METHOD, APPARATUS, DEVICE AND STORAGE MEDIUM FOR DEVICE AUTHENTICATION AND CHECKING

DETAILED ACTION This office action is in response to the application filed on 08/07/2024. Claims 1-5, 9-14, 18 and 20-27 are pending and are examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. CN202210642088.1, filed on 06/07/2022, which papers have been placed on record in the file. Information Disclosure Statement The information disclosure statement (IDS) submitted on 08/21/2024 was filed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was. Claims 9-11, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Wan (U.S Pub No. 2017/0,295,168 A1, referred to as Wan), in view of Jin (U.S Pub No. 2020/0,322,170 A1, referred to as Jin). Regarding claim 9, Wan teaches: A method for device authentication (Wan: Fig. 1, Items 100, 150; ¶ 0059- ¶ 0061, “Access to the corporate resources 24 may only be available to mobile devices 100 which have been successfully authenticated by the authentication server 150. More specifically, a mobile device 100 requesting access to the corporate resources 24 may need one or more security certificates provided by the authentication server 150.”; Fig. 2; ¶ 0062; Fig. 4; ¶ 0081), comprising: in response to receiving a device activation request from a first device, verifying, at a second device, identity authentication information of the first device indicated in the device activation request (Wan: Abstract: ”The present disclosure is drawn to systems and methods for activating a mobile device in an enterprise mobile management context. The mobile device is configured to generate a first device security certificate which comprises a device key and an identifier of the mobile device.”; Fig. 1, Items 100 (EN: first device), 150 (EN: second device); ¶ 0059- ¶ 0061; Fig. 2; ¶ 0062- ¶ 0080, “With reference to FIG. 2, the mobile device 100 implements a method 200 for performing an authentication procedure with the authentication server 150. At step 210, the mobile device 100 generates a first device security certificate. A device security certificate is an electronic document such as a public key certificate, a digital certificate, or an identity certificate that is used to prove ownership of a device key…At step 220, the mobile device 100 transmits the first device security certificate to the authentication server 150. The mobile device 100 transmits the first device security certificate to the authentication server 150 through any suitable means and over any suitable portion of the network 10”; Fig. 4; ¶ 0081- ¶ 0090, “At step 430, the authentication server 150 validates the mobile device 100. The mobile device 100 is validated by determining if the device security certificate is valid”); in response to the verification of the identity authentication information being successful, sending an activation certificate to the first device (Wan: Fig. 1, Items 100, 150; ¶ 0059- ¶ 0061; Fig. 4; ¶ 0081- ¶ 0080- ¶ 0090, “At step 430, the authentication server 150 validates the mobile device 100. The mobile device 100 is validated by determining if the device security certificate is valid. Determining if the first device security certificate is valid may comprise one or more validation steps, as illustrated in FIG. 5A. At step 432, the authentication server 150 compares the device key against the server key, or compares a representation of the device key against a representation of the server key, as appropriate…In some embodiments, the second device security certificate is received from the mobile device 100. In such cases, and with reference to FIG. 5B, step 460 includes a plurality of steps 462, 464, 466. At step 462, the authentication server 150 generates the one or more second server security certificate. The certification authority of the authentication server 150 may sign one or more second server security certificate. At step 464, the authentication server 150 transmits the second server security certificate to the mobile device 100. ”). Wan does not explicitly disclose, however Jin teaches: in response to receiving a certificate signing request from the first device, sending a device certificate to the first device, the device certificate being generated based on the certificate signing request (Jin: Fig. 2, Steps S202- S206; ¶ 0052- ¶ 0062, “S202: The first device 102 obtains a login account, and sends a login request to the server 106 (EN: second device) via the login account. S204: The server 106 generates corresponding encrypted information according to the login request of the first device, wherein the encrypted information includes at least one of the following: a key pair and a digital certificate…S206: After receiving the encrypted information returned by the server 106, the first device 102 generates encrypted identity information based on the login account and the encrypted information.). It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wan by Jin and have a server capable to generate at least a digital certificate and key pair based on login information received form a device and forward the generated information to the device for authentication and secure communication. (Jin: ¶ 0052- ¶ 0062). Regarding claim 10, the combination of Wan by Jin teaches