DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Amendment
The Amendment filed on 02/16/2021 has been entered. 
The double patenting rejection of claims 22, 25-27, 33-34 and 39 is maintained. The current amendment claims are not distinct from the conflicting application (see below).
Claims 22-24, 26, 31-32, 34-37 and 39-40 are amended.
Claims 22-40 are pending of which claims 22, 34 and 39 are independent claims.

Response to Arguments
The applicant's arguments filed on 02/16/2021 regarding claims 22-40 response to Rejection Under 35 U.S.C § 102 and 35 U.S.C § 103 have been fully considered but the arguments are essentially directed towards the newly introduced limitations and they are addressed in this Office Action, below.
The applicant's arguments filed on 02/16/2021 response to Double Patenting Rejection have been fully considered but are not persuasive (see below).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 22, 25-27, 33-34 and 39 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-2, 8 and 14 of U.S. Patent No. 10,326,755 (hereinafter “PAT755”), see table below. 
Regarding Claim 22 of the Instant Application, claim 1 of PAT755 contains every element of claim 22 of the instant application. Claim 22 of the instant application therefore is not patently distinct from the earlier patent claim and as such is unpatentable for obvious-type double patenting. 
Regarding dependent claims 25-27, 33 of the present application, they contain the similar claim language as the Pat755 claims 1-2 and 14. Accordingly, the dependent claims 25-27, 33 of the instant application are rejected under the judicially created doctrine of obviousness-type double patenting.

As per independent claim 34 of the Instant Application, claim 1 of PAT755 contains every inventive steps of claim 34 of the instant application. Claim 34 of instant application would have been an obvious variation of the invention defined in claim 1 in PAT755 given the claim 1 of the in PAT755 is claiming a non-transitory, computer-readable storage media storing instructions. However, the difference is obvious to one of ordinary skill in the art. It is known technique for a skilled artisan to implement steps 

 As per independent claim 39 of the Instant Application, claim 8 of PAT755 contains every element of claim 39 of the instant application. Claim 39 of the instant application therefore is not patently distinct from the earlier patent claim and as such is unpatentable for obvious-type double patenting. 

16/437,751
10,326,755


22. A method for generating a digital certificate, comprising: 




transmitting, to a customer computing system associated with a first private key and a first public key, an agent application, wherein, the agent application is installed on the customer computing system based on the customer computing system receiving the agent application;
communicating to the agent application installed on the customer computing system a request to generate at least a second private key and a second public key; 
receiving a request for a certificate from the agent application, wherein the request for the certificate 
generating a certificate based at least in part on the request for the certificate; and 
communicating the certificate to the customer computing system.

receiving, at a certificate authority computing device, a certificate profile associated with a customer computing system;
in response to receiving the certificate profile, sending an agent application to the customer computing system and instructing, by the certificate authority computing device, the agent application installed on the customer computing system to generate a first private key, a first public key, and a customer computing system identifier;




receiving the first public key, the customer computing system identifier, and a profile identifier 
generating a first certificate based on the first public key and the certificate profile; and
sending the first certificate to the customer computing system.


1. …receiving the first public key, the customer computing system identifier, and a profile identifier associated with the certificate profile
26. The method of claim 25, wherein the communicating the request to generate at least the second private key and the second public key is responsive to detecting at least one change in the certificate profile
2. … in response to detecting the at least one change, generating a second certificate based on the change in the certificate profile
27. The method of claim 26, wherein the certificate profile includes at least one of a common name, a subject name, a signature algorithm identification, usage restrictions, credentials, a user identifier, or a password, and wherein the detecting the at least one change in the certificate profile comprises detecting a change in at least one of the common name, the subject name, the signature algorithm identification, the usage restrictions, the credentials, the user identifier, or the password
14. The method of claim 11, wherein the certificate profile includes a subject alternate name and wherein detecting the change to the certificate profile comprises detecting a change in the subject alternate name.

1. … receiving, at a certificate authority computing device
34. A non-transitory, computer-readable storage media storing instructions, which, when executed on a processor, performs an operation for generating a digital certificate, the operation comprising: 

transmitting, to a customer computing system associated with a first private key and a first public key, an agent application, wherein, the agent application is installed on the customer computing system based on the customer computing system receiving the agent application;
communicating to an agent application installed on a customer computing system associated with a first private key and a first public key a request to generate at least a second private key and a second public key; 
receiving a request for a certificate from the agent application, wherein the request includes the second public key and an identifier associated with the customer computing system; 
generating a certificate based at least in part on the request for the certificate; and 
communicating the certificate to the customer computing system.
1. A method for generating a digital certificate, comprising:
receiving, at a certificate authority computing device, a certificate profile associated with a customer computing system;
in response to receiving the certificate profile, sending an agent application to the customer computing system and instructing, by the certificate authority computing device, the agent application installed on the customer computing system to generate a first private key, a first public key, and a customer computing system identifier;





receiving the first public key, the customer computing system identifier, and a profile identifier associated with the certificate profile from the agent application;
generating a first certificate based on the first public key and the certificate profile; and
sending the first certificate to the customer computing system.


a processor and a memory hosting an application, which, when executed on the processor, performs an operation for generating a digital certificate, the operation comprising: 



transmitting, to a customer computing system associated with a first private key and a first public key, an agent application, wherein, the agent application is installed on the customer computing system based on the customer computing system receiving the agent application;
communicating to an agent application installed on a customer computing system associated with a first private key and a first public key a request to generate at least a second private key and a second public key; 
receiving a request for a certificate from the agent application, wherein the request includes the second public key and an identifier associated with the customer computing system; 
generating a certificate based at least in part on the request for the certificate; and 
communicating the certificate to the customer computing system.

