DETAILED ACTION
Claims 1, 8, 15 include amendments. Claims 1-20 stand rejected. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which 

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1–20 are rejected for obviousness under 35 U.S.C. § 103.  

Claims 1, 5–6, 8, 12–13, 15, and 19–20 are rejected as obvious over Brickell in view of Barr and Sjöblom.
Claims 1, 5–6, 8, 12–13, 15, and 19–20 are rejected as obvious over Brickell, Digital Signature Validation, U.S. Pub. No. 2003/0005305 (Jan. 2, 2003), in view of Barr, Authentication Policy Enforcement, U.S. Pub. No. 2014/0331287 (Nov. 6, 2014), and Sjöblom, Method and Device for Performing Electronic Transactions, U.S. 7,254,561 (Aug. 7, 2007). 

Claims 1, 8, and 15
Claims 1, 8, and 15 are the application’s independent claims.  Claim 1 is directed to an apparatus and claim 8 and 15 are directed to methods.  Claim 8 additionally specifies that the claimed method steps are each performed “by the processor.”  But apart from these differences, claims 1, 8, and 15 encompass identical limitations.  Accordingly, the three are addressed together and represented by claim 1.  

Regarding claim 1, Brickell teaches the following limitations.  
An apparatus comprising:
A memory configured to store . . . . Brickell, for example discloses that “the system 200 has system memory 213, including read only memory (ROM) 214 and random access memory (RAM).” Brickell, [0030].   
A hardware processor configured to. Brickell, for example, discloses a processor that provides an operating environment.  Brickell, [0030], FIG. 5. 
Communicate a first recertification request to a certificate authority that issued the private encryption key and the public encryption key.  Brickell discloses an assurance provider responsible for validating the status of a private signature key.  Brickell, [0021].  For example, Brickell explains that “the assurance provider 18 . . . check[s] 112 the status of the signing party 
Receive, from the certificate authority, a first message indicating that the private encryption key and the public encryption key are valid for use.  Because Brickell’s assurance provider 18 verifies with the issuing certificate authority the validity of the signing party’s private signature key, it is inferred that the certificate authority responds to the assurance provider 18 indicating that the private encryption key is either valid or invalid for use.  Brickell, [0021]. Brickell explains that this “can be accomplished by verifying whether the digital certificate, associated with the signing party 12, has been revoked by the certificate authority 16 that originally issued the digital certificate.” Brickell, [0021] (emphasis added). But Brickell also explains that the certificate authority 16 is capable of communicating digital certificate status information. See, e.g., Brickell, [0029] (“[t]he assurance provider may subsequently be notified by the certificate authority 16 that the digital certificate of the signing party 2 has been revoked.”) (emphasis added). Brickell’s certificate authority may notify the assurance provider 
In response to the first message:
Generate a first digital signature using the private encryption key.  Brickell discloses that “the signing party 12 produces a first digital signature 22” and explains that the digital signature is produced by “tak[ing] the document to be signed 21 and a private signature key associated with the signing party 12 as input.” Brickell, [0019].  Like the signing party 12, Brickell additionally teaches that the assurance provider 18 can also produce a digital signature and does so “using the second document to be signed 41, the validity statement 46, and the private signature key of the assurance provider.”  Brickell, [0025].   
Generate a first non-repudiation message comprising the first digital signature and the first message
Generate a second message comprising the first transaction request and the first non-repudiation message.  For example, Brickell teaches that “[t]he signing party 12 creates 106 a first digital credential 20 . . . that can include a first document to be signed 21 and a first digital signature 22.”  Brickell further explains that “[t]he first document to be signed 21 can include a message 23 to be signed by the signing party” and that “[t]he signing party 12 can append to the document to be signed 21 the name(s) of one or more relying party(s) 24 that are to receive the first digital credential 20 in connection with the business transaction.” Brickell, [0018].  This contents of the first message, Brickell explains, can be incorporated into the second digital credential that includes the second document to be signed—the document that indicates whether the digital certificate of the signing party is valid.  Brickell, [0024].  Brickell also teaches that “the signing party 12 sends 100 a signature request to the assurance provider 18 indicating that the signing party 12 desires to enter into a business transaction,” and that “[t]he transaction may require the signing party 12 to digitally sign a document such as a purchase order.”  Brickell, [0014].  
As just provided, Brickell teaches the many limitations of claim 1 directed to verifying the validity of a private encryption key, generating a digital message signature with the validated encryption key, and attaching the signature to a intercept a first transaction request from a user, by an apparatus from which the transaction request is originated.” Barr teaches an interceptor 200 “operable to intercept hand-shake message transmitted between the first and second endpoints 201, 202.”  Barr, [0032].  Barr further explains that “[t]he intercepted handshake messages are used by the interceptor 200 to perform security policy and authentication policy enforcement and to provide authorization facilities.”  Barr, [0034]. Barr explains that “the interceptor can reside in the same physical hardware or logical software environment as one or more of endpoints 201, 202.” Barr, [0031]. 
