the virtualization system 500. This is the case since, as seen in FIG. 5, once a virtual session between user device 501 and machine 532 has been set up and is operational, a direct connection 557 between user device 501 and machine 532 is set up and fully operational, and any updates to the virtualization system 500 that helped set up the direct connection 557 does not affect the connectivity between user device 501 and machine 532.”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to modify Manohar’s approach and utilize Woodmansee’s approach of a non-repeating path after a system update as the motivation would be to reduce the burden on the user to re-establish a session between the device and the system  (See Woodmansee ¶ 4).
Regarding Claim 2, the combination of Manohar and Woodmansee disclose:
The method according to claim 1, wherein before transmitting, by the key management client through the preset hardware abstract layer interface, the signed authentication information to the application server, the method further comprises: obtaining, by the key management client, a signature key value of the application server transmitted by the key management server, the signature key value being generated by the 2Application No. 17/018,559Atty Docket No. 514935.5000651 19PCT206US trusted application (In ¶ 43, Manohar discloses “The user authenticator trusted application 374 can be configured generate an authentication token and to pass the authentication token to the SKM 290 responsive to the authentication information matching the authentication information bound to an authentication key.”); and transmitting, by the key management client, the signature key value to the application server through the preset hardware abstract layer interface (In ¶ 45, Manohar discloses “The SKM 290 can provide the attestation information in the form of a signed authentication response. The signed authentication response can be signed using an authentication key selected by the RP application 350 and identified in the request for a signed authentication response received at the SKM 290 from the RP application 350.”).
Regarding Claim 3, the combination of Manohar and Woodmansee disclose:
The method according to claim 1, wherein before transmitting, by the key management client, the authentication information to the key management server, the method further comprises: establishing, by the key management client, a link path between the key management client and the key management server in a hardware abstract layer in the computing device (In ¶ 40, Manohar discloses “The SKM unit 290 provides secures storage and management of cryptographic keys. For example, the SKM unit 290 can be configured to implement the Android®KeyStore® and Android®KeyMaster® security mechanisms. These security mechanisms are not limiting of the disclosure as other security mechanisms performing similar functions for an operating system can be implemented by the SKM unit 290. These security mechanisms can be implemented by the SKM unit 290 a SKM trusted service application in the TEE of the processor 220.”).
Regarding Claim 4, the combination of Manohar and Woodmansee disclose:
The method according to claim 3, wherein: the hardware abstract layer comprises an interface layer between an operating system kernel and a hardware circuit that is capable of interacting with the operating system kernel and the hardware circuit directly (In ¶ 41, Manohar discloses “The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device 11 that can be used to determine the location of the computing device 11.”); and the key management client and the key management server are persistently pre-registered in the hardware abstract layer (In ¶ 51, Manohar discloses “The SKM 290 can also be configured to store the user authentication information bound to the first authentication certificate in a secure memory location of the TEE of the computing device 11 responsive to the user authentication information being provided in addition to the first location authentication information.” And in ¶ 78, Manohar further discloses “Components, functional or otherwise, shown in the figures and/or discussed herein as being connected or communicating with each other are communicatively coupled. That is, they may be directly or indirectly connected to enable communication between them.”)
Regarding Claim 5, the combination of Manohar and Woodmansee disclose:
The method according to claim 4, wherein the link path comprises an interface defined by using a hardware abstract layer interface definition language (In ¶ 77, Manohar discloses “Furthermore, examples of the methods may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof. When implemented in software, firmware, middleware, or microcode, the program code or code segments to perform the tasks may be stored in a non-transitory processor-readable medium such as a storage medium.”)
Regarding Claim 6, the combination of Manohar and Woodmansee disclose:
The method according to claim 4, wherein transmitting, by the key management client, the authentication information to the key management server comprises: encapsulating, by the key management client, the authentication information as a hardware abstract layer interface instruction (In ¶ 39, Manohar discloses “The SKM unit 290 is configured to receive user authentication information from the user authenticator unit 270 and to receive location authentication information from the location authenticator unit 280. The SKM unit 290 is further configured to receive and provide information to applications executing in the processor 220.” and in ¶ 71, Manohar further discloses “Using a computer system, various processor-readable media (e.g., a computer program product) might be involved in providing instructions/code to processor(s) for execution and/or might be used to store and/or carry such instructions/code (e.g., as signals).”); and transmitting, by the key management client, the hardware abstract layer interface instruction to the key management server through the link path (In ¶ 41, Manohar discloses “The location authenticator unit 280 can include a location authentication hardware abstraction layer (HAL) 282 and a location authenticator trusted application 384. The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device”).
