DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 03/08/2019, claims 1-9 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/331,581.
CLAIM INTERPRETATION
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification, as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 1 recites the limitation "the hardware –based isolated secure execution environment". There is insufficient antecedent basis for this limitation  in the claim.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-8 are  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
 unit configured to…”; “a private key generator configured to….”; “a public key extractor configured to…”;   and “a verification unit configured to…” in claim 1 and “the network function visualization system configured to…. “.in claim 6. 
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Claims limitation “a request receiving unit configured to…”; “a private key generator configured to….”; “a public key extractor configured to…”;   and “a verification unit configured to…” in claim 1 and “the network function visualization system configured to…. “.in claim 6.  invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the 
Claims 2-8 do not cure the deficiency of claim 1 and are rejected under 35 USC 112, 2nd paragraph, for their dependency upon claim 1.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 


Claim Rejections - 35 USC § 103
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-9 are rejected under 35 U.S.C. 103 as being unpatentable over of US Patent No. 2017/0012968 issued to FENG et al (“FENG”)( filed in IDS 03/08/2019) and in view of US Patent No. 2011/0264917 issued to Barthelemy et al (“Barthelemy”).
Regarding claim 1 , FENG discloses a network function virtualization system comprising[Abstract, The invention discloses a network function virtualization-based certificate configuration method, apparatus, and system]; and 
 a request receiving unit configured to receives a request to a certificate of at least one of data exchanging parties [¶10, receiving, by the virtualized network management entity, an instantiation request sent by a network operation and management entity, where the instantiation request includes the initial credential information of the virtualized network function entity], and [¶14, the initial credential information includes but is not limited to a certificate, a pre-shared key, a token and/or a password], and [¶31, when the initial credential information includes a certificate], and [¶40]; and 
and a verifying unit configured to accessible from the request receiving unit and verify the certificate using the public key information corresponding to the certificate [¶40, Optionally, the obtaining, by the virtualized network function entity, from a certificate authority by using the initial credential information, a formal certificate issued by a network operator of the virtualized network function entity includes: [0041] sending, by the virtualized network function entity, a certificate request message to the certificate authority, where the certificate request message includes a third public key and the initial credential, so that the certificate authority verifies the received certificate request message by using the initial credential; and when the verification succeeds, signs the third public key by using a private key corresponding to a root certificate or an intermediate certificate of the network operator, to 
verifying, by the virtualized network function entity, the certificate response message, and when the verification succeeds, obtaining the formal certificate issued by the network operator].
a private key generator configured to generates a first private key information using a second private key information stored in the hardware-based isolated secure execution environment, in response to-a the request
	Even though FENG disclose this limitation as: [¶18, the initial certificate is signed by using a private key corresponding to a root certificate or an intermediate certificate of the network operator of the virtualized network function entity, where the intermediate certificate of the network operator of the virtualized network function entity is a certificate issued by a lower-level sub-certificate subordinate to the root certificate of the network operator of the virtualized network function entity], and [¶264, For example, after instantiation of a VNF succeeds, a VNFM may configure initial credential information for each VNF component (that is, VNFC) that forms the VNF.  When the initial credential is a certificate, the VNFM configures a second public key-private key pair for the VNFC, and issues an initial certificate for a second public key.  The configured initial certificate information includes the initial certificate and a corresponding second private key, or may further include the second public key], and [[¶¶31-33, 40, 163, 177].
specific hardware means for private key storage, such as for example a chip card, a secure USB key, or a secure memory card], and  [ ¶42, the generation by the signatory of his first pre-signature private key K.sub.s; [¶43, the generation of the second private key K.sub.c, this key being generated, according to the cryptography scheme used, either by the signatory alone, or by the trusted third party with the aid of elements that have been transmitted to him by the signatory], and [ Abstract, ¶¶38-40, 45,56 see FIG4 and corresponding text for more detail], and [¶56,  The principle of the method according to the invention consists of a cryptographic method of digital signature creation which is carried out, not in one, but in two steps, by using not one, but two private keys for one and the same signatory, the first private key being in possession of the signatory and the second private key being deposited by the signatory with a trusted third party C. [¶57, The signatory I thus makes use of his two private keys and of a public key KP.sub.I, which are inter-related and whose determination depends on the cryptographic algorithm used. [¶58,  The signature S.sub.I(M) of a message M by the signatory I may be obtained only on completion of a combination of a first step carried out by the signatory with his first private key, and of a second step carried out by the trusted third party C with the second private key of the signatory I. According to the invention, the two steps are complementary and indissociable in order to obtain the signature S.sub.I(M) of a message M].
` a public key extractor configured to extracts a public key information of the first private key information
first private key is a private key in a first public key-private key pair corresponding to the initial certificate], and [¶¶33, 40-41].
	 Furthermore Barthelemy discloses this limitation as:  [¶42, the generation by the signatory of his first pre-signature private key K.sub.s; [0043] the generation of the second private key K.sub.c, this key being generated, according to the cryptography scheme used, either by the signatory alone, or by the trusted third party with the aid of elements that have been transmitted to him by the signatory; [0044] the generation of the public key K.sub.p of the signatory, this key being generated, according to the cryptography scheme used, either by the signatory alone, or by the trusted third party with the aid of elements that have been transmitted to him by the signatory].
a public key information storage configured to stores the public key information 
Even though FENG disclose this limitation as: [¶188, the initial credential information of the VNF may be configured by a provider or a network operator of the VNF.  When the initial credential information includes a certificate, the initial credential information specifically includes a VNF initial certificate issued by the provider or the network operator of the VNF and a corresponding private key, or further includes a public key corresponding to the VNF initial credential.  The private key and the public key that correspond to the VNF initial certificate are a public key and a private key that are in a first public key-private key pair configured for the VNF by the provider or the network operator of the VNF], and [¶233], and [¶32].