A person of ordinary skill in the art would have been motivated to combine the teachings of Brickell with Barr.  Brickell is generally motivated by assurance.  Brickell explains that its techniques “provide the relying party 14 assurance that a digital signature is valid at the time it was generated by the signing party” and that “[t]he relying party 14 can rely on the validity of the digital signature of the signing party without contacting the certificate authority 16 to check the status of the certificate of the signing party.”  Like Brickell, Barr is also motivated by 
Additionally, a person of ordinary skill in the art would have been motivated to combine the teachings of Brickell and Barr because doing so would yield predictable results.  Barr serves to enforce authentication by intercepting handshake messages to determine a validity status of a relevant certificate.  Barr’s interceptor “verif[ies] that the certificate is current; verif[ies] that the certificate is not revoked; verif[ies] that the certifying authority for the certificate is trusted; verif[ies] that a signature of the certifying authority in the certificate is valid; and verif[ies] that a distinguishing name for the endpoint identified by the certificate is consistent with a distinguishing name for the endpoint provided by a trusted certificate authority.” Barr, [0036]. A person of ordinary skill in the art would recognize that either Barr’s interceptor could be modified by Brickell’s validating methods or that Brickell’s method could be modified to include Barr’s interceptor to predictably arrive at a method for intercepting a transaction communication and validating the keys necessary to sign the transaction communication.  Furthermore, Intercept a first transaction request from a user. 
While Brickel and Barr together teach the processor, memory, intercepting, validating, and signing limitations of claim 1, neither reference expressly teaches (1) that the memory is configured to store a private encryption key and a public encryption key and (2) that the signed message is ultimately communicated to a server to process the first transaction request.  Sjöblom, however, does.  Additionally, where Brickell may offer sparse detail as to what information the signed document includes, Sjöblom’s expressly “contain[s] the required transaction information as plain text.”  Sjöblom, Col. 2, ll. 42–42.  
First, Sjöblom teaches memory configured to store a private encryption key and a public encryption key.  Sjöblom is most similar to Brickel.  Like Brickell, Sjöblom is directed to sending a recipient a signed transaction message.  Sjöblom, Col. 2., ll. 40–49.  The keys Sjöblom uses to the sign the transaction message are stored locally.  Sjöblom, Col. 1, ll. 62–65 (“According to the invention, the user uses a unique smart card assigned to him, with a private key stored therein (whose public equivalence in an asymmetrical cryptographic system is generally available).”) (emphasis added); see also Sjöblom, col. 5, ll. 46–50 (explaining that a trusted third party (TTP) “keeps a catalogue 15 available, from which the public key of each user can be collected”).  Brickell adds the benefit of sending signed transaction messages that are pre-validated.  See generally, Brickell, [0019–25]. 
A person of ordinary skill in the art would have been motivated to combine the teachings of Brickell with Sjöblom in this way. Brickell “assume[s] that the signing party 12 has previously obtained a private signature key and a public verification key pair, and has obtained a certificate for this public key from the certificate authority 14.” Brickell, [0019]. Brickell just does not mention that the private signature key previously obtained was ever stored.  A person of ordinary skill in the art reading Sjöblom would understand the benefits of signing a document with keys stored locally, as they would originate from the signor, and would modify Brickell accordingly. See generally Sjöblom, col. 1, ll. 57–66, to 2, ll. 1–2.  Additionally, a person of ordinary skill in the art could have modified the relevant teachings of Brickell with those of Sjöblom in a known method to achieve predictable results.  Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Brickell with Sjöblom to arrive at memory configured to store a private encryption key.
Second, Sjöblom teaches communicate the . . . message to a server to process the first transaction request. Where Brickell simply communicates the signed document from the sender to the relying party, Sjöblom’s is “transmitted via the network 5 to the network server 7.”  Sjöblom, Col. 6, ll. 34–35.  A person of ordinary skill in the art would have recognized that substituting Brickell’s communication process with that of Sjöblom would have been a simple substitution, and it would have yielded predictable results.  Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Brickell with Sjöblom to arrive at communicate the . . . message to a server to process the first transaction request.
For the reasons set forth above, under 35 U.S.C. § 103, the Examiner determines claim 1 obvious over Brickell in view of Barr and Sjöblom. For the same reasons, the Examiner also determines claim 8 and 15 obvious. But as claim 8 is further limited by performing the claimed steps “by the processor,” the Examiner asserts Brickell, the primary reference, as disclosing “a programmable computing system 200 that can provide an operating environment suitable for use” and that “[t]he system 200 includes a processor.”  Brickell, [0030].   
Accordingly, claims 1, 8, and 15 are rejected under 35 U.S.C. § 103 as obvious over Brickell in view of Barr and Sjöblom.