Regarding Claim 7, the combination of Manohar and Woodmansee disclose:
The method according to claim 1, further comprising: receiving, by the key management client through the preset hardware abstract layer interface, an identifier of the application client corresponding to the authentication information transmitted by the application client (In ¶ 48, Manohar discloses “The request from the RP application can include a key identifier indicating which key that the RP application 350 has selected.”), wherein before transmitting, by the key management client through the preset hardware abstract layer interface, the signed authentication information to the application server corresponding to the application client, the method further comprises determining, by the key management client according to the identifier of the application client, a target application server corresponding to the application client (In ¶ 57, Manohar discloses “The request from the RP application can include a key identifier indicating which key that the RP application 350 has selected, where the key is associated with the transaction to be performed. An RP application can be associated with more than one key and each key is associated with its own location authentication information. The selected key can also be associated with user authentication requirements. The SKM 290 is configured to securely store the keys associated with the RP application and to only sign a response with a particular key responsive to the location authentication information and/or the user authentication information requirements bound to the key being satisfied.”); and wherein transmitting, by the key management client through the preset hardware abstract layer interface, the signed authentication information to the application server corresponding to the application client comprises transmitting, by the key management client through the preset hardware abstract layer interface, the signed authentication information to the target application server (In ¶ 67, Manohar discloses “The signed authentication response can be signed using an authentication key selected by the RP application 350 and identified in the request for a signed authentication response received at the SKM 290 from the RP application 350.”). 
Regarding Claim 9, Manohar discloses:
An apparatus for authentication information transmission, the apparatus hosting a key management client (In ¶ 19, Manohar discloses “Techniques are provided for implementing location-based authentication on a computing device. The techniques provided herein can be used to implement location binding in an secure key management (SKM) service.”) and comprising a hardware abstract layer (In ¶ 41, Manohar discloses “The location authenticator unit 280 can include a location authentication hardware abstraction layer (HAL) 282 and a location authenticator trusted application 384.”), and the apparatus further comprising a memory for storing computer instructions and a processor in communication with the memory, wherein, when the processor executes the instructions, the processor is configured to cause the key management client to: open the hardware abstract layer to an application client running in the computing device and associated with an application server (In ¶ 41, Manohar discloses “The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device 11 that can be used to determine the location of the computing device 11”);  receive through a path via a preset hardware abstract layer interface of the hardware abstract 4Application No. 17/018,559Atty Docket No. 514935.5000651 19PCT206US layer, authentication information transmitted by the application client (In 39, Manohar discloses “The SKM unit 290 is configured to receive user authentication information from the user authenticator unit 270 and to receive location authentication information from the location authenticator unit 280.”)  wherein the key management client is registered in the hardware abstract layer (In ¶ 41, Manohar discloses “The location authenticator unit 280 can include a location authentication hardware abstraction layer (HAL) 282 and a location authenticator trusted application 384. The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device 11 that can be used to determine the location of the computing device 11”); transmit the authentication information to a key management server, so that the key management server transmits the authentication information to a trusted application in a trusted execution environment in the apparatus (In ¶ 42, Manohar discloses “The location authenticator trusted application 384 can be configured obtain location information for the computing device 11 via the location authentication HAL 382. The location authenticator trusted application 384 can be configured receive a location verification request from the SKM 290.” and in ¶ 43, Manohar further discloses “The user authenticator HAL 372 can be configured to provide an interface between the user authenticator trusted application 374, which is configured to operate within the TEE of the processor 220 ”); obtain authentication information signed by the trusted application and forwarded by the key management server (In ¶ 43, Manohar discloses “The user authenticator trusted application 374 can be configured generate an authentication token and to pass the authentication token to the SKM 290 responsive to the authentication information matching the authentication information bound to an authentication key.”); and transmit through the preset hardware abstract layer interface, the signed authentication information to the application server, so that the application server performs a validity check on the authentication information (In ¶ 45, Manohar discloses “The SKM 290 can provide the attestation information in the form of a signed authentication response. The signed authentication response can be signed using an authentication key selected by the RP application 350 and identified in the request for a signed authentication response received at the SKM 290 from the RP application 350.”).
