IN THE CLAIMS:
`
`The following is a current listing of claims and will replace all prior versions and listings
`
`of claims in the application. Please amend the claims as follows:
`
`1.
`
`(Currently Amended) An integrated circuit, comprising:
`
`at least one processor; w
`
`a secure circuit isolated from access by the processor except through a mailbox
`
`mechanism, wherein the secure circuit is configured to:
`
`receive, via the mailbox mechanism, a first request from an application executing
`
`on the processor, wherein the first request is a request to issue a certificate to the application,
`
`in response to the first request:
`
`generate a key pair having a public key and a private key, and
`
`issue, to a certificate authority (CA), a certificate signing request (CSR)
`
`for a certificate corresponding to the key pair.
`
`2.
`
`3.
`
`(Canceled)
`
`(Previously Presented) The integrated circuit of claim 1, wherein the secure circuit is
`
`configured to:
`
`receive, from the application via the mailbox mechanism, a second request to perform a
`
`cryptographic operation with the private key on a set of data from the application, and
`
`in response to the second request, perform the cryptographic operation using a public key
`
`included in the secure circuit.
`
`4.
`
`(Original) The integrated circuit of claim 3, wherein the cryptographic operation is
`
`generating a signature from the set of data, wherein the signature is usable to authenticate the
`
`application to a remote service associated with the application.
`
`Page 3 of 8
`
`
`
`5.
`
`(Original) The integrated circuit of claim 3; wherein the integrated circuit is configured to
`
`receive a certificate from the CA in response to the CSR; wherein the received certificate
`
`specifies use criteria for the certificate; and
`
`wherein the secure circuit is configured to:
`
`verify that the cryptographic operation is in accordance with the use criteria prior
`
`to performing the cryptographic operation.
`
`6.
`
`(Original) The integrated circuit of claim 5; wherein the use criteria specify a requirement
`
`to collect biometric information from a user of the application prior to performing the
`
`cryptographic operation; and
`
`wherein the secure circuit is configured to:
`
`receive biometric information from a biometric sensor; and
`
`verify that the received biometric information belongs to an authorized user prior
`
`to performing the cryptographic operation.
`
`7.
`
`(Original) The integrated circuit of claim 1; wherein the secure circuit is configured to:
`
`retrieve an identity key from a memory of the secure circuit; and
`
`sign the CSR with the identity key prior to issuing the CSR.
`
`8.
`
`(Original) The integrated circuit of claim 7; wherein the identity key is stored in the
`
`memory at fabrication of the secure circuit.
`
`9-20.
`
`(Canceled)
`
`Page 4 of 8
`
`
`
`21.
`
`(New) A method, comprising:
`
`receiving, by a secure circuit of a computing device, a request to generate a certified
`
`public-key pair for an application of the computing device, wherein the application is executed
`
`by a processor that is isolated from accessing the secure circuit except through a mailbox
`
`mechanism, and wherein the secure circuit receives the request from the application via the
`
`mailbox mechanism,
`
`in response to the request:
`
`generating, by the secure circuit of a computing device, the public-key pair
`
`including a public key and a private key for the application, and
`
`sending, by the secure circuit and to a certificate authority (CA), a certificate
`
`signing request (CSR) for a certificate corresponding to the public-key pair.
`
`22.
`
`(New) The method of claim 21, further comprising:
`
`receiving, by the secure circuit, a request from the application to use the private key to
`
`generate a digital signature usable to facilitate an authentication of the application, and
`
`providing, by the secure circuit via the mailbox mechanism, the generated digital
`
`signature for use in the authentication.
`
`23.
`
`(New) The method of claim 22, wherein the certificate is usable to verify the digital
`
`signature, but does not specify information usable to uniquely identify the computing device.
`
`24.
`
`(New) The method of claim 21, further comprising:
`
`storing, by the secure circuit, a plurality of keys, each associated with a respective one of
`
`a plurality of applications executable to request performance of cryptographic operations by the
`
`secure circuit.
`
`Page 5 of 8
`
`
`
`25.
`
`(New) The method of claim 21, further comprising:
`
`receiving, by the computing device, the certificate from the CA, wherein the certificate
`
`specifies a set of use criteria for the certified public-key pair, and
`
`verifying, by the secure circuit, that a cryptographic operation requested by the
`
`application complies with the set of use criteria prior to using the private key to perform the
`
`requested cryptographic operation.
`
`26.
`
`(New) The method of claim 21, wherein the certificate includes information that
`
`identifies functionality of hardware present in the computing device.
`
`27.
`
`(New) The method of claim 26, wherein the identified functionality includes one or more
`
`cryptographic capabilities of the secure circuit.
`
`28.
`
`(New) A computing device, comprising:
`
`at least one processor, and
`
`a secure circuit isolated from access by the processor except through a mailbox
`
`mechanism, wherein the secure circuit is configured to:
`
`generate a key pair having a public key and a private key for an application
`
`executing on the processor,
`
`issue, to a certificate authority (CA), a certificate signing request (CSR) for a
`
`certificate corresponding to the key pair,
`
`receive, via the mailbox mechanism, a request from the application to perform a
`
`cryptographic operation using the private key, and
`
`provide, via the mailbox mechanism, a result of the requested cryptographic
`
`operation to the application.
`
`29.
`
`(New) The computing device of claim 28, wherein the certificate does not include
`
`information usable to determine an identity of the computing device.
`
`Page 6 of 8
`
`
`
`30.
`
`(New) The computing device of claim 28, wherein in the requested cryptographic
`
`operation is generating a digital signature usable to authenticate a user of the computing deVice
`
`with respect to the application.
`
`3 1.
`
`(New) The computing deVice of claim 28, further comprising:
`
`a biometric sensor configured to collect biometric data from a user of the computing
`
`device; and
`
`wherein the secure circuit is configured to verify the collected biometric data prior to
`
`performing the requested cryptographic operation.
`
`32.
`
`(New) The computing deVice of claim 3 1, wherein the certificate specifies a requirement
`
`for the user to be authenticated using the biometric sensor prior to performing the requested
`
`cryptographic operation.
`
`33.
`
`(New) The computing deVice of claim 28, wherein the processor and the secure circuit
`
`are included in the same integrated circuit.
`
`Page 7 of 8
`
`