Claims 5, 12, and 19
Claims 5, 12, and 19 depend from claims 1, 8, and 15 respectively. But apart from the claims’ different dependency, claims 5, 12, and 19 recite the exact same language.  Accordingly, the three claims are addressed together and represented by claim 5.  

Regarding claim 5, Brickell teaches the following additional limitations: 
The apparatus of Claim 1, wherein the first digital signature is validated using the user’s public encryption key stored in a database. Brickell discloses that the assurance provider 18 “checks whether the first digital signature 22 is correct, for example, by performing a computation that takes the message 23, the first digital signature 22, and the public verification key of the signing party 12 as input and produces an output that indicates whether the signature is verified.”  Brickell, [0020]. 

Claims 5, 12, and 19 are rejected under 35 U.S.C. § 103 as obvious over Brickell in view of Barr and Sjöblom.

Claims 6, 13, and 20

Regarding Claim 6, Sjöblom teaches the additional limitation: wherein the hardware processor is further configured to encrypt the first transaction request using the private encryption key. Sjöblom contemplates the benefits of encrypting the transmitted, signed transaction message, to increase security.  Sjöblom, Col. 8, ll. 40–42 (“It may be convenient to encrypt the transmitted, signed transaction message, thereby increasing security.”).  Accordingly, for purposes of security, a person of ordinary skill in the art would have been motivated to incorporate the teachings of Sjöblom with Brickell and Barr to arrive at the encryption limitations of claim 6.  Additionally, it may even be the case that Brickell’s digital credential, which ultimately carries the transaction document and validity statements, is encrypted with the assurance provider’s private signature key.  See Brickell, [0025].  A person of ordinary skill in the art would understand the benefits of sending the transaction message in encrypted form and, furthermore, could so modify Brickell with Sjöblom to realize predictable results.  Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Brickell and Barr with Sjöblom to arrive at wherein the hardware processor is further configured to encrypt the first transaction request using the private encryption key.
Claims 6, 13, and 20 are rejected under 35 U.S.C. § 103 as obvious over Brickell in view of Barr and Sjöblom.
Claims 2, 9, and 16
Claims 2, 9, and 16 are rejected as obvious over Brickell in view of Barr, Sjöblom, and Corella, Public Key Validation Service, U.S. Pub. No. 2001/0032310 (Oct. 18, 2001).  Claims 2, 9, and 16 depend from claims 1, 8, and 15 respectively. But apart from the claims’ different dependency, claims 2, 9, and 16 claim the same limitations.  Accordingly, the three claims are addressed together and represented by claim 2.  
	Regarding claim 2, Brickell teaches the following limitations.  
The apparatus of Claim 1, wherein the hardware processor is further configured to:
	. . .  
	Communicate a second recertification request to the certificate authority. Brickell discloses an assurance provider responsible for validating the status of a private signature key.  Brickell, [0021].  For example, Brickell explains that “the assurance provider 18 . . . check[s] 112 the status of the signing party 12, including checking whether the private signature key associated with the signing party 12 is still valid.”  Brickell, [0021].  Brickell further explains that this “can be 
	Receive, from the certificate authority, a fourth message indicating that the private encryption key is not valid for use. Because Brickell’s assurance provider 18 verifies with the issuing certificate authority the validity of the signing party’s private signature key, it is inferred that the certificate authority responds to the assurance provider 18 indicating that the private encryption key is either valid or invalid for use.  Brickell, [0021].