However, Manohar does not explicitly disclose the path does not repeat following a system update of the computing device. 
Woodmansee discloses:
and an establishment of the path does not repeat following a system update of the apparatus (In ¶ 102, Woodmansee discloses “During the upgrade/update time, existing sessions are maintained and are not negatively affected by the upgrading/updating of the virtualization system 500. This is the case since, as seen in FIG. 5, once a virtual session between user device 501 and machine 532 has been set up and is operational, a direct connection 557 between user device 501 and machine 532 is set up and fully operational, and any updates to the virtualization system 500 that helped set up the direct connection 557 does not affect the connectivity between user device 501 and machine 532.”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to modify Manohar’s approach and utilize Woodmansee’s approach of a non-repeating path after a system update as the motivation would be to reduce the burden on the user to re-establish a session between the device and the system  (See Woodmansee ¶ 4).
Regarding Claim 10, the combination of Manohar and Woodmansee disclose:
The apparatus according to claim 9, wherein, before the processor is configured to cause the key management client to transmit through the preset hardware abstract layer interface, the signed authentication information to the application server, the processor is configured to further cause the key management client to: obtain a signature key value of the application server transmitted by the key management server, the signature key value being generated by the trusted application (In ¶ 43, Manohar discloses “The user authenticator trusted application 374 can be configured generate an authentication token and to pass the authentication token to the SKM 290 responsive to the authentication information matching the authentication information bound to an authentication key.”); and transmit the signature key value to the application server through the preset hardware abstract layer interface (In ¶ 45, Manohar discloses “The SKM 290 can provide the attestation information in the form of a signed authentication response. The signed authentication response can be signed using an authentication key selected by the RP application 350 and identified in the request for a signed authentication response received at the SKM 290 from the RP application 350.”).
Regarding Claim 11, the combination of Manohar and Woodmansee disclose:
The apparatus according to claim 9, wherein, before the processor is configured to cause the key management client to transmit through the preset hardware abstract layer interface, the signed authentication information to the application server, the processor is configured to further cause the key management client to: establish a link path between the key management client and the key management server in a hardware abstract layer in the apparatus (In ¶ 40, Manohar discloses “The SKM unit 290 provides secures storage and management of cryptographic keys. For example, the SKM unit 290 can be configured to implement the Android®KeyStore® and Android®KeyMaster® security mechanisms. These security mechanisms are not limiting of the disclosure as other security mechanisms performing similar functions for an operating system can be implemented by the SKM unit 290. These security mechanisms can be implemented by the SKM unit 290 a SKM trusted service application in the TEE of the processor 220.”).
Regarding Claim 12, the combination of Manohar and Woodmansee disclose:
The apparatus according to claim 11, wherein: the hardware abstract layer comprises an interface layer between an operating system kernel and a hardware circuit that is capable of interacting with the operating system kernel and the hardware circuit directly (In ¶ 41, Manohar discloses “The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device 11 that can be used to determine the location of the computing device 11.”); and the key management client and the key management server are persistently pre-registered in the hardware abstract layer (In ¶ 51, Manohar discloses “The SKM 290 can also be configured to store the user authentication information bound to the first authentication certificate in a secure memory location of the TEE of the computing device 11 responsive to the user authentication information being provided in addition to the first location authentication information.” And in ¶ 78, Manohar further discloses “Components, functional or otherwise, shown in the figures and/or discussed herein as being connected or communicating with each other are communicatively coupled. That is, they may be directly or indirectly connected to enable communication between them.”)