all the features of claim 9, as outlined above. Wan further teaches: wherein at least one of the device activation request, the activation certificate, the certificate signing request, or the device certificate is transmitted over a secure connection between the first device and the second device (Wan: ¶ 0011, “In some example embodiments, enrolling the at least one second server security certificate comprises receiving, from the authentication server, over the secure connection, the at least one second device security certificate signed by a certification authority of the authentication server.”; Fig. 2; ¶ 0069, “At step 240, the mobile device 100 establishes a secure connection with the authentication server 150. The exchange of data between the mobile device 100 and the authentication server 150 may be secured and validated with the device security certificate and the server security certificate. The secure connection may comprise, for example, a transport layer security (TLS) tunnel, or any other suitable secure connection.”; ¶ 0086, “At step 450, the authentication server 150 establishes the secure connection with the mobile device 100. The exchange of data between the mobile device and the authentication server 150 may be secured and validated with the first device security certificate and the first server security certificate.”). Regarding claim 11, the combination of Wan by Jin teaches all the features of claim 9, as outlined above. Wan does not explicitly disclose, however Jin teaches: signing the activation certificate with a first private key of a first asymmetric key pair; and sending a first public key in the first asymmetric key pair to the first device (Jin: ¶ 0052- ¶ 0062, “In a second implementation, the first device 102 encrypts the login account and a random number (assumed to be a first random number) using the private key in the key pair that is returned by the server 106 to obtain an encryption result, and generates encrypted identity information based on the encryption result and the digital certificate. The digital certificate can be used to transmit the public key corresponding to the private key.”). Same motivation as claim 9. Regarding claim 23, the combination of Wan by Jin teaches all the features of claim 9, as outlined above. Wan further teaches: wherein the identity authentication information of the first device comprises at least one of: a device identification, or password information (Wan: Fig. 2; ¶ 0062- ¶ 0080, “With reference to FIG. 2, the mobile device 100 implements a method 200 for performing an authentication procedure with the authentication server 150. At step 210, the mobile device 100 generates a first device security certificate. A device security certificate is an electronic document such as a public key certificate, a digital certificate, or an identity certificate that is used to prove ownership of a device key). Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Wan in view of Jin and further in view of Moore et al. (U.S Pub No. 2019/0,140,846 A1, referred to as Moore). Regarding claim 12, the combination of Wan by Jin teaches all the features of claim 9, as outlined above. Wan further teaches: obtaining a second public key of a second asymmetric key pair from the certificate signing request; and generating the device certificate by signing the second public key (Wan: Fig. 1, Items 100, 150; ¶ 0059- ¶ 0061; Fig. 2; ¶ 0062- ¶ 0088, “With reference to FIG. 2, the mobile device 100 implements a method 200 for performing an authentication procedure with the authentication server 150. At step 210, the mobile device 100 generates a first device security certificate. A device security certificate is an electronic document such as a public key certificate, a digital certificate, or an identity certificate that is used to prove ownership of a device key…At step 220, the mobile device 100 transmits the first device security certificate to the authentication server 150. The mobile device 100 transmits the first device security certificate to the authentication server 150 through any suitable means and over any suitable portion of the network 10”; At step 462, the authentication server 150 generates the one or more second server security certificate. The certification authority of the authentication server 150 may sign one or more second server security certificate.”). Wan in view of Jin does not explicitly disclose, however Moore teaches: the second asymmetric key pair being generated in a trusted environment associated with the first device (Moore: ¶ 0030- ¶ 0037, “The example techniques may enable a cloud service to generate an asymmetric key pair (i.e., a public key and a private key) and to send a quote over the public key to a customer, which may validate the quote and certify the quote (e.g., by issuing a certificate for the received public key). In this way, a secret (e.g., signing key) that belongs to the customer is not known to the customer and remains securely within the cloud service (e.g., within a TEE).”). It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wan in view Jin by Moore and have a trusted execution environment (TEE) platform capable to generate asymmetric key pair in a trusted manner to make a system authentication more secured. (Moore: ¶ 0030). Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Wan in view of Jin and further in view of Singh et al. (U.S Pub No. 2007/0,004,386 A1, referred to as Singh). Regarding claim 13, the combination of Wan by Jin teaches all the features of claim 9, as outlined above. Wan in view of Jin does not explicitly disclose, however Singh teaches: receiving an activation acknowledgement for the first device from the first device (Singh: Fig. 3B; Steps 326- 328; ¶ 0045, “In block 328, policy controller 100 receives a feature activation acknowledgement message from the user device. Control then proceeds to block 330 where policy controller 100 increments the simultaneous use count in database 112. In block 332, policy controller 100 adds the user ID and feature activation time to the current use data in database 112.”). It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wan in view Jin by Singh and have an automated process to receive an activation acknowledgment from a device subsequent to receiving an authorization of a feature activation request for the device in order to update users’ features activation database. (Singh: ¶ 0045). Allowable Subject Matter Claim 14 and 21-22 would be allowable if they were rewritten in independent form including all of the limitations of the base claim and any intervening claims. Claims 1-5, 18, 20 and 24-27 are allowed. The following is an examiner’s statement of reasons for identifying allowable subject matter. The closest prior arts made of records are, over Wan (U.S Pub No. 2017/0,295,168 A1, referred to as Wan), Jin (U.S Pub No. 2020/0,322,170 A1, referred to as Jin) and Moore et al. (U.S Pub No. 2019/0,140,846 A1, referred to as Moore). wan discloses systems and methods for activating a mobile device in an enterprise mobile management context. The mobile device is configured to generate a first device security certificate which comprises a device key and an identifier of the mobile device. The device key corresponds to a shared secret known to the mobile device and to an authentication server. The mobile device sends the first device security certificate to the authentication server. The authentication server validates the mobile device by comparing the device key to a server key and by locating the identifier in a list of known identifiers. When the mobile device is validated, the authentication server sends a first server security certificate to the mobile device. Jin discloses an identity authentication method which includes: a first device establishing a communication connection with a second device, and obtaining encrypted information through the Internet, where the first device is a device that is allowed to access the Internet, and the second device is a device that is not allowed to access the Internet; the first device encrypting identity information of an account that is logged into the second device by using the encrypted information, and sending the encrypted identity information to the second device; and the first device receiving a verification result that is returned by the second device, wherein the second device verifies the encrypted identity information based on verification information. Moore discloses techniques for provisioning a trusted execution environment (TEE) based on a chain of trust that includes a platform on which the TEE executes. Any suitable number of TEEs may be provisioned. For instance, a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. Accordingly, the TEE can be customized with the information without other parties, such as a cloud provider, being able to know or manipulate the information. However, regarding claim 14, the prior art of Wan, Jin and Moore when taken in the context of the claim as a whole do not disclose nor suggest, “in response to receiving a checking request from the first device, performing signature verification on the checking request with a second public key in a second asymmetric key pair, the second asymmetric key pair being generated in a trusted environment associated with the first device; and sending a corresponding verification response to the first device based on a result of the signature verification.”. Regarding claims 1 and 18, the prior art of Wan, Jin and Moore when taken in the context of the claim as a whole do not disclose nor suggest, “in response to receiving an activation certificate from the second device, storing the activation certificate in a trusted environment associated with the first device; sending a certificate signing request to the second device, the certificate signing request being generated based at least in part on the activation certificate in the trusted environment.”. Claims 2-5 and 20 depends on claim 1, claims 21-22 depends on claim 14 and claims 24-27 depends on claim 18 and are of consequence identified as allowable. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: See PTO-892. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408. The examiner can normally be reached Mon-Fri 9:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached at 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HASSAN SAADOUN/ Examiner, Art Unit 2435 /AMIR MEHRMANESH/ Supervisory Patent Examiner, Art Unit 2435