	In response to the fourth message, deny the second transaction request. Brickell explains that “the assurance provider 18 can provide assurance that the private signature key of the signing party 12 was valid at the time the first digital signature was created based on the time stamp 26.  If the result of computation indicates that the signature failed to verify, the business transaction is rejected 130.  
Brickell teaches many of the additional limitations of claim 2 additional to those of claim 1.  Brickell is, however, limited in that rather than intercepting a transaction, Brickell contemplates that a signing party interested in entering into a transaction will “request the services of the assurance provider 18.”  Brickell, [0013].  Nevertheless, a second reference, Barr teaches intercept a second transaction request from the user. Barr teaches an interceptor 200 “operable to 
Additionally, Brickell does not teach “Communicate a third message to the certificate authority that the private encryption key has been compromised.”  Brickell is motivated by security and by ensuring confidence in the validity of a secure encryption key.  A person of ordinary skill in the art reading Brickell would therefore want to include well-known functions associated with traditional public key infrastructures that by default increase security for and confidence in an issued certificate.  For example, Corella explains in the background that “[i]n a traditional PKI, [where] a public key is authenticated by a certificate signed by a certificate authority,” “If the private key associated with the public key is compromised, the subject of the certificate notifies the certificate authority, which revokes the certificate.”  Corella.  Additionally, a person of ordinary skill in the art would have been able to simply add this functionality to predictably arrive at a system cable of “communicat[ing] a . . . message to the certificate authority that the private  Communicate a third message to the certificate authority that the private encryption key has been compromised. 
Claims 2, 9, and 16 are rejected under 35 U.S.C. § 103 as obvious over Brickell in view of Barr, Sjöblom, and Corella. 
 
Claims 3, 10, and 17
Claims 3, 10, and 17 are rejected as obvious over Brickell in view of Barr, Sjöblom, and Sellman, Sharing of State Information, U.S. Pub. No. 20030023494 (Jan. 30, 2003).  Claims 3, 10, and 17 depend from claims 1, 8, and 15 respectively. But apart from the claims’ different dependency, claims 3, 10, and 17 claim the same limitations.  Accordingly, the three claims are addressed together and represented by claim 3.  
	Regarding claim 3, Sellman teaches the limitations additional to those of claim 1.  
	Receive from the server, a template.  Sellman generally teaches a method of sharing state information between a user and a referring site, such as an online marketplace.  Sellman, Abstract.  Sellman’s method contemplates presenting to a 
	Populate the template with data from the first transaction request to produce a data filled template, wherein the second message further comprises the data filled template. Sellman explains that “when a user fills out an on-line order form or similar concerning an on-line transaction, an XML template 21 containing the order form is modified according to user requirements and parameters.”  Sellman, [0033].  Sellman further explains that “[t]he order form here may constitute a single XML template containing all of the relevant details, that template being mod8ified according to the filled in information from the customer.” Sellman, [0033].  Sellman also discloses that “other data can be stored in or encoded into that modified template as desired.”  Sellman, [0037]. 
A person of ordinary skill in the art would have been motivated to include the teachings of Sellman with the combinations of references cited for claim 1, Brickell, Barr, and Sjöblom, to arrive at the combined teachings of claim 3.  Receive from the server, a template and Populate the template with data from the first transaction request to produce a data filled template, wherein the second message further comprises the data filled template. 