Regarding Claim 13, the combination of Manohar and Woodmansee disclose:
The apparatus according to claim 12, wherein the link path comprises an interface defined by using a hardware abstract layer interface definition language (In ¶ 77, Manohar discloses “Furthermore, examples of the methods may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof. When implemented in software, firmware, middleware, or microcode, the program code or code segments to perform the tasks may be stored in a non-transitory processor-readable medium such as a storage medium.”)
Regarding Claim 14, the combination of Manohar and Woodmansee disclose:
The apparatus according to claim 12, wherein, when the processor is configured to cause the key management client to transmit the authentication information to the key management server, the processor is configured to cause the key management client to: encapsulate the authentication information as a hardware abstract layer interface instruction (In ¶ 39, Manohar discloses “The SKM unit 290 is configured to receive user authentication information from the user authenticator unit 270 and to receive location authentication information from the location authenticator unit 280. The SKM unit 290 is further configured to receive and provide information to applications executing in the processor 220.” and in ¶ 71, Manohar further discloses “Using a computer system, various processor-readable media (e.g., a computer program product) might be involved in providing instructions/code to processor(s) for execution and/or might be used to store and/or carry such instructions/code (e.g., as signals).”); and transmit the hardware abstract layer interface instruction to the key management server through the link path (In ¶ 41, Manohar discloses “The location authenticator unit 280 can include a location authentication hardware abstraction layer (HAL) 282 and a location authenticator trusted application 384. The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device”).
Regarding Claim 15, the combination of Manohar and Woodmansee disclose:
The apparatus according to claim 9, wherein, when the processor executes the instructions, the processor is configured to further cause the key management client to: receive, through the preset hardware abstract layer interface, an identifier of the application client corresponding to the authentication information transmitted by the application client (In ¶ 48, Manohar discloses “The request from the RP application can include a key identifier indicating which key that the RP application 350 has selected.”); wherein, before the processor is configured to cause the key management client to transmit through the preset hardware abstract layer interface, the signed authentication information to the application server corresponding to the application client, the processor is configured to further cause the key management client to: determine, according to the identifier of the application 6Application No. 17/018,559Atty Docket No. 514935.5000651 19PCT206US client, a target application server corresponding to the application client (In ¶ 57, Manohar discloses “The request from the RP application can include a key identifier indicating which key that the RP application 350 has selected, where the key is associated with the transaction to be performed. An RP application can be associated with more than one key and each key is associated with its own location authentication information. The selected key can also be associated with user authentication requirements. The SKM 290 is configured to securely store the keys associated with the RP application and to only sign a response with a particular key responsive to the location authentication information and/or the user authentication information requirements bound to the key being satisfied.”); and wherein, when the processor is configured to cause the key management client to transmit through the preset hardware abstract layer interface, the signed authentication information to the application server corresponding to the application client, the processor is configured to cause the key management client to: transmit through the preset hardware abstract layer interface, the signed authentication information to the target application server (In ¶ 67, Manohar discloses “The signed authentication response can be signed using an authentication key selected by the RP application 350 and identified in the request for a signed authentication response received at the SKM 290 from the RP application 350.”).