8. A system, comprising:
a processor and a memory hosting an application, which, when executed on the processor, performs an operation for generating a digital certificate, the operation comprising:
receiving, at the system, a certificate profile associated with a customer computing system;
in response to receiving the certificate profile, sending an agent application to the customer computing system and instructing, by the system, the agent application installed on the customer computing system to generate a first private key, a first public key, and a customer computing system identifier;





receiving the first public key, the customer computing system identifier, and a profile identifier associated with the certificate profile from the agent application;
generating a first certificate based on the first public key and the certificate profile; and
sending the first certificate to the customer computing system.





Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 22, 29-34 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Bender et al. (Pub. No.: US 2009/0222657, hereinafter Bender) in view of Liu (Patent No.: US 8,099,598).
Regarding claim 22: Bender discloses A method for generating a digital certificate, comprising: 
a customer computing system associated with a first private key and a first public key (Bender - [0077]: For each CA profile, a keypair for signing the associated request is generated at the mobile device),
communicating to the agent application installed on the customer computing system a request to generate at least a second private key and a second public key (Bender - [0077]: A new key may be generated when the CA denies the request or when the digital certificate returned from the request has expired); 
receiving a request for a certificate from the agent application, wherein the request for the certificate includes the second public key and an identifier associated with the customer computing system (Bender - [0069]: After receipt of the configuration information (or :profile), the mobile device generates a private/public key pair for the digital certificate, constructs the request message for obtaining the digital certificate (including most if not all pertinent information), and causes the request message to be sent to the host server which receives it (step 510 of FIG. 5). See also [0026]: the user of the mobile device is able to enter and set this information through a user interface of the mobile device),
generating a certificate based at least in part on the request for the certificate (Bender - [0070]: Based on the information in the request message, the host server requests and obtains the digital certificate from the CA on behalf of the mobile device (step 512 of FIG. 5). See also [0079-0082]); and 
communicating the certificate to the customer computing system (Bender - [0070]: Upon receipt of the digital certificate, the host server “pushes” the received digital certificate to the mobile device (step 514 of FIG. 5)).\
However, Bender doesn’t explicitly teach but Liu discloses transmitting, to a customer computing system [associated with a first private key and a first public key], an agent application, wherein, the agent application is installed on the customer computing system based on the customer computing system receiving the agent application (Liu - Fig. 4, [Col. 8, Line 48-55]: if such software programs are not already installed. The instructions for where to download and how to install the software programs can be sent to the Receiver (40) along with the encrypted message or the first time password. … After necessary software programs are installed, the Receiver (40) will use the software programs to generate a pair of public and private keys).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Bender with Liu so that a new key can be  generated to replace a compromised private key. The modification would have allowed the system to increase security. 
Regarding claim 29: Bender as modified discloses further comprising associating the customer computing system with the second public key based at least in part on the receiving the request for the certificate (Bender - [0077]: For each CA profile, a keypair for signing the associated request is generated at the mobile device. Once a key has been generated for a CA profile, certificate enrollment requests for the CA profile are signed using that key).
Regarding claim 30: Bender as modified discloses wherein the request for the certificate is signed by the second private key (Bender - [0063]: the message's creator signs the message with use of a private key associated with the digital certificate).
Regarding claim 31: Bender as modified discloses wherein the agent application generates the second private key and the second public key responsive to the receiving the request to generate at least the second private key and the second public key (Bender - [0077]: For each CA profile, a keypair for signing the associated request is generated at the mobile device. Once a key has been generated for a CA profile, certificate enrollment requests for the CA profile are signed using that key. A new key may be generated when the CA denies the request or when the digital certificate returned from the request has expired).
Regarding claim 32: Bender as modified discloses wherein the generating the certificate comprises generating the certificate using the second public key (Bender - [0077]: A new key may be generated when the CA denies the request or when the digital certificate returned from the request has expired (possible when sending the same request multiple times). When requesting a digital certificate, the mobile device generates a Public Key Cryptography Standard (PKCS) request (e.g. PCKS10 request) and sends it over a PKCS10 protocol to the host server, which will perform the certificate enrollment request on behalf of the mobile device … Once the CMM retrieves the certificate from the CA, it pushes the certificate back down to the mobile device. The mobile device then injects the certificates and keypair into the mobile device's keystore).
Regarding claim 33: Bender as modified discloses wherein the method is performed by a certificate authority (Bender - Fig. 2, Certificate Authority (CA)).
Regarding claim 34: Claim directed to computer readable medium claim and do not teach or further define over the limitations recited in claims 22. Therefore, claim 34 also rejected for similar reasons set forth in claim 22. 
Regarding claim 39: Claim directed to apparatus/device claims and do not teach or further define over the limitations recited in claims 22. Therefore, claims 39 are also rejected for similar reasons set forth in claim 22. 