Claims 4, 11, and 18
Claims 4, 11, and 18 are rejected as obvious over Brickell in view of Barr, Sjöblom, and Lundström, Network Authentication Method For Secure Electronic Transactions, U.S. 9,231,925 (Jan. 5, 2016). Claims 4, 11, and 18 depend from claims 1, 8, and 15 respectively. But apart from the claims’ different dependency, claims 4, 11, and 18 claim the same limitations.  Accordingly, the three claims are addressed together and represented by claim 4.  
	Regarding claim 4, Brickell teaches the following limitations:
Communicate a second recertification request to the certificate authority; Brickell discloses an assurance provider responsible for validating the status of a private signature key.  Brickell, [0021].  For example, Brickell explains that “the assurance provider 18 . . . check[s] 112 the status of the signing party 12, including checking whether the private signature key associated with the signing party 12 is still valid.”  Brickell, [0021].  Brickell further explains that this “can be accomplished by verifying whether the digital certificate, associated with the signing party 12, has 
Receive, from the certificate authority, a third message; Because Brickell’s assurance provider 18 verifies with the issuing certificate authority the validity of the signing party’s private signature key, it is inferred that the certificate authority responds to the assurance provider 18 indicating that the private encryption key is either valid or invalid for use.  Brickell, [0021].
Generate a second digital signature using the private encryption key; Brickell discloses that “the signing party 12 produces a first digital signature 22” and explains that the digital signature is produced by “tak[ing] the document to be signed 21 and a private signature key associated with the signing party 12 as input.” Brickell, [0019].  Like the signing party 12, Brickell additionally teaches that the assurance provider 18 can also produce a digital signature and does so “using the second document to be signed 41, the validity statement 46, and the private signature key of the assurance provider.”  Brickell, [0025].   
Generate a second non-repudiation message comprising the second digital signature and the third message; For example, Brickell discloses an assurance provider that “creates 122 a second digital credential 40 
Generate a fourth message comprising the second transaction request and the second non-repudiation message; For example, Brickell teaches that “[t]he signing party 12 creates 106 a first digital credential 20 . . . that can include a first document to be signed 21 and a first digital signature 22.”  Brickell further explains that “[t]he first document to be signed 21 can include a message 23 to be signed by the signing party” and that “[t]he siginign party 12 can append to the document to be signed 21 the name(s) of one or more relying party(s) 24 that are to receive the first digital credential 20 in connection with the business transaction.” Brickell, [0018].  This contents of the first message, Brickell explains, can be incorporated into the second digital credential that includes the second document to be signed—the document that indicates whether the digital certificate of the signing party is valid.  Brickell, [0024].  Brickell also teaches that “the signing party 12 sends 100 a signature request to 
	 