Regarding Claim 17, Manohar discloses:
A non-transitory storage medium for storing computer readable instructions (In ¶ 8, Manohar discloses “A non-transitory, computer-readable medium having stored thereon computer-readable instructions”), the computer readable instructions, when executed by a processor in a computing device hosting a key management client (In ¶ 19, Manohar discloses “Techniques are provided for implementing location-based authentication on a computing device. The techniques provided herein can be used to implement location binding in an secure key management (SKM) service.”) and comprising a hardware abstract layer (In ¶ 41, Manohar discloses “The location authenticator unit 280 can include a location authentication hardware abstraction layer (HAL) 282 and a location authenticator trusted application 384.”), causing the key management client to: open the hardware abstract layer to an application client running in the computing device and associated with an application server (In ¶ 41, Manohar discloses “The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device 11 that can be used to determine the location of the computing device 11”);  receive through a path via a preset hardware abstract layer interface of the hardware abstract layer, authentication information transmitted by the application client (In 39, Manohar discloses “The SKM unit 290 is configured to receive user authentication information from the user authenticator unit 270 and to receive location authentication information from the location authenticator unit 280.”)  wherein the key management client is registered in the hardware abstract layer (In ¶ 41, Manohar discloses “The location authenticator unit 280 can include a location authentication hardware abstraction layer (HAL) 282 and a location authenticator trusted application 384. The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device 11 that can be used to determine the location of the computing device 11”); transmit the authentication information to a key management server, so that the key management server transmits the authentication information to a trusted application in a trusted execution environment in the computing device (In ¶ 42, Manohar discloses “The location authenticator trusted application 384 can be configured obtain location information for the computing device 11 via the location authentication HAL 382. The location authenticator trusted application 384 can be configured receive a location verification request from the SKM 290.” and in ¶ 43, Manohar further discloses “The user authenticator HAL 372 can be configured to provide an interface between the user authenticator trusted application 374, which is configured to operate within the TEE of the processor 220 ”); obtain authentication information signed by the trusted application and forwarded by the 7Application No. 17/018,559Atty Docket No. 514935.5000651 19PCT206US key management server (In ¶ 43, Manohar discloses “The user authenticator trusted application 374 can be configured generate an authentication token and to pass the authentication token to the SKM 290 responsive to the authentication information matching the authentication information bound to an authentication key.”); and transmit through the preset hardware abstract layer interface, the signed authentication information to the application server, so that the application server performs a validity check on the authentication information (In ¶ 45, Manohar discloses “The SKM 290 can provide the attestation information in the form of a signed authentication response. The signed authentication response can be signed using an authentication key selected by the RP application 350 and identified in the request for a signed authentication response received at the SKM 290 from the RP application 350.”).
However, Manohar does not explicitly disclose the path does not repeat following a system update of the computing device. 
Woodmansee discloses:
and an establishment of the path does not repeat following a system update of the computing device (In ¶ 102, Woodmansee discloses “During the upgrade/update time, existing sessions are maintained and are not negatively affected by the upgrading/updating of the virtualization system 500. This is the case since, as seen in FIG. 5, once a virtual session between user device 501 and machine 532 has been set up and is operational, a direct connection 557 between user device 501 and machine 532 is set up and fully operational, and any updates to the virtualization system 500 that helped set up the direct connection 557 does not affect the connectivity between user device 501 and machine 532.”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to modify Manohar’s approach and utilize Woodmansee’s approach of a non-repeating path after a system update as the motivation would be to reduce the burden on the user to re-establish a session between the device and the system  (See Woodmansee ¶ 4).
Regarding Claim 18, the combination of Manohar and Woodmansee disclose:
The non-transitory storage medium according to claim 17, wherein, before the computer readable instructions cause the key management client to transmit through the preset hardware abstract layer interface, the signed authentication information to the application server, the computer readable instructions further cause the key management client to: obtain a signature key value of the application server transmitted by the key management server, the signature key value being generated by the trusted application (In ¶ 43, Manohar discloses “The user authenticator trusted application 374 can be configured generate an authentication token and to pass the authentication token to the SKM 290 responsive to the authentication information matching the authentication information bound to an authentication key.”); and transmit the signature key value to the application server through the preset hardware abstract layer interface (In ¶ 45, Manohar discloses “The SKM 290 can provide the attestation information in the form of a signed authentication response. The signed authentication response can be signed using an authentication key selected by the RP application 350 and identified in the request for a signed authentication response received at the SKM 290 from the RP application 350.”).
Regarding Claim 19, the combination of Manohar and Woodmansee disclose:
The non-transitory storage medium according to claim 17, wherein, before the computer readable instructions cause the key management client to transmit the authentication information to the key management server, the computer readable instructions further cause the key management client to: establish a link path between the key management client and the key management server in a hardware abstract layer in the computing device (In ¶ 40, Manohar discloses “The SKM unit 290 provides secures storage and management of cryptographic keys. For example, the SKM unit 290 can be configured to implement the Android®KeyStore® and Android®KeyMaster® security mechanisms. These security mechanisms are not limiting of the disclosure as other security mechanisms performing similar functions for an operating system can be implemented by the SKM unit 290. These security mechanisms can be implemented by the SKM unit 290 a SKM trusted service application in the TEE of the processor 220.”).