Claims 23 and 35 are rejected under 35 U.S.C. 103 as being unpatentable over Bender et al. (Pub. No.: US 2009/0222657, hereinafter Bender) in view of Liu (Patent No.: US 8,099,598) and LeMay  ert al. (Pub. No.: US 2005/0198170, hereinafter LeMay). 
Regarding claims 23 and 35: Bender as modified doesn’t explicitly teach but LeMay discloses determining the first private key has been compromised, invalidating the first private key and the first public key, wherein communicating to the agent application installed on the customer computing system Berggren - [0108]: In the event that a group member is removed from the group or a key must be refreshed for other reasons, the group's key server 6 must generate a new private and public key pair to be used by the group. Generating a new private and public key invalidates the old public and private key):
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Bender and Liu with LeMay so that a new key can be  generated to replace a compromised keys. The modification would have allowed the system to increase security. 

Claims 24 and 36 are rejected under 35 U.S.C. 103 as being unpatentable over Bender et al. (Pub. No.: US 2009/0222657, hereinafter Bender) in view of Liu (Patent No.: US 8,099,598) and Ransom et al. (Pub. No.: US 2005/0144437, hereinafter Ransom). 
Regarding claims 24 and 36: Bender as modified doesn’t explicitly teach but Ransom discloses wherein the communicating the request to generate at least the second private key and the second public key  is based at least in part on a determination that the first private key and the first public key has expired (Ransom - [0174]: public/private key pairs/certificates may expire based on a lapse of time or based on a number of uses, or combinations thereof).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Bender and Liu with Ransom so that a new key can be  generated to replace expired keys. The modification would have allowed the system to increase security. 

Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Bender et al. (Pub. No.: US 2009/0222657, hereinafter Bender) in view of Liu (Patent No.: US 8,099,598) and Fu et al. (Pub. No.: US 2011/0113239, hereinafter Fu).
Regarding claim 25: Bender as modified doesn’t explicitly teach but Fu discloses wherein the request for the certificate further includes a profile identifier associated with a certificate profile (Fu - [0067]: parses the certificate renewal request through the profile identified by a profile identifier received as part of the certificate renewal request).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Bender and Liu with Fu so that certificate request includes profile identifier information. The modification would have allowed the system to include the profile identifier for certificate request. 

Claims 26-28, 37-38 and 40 is rejected under 35 U.S.C. 103 as being unpatentable over Bender et al. (Pub. No.: US 2009/0222657, hereinafter Bender) in view of Liu (Patent No.: US 8,099,598) and Fu et al. (Pub. No.: US 2011/0113239, hereinafter Fu) and Schwengler et al. (Patent No.: US 8,856,527, hereinafter Schwengler).
Regarding claim 26: Bender as modified doesn’t explicitly teach but Schwengler discloses wherein the communicating the request to generate at least the second private key and the second public key is responsive to detecting at least one change in the certificate profile (Schwengler - [Col. 3, Line 57-61]: One task of the user of the PKI manager 140 is the creation of digital certificate profiles that can be used to generate key pairs and digital certificates on the machines of requesting clients. [Col. 4, Line 17-18]: the user can edit an existing certificate profile 162 using the certificate profile creator 142).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Bender, Liu and Fu with Schwengler so that certificate profile changes can be detected and new certificate is generated based on the updated profile. The modification would have allowed the system to update certificate.
Regarding claim 27: Bender as modified discloses wherein the certificate profile includes at least one of a common name, a subject name, a signature algorithm identification, usage restrictions, credentials, a user identifier, or a password, and wherein the detecting the at least one change in the certificate profile comprises detecting a change in at least one of the common name, the subject name, the signature algorithm identification, the usage restrictions, the credentials, the user identifier, or the Schwengler - [Col. 5, Line 51-53]: the certificate fields 206 allow the user to configure the structure of the Subject Alternative Name (SAN) 226).
The reason to combine is similar as claim 26.
Regarding claim 28: Bender as modified discloses wherein the certificate includes the certificate profile and the second public key (Bender - [0070]: Based on the information in the request message, the host server requests and obtains the digital certificate from the CA on behalf of the mobile device (step 512 of FIG. 5). See also [0079-0082]).

Regarding claim 37: The limitations of claim 37 are substantially similar to the limitations of claims 25 and 26, thus it is interpreted and rejected for the reasons set forth above in the rejection of claims 25 and 26.
Regarding claim 38: The limitations of claim 38 are substantially similar to the limitations of claim 27, thus it is interpreted and rejected for the reasons set forth above in the rejection of claim 27.
Regarding claim 40: The limitations of claim 40 are substantially similar to the limitations of claims 25, 26 and 27, thus it is interpreted and rejected for the reasons set forth above in the rejection of claims 25, 26 and 27.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437