Brickell teaches many of the additional limitations of claim 2 additional to those of claim 1.  Brickell is, however, limited in that rather than intercepting a transaction, Brickell contemplates that a signing party interested in entering into a transaction will “request the services of the assurance provider 18.”  Brickell, [0013].  Nevertheless, a second reference, Barr teaches Intercept a second transaction request from the user. Barr teaches an interceptor 200 “operable to intercept hand-shake message transmitted between the first and second endpoints 201, 202.”  Barr, [0032].  Barr further explains that “[t]he intercepted handshake messages are used by the interceptor 200 to perform security policy and authentication policy enforcement and to provide authorization facilities.”  Barr, [0034].  And for the same reasons at set forth for claim 1, a person of ordinary skill in the art would have been motivated to combine the teachings of Brickell with Barr.  
Additionally, Brickell does not teach “Communicate the fourth message to the server, wherein the server parses the second non-repudiation message to determine whether the private encryption key is valid for use.”  Lundström, however, does.  Lundström teaches that “the verification server 3 verifies, based on the public key of the certificate 31 to which the certification reference 32 is uniquely mapped, whether or not the digital signature included in the verification request thus received is signed with the private key 313.”  Lundström, Col. 4, ll. 22–26.  Lundström further teaches that “the verification server 3 successfully decrypts the digital signature with the public key 312 to thus obtain from the decrypted digital signature the transaction data that is determined to be associated with the end user 5 and that has been confirmed by the end user 5, and notifies the authentication server 4 of successful digital signature verification.” Col. 4, ll. 28–36. 
A person of ordinary skill in the art would have been motivated to modify the teachings of Brickell, Bar, and Sjöblom with those of Lundström to include a server operable to parse the second non-repudiation message, review its contents, and determine whether those contents indicates the signature’s validity.  Brickell teaches a system for generating digital credentials.  Brickell’s digital credentials, when decrypted, reveal transaction documents—signed by a user’s private encryption key; validity statements signed by an assurance provider—testifying to the validity of the user’s private encryption key; and signatures of the assurance providers.  See generally Brickell, [0018–0026].  Once Brickell’s digital 
Lundström is similar to Brickell.  Like Brickell, Lundström signs transaction information with a user’s private key and verifies the validity of the private key before entering transactions.  But where Brickell packages the results of those checks in the form of a digital credential,   Lundström simply “perform[s] the electronic transaction (Step S326).”  Lundström, Col. 7, ll. 26–30.  Lundström carries out these transactions on a server, and accordingly, it is a server, particularly a verification server, that determines whether the digital signature is verified.  
Brickell does not disclose whether the relying party, the party that decrypts the digital credential to determine the validity of the user’s encryption key, performs the validity check on a server.  Nevertheless, a person of ordinary skill in the art reviewing Lundström would readily recognize the benefits of performing this step on a server.  For example, the server is connected to a communication network and allows users to make online transactions.  See generally Lundström, Col. 1, ll. 13–58.  Furthermore, a person of ordinary skill in the art would have 
Finally, Brickell also does not teach Receive a fifth message from the server indicating whether the private encryption key is valid for use and whether the second transaction request is denied.  Lundström, however, does.  Lundström teaches that “the verification server 3 sends an error message to the network server 1 of successful transaction data verification . . . . [o]therwise, the verification server 3 sends an error message to the network server 1 (step S323).” Lundström, Col. 7, ll. 8–11. And “[u]pon receipt of the error message by the network server 1,” Lundström’s “network server 1 sends an error message to the client device 2, which then notifies the end user 5 that the transaction has been cancelled (step S327).  Lundström, Col. 7, ll. 12–16.
A person of ordinary skill in the art would, for the same reasons as discussed for verifying at a server, be motivated to incorporate Lundström’s teaching to communicate the result of the validation through a server. Lundström demonstrates the added benefit of being connected to a server to perform electronic transactions.  See generally Lundström, Col. 1, ll. 13–58.  Furthermore, a person of ordinary skill in the art would have been able to add, with predictable results, the server of Lundström to Brickell’s relying party.   