Regarding Claim 20, the combination of Manohar and Woodmansee disclose:
The non-transitory storage medium according to claim 19, wherein: the hardware abstract layer comprises an interface layer between an operating system kernel and a hardware circuit that is capable of interacting with the operating system kernel and the hardware circuit directly (In ¶ 41, Manohar discloses “The location authentication HAL 382 can be configured to provide an interface between the location authenticator trusted application 384, which is configured to operate within the TEE of the processor 220 and one or more hardware components of the computing device 11 that can be used to determine the location of the computing device 11.”); the key management client and the key management server are persistently pre-registered in the hardware abstract layer (In ¶ 51, Manohar discloses “The SKM 290 can also be configured to store the user authentication information bound to the first authentication certificate in a secure memory location of the TEE of the computing device 11 responsive to the user authentication information being provided in addition to the first location authentication information.” And in ¶ 78, Manohar further discloses “Components, functional or otherwise, shown in the figures and/or discussed herein as being connected or communicating with each other are communicatively coupled. That is, they may be directly or indirectly connected to enable communication between them.”)
Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable by Manohar et al. (2018/0019986), hereinafter referred to as Manohar, in view of Woodmansee et al. (US Publication Number 20180331918), hereinafter referred to as Woodmansee, in further view of Olsen, Larry (US 7644264), hereinafter referred to as Olsen.
Regarding Claim 8, the combination of Manohar and Woodmansee disclose all the limitations with respect to claim 1. 
However, Manohar and Woodmansee does not explicitly disclose the identifier of the hardware abstract layer.
Olsen discloses:
wherein before receiving, by the key management client through the preset hardware abstract layer interface, the authentication information transmitted by the application client, the method further comprises: transmitting, by the key management client, an identifier of the preset hardware abstract layer interface to the application client (In ¶ 8, Olsen discloses “The computerized method may also comprise receiving a hardware-abstraction-layer identifier of a hardware-abstraction layer of the destination computer, identifying a hardware-abstraction-layer file compatible with the hardware-abstraction layer of the destination computer, and downloading the hardware-abstraction-layer file to the destination computer.”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to modify Manohar and Woodmansee’s approach and utilize Olsen’s approach of utilizing an identifier of the hardware abstract layer as the motivation would be to reduce compatibility issues and allow the system to determine the destination associated with the identifier of the hardware abstract layer  (See Olsen ¶ 5).
Regarding Claim 16, the combination of Manohar and Woodmansee disclose all the limitations with respect to claim 9. 
However, Manohar and Woodmansee does not explicitly disclose the identifier of the hardware abstract layer.
Olsen discloses:
wherein, before the processor is configured to cause the apparatus to receive through the preset hardware abstract layer interface, the authentication information transmitted by the application client, the processor is configured to further cause the key management client to: transmit an identifier of the preset hardware abstract layer interface to the application client (In ¶ 8, Olsen discloses “The computerized method may also comprise receiving a hardware-abstraction-layer identifier of a hardware-abstraction layer of the destination computer, identifying a hardware-abstraction-layer file compatible with the hardware-abstraction layer of the destination computer, and downloading the hardware-abstraction-layer file to the destination computer.”). 
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to modify Manohar and Woodmansee’s approach and utilize Olsen’s approach of utilizing an identifier of the hardware abstract layer as the motivation would be to reduce compatibility issues and allow the system to determine the destination associated with the identifier of the hardware abstract layer  (See Olsen ¶ 5).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Yao et al. (CN 109960582) discloses a method for authenticating a system in a trusted execution environment utilizing a trusted application.
Xu et al. (CN 107133794) discloses a method of a payment device utilizing a trusted execution environment model and trusted application to sign an authentication. 
Zhong et al. (US 2018/0181739) discloses a method of identity authentication with the use of biometrics.
Kamal, Ashfaq (US 2018/0053005) discloses a method for secure biometric authentication using a trusted execution environment.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHADI H KOBROSLI/Examiner, Art Unit 2492                                                                                                                                                                                                        
/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492