the generation of the public key K.sub.p of the signatory, this key being generated, according to the cryptography scheme used, either by the signatory alone, or by the trusted third party with the aid of elements that have been transmitted to him by the signatory], and [¶148,  The server of the trusted third party stores the public key (n, e) and the private exponent d.sub.c of the trusted third party which are associated with the identity I of the signatory].
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of FENG, Chen with the teaching Barthelemy Bin order  to implement a method of digital signature using a public-key multi-signature scheme and involving a trusted third party server with the aim of protecting the private key of the signatory[ Barthelemy, ¶1, Abstract].].
Regarding claim 2, FENG does not explicitly disclose. However, Barthelemy  discloses the network function virtualization system as defined by claim 1, wherein the private key generator configured to re-generates a first private key information using a second private key information stored in the hardware-based isolated secure execution environment when the predetermined condition is satisfied [see FIG.2, [¶132] If Vs is true: [0133] (26b) The server of the trusted third party carries out the signature calculation S with the aid of a function S.sub.2 using the second private key K.sub.c, the hash H(M) of the message and the pre-signature S.sub.s received from the signatory: S=S.sub.2(H(M), S.sub.s, K.sub.c).  This signature S is such that it may be verified with the aid solely of the hash H(M) of the message and of the public key of the signatory K.sub.p by the verification function V.sub.2: 
Regarding claim 3, FENG does not explicitly disclose. However, Barthelemy  discloses The network function virtualization system as defined by claim 1, wherein the private key generator is configured to generates a first private key information using the second private key information, trusted third party's private key information and the unique attributes[ ¶42, the generation by the signatory of his first pre-signature private key K.sub.s; [0043] the generation of the second private key K.sub.c, this key being generated,
Regarding claim 4, FENG does not explicitly disclose. However, Barthelemy  discloses The network function virtualization system as defined by claim 1, wherein the private key generator is selected and used by the user based on  a security requirement [¶62,  First of all, the general operating and security principles of the solution are described as well as its various components.  After which, each step related to the signature process is described independently of the chosen cryptographic system.  The following main steps are involved: [0063] the generation of the keys by the signatory, [0064] the obtaining of a signature by the signatory, [0065] the verification of a signature by a verifier].
Regarding claim 5, FENG does not explicitly disclose. However, Barthelemy discloses The network function virtualization system as defined by claim 1, wherein the second private key information is distributed to service providers through a secure channel [see FIG. 2 for generic process for signature calculation], and ¶107, Server of the Trusted Third Party], and [¶108, this is a computerized server operated by a service provider according to the rules of the art as regards security of access and data protection.  The operator of this server may typically, but not necessarily, be a certifying authority.  In this case, the creation of the certificate may be carried out at the end of the step of generating the keys].
Regarding claim 6, FENG does not explicitly disclose. However, Barthelemy  discloses The network function virtualization system as defined by claim 1, wherein the network function virtualization system is configured to verify at least one selected from the group consisting of a PKI certificate, VNF Package and the Trusted third party private key information for authentication [¶59, Ultimately, in the method according to the invention, the signatory makes use of a first private key K.sub.s stored in enciphered form with the aid of a password or of a PIN code.  By virtue of this private key K.sub.s, the signatory can pre-sign a 
Regarding claim 7, FENG disclose the network function virtualization system as defined by claim 1, wherein the network function virtualization system is configured to verify scaling triggered request from a component of the network function virtualization system [¶9, Based on the first aspect, in a first implementation manner, the obtaining, by a virtualized network management entity, initial credential information of a virtualized network function entity includes: [¶10,  receiving, by the virtualized network management entity, an instantiation request( equated to scaling triggered request) sent by a network operation and management entity, where the instantiation request includes the initial credential information of the virtualized network function entity], and [¶40, sending, by the virtualized network function 
entity, a certificate request message to the certificate authority…].
Regarding claim 8, FENG discloses wherein the network function virtualization system is configured to verify a VNFC failure request or VNFC failure service state [¶121,  In the embodiments, the network operation and management entity includes but is not limited to an operation support system (Operation support system, OSS) or an element management system (Element Management System, EMS), where the EMS mainly performs conventional FCAPS functions for the VNF, and the FCAPS functions include fault management (Fault Management), configuration management (Configuration Management), accounting management (Accounting Management), performance management (Performance Management), and security management (Security Management)], and [¶21, the virtualized network function entity includes a virtualized network function unit VNF or a virtualized network function component VNFC]. 
Regarding claim 9, this claim is interpreted and rejected for the same rational set forth in claim 1.



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Chen (US2004/0123098) (Method and apparatus for use in relation to verifying an association between two parties, ¶¶67-68].
CHU (US2012/0017086) [Information security transmission system, ¶22].
Froels(US2014/0219448)[ ¶10, A second key pair including a second public key and a second private key is allocated to the server device.  The method includes: storing, at the identity module, the first private key, the first public key and a first signature, the first signature being based on signing the first public key using the second private key; generating the identity information and a second signature, the second signature being based on signing the identity information using the first private key].
Falk (US10, 630,473) [Determination of a device-specific private key for an                       asymmetrical cryptographic method on a device, claim 6]. 
Kresina (US2004/0006701) [Method and apparatus for authentication of recorded                         audio, ¶30].
Nix(US2015/0095648)[¶110, module 101 may record a first private key 112 used for creating a digital signature and a second private key 112 for decryption using asymmetric ciphering algorithms 141a. ].
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207.  The examiner can normally be reached on Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 






/SHAHRIAR ZARRINEH/Examiner, Art Unit 2497