Claims 7 and 14
Claims 7 and 14 are rejected as obvious over Brickell in view of Barr, Sjöblom, and Gentry, Certificate-Based Encryption and Public Key Infrastructure, U.S. 7,751,558 (July 6, 2010).  Claims 7 and 14 depend from claims 1 and 8 respectively. But apart from the claims’ different dependency, claims 7 and 14 claim the same limitations.  Accordingly, the three claims are addressed together and represented by claim 7.  
Regarding claim 7, Gentry teaches the following limitation: wherein the first message comprises an identifier of the certificate authority and a date range for which the private encryption key is valid.  Gentry Explains that “[t]ypically, a certificate consists of a digital signature on a document containing information such as the identity of the certificate owner, the public key of the certificate owner, the identity of the CA, an issue date, an expiration data, a serial number, and a 
A person of ordinary skill in the art would have had a rationale to combine the teachings of Brickell, Barr, and Sjöblom with those noted by Gentry to arrive at the teachings of claim 7. As discussed above with respect to claim 1, Brickell, Barr, and Sjöblom, when combined, teach an apparatus capable of intercepting a transaction, validating with a certificate authority the validity of the initiating party’s private encryption key, and generating a digitally signed message, signed using the private encryption key, that includes the transaction information and attests to the validity of the initiating party’s private key. Claim 7, however, includes additional limitations directed at the specific content of the digitally signed message, which is not expressly taught by any of the three cited references.  Brickell, for example teaches that sending a digital credential that “can include a signed document, a digital signature associated with the document and a certificate of the singing party,” but Brickell is silent as to the specifics of the document and the certificate.  Brickell, [0013].  Gentry, however, discloses the specifics of a certificate to include, among other things, the identity of the Certificate authority as well as an expiration date of the certificate.  Furthermore, as Brickell discloses including a certificate in its digital credential and Gentry discloses a certificate to include an identifier of the certificate authority and an expiration date of the 
For the reasons set forth above, it would have been obvious to a person of ordinary skill in the art before the time of filing the invention to combine Brickell with Barr, Sjöblom, and Gentry to arrive at the limitations of claims 7 and 14.  Accordingly, claims 7 and 14 are rejected under 35 U.S.C. § 103 as obvious over Brickell in view of Barr, Sjöblom, and Gentry.
Response to Arguments
Applicant's arguments filed 12/30/2020 have been fully considered but they are not persuasive. 
Whether Sjöblom teaches a memory configured to store a private encryption key and a public encryption key
Applicant amends claim 1 and argues that Sjöblom does not recite “a memory configured to store a private encryption key and public encryption key.” Applicant asserts that “Sjöblom discloses that the digital signature is added to the singed transaction message, and the signed transaction message is transmitted to its destination” but “does not discloses a memory that is configured to strore a private encryption key.” Amnt. 14. Applicant then reiterates that “merely discloses adding the digital signature to the transaction message.” Amnt. 14. Applicant next asserts Sjöblom does not disclose a memory that is configured to store a public encryption key.” Amnt. 14. The Examiner respectfully disagrees. 
Sjöblom discloses storing both a private key and a public key. Sjöblom discloses that “[a]ccording to the invention, the user uses a unique smart card assigned to him, with a private key stored therein (whose public equivalence in an asymmetrical cryptographic system is generally available).” Sjöblom, col. 1, ll. 63–65. Sjöblom explains that a trusted third party (TTP) “keeps a catalogue 15 available, from which the public key of each user can be collected.” Sjöblom, col. 5, ll. 46–50. While Sjöblom discloses storing the private key on the user device and the public key in a catalogue maintained by a TTP, a POSITA would understand that because the public key “is generally available,” it could easily be stored on the same device that stores the user’s private key. Doing so would not in any way affect the functioning of Sjöblom. 
Whether Barr teaches “intercept a first transaction request from a user, by an apparatus from which the first transaction request is originated.” 
Applicant amends claim 1 and argues that Barr does not teach “intercept a first transaction request from a user, by an apparatus from which the first transaction request is originated.” Amnt. 15. Applicant asserts that “Barr generally disclose[s] intercepting a message outside a device from which the message is originated.” Amnt. 15. The Examiner respectfully submits that Barr 
To the extent a single apparatus can both send and intercept the same message, one of ordinary skill in the art would recognize Barr to, at minimum, suggest an interceptor capable of existing in a single apparatus with the message originator. Barr discloses a network, “such as a wired or wireless network or a network having a combination of wired and wireless components.” Barr, [0024]. Barr explains that the “[t]he network is suitable for providing communication facilities between first and second network endpoints 201, 202. . . . , [which] are hardware or software components operable to communicate with each other over the network.” Barr, [0024]. Barr further explains that “endpoints (i.e., “network endpoints”) 201, 202 can be computer systems, machines or devices, or software applications executing on computer systems, machines or devices” and that “[c]onceivably, the endpoints 201, 202 can reside on the same physical machine or a suite of machines, interconnected by way of the network 208.” Barr, [0024]. Barr even explains that “the interceptor can reside in the same physical hardware or logical software environment as one or more of endpoints 201, 202.” Barr, [0031]. 
Since Barr’s “interceptor 200 is operable to intercept hand-shake messages transmitted between the first and second endpoints 201, 202” and because “the interceptor can reside in the same physical hardware or logical software intercept a first transaction request from a user, by an apparatus from which the first transaction request is originated.” 

Whether the cited references teach, suggest, or disclose “communicate a first recertification request to a certificate authority that issued the private encryption key and the public encryption key” or “receive, from the certificate authority, a first message indicating that the private encryption key and the public encryption key are valid for use.” 
Applicant amends claim 1 and argues that, in light of the amendment, “neither Brickell nor any of the other cited references . . . teaches, suggests, or discloses” “communicate a first recertification request to a certificate authority that issued the private encryption key and the public encryption key” and “receive, from the certificate authority, a first message indicating that the private encryption key and the public encryption key are valid for use.” Amnt. 16. In support, Applicant cites Brickell’s paragraph 21 to indicate it is Brickell’s assurance provider, not certificate authority, that verifies the private encryption key. Amnt. 16–17. Applicant further asserts that “Brickell only discloses verifying the private encryption key.” Amnt. 17. Respectfully, the Examiner disagrees. 
A person of ordinary skill in the art would understand Brickell’s certificate authority operable to receive a first recertification request and communicate a message indicating the validity of the signing party’s private encryption key. As  has been revoked by the certificate authority 16 that originally issued the digital certificate.” Brickell, [0021] (emphasis added). But Brickell also explains that the certificate authority 16 is capable of communicating digital certificate status information. See, e.g., Brickell, [0029] (“[t]he assurance provider may subsequently be notified by the certificate authority 16 that the digital certificate of the signing party 2 has been revoked.”) (emphasis added). Brickell’s certificate authority may notify the assurance provider that the digital certificate supporting the signing party’s private key has been revoked. Accordingly, a POSITA would understand Brickell’s system operable to communicate, through the certificate authority, the validity of the signing party’s digital certificate, and the concomitant private key. 
A POSITA would understand that a message affirming the validity of a private key would encompass the validity of its corresponding public key. The POSITA would understand that public and private keys are distributed in pairs. While a user maintains the private key in secret, its corresponding public key is widely distributed. See, e.g., Sjöblom, col. 4, ll. 12–14 (explaining that the private 
For the reasons just discussed, the Examiner is not persuaded by Applicant’s arguments that Brickell fails to disclose “communicate a first recertification request to a certificate authority that issued the private encryption key and the public encryption key” and “receive, from the certificate authority, a first message indicating that the private encryption key and the public encryption key are valid for use.” The Examiner maintains the rejection under 35 U.S.C. § 103.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZACHARY MICHAEL COOTS whose telephone number is (571)270-7002.  The examiner can normally be reached on M-F 7:30 to 5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR 



/Z.M.C./Examiner, Art Unit 3685                                                                                                                                                                                                    

/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3685